BleepingComputer.com: Rootkit and hacked windows needs cleaning

Hi Gringo, I'm still here. Work is hectic, and I have no working computer at home. It is now screwing with certificates, not allowing any secure site access.

Here is the requested scan log.

Thanks...


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2009-01-01 00:10:00
-----------------------------
00:10:00.767 OS Version: Windows x64 6.1.7600
00:10:00.767 Number of processors: 2 586 0x2505
00:10:00.767 ComputerName: DEATHSTAR2 UserName: superman
00:10:54.774 Initialize success
00:11:12.761 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:11:12.761 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
00:11:12.776 Disk 0 MBR read successfully
00:11:12.776 Disk 0 MBR scan
00:11:12.792 Disk 0 Windows 7 default MBR code
00:11:12.792 Service scanning
00:11:13.806 Disk 0 trace - called modules:
00:11:13.806 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:11:13.806 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045c4740]
00:11:13.822 3 CLASSPNP.SYS[fffff88001b2e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800447e050]
00:11:13.822 Scan finished successfully
00:13:16.547 Disk 0 MBR has been saved successfully to "C:\Users\superman\Desktop\MBR.dat"
00:13:16.563 The log file has been saved successfully to "C:\Users\superman\Desktop\aswMBR.txt"

FIXMBR button is lit, and FIX is grayed out.


boboli

This post has been edited by boboliman: 09 May 2011 - 09:38 AM

Hello

I know you ran this before but I want you to run it with these instructions and I want you to redownload it - it has been updated

Please download Kaspersky Virus Removal Tool and SAVE it to your desktop

• Right click and run as admin (xp please double click to run)
  
  
• select lang
  
  
• click on next
  
  
• accept the license aggreement
  
  
• select location and click on next
  
  
• in autoscan make sure the first three boxes are checked and the box next to the C:/ drive
  
  
• click on start scan
  
  
• when complete click on report
  
  
• in the three drop down boxes choose autoscan - do not group and important events
  
  
• click on save and save to desktop
  
  
• copy and paste this report in your next post

Autoscan: completed <1 minute ago (events: 2, objects: 531143, time: 01:11:59)
1/1/2009 4:26:50 AM Task started
1/1/2009 5:38:49 AM Task completed

:Run sfc /scannow:

If you have the win 7 cd please put it in your cd drive.

• Stop all running programs and make sure you are at a point in time when letting your computer work for a minute isn't going to be a problem.
  
• Get Erunt. With this simple utility you can backup your registry before any changes are made and restore to these saved changes should it become necessary.
  
• Make a registry backup with Erunt before continuing. You can also create a restore point for added insurance. (Start > All programs > Acessories > System tools > System Restore)
  
• Click Start > run > type in sfc /scannow > Press Enter. This is the system file checker. What it does is scour your system and look for windows system files that are corrupt or missing. If it needs a file off of the win 7 cd it can grab it if you have the win 7 CD. If you DON'T have the win 7 cd all is not quite lost yet. We can try restoring system files from your computer's dllcache (which would possibly require a registry change).
  
• After this process is complete you may need to reboot.

Note: If you are a power user using registry tweaks, you will likely have to reapply those tweaks after the scan is complete.

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
  
• do you need more time?
  
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Hi Gringo,

I did as you instructed and the scan turned up clean. One thing I noted was as the scan was running, a little over 800 files were created in c:\windows\winsxs\temp.

Hello

I don't know what else to do - I don't see anything that would cause your problems and I have thrown everything I can think of at it



gringo