chrome malware? and Rootkit impossible to remove

[AnnaJohansen]

Hello.

I am new here but i thought i would try to get some help from you interpeting logfiles. Apparently i have a rootkit, or multiple according to gmer "sometimes". shows different results sometimes. Plus i thing something is weird with chrome,behaves abnormal, and in logfile it says the startup page starts wit hxxxs.google PLUS hitmanpro says i have a irp_mj_scsi kernel mode hook on storahci.sys, been detected but buypassed. its a hidden driver. and mouse lags +++ almost like theres a ghost in here

Can you help me interpet the logfile and see if there is something that can be done?

 

[TwinHeadedEagle]

Hello,


Please download Zemana AntiMalware and save it to your Desktop.

• Install the program and once the installation is complete it will start automatically.
• Without changing any options, press Scan to begin.
• After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.​

• Open Zemana AntiMalware again.
• Click on
  
  icon and double click the latest report.
• Now click File > Save As and choose your Desktop before pressing Save.
• The only left thing is to attach saved report in your next message.

 

[AnnaJohansen]

nothing to find there

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[AnnaJohansen]

well this was better, i now think i found the irphook on system32/.crusader? opened the file and there it said in writing: rootkit.. will seee, there is a lot of things that is wrong i think

 

[TwinHeadedEagle]

Your computer isn't infected.

 

[AnnaJohansen]

oh okey thats good can you see the attached file and tell me what it means? says rootkit so i wonder... oh and buy the way.. downloaded gmer from gmer.net... it says i have a rootkit, and when i scanned the registry every item in HKEY-LOCAL-MACHINE was coloured red. wich means it must mean something... im a bit paranoid, been hijacked twice before, lost money passwords etc....

thank you for all youre help and more maybe

 

[TwinHeadedEagle]

Let's perform a scan with TDSSKiller.

Scan with TDSSKiller

Please download TDSSKiller by Kaspersky and save it to your desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
• Your machine may appear very slow and unusable after that - it's normal.
• TDSSKiller will run automaticaly. Click on Change parameters and click OK.
• Click the Start Scan button and wait patiently.

If anything will be found follow this guidelines:

• If a suspicious object is detected, the default action will be Skip, click on Continue.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  If Cure is not available, please choose Skip instead.
• Do not choose Delete unless instructed!

A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.