not sure what the problem is - rootkit.zeroaccess?

Hello. I apologize in advance for being a bit over my head here :-o. We started receiving pop ups about the 'system being infected' and to run the virus scan associated with the pop up (which we did not fall for.) I ran malware bytes first and found some issues and got rid of the pop up before I found your forum and removal advice. After I found your removal guide, I did my best to follow every step. While running Combo fix, I reveived a message stating that the system was infected with rootkit.zeroaccess and a windows (I think) error stating freeware implementation of XCACLS has stopped working. I followed the prompts to reboot and run combo fix again and did not receive any further messages. After the restart, Internet Explorer worked, but Firefox did not. I removed it and reinstalled Firefox and it now works. Realizing that your removal guide was a little difficult (for me!) I went back and found that I did not do everything properly, so I ran all the fixes again. I think I did everything right - although RootRepeal did not finish the scan - just froze for over an hour at the end, so no log there. Also, I am unable to install the Windows updates. Until today, we relied on "Automatic Updating" and did not realize how out of date Windows is. During the manual update, the updates downloaded but failed to install - I tried the Microsoft fixes for "error 80096001" but no luck. Although the computer is running well now, I'm not convinced it's OK, obviously. I read your tutorial on the rootkitzeroaccess malware, but the warnings for TDSS kinda scared me. I thought I'd post the logs and see where you think I should go from here. A side note - I downloaded Service Pack 2 direct from the Microsoft Forum, but did not install it yet - waiting on your advise.

 

I know, I know...but I flubbed it so bad the first time and was trapped in a maze of confusion, frustration, and ignorance, closing windows, opening windows, and who knows what else and I made some wrong moves. OK, so I can't find the MGTools log. I have attached the MGTools.zip. I read the tutorial, but when I went to find the log I clicked on "getlogs.bat" - thought I was following directions - I just ran the scan again. So how do I start over or what should I do now?

 

OK, here we go...

 

Everything seems OK, except for not being able to update windows. It's definitely quicker to respond. I'm not noticing anything unusual except that Windows update problem. Anything to recommend?

 

OK, sorry for the delay. Here are the latest scan results. I should note that I just found that my Windows Security Essentials virus protection will not update, either. I downloaded that after removing Avast.

 

Hi gkirbz,

I will help you with any remaining malware problems as chaslang is busy.

http://img406.imageshack.us/img406/3189/windowsrepair.gif Download Windows Repair by Tweaking.com

• Go to Start Repairs tab.
• Choose "Custom Mode" and press "Start".
• Create a System Restore point if prompted.
• In the Custom Mode window, select the following repair options:
  • Repair WMI
  • Repair Hosts File
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Windows Updates
  • Set Windows Services To Default Startup
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• If asked to reboot the computer for the changes to take affect, make sure other tasks in the program still are not running before accepting to restart.

Now download and run: mpam-fe.exe

• Is MSE updated now?
• Does Windows Update work now?

 

Hi, sorry it took so long for me to get back. Noooo, neither are updating

 

Please be more specific.

• Take note of any error messages you may receive
• What exactly happens you try to update?
• What happened when you ran mpam-fe.exe

 

From your logs:

Code:

Background Intelligent Transfer Service	BITS	[B][COLOR="DarkGreen"]Running[/COLOR][/B]	Auto	Share Process	c:\windows\system32\svchost.exe -k netsvcs	Normal	LocalSystem	0	
Cryptographic Services	CryptSvc	[B][COLOR="DarkGreen"]Running[/COLOR][/B]	Auto	Share Process	c:\windows\system32\svchost.exe -k networkservice	Normal	NT Authority\NetworkService	0
Windows Update	wuauserv	[B][COLOR="DarkGreen"]Running[/COLOR][/B]	Auto	Share Process	c:\windows\system32\svchost.exe -k netsvcs	Normal	LocalSystem	0

You may want to give this a try:
http://support.microsoft.com/kb/971058

I will need more information if the above does not work.

 

Since running the last fixes, the Windows Update error stating "Windows could not search for new updates" and the error # is the same as it was, 80096001. Prior to the last fixes, the update would run and appear to download at least some of the updates, but they would fail to install. The Windows Security Essentials is not updating in the same manner as before, which is it seems to run for a little while, but then the error pops up stating "Virus and spyware definitions update failed....due to an internet or connectivity issue". I've attached some captures to show you. I have also run the Windows fix it in your last post (just now, and when I first googled the problem with no luck). I'm willing to do a factory reset at this point, but I'll continue with whatever advice you have!

 

http://img706.imageshack.us/img706/3941/minitoolbox.gif Please download MiniToolBox and save it to your desktop and run it.

Checkmark following checkboxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List IP configuration
• List Winsock Entries
• List Devices -> All
• List last 10 Event Viewer log

Press Go and attach the result (Result.txt) that pops up. A copy of Result.txt will be saved in the same directory the tool is run.

 

OK, here's the minitoolbox result

 

• click Start, in Start Search type cmd, and then press ENTER.
• Type ipconfig /release, and then press ENTER.
• Type ipconfig /renew, and then press ENTER.