Jump to content

Preposterous - Log 01

Preposterous
Preposterous
in Resolved Logs

Featured Replies

Posted

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:47:41 PM, on 5/27/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Hamachi\hamachi.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\MONyog\bin\MONyog.exe

C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Xfire\Xfire.exe

C:\Program Files\Ventrilo\Ventrilo.exe

C:\Program Files\Ventrilo\Ventrilo.exe

C:\Program Files\VentSrv\ventrilo_srv.exe

C:\Documents and Settings\Operator\Desktop\RootkitRevealer.exe

C:\DOCUME~1\Operator\LOCALS~1\Temp\GVDS.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\regedit.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe

O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GVDS - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Operator\LOCALS~1\Temp\GVDS.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: MONyog - Unknown owner - C:\Program Files\MONyog\bin\MONyog.exe

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (file missing)

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (file missing)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--

End of file - 12323 bytes

  • Administrator

Welcome to Lunarsoft, Preposterous. Your log looks clean but there's a lot you need to do.

  • Update Internet Explorer to version 8.
  • Uninstall AVG.
  • Uninstall Viewpoint.
  • Uninstall Java update 5 and get the latest version, then run JavaRa to clean up.
  • Run StartUpLite from Malwarebytes.

What is the primary role of this computer?

  • Author

Primary role is gaming, thanks for the response!

What do you mean by cleaning up with JavaRa?

I don't know if this is the right forum for this, but I also have another log that a friend recommended to me.

HKLM\SECURITY\Policy\Secrets\SAC* 12/20/2007 4:58 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 12/20/2007 4:58 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 5/27/2009 3:14 PM 80 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQLServer\Parameters 2/23/2009 5:40 PM 0 bytes Security mismatch.

HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10.SQLEXPRESS\Security 2/23/2009 5:40 PM 0 bytes Security mismatch.

HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 5/31/2008 10:45 PM 0 bytes Access is denied.

C:\Documents and Settings\Operator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bk7amu4l.default\Cache\1E232AA1d01 5/27/2009 3:22 PM 54.32 KB Hidden from Windows API.

C:\Documents and Settings\Operator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bk7amu4l.default\Cache\6B4500E3d01 5/27/2009 3:22 PM 16.60 KB Hidden from Windows API.

C:\Documents and Settings\Operator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bk7amu4l.default\Cache\B22C5EE2d01 5/27/2009 3:22 PM 35.99 KB Hidden from Windows API.

C:\Documents and Settings\Operator\Local Settings\Application Data\Mozilla\Firefox\Profiles\bk7amu4l.default\Cache\EC584BB9d01 5/27/2009 3:22 PM 16.91 KB Hidden from Windows API.

C:\Documents and Settings\Operator\Local Settings\Temp\Perflib_Perfdata_10c4.dat 5/27/2009 3:40 PM 16.00 KB Hidden from Windows API.

C:\Documents and Settings\Operator\Local Settings\Temp\~DF1071.tmp 5/27/2009 3:18 PM 304.00 KB Hidden from Windows API.

C:\Documents and Settings\Operator\Local Settings\Temp\~DF6149.tmp 5/27/2009 3:18 PM 304.00 KB Hidden from Windows API.

C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\1MCX4RLV\mbam.check[1].database 5/27/2009 3:18 PM 4 bytes Hidden from Windows API.

C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\1MCX4RLV\mbam.check[2].program 5/27/2009 3:18 PM 3 bytes Hidden from Windows API.

C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\1MCX4RLV\news[1].txt 5/18/2009 5:12 AM 31 bytes Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\1MCX4RLV\rules[1].ref 5/18/2009 5:12 AM 1.91 MB Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\1MCX4RLV\videoByMarket[1].xml 5/27/2009 3:26 PM 5.83 KB Hidden from Windows API.

C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\4WILBPJ4\videoByTag[1].xml 5/27/2009 3:05 PM 6.91 KB Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\8D6CKRUK\mbam.check[1].database 5/18/2009 5:12 AM 4 bytes Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\8D6CKRUK\rules[1].ref 5/27/2009 3:18 PM 1.99 MB Hidden from Windows API.

C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\GEK4X9T7\videoByMarket[1].xml 5/27/2009 3:16 PM 5.91 KB Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\GEK4X9T7\videoByTag[1].xml 5/27/2009 3:55 PM 6.91 KB Hidden from Windows API.

C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\ODSRCE8A\mbam-setup[1].exe 5/27/2009 3:18 PM 3.22 MB Hidden from Windows API.

C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\ODSRCE8A\mbam.check[1].program 5/18/2009 5:12 AM 3 bytes Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\Q9T77OR7\mbam-setup[1].exe 5/18/2009 12:23 AM 2.83 MB Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\Operator\Local Settings\Temporary Internet Files\Content.IE5\Q9T77OR7\news[1].txt 5/27/2009 3:18 PM 86 bytes Hidden from Windows API.

C:\Program Files\Malwarebytes' Anti-Malware\Languages\arabic.lng 4/10/2009 12:53 AM 10.09 KB Hidden from Windows API.

C:\Program Files\Malwarebytes' Anti-Malware\Languages\estonian.lng 4/22/2009 6:40 PM 10.78 KB Hidden from Windows API.

C:\System Volume Information\_restore{FB3F1A7F-177E-4A46-B21C-22FB29C0AEED}\RP440\A0142800.ini 5/27/2009 1:26 AM 23.05 KB Hidden from Windows API.

C:\System Volume Information\_restore{FB3F1A7F-177E-4A46-B21C-22FB29C0AEED}\RP440\A0142801.dll 4/13/2008 7:12 PM 26.00 KB Hidden from Windows API.

C:\WINDOWS\Temp\_avast4_\unp157452906.tmp 5/27/2009 4:01 PM 21 bytes Visible in directory index, but not Windows API or MFT.

C:\WINDOWS\Temp\_avast4_\unp22705104.tmp 5/27/2009 3:55 PM 21 bytes Visible in Windows API, but not in MFT or directory index.

C:\WINDOWS\Temp\_avast4_\unp240290206.tmp 5/27/2009 3:55 PM 21 bytes Hidden from Windows API.

He said I might have several rootkits

  • Administrator

There's no rootkits listed there that I see. What rootkits did he think you have?

Also, you may want to try the Anti-Malware Toolkit. It helps you get useful and trusted tools to really clean up your computer. :D

Asked about the primary role because of seeing the MySQL services and other items that can be a bit taxing.

Oh, and I would ditch Ad-Aware. It's nowhere near as useful as it used to be. Especially since the free version doesn't allow custom settings anymore, thus crippling it and making users have to pay for a higher version.

  • Administrator

Be sure not to give anyone your password or any identifiable information. Often social engineering is used to get information such as secret questions/answers for password recovery.

Use the Anti-Malware Toolkit and get your OS package, then follow the PC Cleanup guide. The tools you'll download will help you ensure your pc is clean. If any infections are noticed after running the tools downloaded, we can use some other special tools.

Guest
This topic is now closed to further replies.
Go to topic listing

Recently Browsing 0

  • No registered users viewing this page.