rootkits

[Dell User]

I did a scan for rootkits, and got some results, but have no idea if they are dangerous or not. Can someone help me to figure out if something needs to be deleted or not? They all say microsoft, but still want to make sure.


avast! Antirootkit, version 0.9.6
Scan started: Sunday, December 28, 2008 12:19:24 AM

Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\
]  **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\
] DisplayName="ឨ݂ឨ݂
"  **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\
] DeviceDesc="ឨ݂ឨ݂
"  **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\
] ProviderName="⟔粐⡄"  **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\
] MFG="Ә"  **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\
] ReinstallString="C:\WINDOWS\System32\ReinstallBackups\ਔ€쀐\DriverFiles\.INF"  **HIDDEN**
Registry item [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\
] DeviceInstanceIds="c:\dell\drivers\r134875\smbus\smbusati.inf"  **HIDDEN**

Scan finished: Sunday, December 28, 2008 12:25:13 AM
Hidden files found: 0
Hidden registry items found: 7
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0

[Lisandro]

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

The step 2 and booting next time will include a rootkit scanning as well.
Difficult to say as there are no files being detected, only registry keys.
Do these files exist in your computer?

C:\WINDOWS\System32\ReinstallBackups\ਔ€쀐\DriverFiles\.INF (or, at least the folder)
c:\dell\drivers\r134875\smbus\smbusati.inf

[Dell User]

Yes, I found both, tho the top one I only found the folder..so far. I am trying to check for rootkits and other problems, cause something is killing my memory like something huge is running in the background.
I can start typing at times, and the letters do not even start to appear for a few seconds.
This is when I am online mostly, but not doing any programs, just surfing websites.
Sometimes I can hear the click, like a link was clicked on, but I'm not doing anything.. like something might be accessing the internet.
I may end up reinstalling the OS tho I really don't want to...

[Lisandro]

Maybe the better will be running that antispyware programs booting in Safe Mode.