W32.Zero.Access cant delete - crashes computer

Please follow these instructions and then attach the requested logs:

READ & RUN ME FIRST. Malware Removal Guide

 

Before we look at any malware, please do the following:

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

 

Rerun Hitman and attach the new log. Tell me what issues you may still be having, if any.

 

Please uninstall the below:
Ask Toolbar
DefaultTab
J2SE Runtime Environment 5.0 Update 21
Java 7 Update 15
Java(TM) 6 Update 17
uTorrentControl2 Toolbar
YTD Toolbar v7.4

Download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.

Code:

:Processes
explorer.exe

:Files
C:\Users\Erez\AppData\Local\PunkBuster
C:\Users\Administrator\AppData\Local\AskToolbar\ 
C:\Users\Administrator\AppData\Local\AskToolbar\Downloaded Program Files\ 
C:\Users\Administrator\AppData\Local\AskToolbar\Downloaded Program Files\nero.inf 
C:\Users\Administrator\AppData\LocalLow\AskToolbar\ 
C:\Users\Administrator\AppData\LocalLow\AskToolbar\cache.dat 
C:\Users\Administrator\AppData\LocalLow\AskToolbar\config.xml 
C:\Users\Administrator\AppData\LocalLow\AskToolbar\nero.cab 
C:\Users\Administrator\AppData\LocalLow\AskToolbar\Nero.config
C:\Users\Administrator\AppData\LocalLow\AskToolbar\osearch.xml 
C:\Users\Administrator\AppData\LocalLow\Conduit\ 
C:\Users\Administrator\AppData\LocalLow\Conduit\Community Alerts\Dialogs\ 
C:\Users\Administrator\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog

:Commands
[purity]
[ResetHosts]
[emptytemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach that document back here in your next post.

Now rerun JRT.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Attach the logs for:
OTM
JRT
C:|mglogs.zip

 

The Ask Toolbar is in your add/remove programs list.

What issues are you having?

Your logs are clean.

 

I am not seeing anything in the webroot logs of concern. Perhaps you can tell me what it is complaining about.

 

Based on your other logs, they are false positives.

 

I suggest you uninstall Webroot and go with another AV program. It is trying to remove services.exe which is what is giving you the crashes.