Preposterous Posted May 27, 2009 Share Posted May 27, 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:47:41 PM, on 5/27/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hamachi\hamachi.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\MONyog\bin\MONyog.exe C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Xfire\Xfire.exe C:\Program Files\Ventrilo\Ventrilo.exe C:\Program Files\Ventrilo\Ventrilo.exe C:\Program Files\VentSrv\ventrilo_srv.exe C:\Documents and Settings\Operator\Desktop\RootkitRevealer.exe C:\DOCUME~1\Operator\LOCALS~1\Temp\GVDS.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\regedit.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GVDS - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Operator\LOCALS~1\Temp\GVDS.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MONyog - Unknown owner - C:\Program Files\MONyog\bin\MONyog.exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (file missing) O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 12323 bytes Link to comment Share on other sites More sharing options...
Administrator Tarun Posted May 27, 2009 Administrator Share Posted May 27, 2009 Welcome to Lunarsoft, Preposterous. Your log looks clean but there's a lot you need to do. Update Internet Explorer to version 8. Uninstall AVG. Uninstall Viewpoint. Uninstall Java update 5 and get the latest version, then run JavaRa to clean up. Run StartUpLite from Malwarebytes. What is the primary role of this computer? Link to comment Share on other sites More sharing options...
Preposterous Posted May 27, 2009 Author Share Posted May 27, 2009 Primary role is gaming, thanks for the response! What do you mean by cleaning up with JavaRa? I don't know if this is the right forum for this, but I also have another log that a friend recommended to me. HKLM\SECURITY\Policy\Secrets\SAC* 12/20/2007 4:58 PM 0 bytes Key name contains embedded nulls (*) HKLM\SECURITY\Policy\Secrets\SAI* 12/20/2007 4:58 PM 0 bytes Key name contains embedded nulls (*) HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 5/27/2009 3:14 PM 80 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQLServer\Parameters 2/23/2009 5:40 PM 0 bytes Security mismatch. HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10.SQLEXPRESS\Security 2/23/2009 5:40 PM 0 bytes Security mismatch. HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 5/31/2008 10:45 PM 0 bytes Access is denied. C:\Documents and Settings\Operator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bk7amu4l.default\Cache\1E232AA1d01 5/27/2009 3:22 PM 54.32 KB Hidden from Windows API. C:\Documents and Settings\Operator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bk7amu4l.default\Cache\6B4500E3d01 5/27/2009 3:22 PM 16.60 KB Hidden from Windows API. C:\Documents and Settings\Operator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bk7amu4l.default\Cache\B22C5EE2d01 5/27/2009 3:22 PM 35.99 KB Hidden from Windows API. C:\Documents and Settings\Operator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bk7amu4l.default\Cache\EC584BB9d01 5/27/2009 3:22 PM 16.91 KB Hidden from Windows API. C:\Documents and Settings\Operator\Local Settings\Temp\Perflib_Perfdata_10c4.dat 5/27/2009 3:40 PM 16.00 KB Hidden from Windows API. C:\Documents and Settings\Operator\Local Settings\Temp\~DF1071.tmp 5/27/2009 3:18 PM 304.00 KB Hidden from Windows API. C:\Documents and Settings\Operator\Local Settings\Temp\~DF6149.tmp 5/27/2009 3:18 PM 304.00 KB Hidden from Windows API. C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\1MCX4RLV\mbam.check[1].database 5/27/2009 3:18 PM 4 bytes Hidden from Windows API. C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\1MCX4RLV\mbam.check[2].program 5/27/2009 3:18 PM 3 bytes Hidden from Windows API. C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\1MCX4RLV\news[1].txt 5/18/2009 5:12 AM 31 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\1MCX4RLV\rules[1].ref 5/18/2009 5:12 AM 1.91 MB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\1MCX4RLV\videoByMarket[1].xml 5/27/2009 3:26 PM 5.83 KB Hidden from Windows API. C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\4WILBPJ4\videoByTag[1].xml 5/27/2009 3:05 PM 6.91 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\8D6CKRUK\mbam.check[1].database 5/18/2009 5:12 AM 4 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\8D6CKRUK\rules[1].ref 5/27/2009 3:18 PM 1.99 MB Hidden from Windows API. C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\GEK4X9T7\videoByMarket[1].xml 5/27/2009 3:16 PM 5.91 KB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\GEK4X9T7\videoByTag[1].xml 5/27/2009 3:55 PM 6.91 KB Hidden from Windows API. C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\ODSRCE8A\mbam-setup[1].exe 5/27/2009 3:18 PM 3.22 MB Hidden from Windows API. C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\ODSRCE8A\mbam.check[1].program 5/18/2009 5:12 AM 3 bytes Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\Q9T77OR7\mbam-setup[1].exe 5/18/2009 12:23 AM 2.83 MB Visible in Windows API, but not in MFT or directory index. C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\Q9T77OR7\news[1].txt 5/27/2009 3:18 PM 86 bytes Hidden from Windows API. C:\Program Files\Malwarebytes' Anti-Malware\Languages\arabic.lng 4/10/2009 12:53 AM 10.09 KB Hidden from Windows API. C:\Program Files\Malwarebytes' Anti-Malware\Languages\estonian.lng 4/22/2009 6:40 PM 10.78 KB Hidden from Windows API. C:\System Volume Information\_restore{FB3F1A7F-177E-4A46-B21C-22FB29C0AEED}\RP440\A0142800.ini 5/27/2009 1:26 AM 23.05 KB Hidden from Windows API. C:\System Volume Information\_restore{FB3F1A7F-177E-4A46-B21C-22FB29C0AEED}\RP440\A0142801.dll 4/13/2008 7:12 PM 26.00 KB Hidden from Windows API. C:\WINDOWS\Temp\_avast4_\unp157452906.tmp 5/27/2009 4:01 PM 21 bytes Visible in directory index, but not Windows API or MFT. C:\WINDOWS\Temp\_avast4_\unp22705104.tmp 5/27/2009 3:55 PM 21 bytes Visible in Windows API, but not in MFT or directory index. C:\WINDOWS\Temp\_avast4_\unp240290206.tmp 5/27/2009 3:55 PM 21 bytes Hidden from Windows API. He said I might have several rootkits Link to comment Share on other sites More sharing options...
Administrator Tarun Posted May 27, 2009 Administrator Share Posted May 27, 2009 There's no rootkits listed there that I see. What rootkits did he think you have? Also, you may want to try the Anti-Malware Toolkit. It helps you get useful and trusted tools to really clean up your computer. Asked about the primary role because of seeing the MySQL services and other items that can be a bit taxing. Oh, and I would ditch Ad-Aware. It's nowhere near as useful as it used to be. Especially since the free version doesn't allow custom settings anymore, thus crippling it and making users have to pay for a higher version. Link to comment Share on other sites More sharing options...
Preposterous Posted May 27, 2009 Author Share Posted May 27, 2009 Well he thought I might have a rootkit involving WoW, because I've had my account compromised a few times now. Link to comment Share on other sites More sharing options...
Administrator Tarun Posted May 27, 2009 Administrator Share Posted May 27, 2009 Be sure not to give anyone your password or any identifiable information. Often social engineering is used to get information such as secret questions/answers for password recovery. Use the Anti-Malware Toolkit and get your OS package, then follow the PC Cleanup guide. The tools you'll download will help you ensure your pc is clean. If any infections are noticed after running the tools downloaded, we can use some other special tools. Link to comment Share on other sites More sharing options...
Recommended Posts