Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

possible malware [Solved]


  • This topic is locked This topic is locked
33 replies to this topic

#1 freddythefirst

freddythefirst

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 17 November 2013 - 09:32 PM

Hi every one. I was wondering if someone would look over my log. A few days ago,I was trying to do a trend micro scan to make sure my computer was clean and when I downloaded it, Avast  says that there is a virus on my computer. I went and opened my virus chest to see what was going on and there were 4 things that I had not seen before. I scanned them while in the chest and three came up with no virus,but one keeps saying Win32:Malware-gen.I ran a scan in safe mode and nothing. I also ran Adwcleaner and I did delete a couple different things and have the report if needed.I did do the DDs scan and will post.Not sure what else to do. Thanks in advance.Attached File  dds.txt   16.97KB   292 downloads

 


    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 18 November 2013 - 03:06 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

Please attach the attach.txt by DDS as well.


Proud Member of UNITE & TB
 

#3 freddythefirst

freddythefirst

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 18 November 2013 - 06:47 AM

Ok, I had a big problem. When I ran the scan my computer stopped and came up with a blue screen error,and then it shut itself down.  I will attach the dds.txt and wait to hear on what to do next. I did save the computer failure report if you need it . Thanks.



#4 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 18 November 2013 - 07:27 AM

Repeat the gmer scan - if it fails again, skip it and do the following instead:

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 

#5 freddythefirst

freddythefirst

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 18 November 2013 - 01:32 PM

It worked this time.

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-18 13:26:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ES2O 298.09GB
Running: j71z052d.exe; Driver: C:\Users\Robin\AppData\Local\Temp\pgtorpod.sys

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2624:668]                                      000007fefb432a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2624:148]                                      000007fef20ad618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2624:2352]                                     000007fef92e5124

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                               2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                              2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                       1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                        aswFsBlk
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                              FSFilter Activity Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                    FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                        avast! mini-filter driver (aswFsBlk)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                         
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                          aswFsBlk Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                       
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude               388400
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                  0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                              2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                             2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                         \??\C:\windows\system32\drivers\aswMonFlt.sys
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                       aswMonFlt
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                             FSFilter Anti-Virus
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                   FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                       avast! mini-filter driver (aswMonFlt)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                        
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                         aswMonFlt Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude             320700
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                            \SystemRoot\System32\Drivers\aswrdr2.sys
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                          aswRdr
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                      tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                          avast! WFP Redirect driver
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                       
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                        nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                               0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                         aswRvrt
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                         avast! Revert
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                         
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                              62
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                              167587
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                               \Device\Harddisk0\Partition2\windows
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                 2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                          aswSnx
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                FSFilter Virtualization
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                      FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                          avast! virtualization driver (aswSnx)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                  2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                            aswSnx Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                   137600
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                      0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                             \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                          1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                           aswSP
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                           avast! Self Protection
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                              \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                 \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                         \DosDevices\C:\Program Files
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                               \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                          avast! Network Shield Support
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                      tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                          avast! Network Shield TDI driver
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                  9
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                          aswVmm
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                          avast! VM Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                       32
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                      2
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                               1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                  "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                avast! Antivirus
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                      ShellSvcGroup
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                            aswMonFlt?RpcSS?
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                 LocalSystem
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                             1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                           
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                   2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                  2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                           1
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                            aswFsBlk
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                  FSFilter Activity Monitor
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                        FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                            avast! mini-filter driver (aswFsBlk)
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                    2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                     
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                              aswFsBlk Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)   
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                   388400
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                      0
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                  2
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                 2
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                          1
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                             \??\C:\windows\system32\drivers\aswMonFlt.sys
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                           aswMonFlt
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                 FSFilter Anti-Virus
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                       FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                           avast! mini-filter driver (aswMonFlt)
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                    
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                             aswMonFlt Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) 
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                 320700
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                    0
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                \SystemRoot\System32\Drivers\aswrdr2.sys
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                              aswRdr
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                    PNP_TDI
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                          tcpip?
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                              avast! WFP Redirect driver
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                           
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                            nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                   0
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                            1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                             aswRvrt
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                             avast! Revert
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                     
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                  62
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                  167587
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                   \Device\Harddisk0\Partition2\windows
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                     2
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                              aswSnx
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                    FSFilter Virtualization
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                          FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                              avast! virtualization driver (aswSnx)
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                      2
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                       
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                aswSnx Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)       
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                       137600
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                          0
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                 \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                    \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                      1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                              1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                               aswSP
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                               avast! Self Protection
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                       
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                  \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                     \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                             \DosDevices\C:\Program Files
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                   \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                              avast! Network Shield Support
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                    PNP_TDI
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                          tcpip?
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                              avast! Network Shield TDI driver
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                      9
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                    0
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                              aswVmm
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                              avast! VM Monitor
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                           32
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                          2
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                   1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                      "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                    avast! Antivirus
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                          ShellSvcGroup
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                aswMonFlt?RpcSS?
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                          1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                     LocalSystem
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                 1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                    Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.

