[RESOLVED] RootkitRevealer found seven

**garybeafl** · June 22nd, 2008, 11:56 AM

Hi
I am using a home made computer that I made with a BioStar motherboard and an intel Celeron 2.4 G processer. I have two HDD both are 160G. I have 1 G of ram.

Today I ran RootkitRevealer and it found 7 discrepancies. What should I do now? In reading through some of the info about RootkitRevealer it said I should investigate them. I don't know how to do that.

any help or should I just forget it?

**Broni** · June 22nd, 2008, 02:39 PM

Run the F-Secure online scan for Viruses, Spyware and RootKits:

This scanner works with Internet Explorer only

* Go to the F-Secure Online Virus Scanner
* Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
* Allow the Active X control to be installed on your computer, then click the Accept button
* Click Full System Scan and allow the components to download and the scan to complete.
* If malware is found, check Submit samples to F-Secure then select Automatic cleaning
* When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
* Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

* When the cleaning option is presented, Uncheck Submit samples to F-Secure
* Click Automatic cleaning
* When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
* Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post along with a fresh HijackThis log.

Note:

* This scan will only work with Internet Explorer
* You must have administrator rights to run this scan
* This scan can take over an hour so please be patient

**garybeafl** · June 22nd, 2008, 10:09 PM

The first part took over 5 hours to do. Here are the results. I will do the Hijack this log tomorrow since it is bed time now.
Scanning Report
Sunday, June 22, 2008 15:59:19 - 22:00:37
Computer name: GARY
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ G:\ H:\

--------------------------------------------------------------------------------

Result: 5 malware found
HTML/Exploit!IFrame.G (virus)
D:\DOCUMENTS AND SETTINGS\GARY STALEY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OPQRSTUR\B[1].JS (Submitted)
D:\DOCUMENTS AND SETTINGS\GARY STALEY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OPQRSTUR\B[2].JS (Submitted)
Tracking Cookie (spyware)
System
W32/Malware (virus)
C:\GARY\PROGRA~1\INTEL\VIDEOP~1\TUTORIAL\UN_ALL.EXE (Submitted)
C:\GARY\PROGRA~1\INTEL\VIDEOP~1\TUTORIAL\UN_OVER.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 77929
System: 6098
Not scanned: 9
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 5
Submitted: 4
Files not scanned:
D:\HIBERFIL.SYS
D:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
D:\WINDOWS\SYSTEM32\CONFIG\SAM
D:\WINDOWS\SYSTEM32\CONFIG\SECURITY
D:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
D:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
D:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{83001333-6982-47A9-93C8-C88F5AEE1177}.BIN
D:\DOCUMENTS AND SETTINGS\GARY STALEY\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{107D2133-194C-4895-8185-729ACC1C9107}
H:\PAGEFILE.SYS

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-06-20
F-Secure AVP: 7.0.171, 2008-06-20
F-Secure Pegasus: 1.20.0, 2008-04-14
F-Secure Blacklight: 1.0.68
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

**Broni** · June 22nd, 2008, 10:32 PM

Sounds good.

**garybeafl** · June 23rd, 2008, 09:52 AM

Here is the Hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 9:50:53 AM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
D:\Program Files\Executive Software\DiskeeperLite\DKService.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
D:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
D:\WINDOWS\StartupMonitor.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\Program Files\PrintKey2000\Printkey2000.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\System32\ups.exe
D:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Windows Live\Mail\wlmail.exe
D:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Last.fm\LastFM.exe
D:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Program Files\IEPro\iepro.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] "D:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - Global Startup: Printkey2000.lnk = D:\Program Files\PrintKey2000\Printkey2000.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/vers...n/AMClient.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - D:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: "D:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll"
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: GhostStartService - Symantec Corporation - D:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: GoogleDesktopManager - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - D:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - D:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - D:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: QIRWJMUFS - Sysinternals - www.sysinternals.com - D:\DOCUME~1\GARYST~1\LOCALS~1\Temp\QIRWJMUFS.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - D:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - D:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - D:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

**Broni** · June 23rd, 2008, 04:48 PM

This is outdated HJT version, but I'd like you to run a whole set of tools, anyway...

Print these instructions out.

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebyt...are_d5756.html to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.

**JPnyc** · June 23rd, 2008, 04:51 PM

It's crucial that you run RR when you're not using the PC at all. I mean don't even move the mouse. Any changes to the drive that you might cause will show up as a discrepancy.

**garybeafl** · June 23rd, 2008, 05:04 PM

I realized that I had used an out of date version of Hijack this so I sent a new version log to the Hijackthis forum.

I will follow your instructions in this forum.
Gary

**garybeafl** · June 24th, 2008, 09:30 AM

When I unplugged from the internet (Verizon FIOS) and restarted my computer using F8 to get to safe mode I got the following message.
"Windows could not start because the following file is missing or corrupt.
Windows root>\system32\hal.dll. Please reinstall a copy of the above file.

It would seem to me that I have a good copy of the hal.dll or my computer would not start up in normal mode.

**Broni** · June 24th, 2008, 08:42 PM

Are you saying, you can start your computer in normal mode without a problem?

**garybeafl** · June 25th, 2008, 08:55 AM

Yes it starts right up but I can't get into safe mode while hooked up to the internet either.

**Broni** · June 25th, 2008, 12:07 PM

Pretty strange...
Anyway, run Superantispyware in normal mode, then.

**garybeafl** · June 25th, 2008, 01:50 PM

I am running the Super AntiSpyware in normal mode now. It has been running for 37 minutes and found 40 tracking cookies so far.

**Broni** · June 25th, 2008, 08:35 PM

That's OK. Superantispyware may run for over an hour, depending on hard drive size.

**garybeafl** · June 25th, 2008, 09:19 PM

Well it took 7 hours and 51 minutes. It said it found 2 virus. Here is the log.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/25/2008 at 09:05 PM

Application Version : 4.15.1000

Core Rules Database Version : 3490
Trace Rules Database Version: 1481

Scan type : Complete Scan
Total Scan Time : 07:53:48

Memory items scanned : 440
Memory threats detected : 0
Registry items scanned : 8144
Registry threats detected : 0
File items scanned : 130945
File threats detected : 44

Adware.Tracking Cookie
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@clickability[1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@hotlog[1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@78132904[2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@bravenet[1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@19452074[2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@collective-media[2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@adserver[1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@crossmediaservices[2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@realmedia[1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@qnsr[2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@interclick[1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@tacoda[1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@kontera[2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@tribalfusion[2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@overture[2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@toplist[1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@hypertracker[1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@insightexpressai[2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@versiontracker[2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@superstats[1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@specificclick[1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary [email protected][2].txt
D:\Documents and Settings\Becky Staley\Cookies\becky staley@insightexpressai[2].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@accounts[1].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@accounts[3].txt
D:\Documents and Settings\Gary Staley\Cookies\gary staley@stats[1].txt

Thread: [RESOLVED] RootkitRevealer found seven

Thread Tools

Search Thread

Display

[RESOLVED] RootkitRevealer found seven

Thread Information

Users Browsing this Thread

Posting Permissions