Rootkit Reveal Log 1

[electricpete]

My Toshiba laptop PC with Windows XP SP2 and 2GB ram seems slower and has occasional crashes.

I tried the rootkit detector tool mentioned here:
faq760-6534

The program flagged the 3 registry entries below , plus many files. Do these items suggest anything to you?

Path Timestamp Size Description:

HKLM\SECURITY\Policy\Secrets\SAC* 3/20/2006 1:32 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 3/20/2006 1:32 PM 0 bytes Key name contains embedded nulls (*)

HKLM\SOFTWARE\Classes\webcal\URL Protocol 11/10/2006 3:19 PM 13 bytes Data mismatch between Windows API and raw hive data.

 

[2ffat]

HKLM\SOFTWARE\Classes\webcal\URL Protocol 11/10/2006 3:19 PM 13 bytes Data mismatch between Windows API and raw hive data.

That's normal and can be ignored. The other two are problematic. I suggest you try Sysinternal's RegDelNull but I suspect that most people would recommend a reformat and re-installation.


James P. Cottingham
[sup]I'm number 1,229!
I'm number 1,229![/sup]

 

[goombawaho]

I wouldn't recommend a format UNLESS you've run the following and all of them can't fix what you've got. Or if you're paranoid and you can't be at peace until there is 100% certainty that the baddies are gone.

0. Rkill (to stop any malware processes)
1. MalwareByte's anti-malware
2. GMER
3. ComboFix

See instructions on Bleeping Computer for using these items.