rootkit.0access.h infected... I think

I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run


Please also download MBRCheck to your desktop

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.

 

1. Java(TM) 6 Update 20 <--- uninstall outdated Java.

2. C:\Windows\System32\dds_trash_log.cmd <--- Delete this file.

3. Download Cleano 0.61

Download it to your desktop, Right click the cleano.exe file and run as admin > and place check marks in the boxes as follows (click on link below to see image)

View attachment 148092
Click clean now and exit the program.

4

• Rename Combofix.exe on the desktop to gbt56.com
• Now boot into safe mode
• Try and run it again.
• Attach the log if you got lucky.

5. Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Attach both of these logs into your next reply.



6.Please download this and transer it to your PC.

Please download Farbar Service Scanner and run it on the computer with the issue.

• Check all the boxes.
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and attach the log to your reply

7. Reboot your machine and install the most current and up to date version of Java available here at the below link:

Java Runtime 6

 

You need to run Farbar's Service Scanner as requested and attach the log from it. A log from FSRT was not requested ( at least not yet ) and you did not run it properly anyway. It has to be run after booting in the System Recovery Environement. You simply tried running it directly from Windows.

 

Yes you are correct. By mistake, Kestrel13! gave you an incorrect link.

From this log and your MGtools logs, we can see your BFE and Windows Firewall services are not running. Also so registry entries have been deleted and some system files may have been modified.

Please shutdown your protection software from Microsoft and then follow the below instructions.

Now run the C:\MGtools\FixWFW.bat file by right clicking on it selecting Run As Administrator.


Now download SubInACL.msi from Microsoft.

• Now double click on SubInACL.msi to run the installer. Accept any prompts you get about installing this.
• Now download the below file and save it to your Desktop:
  • resetperm.cmd
• Now right click on resetperm.cmd and select Run As Administrator to run this script. Be patient as this may take awhile to run. Also it is imperative that you Run As Administrator. This is not the same thing as your user account having administrator priviledges.

Once it finishes, reboot your PC.

Now shutdown your protection software again to avoid having it get in the way of our fixes.

Now run the C:\MGtools\FixWFW.bat file again ( yes we are repeating this ) by right clicking on it selecting Run As Administrator

Please click Start and in the Start Search box type type services.msc into the box. When you see the services.msc icon appear up above in the list, right click on it and select Run As Administrator. This will open up the Services form. Scroll down to the Base Filtering Engine Service service and double click on it. Set the Startup type to Automatic and then close the form for the BFE service.

Now locate the Windows Firewall Service service and Start it and set the Startup type to Automatic, Did this Start?

Now close the above services forms.

please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1


Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  Code:

  :filefind
  mpssvc.dll
  bfe.dll
  SDRSVC.dll
  vssvc.exe
  wscsvc.dll
  qmgr.dll
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. You can just close this notepad window since the log is already saved on your Desktop. Be patient! It may look like it is not doing anything, but it takes awhile for this to scan thru your whole system look for matches.
• Please attach the SystemLook.txt log found on your Desktop to next reply.

Uninstall the below old versions of software:
Java(TM) 6 Update 20

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

After clicking Fix, exit HJT.

Now install the current version of Sun Java from: Sun Java Runtime Environment

Now delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Users\jeffrey.walters\AppData\Local\Temp\


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).



Then attach the below logs:

• the log from SystemLook
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Just continue on with the rest of those instructions and attach the requested logs.

 

I suggest that you get Windows 7 updated to SP1.

You need this update and that may even be why some if not all those files are being shown as incorrect.

I suggest that you go to Windows Update and get your Windows 7 SP1 update installed now. See >> http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1

After updating rerun Farbar's Service Scanner and attach a new log.

Also run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• the new FSS.txt log
• C:\MGlogs.zip

​