Solved avast: winsxs rootkit detected. help?

[IonicRipper]

The other day my computer started acting very strange, i knew i caught a virus somewhere just not sure where. I decided to go the simple way and just reformat.
After the format and all the updates applied i found my PC ran very poorly. Did a scan with avast! free and found this:

Then avast! froze before i could do anything else. Restarted and now it says "access denied"??
What should i do? I was about to format again but decided to ask here before as my comp seems to be running fine for now.

 

[zigzag3143]

Download Malwarebytes. Reboot in safe mode and run it

Please download the free version of Malwarebytes.
Update it immediately.
Do a full system scan
Let us know the results at the end.

Malwarebytes : Download free malware, virus and spyware tools to get your computer back in shape!

 

[GianniDPC]

Use Hitman Pro (better rootkit detection than MBAM): Home - SurfRight

 

[C-11]

Since Avast did that I'd do another Clean Install, just to be sure things are right.

Clean Install Windows 7 - Windows 7 Forums

 

[GianniDPC]

Well I prefer he first tries my suggestion and the one from zigzag3143

 

[zigzag3143]

Well I prefer he first tries my suggestion and the one from zigzag3143

As do I and either should do the trick.

 

[IonicRipper]

It seems Malwarebytes didnt find anything


Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.03.02.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
IonicRipper :: MOTHERSHIP [administrator]

02/03/2012 2:55:42 PM
mbam-log-2012-03-02 (14-55-42).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 456884
Time elapsed: 46 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Should i give Hitman a try or will the results be the same?

 

[GianniDPC]

It seems Malwarebytes didnt find anything


Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.03.02.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
IonicRipper :: MOTHERSHIP [administrator]

02/03/2012 2:55:42 PM
mbam-log-2012-03-02 (14-55-42).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 456884
Time elapsed: 46 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Should i give Hitman a try or will the results be the same?

YESS ! try hitman

 

[IonicRipper]

No luck with Hitman Pro.

I think im gonna do a clean install of Win7 then.

 

[zigzag3143]

No luck with Hitman Pro.

I think im gonna do a clean install of Win7 then.

Good idea

 

[Layback Bear]

With that many rootkits I would start new. I would wipe/clean the drive and then do a fresh install. Remember rootkets are mean and at times will hang around.


http://www.sevenforums.com/tutorials/172617-secure-erase-wipe-definition-methods.html

 

[IonicRipper]

Thanks for giving a try guys, means a lot to me

Did a clean install... Cant get any cleaner then this other then if i bought a new PC lol

Any ideas where i could have got those pesky rootkits? Do you get them like a normal virus or are they caught differently?

 

[slurp812]

before you re-install, try combofix from bleepingcomputer.com DL it on a clean machine to a thumb drive. Rename it, because recent malware knows about it. Also get a utility from that website called rkill. get one of the funky named ones like winlogon.exe, run that, then run combofix (renamed) right off the thumb drive. When done, make sure you scan/clean the thumb drive also...

 

[Golden]

before you re-install, try combofix from bleepingcomputer.com

   Warning

Do NOT under any circumstances attempt to use ComboFix without specific guidance from a trained malware removal specialist. This software is extremely powerful and you stand a very good chance of easily rendering your system completely unusable.

Every reputable download of ComboFix carries this very explicit warning.