Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack This log help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Hijack This log help

Unread postby ProblemPerson » January 5th, 2012, 4:14 pm

Here is the rkill:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/05/2012 at 14:52:45.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 01/05/2012 at 14:54:17.


Here is the aswMBR log:

aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
Run date: 2012-01-05 15:00:22
-----------------------------
15:00:22.207 OS Version: Windows x64 6.1.7600
15:00:22.207 Number of processors: 4 586 0x2505
15:00:22.223 ComputerName: JOSH-PC UserName: Josh
15:00:25.499 Initialize success
15:04:36.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:04:36.733 Disk 0 Vendor: WDC_WD5000BEVT-75A0RT0 01.01A01 Size: 476940MB BusType: 11
15:04:36.764 Disk 0 MBR read successfully
15:04:36.780 Disk 0 MBR scan
15:04:36.796 Disk 0 Windows 7 default MBR code
15:04:36.796 Disk 0 MBR hidden
15:04:36.796 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
15:04:36.842 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11718 MB offset 129024
15:04:36.842 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 465158 MB offset 24127488
15:04:36.889 Disk 0 Partition 4 80 (A) 17 Hidd HPFS/NTFS NTFS 1 MB offset 976771072
15:04:36.889 Disk 0 Partition 4 **SUSPICIOUS**
15:04:36.905 Service scanning
15:04:45.750 Modules scanning
15:04:45.750 Disk 0 trace - called modules:
15:04:46.296 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80027c3334]<<
15:04:46.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027ac060]
15:04:46.327 3 CLASSPNP.SYS[fffff880011c043f] -> nt!IofCallDriver -> [0xfffffa80024e6520]
15:04:46.343 5 ACPI.sys[fffff88000f93781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80024e2680]
15:04:46.343 \Driver\atapi[0xfffffa80024a0060] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80027c3334
15:04:46.343 Scan finished successfully
15:12:17.762 Disk 0 MBR has been saved successfully to "C:\Users\Josh\Desktop\MBR.dat"
15:12:17.871 The log file has been saved successfully to "C:\Users\Josh\Desktop\aswMBR.txt"
ProblemPerson
Regular Member
 
Posts: 31
Joined: December 20th, 2011, 5:34 pm
Advertisement
Register to Remove

Re: Hijack This log help

Unread postby maxi » January 5th, 2012, 5:54 pm

Hi problemperson,

Unfortunately I have bad news for you. Your computer has a serious Rootkit which blocks many of the tools we use. Have a read of the information below and let me know what you decide to do.

Rootkit

Your computer has multiple infections, including a Rootkit. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
How to backup your files in Windows XP
How to backup your files in Windows Vista/Windows 7

Should you have any questions please feel free to ask.

Please let us know what you have decided to do in your next post.

Regards maxi
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Hijack This log help

Unread postby ProblemPerson » January 5th, 2012, 10:07 pm

I was kind of worried about something like that when I could not clean it my self because I normally can. This computer was given to me so I dont have the OS and as far as the person that gave it to me knows he does not either. So if you could help it would be appreciated even if we cant I still appreciate the effort! posting.php?mode=reply&f=11&t=58683&sid=473e5965c69ddc71cba1bb7c7d319728#

PS. when I first got it I removed 2 or 3 Trojans and a backdoor agent.
ProblemPerson
Regular Member
 
Posts: 31
Joined: December 20th, 2011, 5:34 pm

Re: Hijack This log help

Unread postby ProblemPerson » January 5th, 2012, 10:10 pm

and luckily we avoided accessing anything that had a large amount of personal information from this computer because of that possibility!
ProblemPerson
Regular Member
 
Posts: 31
Joined: December 20th, 2011, 5:34 pm

Re: Hijack This log help

Unread postby ProblemPerson » January 5th, 2012, 10:42 pm

And I also need to know if it is safe to burn files to a disk and download then to another computer I know it is not with some viruses.
ProblemPerson
Regular Member
 
Posts: 31
Joined: December 20th, 2011, 5:34 pm

Re: Hijack This log help

Unread postby ProblemPerson » January 6th, 2012, 1:28 am

Actually a friend just told me they have a windows I can have! So I dont need to clean this one off! Than you SO MUCH for the help you have given me!! I truly appreciate it!!
ProblemPerson
Regular Member
 
Posts: 31
Joined: December 20th, 2011, 5:34 pm

Re: Hijack This log help

Unread postby deltalima » January 6th, 2012, 2:45 pm

As your problems appear to require a reformat, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 64 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware