Inactive Need help evaluating the results of Trend Micro Rootkit scan..

[Inactive] Need help evaluating the results of Trend Micro Rootkit scan..

Please tell me if this scan means I'm in trouble and, if so, what should I do about it? I have purposely fudged the Computer name. Thanks in advance.

bellisimo

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 5.0.0.1129
| Computer Name: bellisimo-C*******2D
| OS version: 5.1-2600
| User Name: bellisimo
+----------------------------------------------------


--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
No hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : ZwNotifyChangeKey
Image Path : C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
OriginalHandler : 0x80626428
CurrentHandler : 0xba4595d0
ServiceNumber : 0x6f
ModuleName : avgidsshimx.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwNotifyChangeMultipleKeys
Image Path : C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
OriginalHandler : 0x8062505c
CurrentHandler : 0xba459700
ServiceNumber : 0x70
ModuleName : avgidsshimx.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenProcess
Image Path : C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
OriginalHandler : 0x805cb456
CurrentHandler : 0xba459010
ServiceNumber : 0x7a
ModuleName : avgidsshimx.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSuspendProcess
Image Path : C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
OriginalHandler : 0x805d4ae0
CurrentHandler : 0xba459300
ServiceNumber : 0xfd
ModuleName : avgidsshimx.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSuspendThread
Image Path : C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
OriginalHandler : 0x805d4952
CurrentHandler : 0xba4593e0
ServiceNumber : 0xfe
ModuleName : avgidsshimx.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateProcess
Image Path : C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
OriginalHandler : 0x805d22d8
CurrentHandler : 0xac40e640
ServiceNumber : 0x101
ModuleName : SASKUTIL.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateThread
Image Path : C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
OriginalHandler : 0x805d24d2
CurrentHandler : 0xba459210
ServiceNumber : 0x102
ModuleName : avgidsshimx.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwWriteVirtualMemory
Image Path : C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
OriginalHandler : 0x805b43d4
CurrentHandler : 0xba4594d0
ServiceNumber : 0x115
ModuleName : avgidsshimx.sys
SDTType : 0x0
No hidden operating system service hooks found.

--== Dump Hidden Port ==--
No hidden ports found.

--== Dump Kernel Code Patching ==--
No kernel code patching detected.

--== Dump Hidden Services ==--
No hidden services found.

 

Thank you broni, for getting back to my so quickly. Yes, I've been having several problems recently starting with my paid version of AVG Security Suite 2013. I've been using it for several years and have always found it to be excellent. But for the past few months it has not posted the usual notice that a scan has been run after it scans and it always stops short of completing the full system scan at about 83 percent of scan.

Also, if I do a simple task while it's running, it shuts down. This never used to happen.

I've been getting blue screen warnings but, so far, no blue screen of death. I ran SUPERAntiSpyware 2 days ago and found 23 PUP viruses and cleaned them all and sent them to the vault.

The reason I ran the root kit scan is that I have a piece of malware that I can't seem to find in the registry. It's called facesmooch. I found an ad for a remover tool at this website http://www.securitystronghold.com/helpdesk/ and it turned out to be useless (for me, anyway) and it did not find the facesmooch.

This stronghold software told me to update all my drivers. The only way I know how to do this is in Device Manager. In the past I have purchased driver update software but could never get it to work. I'd appreciate some advice on this as well.

Once again, broni, I thank you sincerely for getting back to me on this.

Sincerely,

bellisimo

 

Hi broni,
Before I bother you with all these scans to scrutinize I thought I should tell you that late last night I ran both a quick scan and a complete system scan on my updated version of Malwarebytes and it found no problems.

I then ran a Trend Micro House call antivirus scan and after that a Trend Micro House call Root Kit scan (both with updated House Call programs) and they came back clean as well.

Three days ago though, I ran an updated of version of Malwarebytes and it found 23
PUP.Dropper files and I deleted them all and everything seems to be working fine now, even my AVG Internet Security.

So, I respectfully don't want to waste your time if you think it isn't necessary, though I'll be happy to follow your suggestions if you still think I need to.

The only thing I haven't been able to get rid of is a strange little tool bar on my Internet Explorer page, which I rarely use anyway. It says two words with what appear to be two eyes or a pair of round spectacles between them. The words are face and smooch. I've seen it in chat rooms referred to as the facesmooch malware or virus, but I can't find it in the registry or by running a search on my computer. For all I know it might be harmless, but these kinds of unknown entities make me leery.

Please let me know if I should go ahead and follow your previous instructions.

Thanks again,

bellisimo

 

Hi broni,

Thank you so much. It worked beautifully! I'm so pleased that I donated the 59.95 USD to Windows BBS.

After I made the PayPal donation I got a message from you guys and there was a little box to check if I didn't want the message to generate any more pages. Dunce that I am, I checked it without really understanding what it meant, so I never did get to see what that message was about.

That aside, I thank you so much again for your help. I really appreciate it.

Sincerely,

bellisimo

P.S. I was using Google Chrome because I was told by somebody that Internet Explorer is being phased out in the near future. Is that true, because I much prefer Internet Explorer over Google Chrome. Also, what will happen to people like me with desktop computers when Microsoft stops supporting Windows XP next year? Will we have to buy new motherboards and new operating systems?

Thanks again,

bellisimo