I think my pc has a hidden rootkit

Hey guy's

I just registered on the site after looking at some you tube videos on rootkits, and after i saw how dangerous rootkits actually are, i ran rootkit scan using Radix, a program i found browsing through these forums. I always browse the forums here but i never needed to register until the radix scan found some strange stuff on my pc which runs windows xp pro sp3. I registered because i need a second opinion from the experts here.

Now im not a complete noob when it comes to computer security, i know enough things to clean my friends and families computers of malware using various anti-malware scanners and the UBCD for windows.

Ok back to topic, so the radix scan found some things that it flagged as possible rootkit behavior. I took some pics and i will post them below:

http://img6.uploadhouse.com/fileuploads/3468/3468308109a0690b8c26b70bf0a40df3c75820d.jpg
http://img7.uploadhouse.com/fileuploads/3468/34683076c1f68f9712090bfaca010e27f978004.jpg
http://img3.uploadhouse.com/fileuploads/3468/346830615cba5c561cdc3676afb05f652da9285.jpg
http://img1.uploadhouse.com/fileuploads/3468/3468305e25e1be1799af2bfb22243bdc9ce957a.jpg
http://img1.uploadhouse.com/fileuploads/3468/34683041b6557555d284730215f519056836ce5.jpg
http://img5.uploadhouse.com/fileuploads/3468/3468303e8de5c45847635b08588262817beefdb.jpg
http://img1.uploadhouse.com/fileuploads/3468/34683028004234688216bd806acf8be04dd9555.jpg
http://img3.uploadhouse.com/fileuploads/3468/3468301700ac71b2dfdb70b99a685da00138bc1.jpg


As you can see from the pics there is something fishy going on here.

Aslo a little more info: Im just reinstalled my os from scratch and im using sandboxie and avira antivir pro for my security setup and MalwareBytes and SAS as on demand scanners only.


Plz help me anyway you can. I don't want my pc turning into a botnet pc used to launch spam emails.

Thank You for reading.

 

Check with Prevx CSI. It will detect rootkits.

Check network connections in software firewall. If suspicious send / receive packets then botnet.

 

Hello Emiljan,

In your pics 3,4,5: you have GOOD hooks from Avira anti-rootkit part. Then are essential for the functionning of anti-rootkit part of your Avira.

ShimEng.dll is OK., is a module associated with Shim Engine DLL (IAT) from Microsoft. Ask Google ...

For other entries , if you disable your Sandboxie, SAS and others, you will see the difference.

Waiting your answer,

PROROOTECT

 

try this:
http://www.freedrweb.com/

It used to be best free cleaner for me.

 

For such rootkit Qs, it,s best to post here.

http://forum.sysinternals.com/forum_topics.asp?FID=18

 

Hey guys i just ran some more scans using prevX and rootkit revealer and they both found nothing. So then i ran Dr.web cure it just to be sure and that found nothing.

Im thinking those youtube videos got to my head. but anyway i think that my pc is 99.9% clean.

Thanks for all your help guys.

 

These tools won´t help if you are attacked specifically. Cureit is better then prev and prev better then rkrev. But all three are insufficient.
Shimeng is the "windows internal rootkit" "nothing to worry"

 

Hello,
If you are suspicious of your system and still have CSI installed, click Tools and Settings > Save Scan Results and then email me the scan log (I'll PM you my email address ) and I'll check to make sure you're clean