RootKits..

[CH Queen]

I downloaded Rootkitrevealer today from Here, Because I wanted to make sure that there are no rootkits on my computer, because of This, and it showed quiet a lot of stuff. I've attached a screen shot.

I checked my virus vault, It showed this.
PUP Potentially harmful Hack Tool BVP 
C:\System Volume Information\-restore{8718f503-489f-8c04-133208dd68ce}\a0000156.exe


I don't know what to do! I don't have any softwares left, and if I try to download anything it crashes half way most of the time, it's so frustrating!!!Please help me! I've already reformatted this computer twice in 2 days! But I'm ready to reformat the computer again! but I'm afraid by now it's too late cause I've logged in into all my accounts already..(I used On-Screen keyboard for passwords though for the time being).

Please help.

Thank you.

[attachment deleted by admin]

[CH Queen]

Succeeded in downloading HJT.

I have attached a log file.

[attachment deleted by admin]

Hi Ivy,

Follow this link..

http://www.computerhope.com/cgi-bin/process.pl?o=31222613

Follow the cleaning instructions, and run an MBAm scan afterwards.

[CH Queen]

Actually I did that already, it's says I gotta delete some files, I thought you guys might not want me to delete them without consulting you first.

So shall I go ahead and remove those files?

[CH Queen]

Also I have downloaded RootKitBuster that Patio mentioned in one of his posts, It showed no hidden files.

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 2.52.0.1013
+----------------------------------------------------


--== Dump Hidden MBR and Hidden File on C:\ ==--
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
No hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

Yup, follow the process tool instructions and fix the entries in HJT.

[CH Queen]

It says

This file could be a legitimate file. Make sure you're positive this is not a valid file by reading the suggestions in the above chart before deleting it. If you're not comfortable deleting the file just leave it alone.

And I'm not sure if those files are valid or not.

[Malware Removal Specialist]

Stay away from Rootkit tools unless you are very sure what you are doing.

I don't know what to do! I don't have any softwares left

What happened exactly? I don't know what that means.

[CH Queen]

Did you read the links? I reformatted my comp and all software's gone, I've been downloading  then one by one now, but there were so many that I had.

Please tell me what must I do Evil?

[Malware Removal Specialist]

All you can do is redownload everything you are missing.

[CH Queen]

and what about the rootkits and the hacktools? I'm not worried about the software I had, I'm worried about my passwords etc!

[Malware Removal Specialist]

PUP Potentially harmful Hack Tool BVP
C:\System Volume Information\-restore{8718f503-489f-8c04-133208dd68ce}\a0000156.exe

This is a system restore point and could be anything.

Download  The Avenger by Swandog46

* Unzip/extract it to your desktop.
* Now start The Avenger by double clicking on its icon on your desktop and click OK when to the warning.
* Leave the box for Scan for rootkits checked.
* Then place a check in the box next to Disable any rootkits found
* Now click on Execute to begin the scan.
* You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
* Click Yes.
* You will now be asked 'First step completed ... The Avenger has been successfully set up to run on next boot. Reboot now?'
* Click Yes
* Your PC will now be rebooted.
* After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at
%systemdrive%avenger.txt (typically C:\avenger.txt)

* Please post the Avenger log in your next reply.

[CH Queen]

Log

[attachment deleted by admin]

[Malware Removal Specialist]

I can't read that...

Logfile of The Avenger Version 2.0, (c) by Swandog46
਍栀琀琀瀀㨀⼀⼀猀眀愀渀搀漀最㐀㘀⸀最攀攀欀猀琀漀最漀⸀挀漀洀ഀഀ

਍倀氀愀琀昀漀爀洀㨀  圀椀渀搀漀眀猀 堀倀ഀഀ

਍⨀⨀⨀⨀⨀⨀⨀⨀⨀⨀⨀⨀⨀⨀⨀⨀⨀⨀⨀ഀഀ

਍匀挀爀椀瀀琀 昀椀氀攀 漀瀀攀渀攀搀 猀甀挀挀攀猀猀昀甀氀氀礀⸀ഀഀ
Script file read successfully.
਍ഀഀ
Backups directory opened successfully at C:\Avenger
਍ഀഀ
*******************
਍ഀഀ
Beginning to process script file:
਍ഀഀ
Rootkit scan active.
਍一漀 爀漀漀琀欀椀琀猀 昀漀甀渀搀℀ഀഀ

਍ഀഀ
Completed script processing.
਍ഀഀ
*******************
਍ഀഀ
Finished!  Terminate.
਍

[CH Queen]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished!  Terminate.


Why did it look like that???