Rootkit: hidden boot sector

Sorry it took so long. The computer says it had 68 windows updates that it was configuring on reboot. It was stuck on update 1 for EVER! I turned off the updates for now. Please let me know if there is anything else I should do. I will run a full scan with Avast again to see what it pulls up and let you know. Thanks for all your help Crush. GeekPolice is a life saver for me!

Avast picked up a TON more than before when I had it set for high sensitivity and checked all packers. I simply hit repair then apply since I couldn't copy and past that log report and couldn't go to any other window without closing that one first. Once the computer reset, I seemed to have more control over the computer and it seems as though it's back to normal. I then changed all the setting for the full system scan back to normal and that came back clean. I just finished the full round of windows updates... 73 including the optional security ones. Now I am running another full system scan with the setting back to the high and all packers to see what happens. I will let you know if that came back clean, or if it found anything.

This is what came up on the Avast full system scan with high sensitivity and all packers checked.

File Names Status

C:\...|>_TUProj.dat Error: Archive is password protected
C:\...|>DataSave_Green.ico Error: Archive is password protected
C:\...|>IRIMG1.BMP Error: Archive is password protected
C:\...|>IRIMG1.JPG Error: Archive is password protected
C:\...|>DataSafe_Green.ico Error: Archive is password protected
C:\...|>diff_000001.dif Error: Archive is password protected
C:\...|>diff_000002.dif Error: Archive is password protected
C:\...|>diff_000003.dif Error: Archive is password protected
C:\...|>diff_000004.dif Error: Archive is password protected
C:\...|>diff_000005.dif Error: Archive is password protected
C:\...|>diff_000006.dif Error: Archive is password protected
C:\...|>diff_000007.dif Error: Archive is password protected

I couldn't copy and paste so I had to enter this manually. Under the Status of each one it says "Error: Archive is password protect.." Because I couldn't see it I just filled in the blanks. Before I clicked on the report it said the scan couldn't check all files.

Those are nothing to worry about. The high sensitivity will produce false positives. The important thing is, is it still picking up the rootkit in the MBR?

Awesome! I think it's gone then! What's the MBR? I know that Avast and TDSSkiller both came back clean. Thanks again Crush!

The Master Boot Record. This infection will produce a detection from Avast similar to what you're stating. Is the detection from the first post gone?

Yes. All is gone nothing is being detected. Thank you so much for your help Crush! My friend thanks you too!

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

====

Download Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Hey guys,
I made an account specifically for noticing this thread. My problem is that my world of warcraft account continuously gets hacked, and I have FOUR of those things popping up in my avast security when I try doing a quick scan. The datasafe_green pops up, along with the following:
|>diff_000001.dif
|>IRIMG1.BMP
|>IRIMG1.JPG

Now I notice you guys have figured these notices are not of issue, however what is it exactly that keeps on gaining access to my WOW account and locking it? Is it a keylogger? And what can I do to get rid of this? It's been happening for several years even when I was not playing on the account.

Any help will be greatly appreciated!!
Lapps