I think I have a ghost on my system
Hi there,
I have posted twice in the past because of virus/malware/trojans and the like. Both times I was blown away by the level of help I received and would again like to thank you for all of the help. The first time my computer ran better than new after the bad stuff was removed. The last time the virus (or?) was removed my computer still seemed slow. The virus removal went well but it seems like there are programs running that I don't know about. I have tried what little I know to do but have had no luck. I have updated then ran McAfee, Superantispyware, Spybot, Adaware, Malwarebytes, CCleaner, ATF-cleaner and Hijack This. Nothing has seemed to help. The only added program that I know runs on start up is McAfee. I don't use instant messanger or download music or anything like that so I should have no other progragrams running. I just want my computer to run like I know it can again. Can someone please help me discover and fix whatever is going on? Any help would be greatly appreciated. Thank you in advance for your help. You folks really rock.
I have posted twice in the past because of virus/malware/trojans and the like. Both times I was blown away by the level of help I received and would again like to thank you for all of the help. The first time my computer ran better than new after the bad stuff was removed. The last time the virus (or?) was removed my computer still seemed slow. The virus removal went well but it seems like there are programs running that I don't know about. I have tried what little I know to do but have had no luck. I have updated then ran McAfee, Superantispyware, Spybot, Adaware, Malwarebytes, CCleaner, ATF-cleaner and Hijack This. Nothing has seemed to help. The only added program that I know runs on start up is McAfee. I don't use instant messanger or download music or anything like that so I should have no other progragrams running. I just want my computer to run like I know it can again. Can someone please help me discover and fix whatever is going on? Any help would be greatly appreciated. Thank you in advance for your help. You folks really rock.
0
Comments
Thank you very much
HKU\.DEFAULT\Control Panel\International 7/20/2008 5:08 PM 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\International\Geo 7/20/2008 5:08 PM 0 bytes Security mismatch.
HKU\S-1-5-21-504832412-3993091450-3851245412-1008\Console 12/28/2009 11:56 PM 0 bytes Security mismatch.
HKU\S-1-5-21-504832412-3993091450-3851245412-1008\Control Panel\International 5/16/2010 10:16 AM 0 bytes Security mismatch.
HKU\S-1-5-21-504832412-3993091450-3851245412-1008\Control Panel\International\Geo 7/20/2008 5:08 PM 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International 7/20/2008 5:08 PM 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International\Geo 7/20/2008 5:08 PM 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 11/10/2005 10:03 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 11/10/2005 10:03 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\swearware\backup\winsock2 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 12/28/2009 11:47 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 12/28/2009 11:47 PM 0 bytes Security mismatch.
C:\$AttrDef 11/10/2005 10:50 AM 2.50 KB Hidden from Windows API.
C:\$BadClus 11/10/2005 10:50 AM 0 bytes Hidden from Windows API.
C:\$BadClus:$Bad 11/10/2005 10:50 AM 177.80 GB Hidden from Windows API.
C:\$Bitmap 11/10/2005 10:50 AM 5.56 MB Hidden from Windows API.
C:\$Boot 11/10/2005 10:50 AM 8.00 KB Hidden from Windows API.
C:\$Extend 11/10/2005 10:50 AM 0 bytes Hidden from Windows API.
C:\$Extend\$ObjId 11/10/2005 10:50 AM 0 bytes Hidden from Windows API.
C:\$Extend\$Quota 11/10/2005 10:50 AM 0 bytes Hidden from Windows API.
C:\$Extend\$Reparse 11/10/2005 10:50 AM 0 bytes Hidden from Windows API.
C:\$Extend\$UsnJrnl 12/6/2008 7:31 PM 0 bytes Hidden from Windows API.
C:\$Extend\$UsnJrnl:$Max 12/6/2008 7:31 PM 32 bytes Hidden from Windows API.
C:\$LogFile 11/10/2005 10:50 AM 64.00 MB Hidden from Windows API.
C:\$MFT 11/10/2005 10:50 AM 118.80 MB Hidden from Windows API.
C:\$MFTMirr 11/10/2005 10:50 AM 4.00 KB Hidden from Windows API.
C:\$Secure 11/10/2005 10:50 AM 0 bytes Hidden from Windows API.
C:\$UpCase 11/10/2005 10:50 AM 128.00 KB Hidden from Windows API.
C:\$Volume 11/10/2005 10:50 AM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\tagfiles\20100520.049.sst 5/20/2010 8:07 PM 30.83 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs\20100520.008 5/20/2010 6:37 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs\20100520.008\Catalog.dat 10/23/2009 7:15 PM 2.35 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs\20100520.008\v.grd 5/20/2010 3:34 PM 1.30 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs\20100520.008\v.sig 5/20/2010 3:34 PM 2.21 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs\20100520.008\virscan1.dat 5/20/2010 3:34 PM 32 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs\20100521.001 5/20/2010 7:48 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs\20100521.001\Catalog.dat 5/19/2010 7:31 PM 2.35 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs\20100521.001\v.grd 5/20/2010 7:48 PM 1.30 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs\20100521.001\v.sig 5/20/2010 7:48 PM 2.21 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs\20100521.001\virscan1.dat 5/20/2010 7:48 PM 32 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Logs\firewall.dat 5/20/2010 7:48 PM 126 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Lue\Downloads\consumer$20licensing$20technologies_10.6.1_symalllanguages_livetri.zip 5/20/2010 7:47 PM 2.70 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\NCW\MrClean.db-journal 5/20/2010 7:43 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
D: 0 bytes Error mounting volume
What did Sophos find?
Sophos does not have a way of saving the results in a file that I can send you. I was able to copy the page as a .BMP file but is two files and they are both too large. One is 2mb and the other is 3.35mb. Do you have any suggestions?
It does not say if it was able to detect any known rootkits on your machine?
I had 70 + files found when I ran Shophos.