Remove-Malware.com Forums

[DN102]

Just ran rootkit revealer and the 1st thing it found is linked to recycler.

HKU\S-1-5-21-1935655697-484061587-725345543-1003\Console 04/08/2010 11:17 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 04/08/2010 15:50 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 04/08/2010 15:50 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 05/08/2010 04:09 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful 05/08/2010 04:09 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Swearware\backup\winsock2 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 04/08/2010 11:13 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 04/08/2010 11:13 0 bytes Security mismatch.

[FieryDemon]

the repeating sounds may also be due to the slow PC you have, making it lag.

You shouldn't have stealth objects in recyclers, we can try to clean them and see if that solves your problem but if you are sending the PC to the shop then there is no point continuing here. Let me know and I will see what I can do

Or like Dieselman said, you can use Dban and wipe your drive again and see what happens.

[DN102]

ah yea, well i cant aford to take it to a shop at the moment lol, just told me mum im gona let it run till it dies. but if you dont mind helping me view/dellete tehn it will be much appreciated, dont really want to run dban yet till im 100% sure my pc is cleaned etc. pc seems to be running ok at the moment tho just want to find out what these stealthed . folders etc are.

[Dieselman]

Why worry if your clean...................Dban will clean the pc. Sounds to me like when your originally wiped the drive it did not work. So in that case do it again.

[DN102]

yea thats what im going to do now m8, best way to make sure, just spent a hour or 2 backing stuff up slipstreaming sp3, also grabed the latest drivers as suggested, i will post back tomorrow when its sorted. fingers crossed it runs smoother than befor.

[Dieselman]

DO NOT BACKUP things you do not know of trust.

[DN102]

yea dont worry was only things like sandboxie, avira comp seems ok, after checking other other peoples pc, the cd thing looks normall also does my conflicts. all i do notice is that now and again my pc freezes or hangs for a little bit when loading small apps like notepad, its probs jus ta hard drive issue even tho the dianogstics tool said no failurs heh.

[Dieselman]

You DONT backup programs. You back up stuff like pictures and documents. Any and all software needs to be re-installed.

Sorry Ross and I posted at the same time. Are you sure you know all the steps to proper formatting?

[DN102]

yea lol, which is why i changed my mind, got a free year license with nis 2010 so used that rather than the crap i put on usb. main reason i back up programes is because theres 1 xbox and 4 pcs and a laptop connected to the router, if i download i get a earfull lol so i just stick random stuff i use on usb. also beacuse in the past i used to download nearlly 10 gig of stuff a week. so there isp started to slow our net speed.

[Dieselman]

This is getting way off topic. You WILL NEVER EFFECTIVE FORMAT OR CLEAN A PC UNLESS YOU FULLY DELETE EVERYTHING. You cannot out back old programs and just copy and paste them or so cause they maybe causing issues themselves. Here are some good articles to follow step by step.

http://grownupgeek.com/reformat

http://helpdesk.its.uiowa.edu/windows/i ... format.htm