---- EOF - GMER 2.1 ----

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-18 13:26:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ES2O 298.09GB
Running: j71z052d.exe; Driver: C:\Users\Robin\AppData\Local\Temp\pgtorpod.sys

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2624:668]                                      000007fefb432a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2624:148]                                      000007fef20ad618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2624:2352]                                     000007fef92e5124

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                               2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                              2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                       1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                        aswFsBlk
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                              FSFilter Activity Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                    FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                        avast! mini-filter driver (aswFsBlk)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                         
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                          aswFsBlk Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                       
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude               388400
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                  0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                              2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                             2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                         \??\C:\windows\system32\drivers\aswMonFlt.sys
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                       aswMonFlt
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                             FSFilter Anti-Virus
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                   FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                       avast! mini-filter driver (aswMonFlt)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                        
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                         aswMonFlt Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude             320700
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                            \SystemRoot\System32\Drivers\aswrdr2.sys
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                          aswRdr
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                      tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                          avast! WFP Redirect driver
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                       
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                        nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                               0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                         aswRvrt
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                         avast! Revert
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                         
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                              62
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                              167587
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                               \Device\Harddisk0\Partition2\windows
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                 2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                          aswSnx
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                FSFilter Virtualization
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                      FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                          avast! virtualization driver (aswSnx)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                  2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                            aswSnx Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                   137600
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                      0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                             \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                          1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                           aswSP
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                           avast! Self Protection
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                              \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                 \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                         \DosDevices\C:\Program Files
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                               \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                          avast! Network Shield Support
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                      tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                          avast! Network Shield TDI driver
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                  9
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                          aswVmm
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                          avast! VM Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                       32
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                      2
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                               1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                  "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                avast! Antivirus
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                      ShellSvcGroup
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                            aswMonFlt?RpcSS?
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                 LocalSystem
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                             1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                           
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                   2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                  2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                           1
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                            aswFsBlk
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                  FSFilter Activity Monitor
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                        FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                            avast! mini-filter driver (aswFsBlk)
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                    2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                     
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                              aswFsBlk Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)   
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                   388400
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                      0
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                  2
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                 2
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                          1
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                             \??\C:\windows\system32\drivers\aswMonFlt.sys
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                           aswMonFlt
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                 FSFilter Anti-Virus
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                       FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                           avast! mini-filter driver (aswMonFlt)
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                    
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                             aswMonFlt Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) 
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                 320700
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                    0
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                \SystemRoot\System32\Drivers\aswrdr2.sys
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                              aswRdr
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                    PNP_TDI
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                          tcpip?
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                              avast! WFP Redirect driver
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                           
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                            nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                   0
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                            1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                             aswRvrt
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                             avast! Revert
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                     
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                  62
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                  167587
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                   \Device\Harddisk0\Partition2\windows
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                     2
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                              aswSnx
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                    FSFilter Virtualization
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                          FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                              avast! virtualization driver (aswSnx)
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                      2
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                       
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                aswSnx Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)       
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                       137600
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                          0
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                 \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                    \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                      1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                              1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                               aswSP
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                               avast! Self Protection
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                       
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                  \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                     \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                             \DosDevices\C:\Program Files
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                   \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                              avast! Network Shield Support
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                    PNP_TDI
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                          tcpip?
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                              avast! Network Shield TDI driver
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                      9
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                    0
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                              aswVmm
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                              avast! VM Monitor
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                           32
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                          2
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                   1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                      "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                    avast! Antivirus
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                          ShellSvcGroup
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                aswMonFlt?RpcSS?
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                          1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                     LocalSystem
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                 1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                    Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.

---- EOF - GMER 2.1 ----

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-18 13:26:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.ES2O 298.09GB
Running: j71z052d.exe; Driver: C:\Users\Robin\AppData\Local\Temp\pgtorpod.sys

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2624:668]                                      000007fefb432a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2624:148]                                      000007fef20ad618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [2624:2352]                                     000007fef92e5124

