PDA

View Full Version : RootAlyzer found some invisible keys-1



ciglioverde
2012-10-24, 11:04
Windows xp sp3 32 bit

Rootalyzer log
// info: Rootkit removal help file
// copyright: (c) 2008-2009 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"No admin in ACL","C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-1.bin"
RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\","0Jf40"
RegyKey:"Invisible to Win32","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Services\d347prt\Cfg\","0Jf40"


A brief History ...

I got hit with the Strathclyde Police virus package last year ,cleaned it up myself as best I could, but some stuff must still be around.
Security centre has been acting strange (turning itself off/auto updates need switching on every time I do a cold boot )

Game controllers need resetting every time I boot up.

I use Firefox but I can't get Internet Explorer to open for Windows Update ..so I rely on auto updates for security patches.

I've used malwarebytes,SAS ,and SSD these have found and got rid of some trojans , but I still fear I have rootkits on my machine .
I've run tdsskiller , Hitman Pro, and RootAlyzer and it was the last one that decided me to come here ... to ask for help.



I realize from reading the pre-post preamble that you would rather I would have tried nothing following the original problem and come straight here then ...
Now I feel that a re-format and re-install is the best option , but I still hold out hope that you can help me with not having to do that. If you feel that it's too late to really do anything except a re-format/re-install I will understand.
Thanks.

tashi
2012-10-24, 17:21
Hello ciglioverde,

Can you produce the DDS and aswMBR logs so someone can advise after taking a look?

http://forums.spybot.info/showpost.php?p=1150&postcount=2

If so please start a new topic providing the logs and a link back to this thread.

Best regards. :)

ciglioverde
2012-10-24, 18:03
ok will do .. thanks

tashi
2012-10-24, 23:02
New topic: http://forums.spybot.info/showthread.php?t=66959