ZERO ACCESS & other infections scans complete

Please download OTL by OldTimer.

• Save it to your desktop.
• Right mouse click on the OTL icon on your desktop and select Run as Administrator
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the text-field.
  
  Code:

  activex
  netsvcs
  %systemdrive%\*.*
  %systemdrive%\MGtools\*.*
  %windir%\assembly\GAC\*.ini
  %windir%\assembly\GAC_MSIL\*.ini
  %windir%\assembly\gac_32\*.ini
  %windir%\assembly\gac_64\*.ini
  

• Now click the button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)

 

Apparently you were not looking properly. Notice in the log from OTL that it located where the procedure stated. The below line is right from the OTL log.

Code:

[2012/08/23 16:09:07 | 000,038,134 | ---- | C] () -- C:\MGlogs.zip

However this is definitely an incomplete log as it is too small to have all the log files in it so don't bother with it right now.


Now run RogueKiller and run a scan. After it finishes the scan, select the Registry tab and then select any of the below that still exist and then click the Delete button.

Then select the Files tab and if the below exist, click the Delete button again.

Then immediately reboot your PC.

After reboot, run a new scan with RogueKiller and save a log as in original instructions and attach the new log.


Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts.

• Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
• Copy the text in the code box below and paste it into the text-field.

Code:

:OTL
IE:[B]64bit:[/B] - HKLM\..\SearchScopes\{BA17323E-EA8C-4BA3-86D4-BA6D3FF3D77C}: "URL" = [URL]http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd[/URL]
IE - HKLM\..\SearchScopes\{BA17323E-EA8C-4BA3-86D4-BA6D3FF3D77C}: "URL" = [URL]http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd[/URL]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[2012/08/07 06:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8DA0057AE3F1A9A5084F875F002
[2011/04/30 13:29:12 | 000,586,752 | -HS- | C] (Microsoft Corporation) -- C:\Users\Steve\AppData\Local\whi.exe
[2011/06/16 04:09:54 | 000,004,772 | -HS- | C] () -- C:\ProgramData\g805420s54n2535u37qb
[2011/04/30 13:29:24 | 000,001,412 | -HS- | C] () -- C:\Users\Steve\AppData\Local\i6yn8ujl58vo4h2x3mausld7yg25w0i7g5hd2l1lq23fjkm
[2011/04/30 13:29:24 | 000,001,412 | -HS- | C] () -- C:\ProgramData\i6yn8ujl58vo4h2x3mausld7yg25w0i7g5hd2l1lq23fjkm 
:Commands
[PURITY]
[EMPTYTEMP] 
[EMPTYFLASH]

[REBOOT]

• Now click the button.
• If the fix needed a reboot please do it.
• Click the OK button (upon reboot).
• When OTL is finished, Notepad will open. Close Notepad.
• A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
• Attach this log to your next message. (See: How to attach)

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• the new RogueKiller log
• the log from OTL
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Okay rerun TDSSKiller exactly how requested in the below and attach a new log:

TDSSkiller - How to run


Now re-run RogueKiller and run a scan. After it finishes the scan, select the Registry tab and then select any of the below that exist ( ignore/uncheck anything else ) and then click the Delete button.

Then immediately reboot your PC.

After reboot, run a new scan with RogueKiller and save a log as in original instructions and attach the new log.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).
Then attach the below logs:

• the new TDSSkiller log
• the new RogueKiller log
• C:\MGlogs.zip

 

It appears that you have an infected boot partition. I strongly suggest that you backup important data to a CD/DVD or external USB drive before continuing with the below fix


Procedure to download G-Parted ISO and create bootable Windows CD


Please download: gparted-live ( approx 121 MB)

• Create a bootable CD for GParted.
• You can use ImgBurn to accomplish this.
  • If you need help on how to use ImgBurn, please view the below guide by dr.m
    • Using ImageBurn to Burn an ISO image

Now boot off of the newly created GParted CD and you should see:

• Press ENTER

• By default, do not touch keymap is highlighted. Leave this setting alone and just press ENTER.

• Choose your language and press ENTER. English is default [33]

• Once again, at this prompt, press ENTER
• You will now be taken to the main GUI screen below

According to your logs, the partition that we want to work on to remove any Hidden and Boot flags is 300 MiB thats 300 Mb

• Right click on the 300 MiB Partion and select "Manage Flags"
• Remove the Ticks from Boot and Hidden ( yours may not be hidden per you logs ) as follows and close then Manage flags form

• Now right click on the boot Partition. Your drive has a special 100.00 Mib ( 100 Mb ) partition that your manufacturer installed to boot from. Instead of booting from the 686.46 GiB partition where Windows and other software are installed.
• So select the 100 Mib partition and then select "Manage Flags"
• Put a tick in the Boot option as follows ( if not already checked ) and close then Manage flags form

• Now click the Apply selection ( the green check mark ).
• You should now be here confirming your actions per the below.

• Now recheck each partion under "Flags" make sure the rogue partiton does not have "Boot" applied, and the OS partion DOES have "Boot applied.
• Now double-click the button.
• At the next window select "Reboot" then "OK" Boot into Normal Windows.

Verify that your PC boot normally.

After reboot, rerun a scan with RogueKiller and save new log.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• the new RogueKiller log
• C:\MGlogs.zip

 

Your last post is approaching two months ago. You're lucky I did not close this thread.

I think you need to get some help from a friend with more PC knowledge, because if you cannot figure out from this how to make/burn the CD, it would be dangerous for you to use it to try and fix the partition problems.

But to answer your question, you need a blank CD. In the instructions you are going to use a program to burn the ISO file you downloaded inorder to create a CD with G-Parted on it. And this will be a bootable CD.