Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast picked up Rootkit


  • This topic is locked This topic is locked
21 replies to this topic

#1 spalladino25

spalladino25

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 16 June 2013 - 04:15 PM

Avast caught a rootkit and I thought it may have gotten rid of it completely, but since then I've been having some performance issues with my computer where it's running slow and crashing. Any help would be appreciated. Thank you.

Oh and I had to break up the attached file cause it was so big. 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16490  BrowserJavaVersion: 10.21.2
Run by ShaneP at 16:56:47 on 2013-06-16
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3061.1651 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Windows\system32\lxbccoms.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\igfxsrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Program Files\Common Files\VpSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHWA.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Users\ShaneP\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: TextAloud: {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - c:\program files\textaloud\TAForIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\users\shanep\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatihwa.exe /ept "epltarget\P0000000000000000" /M "WorkForce 545"
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\shanep\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shanep\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\shanep\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7E6434FD-C56B-443A-876D-CA0DE328DCF1} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A58D5463-0E7A-4623-8391-23728A7B16C1} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-16 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-16 174664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-2-17 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-2-17 368944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-10-4 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-2-17 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-2-17 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-2-17 46808]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-6-6 67584]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-4-15 233472]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2012-6-19 13336]
R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32\lxbccoms.exe -service [?]
R2 VpSvc;VpSvc;c:\program files\common files\VpSvc.exe [2010-1-24 65536]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-4-15 37344]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-4 111616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MSSQL$XACTWARE;SQL Server (XACTWARE);c:\program files\microsoft sql server\mssql10.xactware\mssql\binn\sqlservr.exe [2009-3-30 43010392]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-4-15 83864]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-6 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-4 30192]
S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files\sony\sound organizer\sony.earth\PACSPTISVR.exe [2010-11-19 157024]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2011-3-15 10112]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-4-15 181784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$XACTWARE;SQL Server Agent (XACTWARE);c:\program files\microsoft sql server\mssql10.xactware\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-06-15 14:28:49 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{18c6cecc-ef17-4255-a972-0369e5120f78}\mpengine.dll
2013-06-15 14:16:20 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 00:44:42 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 00:44:42 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-12 00:44:06 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 00:44:05 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 00:44:05 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 00:44:05 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 00:44:04 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 00:43:45 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 00:43:43 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 00:43:26 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-09 17:42:06 262552 ----a-w- c:\program files\mozilla firefox\updated\browser\components\browsercomps.dll
2013-06-09 17:42:02 26520 ----a-w- c:\program files\mozilla firefox\updated\plugin-hang-ui.exe
2013-05-20 00:24:49 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
==================== Find3M  ====================
.
2013-06-15 18:34:56 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2013-06-15 18:34:56 256 ----a-w- c:\windows\system32\MSIevent.bat
2013-06-15 14:21:32 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-15 14:21:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-16 22:39:39 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-16 22:28:26 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-05-16 22:27:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-16 22:21:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-16 22:20:30 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-16 22:16:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-09 08:59:10 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59:10 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr
2013-05-02 06:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-24 01:50:13 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-24 01:50:00 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-24 01:50:00 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-15 14:20:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56:44 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36:18 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-20 08:07:18 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2013-03-20 08:07:16 37344 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2009-11-06 21:50:06 65536 ----a-w- c:\program files\common files\VpSvc.exe
.
============= FINISH: 16:57:40.28 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 spalladino25

spalladino25
  • Topic Starter

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 16 June 2013 - 04:43 PM

I couldn't get the whole attach.txt file because it was too big. I'm not sure what you want me to do from here. Oh and I was directed here from another forum and I went through the prep guide. Here's the link
 

Edited by spalladino25, 16 June 2013 - 04:47 PM.


#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 17 June 2013 - 01:09 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 spalladino25

spalladino25
  • Topic Starter

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 18 June 2013 - 10:49 PM

Here's those results. Thank you.

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-18 23:47:47
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.01.0 298.09GB
Running: xzgl92jq.exe; Driver: C:\Users\ShaneP\AppData\Local\Temp\uxdiqpog.sys
 
