Rootkit.zero access

Noticed malware activity so ran malware bytes n superantispyware without success. Safe mode and combofix got rid of the issue but now I cannot get online. Combofix says rootkit.zeroaccess middle finger is my issue.
I've completed the read me and do first thingy
I've followed what has worked on previous forums without success.

 

Updated mbam with full scan info

 

Hi and welcome to Major Geeks, StephensG2!

This is not a good idea as those fixes are tailored for that specific user's system setup / needs.

http://img600.imageshack.us/img600/2693/mgtools.gif Please attach the rest of the logs requested:

• MGlogs.zip

 

Dell PP19S
Windows XP SP3 32bit


Please rename to mglogs.zip
Was having problems uploading the .zip

TY for all the help. Wish I was on your level but I'm still stuck on lvl 1 will follow your suggestions and reply asap. Ty again

 

http://img843.imageshack.us/img843/5891/erunt.gif Backup Your Registry with ERUNT

• Please download Erunt
• Run the setup program to install ERUNT on your computer

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

http://img205.imageshack.us/img205/4783/regeditb.gif Open Notepad and copy everything in the code box below into it.

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETBT\0000\Control]
"ActiveService"="NetBT"

• File -> Save As -> Save as type: "All Files" -> File Name: fixme.reg > Save.

Now merge this into the registry by double-clicking it.
Let me know if the merge was successful or not.


If successful, reboot your PC and test internet.
If not successful, stop and let me know the exact error message you received.

 

Cannot import, not all data was successfully written to the registry. Some keys are open by the system or other processes

 

• Press and hold the http://img849.imageshack.us/img849/4325/windowkey.gif Windows key on your keyboard, then press the letter r on your keyboard.
• This opens the Run dialog box.
• Then copy the below command and paste it into the Open: text-field and then press ENTER.

swreg.exe ACL "HKLM\SYSTEM\CurrentControlSet\Enum\Root" /E /GE:F

• A DOS prompt window should have flashed quickly.
• If it did, please reattempt to merge fixme.reg into the registry.
• Let me know if you received an error message this time.
  
• If you did not receive an error message. Reboot your PC and test out the internet.

 

After running the command I was able to merge the new information into my registry. I've restarted the computer tho and it still cannot get online. It gets stuck at acquiring network address. I've run a repair which doesn't get an IP so fails

 

Let's get some new logs to see what has changed (if anything).

http://img254.imageshack.us/img254/945/baticonxp.gif Now run C:\MGtools\GetLogs.bat by double-clicking it.
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

rename to .zip

 

========WARNING========
The below is specifically for StephensG2's computer
Do NOT run the below if you are not StephensG2
Doing so may damage your PC!
========WARNING========

Attached is netbt.zip

Inside is:

• netbt.reg

Extrac this file to the infected computer's desktop.

First double-click netbt.reg and allow it to merge into the registry. You should receive a successful message.

Now reboot your PC.

Once you have rebooted...

Test your internet, If it still is not working, run C:\MGtools\FixNet.bat by double-clicking it.
Your PC will reboot again. Once you are back in Windows, test your internet again.

If it still does not work, run the following:

http://img97.imageshack.us/img97/8120/fss.gif Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please attach FSS.txt to your next message. (How to attach)

 

Refresh page

 

I worship the keyboard you type on lol thanks so much for the help. Internets back up and running. i wish i knew what you did and why... your awesomeness should be awarded. ty

 

You're welcome and thank you for your comments. Glad to hear your internet is back up and running
There was a problem with your netbt service in the registry. It was slightly off but even so was preventing internet access.

We still have some minor traces of malware to remove. Let me know how the PC is running and if you're having any other problems after these steps:

http://img823.imageshack.us/img823/2039/msnmsg.gif Please download Disable/Remove Windows Messenger to your desktop.

• Double-click MessengerDisable.exe to run it.
• Place checkmarks in "Uninstall Windows Messenger" and "Hide Messenger from Outlook Express"
• Click Apply
• Click Exit

Delete the following files:

1. C:\Documents and Settings\bAbY\Local Settings\Application Data\62qxl60drq5187wqujy01qpmxo2kw50aor3m77e0s38tqf
2. C:\Documents and Settings\All Users\Application Data\62qxl60drq5187wqujy01qpmxo2kw50aor3m77e0s38tqf
3. C:\Documents and Settings\bAbY\Templates\62qxl60drq5187wqujy01qpmxo2kw50aor3m77e0s38tqf

They shouldn't be stubborn to remove but let me know if they are and I will make a script for you.

C:\Documents and Settings\bAbY\My Documents\33e03ade4cdd9.htm <--- Do you know what this is? Looks suspicious to me. If you do not know what it is, please delete it.

http://img254.imageshack.us/img254/945/baticonxp.gif Now run C:\MGtools\GetLogs.bat by double-clicking it.
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)