Zarx88

Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spyware Doctor 7.0 SpyHunter Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 26 Java version out of Date! Adobe Flash Player 11.2.202.235 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (3.6.15) Firefox out of Date! Google Chrome 24.0.1312.52 Google Chrome 24.0.1312.56 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgrsx.exe AVG avgemc.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` AdwCleanerS1.txt

ok here AdwCleanerR1.txt

Ok here. ComboFix.txt

Here ya go... ComboFix.txt

Ok got it.

Hmmm Combofixer didn't give me a log... I closed the one that popped up because I thought it made a log for me.. :/

Ok here are the logs. I ran the scan twice and it gave me 2 MBar Logs and 1 sys log. The 2nd Scan showed nothing else showed up. mbar-log-2013-01-31 (08-38-31).txt mbar-log-2013-01-31 (09-29-16).txt system-log.txt

Here is the report. RogueKiller V8.4.3 [Jan 31 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : ZarX [Admin rights] Mode : Scan -- Date : 01/31/2013 06:32:56 | ARK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [TASK][sUSP PATH] winupd : C:\Users\ZarX\AppData\Local\Temp:winupd.exe -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$f6d8a9b685f10238e5d47e0fb69cff51\@ --> FOUND [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3681891384-3207392478-2387505779-1001\$f6d8a9b685f10238e5d47e0fb69cff51\@ --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$f6d8a9b685f10238e5d47e0fb69cff51\U --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3681891384-3207392478-2387505779-1001\$f6d8a9b685f10238e5d47e0fb69cff51\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$f6d8a9b685f10238e5d47e0fb69cff51\L --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3681891384-3207392478-2387505779-1001\$f6d8a9b685f10238e5d47e0fb69cff51\L --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST980813AS ATA Device +++++ --- User --- [MBR] 769fc5d69c3d030a98f2a2d8b51c287f [bSP] 600992522791b13f1da2889c441c6284 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 68785 Mo 1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 140873728 | Size: 7530 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG HM320JI ATA Device +++++ --- User --- [MBR] 02004920b5b22edbeb69cff53d71d466 [bSP] ac85ab2e33558b301f06bae34c878f76 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_S_01312013_02d0632.txt >> RKreport[1]_S_01302013_02d1359.txt ; RKreport[2]_S_01312013_02d0632.txt

Yeah I ran some other scans a couple times and nothing else poped up.

Never mind.. I did another scan with mbam and it cleaned it up.. For some reason my first scan didn't delete the files.. but the 2nd one did.. weird.

Hello there. I have the version that doesn't allow you to boot to regular safe mode or safe mode with networking. I have access to safe mode with command prompt. I've gone through the standard removal options and even went through the manual. Malwarebytes, hitman pro and avast are finding nothing. Hijack this didn't find anything. I am literally at a loss here. Need some help please.