 
---- System - GMER 2.1 ----
 
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwAddBootEntry [0x90E89644]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwAllocateVirtualMemory [0x91960668]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwAssignProcessToJobObject [0x90E8A0D6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateEvent [0x90E9589A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateEventPair [0x90E958E6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateIoCompletion [0x90E95A80]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateMutant [0x90E95808]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwCreateSection [0x91960A00]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateSemaphore [0x90E95850]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateThread [0x90E8A5D4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateTimer [0x90E95A3A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwDebugActiveProcess [0x90E8AE8C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwDeleteBootEntry [0x90E896AA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwDuplicateObject [0x90E8E6AC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwFreeVirtualMemory [0x91960730]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwLoadDriver [0x9195EC80]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwModifyBootEntry [0x90E89710]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwNotifyChangeKey [0x90E8EA76]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwNotifyChangeMultipleKeys [0x90E8B91C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenEvent [0x90E958C4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenEventPair [0x90E95908]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenIoCompletion [0x90E95AA4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenMutant [0x90E9582E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenProcess [0x90E8DF92]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenSection [0x90E959B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenSemaphore [0x90E95878]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenThread [0x90E8E384]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenTimer [0x90E95A5E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwProtectVirtualMemory [0x91960890]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwQueryObject [0x90E8B7E8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwQueueApcThread [0x90E8B33E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetBootEntryOrder [0x90E89776]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetBootOptions [0x90E897DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetContextThread [0x90E8AD06]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetSystemInformation [0x90E8932C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetSystemPowerState [0x90E89502]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwShutdownSystem [0x90E89490]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSuspendProcess [0x90E8B056]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSuspendThread [0x90E8B1B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSystemDebugControl [0x90E8958A]
SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)  ZwTerminateProcess [0x918D8640]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwTerminateThread [0x90E8ACE6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwUnloadDriver [0x9195ECB0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwVdmControl [0x90E89842]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwWriteVirtualMemory [0x919607DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateThreadEx [0x90E8A7F0]
 
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwCreateProcessEx [0x91979E80]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ObMakeTemporaryObject
 
---- Devices - GMER 2.1 ----
 
Device          \FileSystem\Ntfs \Ntfs                                                                                         aswSP.SYS (avast! self protection module/AVAST Software)
 
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                        aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                        aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                       fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 
---- EOF - GMER 2.1 ----


#5 spalladino25

spalladino25
  • Topic Starter

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 22 June 2013 - 11:22 AM

Are you still there?



#6 spalladino25

spalladino25
  • Topic Starter

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 23 June 2013 - 07:08 PM

???



#7 spalladino25

spalladino25
  • Topic Starter

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 24 June 2013 - 08:33 PM

I'm thinking you may have forgotten about me so I'm going to start another thread. Thanks for your initial help.



#8 spalladino25

spalladino25
  • Topic Starter

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 24 June 2013 - 08:35 PM

Avast picked up Rootkit. It says it got it, but since then my computer has been acting very strange and slow. I started another thread on this, but the person that was helping me stopped communicating and I haven't heard from him in over a week, so I'm starting another thread to get some help. Thank you.



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 26 June 2013 - 05:13 AM

Sorry for that, I forgot to subscribe to this topic.

My fault, I greatly apologize. poster_oops.gif

 

 

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.

 

 

 

Combofix


Combofix should only be run when adviced by a team member!


Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 spalladino25

spalladino25
  • Topic Starter

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 26 June 2013 - 06:02 PM

No problem. Ok I'll do this now.



#11 spalladino25

spalladino25
  • Topic Starter

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 26 June 2013 - 10:07 PM

Here are those logs. Thanks.
 
# AdwCleaner v2.303 - Logfile created 06/26/2013 at 19:02:59
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : ShaneP - SHANEP-PC
# Boot Mode : Normal
# Running from : C:\Users\ShaneP\Downloads\adwcleaner (1).exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Users\ShaneP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Deleted : C:\Users\ShaneP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16490
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v [Unable to get version]
 
File : C:\Users\ShaneP\AppData\Roaming\Mozilla\Firefox\Profiles\p04sop0u.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\ShaneP\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [17411 octets] - [16/02/2013 22:28:04]
AdwCleaner[S2].txt - [2180 octets] - [26/06/2013 19:02:59]
 
########## EOF - C:\AdwCleaner[S2].txt - [2240 octets] ##########
 

 

 

