Windows password hijack

[REDACTED]

Hi guys
Got a laptop which I think has been hijacked - when the user enters their Windows password, the system says it is incorrect and shows a link to reset the password. If you click the link it asks you to insert a USB flash disk, so looks very suspicious.
The FRST log is attached.
Cheers.

[TwinHeadedEagle]

Hello,


Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt

>>  Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

•     Press the Fix button once and wait.
  
•     FRST will process fixlist.txt
•     When finished, it will produce a log fixlog.txt on your USB flashdrive.
  

>>  Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...

[REDACTED]

Hi
Many thanks for your help. I can get into Windows now. Fixlog.txt is attached as requested.

[REDACTED]

The machine is behaving strangely - Windows Explorer keeps restarting/refreshing, I can't connect to the Internet and when I tried going into the network settings it gave a BSOD and rebooted.
{EDIT} The BSOD STOP error is 0x000000F4.

[TwinHeadedEagle]

Yes, I noticed this. I want you to delete FRST and to download fresh one from the link below:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Run the scan and attach both reports.

[REDACTED]

Ok will do that now. In the meantime, I managed to boot into safe mode with networking and download MBAM and Avast is installing. Sorry - maybe I should not have done this...

[TwinHeadedEagle]

Probably shouldn't.

[REDACTED]

Here's the latest log

[TwinHeadedEagle]

I need reports from Normal Windows, not from recovery.

[REDACTED]

I could only run FRST64 in safe mode with networking. When I try to run it under normal Windows it blue screens.
Here are the log files.

[TwinHeadedEagle]

It seems that hard drive is dying. This probably explains why you have these issues.

Error: (04/24/2015 04:19:52 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

[REDACTED]

Ok at least I know what's causing the problem.
Thanks so much for your help - I really appreciate it.

[REDACTED]

Well I popped open the cover on the hard drive (it's in a Samsung laptop) and saw that someone had been tampering with it - there were no screws securing the cover and the hard drive was only partially connected to the SATA connector! Once I seated it properly the machine is behaving way better. MBAM found 94 threats which it has fixed. I have attached the latest FRST log if you wouldn't mind checking them to see if everything's ok now?

[TwinHeadedEagle]

You have Norton and Avast running simultaneously that is not good, you must uninstall one. Beside this, logs look fine.