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                               2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                              2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                       1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                        aswFsBlk
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                              FSFilter Activity Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                    FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                        avast! mini-filter driver (aswFsBlk)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                         
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                          aswFsBlk Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                       
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude               388400
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                  0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                              2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                             2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                         \??\C:\windows\system32\drivers\aswMonFlt.sys
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                       aswMonFlt
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                             FSFilter Anti-Virus
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                   FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                       avast! mini-filter driver (aswMonFlt)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                        
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                         aswMonFlt Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude             320700
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                            \SystemRoot\System32\Drivers\aswrdr2.sys
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                          aswRdr
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                      tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                          avast! WFP Redirect driver
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                       
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                        nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                               0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                         aswRvrt
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                         avast! Revert
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                         
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                              62
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                              167587
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                               \Device\Harddisk0\Partition2\windows
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                 2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                          aswSnx
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                FSFilter Virtualization
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                      FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                          avast! virtualization driver (aswSnx)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                  2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                            aswSnx Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                   137600
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                      0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                             \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                          1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                           aswSP
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                           avast! Self Protection
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                              \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                 \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                         \DosDevices\C:\Program Files
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                               \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                          avast! Network Shield Support
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                      tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                          avast! Network Shield TDI driver
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                  9
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                          aswVmm
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                          avast! VM Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                       32
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                      2
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                               1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                  "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                avast! Antivirus
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                      ShellSvcGroup
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                            aswMonFlt?RpcSS?
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                 LocalSystem
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                             1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                           
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                   2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                  2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                           1
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                            aswFsBlk
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                  FSFilter Activity Monitor
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                        FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                            avast! mini-filter driver (aswFsBlk)
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                    2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                     
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                              aswFsBlk Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)   
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                   388400
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                      0
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                  2
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                 2
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                          1
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                             \??\C:\windows\system32\drivers\aswMonFlt.sys
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                           aswMonFlt
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                 FSFilter Anti-Virus
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                       FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                           avast! mini-filter driver (aswMonFlt)
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                    
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                             aswMonFlt Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) 
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                 320700
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                    0
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                \SystemRoot\System32\Drivers\aswrdr2.sys
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                              aswRdr
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                    PNP_TDI
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                          tcpip?
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                              avast! WFP Redirect driver
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                           
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                            nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                   0
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                            1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                             aswRvrt
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                             avast! Revert
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                     
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                  62
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                  167587
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                   \Device\Harddisk0\Partition2\windows
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                     2
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                              aswSnx
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                    FSFilter Virtualization
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                          FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                              avast! virtualization driver (aswSnx)
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                      2
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                       
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                aswSnx Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)       
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                       137600
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                          0
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                 \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                    \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                      1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                              1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                               aswSP
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                               avast! Self Protection
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                       
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                  \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                     \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                             \DosDevices\C:\Program Files
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                   \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                              avast! Network Shield Support
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                    PNP_TDI
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                          tcpip?
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                              avast! Network Shield TDI driver
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                      9
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                    0
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                              aswVmm
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                              avast! VM Monitor
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                           32
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                          2
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                   1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                      "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                    avast! Antivirus
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                          ShellSvcGroup
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                aswMonFlt?RpcSS?
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                          1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                     LocalSystem
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                 1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                    Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.

---- EOF - GMER 2.1 ----



#6 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 19 November 2013 - 04:46 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 

#7 freddythefirst

freddythefirst

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 19 November 2013 - 07:34 AM