ComboFix 13-06-26.01 - ShaneP 06/26/2013  22:47:14.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3061.1697 [GMT -4:00]
Running from: c:\users\ShaneP\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ShaneP\g2mdlhlpx.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-27 to 2013-06-27  )))))))))))))))))))))))))))))))
.
.
2013-06-27 02:57 . 2013-06-27 02:57 -------- d-----w- c:\users\Test\AppData\Local\temp
2013-06-27 02:57 . 2013-06-27 02:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-06-27 02:57 . 2013-06-27 02:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-26 23:22 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{285401A5-FF45-47F3-843C-19A1861C3B42}\mpengine.dll
2013-06-26 23:03 . 2013-06-26 23:03 173 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-23 00:34 . 2013-06-23 00:34 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-15 14:16 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 00:44 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 00:44 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-12 00:44 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 00:44 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 00:44 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 00:44 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 00:44 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 00:43 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 00:43 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 00:43 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-09 17:42 . 2013-06-09 17:42 262552 ----a-w- c:\program files\Mozilla Firefox\updated\browser\components\browsercomps.dll
2013-06-09 17:42 . 2013-06-09 17:42 26520 ----a-w- c:\program files\Mozilla Firefox\updated\plugin-hang-ui.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-26 23:02 . 2013-02-17 15:04 369456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-26 23:02 . 2013-02-17 15:04 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-23 00:34 . 2012-06-17 05:55 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-23 00:34 . 2010-05-26 15:14 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-15 18:34 . 2012-03-07 19:28 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2013-06-15 18:34 . 2012-03-07 19:28 256 ----a-w- c:\windows\system32\MSIevent.bat
2013-06-15 14:21 . 2012-05-21 04:02 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-15 14:21 . 2011-05-26 16:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-11 02:05 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-05-16 23:31 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-05-16 23:31 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-02-17 15:04 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-02-17 15:04 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2013-02-17 15:04 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2013-02-17 15:04 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2013-02-17 15:04 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-02-17 15:04 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 06:06 . 2012-06-20 06:18 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 14:20 . 2013-05-16 01:07 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-16 01:07 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-16 01:07 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50 . 2010-01-23 05:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 21:50 . 2010-01-24 22:54 65536 ----a-w- c:\program files\Common Files\VpSvc.exe
2006-06-16 01:33 . 2011-09-12 02:03 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 23:43 . 2011-09-12 02:03 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 19:41 . 2011-09-12 02:03 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 18:10 . 2011-09-12 02:03 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 17:19 . 2011-09-12 02:03 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 23:35 . 2011-09-12 02:03 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 16:10 . 2011-09-12 02:03 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 16:42 . 2011-09-12 02:03 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 16:22 . 2011-09-12 02:03 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 16:21 . 2011-09-12 02:03 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2010-08-26 16:39 . 2010-08-26 16:39 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\ShaneP\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\ShaneP\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\ShaneP\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\ShaneP\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-05-02 802136]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-12-23 4763008]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHWA.EXE" [2012-07-12 220800]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\ShaneP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ShaneP\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-4 50688]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-04 09:57 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^ShaneP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\ShaneP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^ShaneP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\ShaneP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^ShaneP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\ShaneP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 17:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
c:\users\ShaneP\AppData\Roaming\mjusbsp\cdloader2.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-26 16:39 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 09:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
c:\program files\Rocketfish 2.4GHz Ergo Laser Mouse Driver\ICO.EXE [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 07:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
c:\program files\Spybot - Search & Destroy\TeaTimer.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-12-23 17:18 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A209F-X00-F4R7-80H6-J3"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-11-02 116608]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-19 02:20 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 14:21]
.
2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 04:14]
.
2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 04:14]
.
2013-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3281132098-2673713992-1961987492-1000Core.job
- c:\users\ShaneP\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 04:14]
.
2013-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3281132098-2673713992-1961987492-1000UA.job
- c:\users\ShaneP\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 04:14]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: magicjack.com\data
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-KiesPreload - c:\program files\Samsung\Kies\Kies.exe
SafeBoot-20112139.sys
SafeBoot-24070270.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-26 22:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2724)
c:\users\ShaneP\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
Completion time: 2013-06-26  23:00:22
ComboFix-quarantined-files.txt  2013-06-27 03:00
ComboFix2.txt  2012-06-12 16:15
ComboFix3.txt  2012-06-06 14:43
ComboFix4.txt  2011-09-03 17:31
.
Pre-Run: 6,380,298,240 bytes free
Post-Run: 8,482,390,016 bytes free
.
- - End Of File - - E71F310D7CC1CCE182D79E1FA21911E5
CDB4DE4BBD714F152979DA2DCBEF57EB
 

 



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 27 June 2013 - 01:11 PM

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 spalladino25

spalladino25
  • Topic Starter

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 27 June 2013 - 09:37 PM

Here's what it found.

 

C:\Users\ShaneP\Downloads\Chrome.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined
 

 



#14 spalladino25

spalladino25
  • Topic Starter

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 28 June 2013 - 02:29 PM

Should I do anything else?



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 28 June 2013 - 03:32 PM

I´m currently on my way back from a military training and will reply as soon as I´m at home.

Please be patient with me.

 

Thank you!


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users