Your HJT log is clean.

It was a pretty serious infection, one of the most annoying doing the rounds at the minute. It takes one of disk controllers for your system, in your case iastor.sys, and infects it so that it takes control on boot and was causing redirects.

Nothing is ever guaranteed when it comes to infections, what I can say is that the steps I have asked you to run have removed the infection, confirmed that it is no longer present and now we will see if anything else is remaining.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure the following is checked.
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply.

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Make sure the C:\Program Files\JAVA folder is removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586.exe and select "Run as an Administrator.")

Here is the Kaspersky online log.

A rootkit virus... nasty indeed

so what can be done about that? is it taken care of?

You may have to run Combofix, but you have to do it very carefully, following the instructions to the letter

I did run combofix. The log is in the first page of this thread.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Post a fresh HijackThis log as well.

Here are the two logs.

Your logs are clean.

I would ditch all IOBit software as they have been known to use other companies databases and pass it off as their own.

go to start and then run and type ComboFix /Uninstall

Ok great. Thank you for all your help. Two final questions- What iobit software? And finally, what were the consequences of having this rootkit virus? Could they have taken any information from my computer or anything like that? Thanks again!

Oh ok, I see you are referring to Advanced SystemCare. What would you recommend in place of that? I had Ad-aware but if you look back in this thread, another member of techspot recommend I use SystemCare. What do you think? And Tmagic650, what are your thoughts on IOBit?

I recommend that you use Malwarebytes, this was the database that IOBit stole, why use an inferior software when you can use the original.

Also, this rootkit may have been able to gather information so it would be wise to monitor any charges made to credit cards etc for a while and change any passwords on a different computer.