ComboFix 13-11-19.01 - Robin 11/19/2013   6:26.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4008.2777 [GMT -6:00]
Running from: c:\users\Robin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Robin\Documents\~WRL1618.tmp
c:\windows\SysWow64\conhost.exe
c:\windows\SysWow64\dwm.exe
c:\windows\SysWow64\GFNEXSrv.exe
c:\windows\SysWow64\hkcmd.exe
c:\windows\SysWow64\igfxext.exe
c:\windows\SysWow64\igfxpers.exe
c:\windows\SysWow64\igfxsrvc.exe
c:\windows\SysWow64\igfxtray.exe
c:\windows\SysWow64\lsm.exe
c:\windows\SysWow64\msdtc.exe
c:\windows\SysWow64\spoolsv.exe
c:\windows\SysWow64\taskhost.exe
c:\windows\SysWow64\TODDSrv.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-19 to 2013-11-19  )))))))))))))))))))))))))))))))
.
.
2013-11-19 13:13 . 2013-11-19 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-19 13:13 . 2013-11-19 13:13 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-11-18 20:06 . 2013-11-18 20:06 -------- d-----w- C:\perflogs
2013-11-18 02:05 . 2013-11-18 02:06 -------- d-----w- C:\AdwCleaner
2013-11-18 00:30 . 2013-11-18 00:30 -------- d-----w- c:\program files\CCleaner
2013-11-16 05:31 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-16 05:31 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-16 05:30 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-16 05:30 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-16 05:30 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-16 05:30 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-16 04:32 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-15 22:46 . 2013-11-15 22:46 -------- d-----w- c:\programdata\Kaspersky Lab
2013-11-15 10:50 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-15 10:49 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-11-15 10:49 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-15 10:49 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-15 10:49 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-15 10:49 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-15 10:49 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-11-15 10:49 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-11-15 04:23 . 2013-11-15 04:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-15 04:23 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-30 23:15 . 2013-10-30 23:14 312744 ----a-w- c:\windows\system32\javaws.exe
2013-10-30 23:14 . 2013-10-30 23:14 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-10-30 23:14 . 2013-10-30 23:14 189352 ----a-w- c:\windows\system32\javaw.exe
2013-10-30 23:14 . 2013-10-30 23:14 189352 ----a-w- c:\windows\system32\java.exe
2013-10-30 23:14 . 2013-10-30 23:14 -------- d-----w- c:\program files\Java
2013-10-30 23:09 . 2013-10-08 12:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-15 11:21 . 2013-10-14 14:37 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-14 13:20 . 2012-04-02 23:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-14 13:20 . 2012-03-19 03:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-16 05:50 . 2013-10-15 15:40 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{514D119F-99F7-43D0-9FD5-5A2BD05AF558}\mpengine.dll
2013-09-08 02:30 . 2013-10-14 12:40 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-14 12:40 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-14 12:40 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-08-30 07:48 . 2013-10-14 04:09 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-10-14 04:09 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2013-10-14 04:09 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-10-14 04:09 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-10-14 04:09 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-10-14 04:09 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-10-14 04:09 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-10-14 04:09 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-10-14 04:08 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-10-14 04:09 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-29 02:17 . 2013-10-14 13:50 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-14 13:50 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-14 13:50 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-14 13:50 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-14 13:50 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-14 13:50 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-14 13:50 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-14 13:50 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-14 13:50 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-14 13:50 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-14 13:50 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-14 13:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-14 13:50 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-14 13:50 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-14 13:50 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-14 13:50 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-14 12:39 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-14 14:05 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [x]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:20]
.
2013-10-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-10-14 07:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-12 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.christianpost.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-NortonPCCheckup - c:\program files (x86)\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.10.26\InstStub.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
   8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
   f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:8c,77,4d,f3,e7,c8,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ac,ed,bb,24,d0,05,ef,42,9c,c8,8b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ac,ed,bb,24,d0,05,ef,42,9c,c8,8b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-19  07:16:50
ComboFix-quarantined-files.txt  2013-11-19 13:16
.
Pre-Run: 263,447,162,880 bytes free
Post-Run: 263,296,294,912 bytes free
.
- - End Of File - - 141C632DFF6B98A4D22852DF84B963ED
 



#8 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 19 November 2013 - 07:41 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Attached Files


Proud Member of UNITE & TB
 

#9 freddythefirst

freddythefirst

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 19 November 2013 - 07:46 AM

iam currently running the Malwarebytes scan ,but not sure in your last post what to do with the CFScript.txt. Thanks.



#10 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 19 November 2013 - 07:51 AM

download it and drag it into the combofix icon with the mouse.

Skip the malwarebytes scan because combbox must be run before (with the script)


Proud Member of UNITE & TB
 

    Advertisements

Register to Remove


#11 freddythefirst

freddythefirst

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 19 November 2013 - 12:54 PM

Ok ,I am sorry that I  must not have read all the way thru on your last response. I did a malwarebytes scan but will leave out unless you tell me different. I will attach the combofix txt. do want you to know that my antivirus was disabled and I checked it two more times as combofix said it was running. I am not sure what is going on with that. One last thing,and this is very strange. I am working on this computer at my house for my mother in law. She got a call today from someone claiming to be a tech and telling her that someone was downloading viruses on her computer. They asked her if she had her computer in front of her and she let them know that I had it. She could not remember where they said they were from,but the voice sounded like from India. I asked her to get the number from her caller id,which she has, but there was no number on it. No callback. What do you think this is? It kind of creeped me out.Attached File  CFScript .txt log.txt   18.77KB   255 downloads



#12 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 20 November 2013 - 02:22 AM

Weird, it is. That might be a call from the Internet Service Provider about the malware on this computer 8some providers really do such calls in case of some special malware on their customer´s computers) or a criminal that wanted to login the machine to install more malware (what is also a known behaviour the last days).

 

Never give away any passwords or grant anybody remote access to your computer.

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 

#13 freddythefirst

freddythefirst

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 20 November 2013 - 07:34 AM

Here is the one scan. I do not know why this has all lines through this. Something that I must be doing but don't know what. Sorry. I'll post the other later.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Robin :: ROBIN-PC [administrator]

11/20/2013 6:15:34 AM
mbam-log-2013-11-20 (06-15-34).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 336366
Time elapsed: 51 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#14 freddythefirst

freddythefirst

    New Member

  • Authentic Member
  • Pip
  • 18 posts

Posted 20 November 2013 - 08:55 AM

There were no threats found on the ESET scan



#15 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 20 November 2013 - 08:59 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users