ZeroAccess.ch, and other trojans - XP prof 32bit

Hi there, I’m really glad that I found your forum!

I would like to ask you for help.
When running a regular virus-scan on my comp last night (using AVG2012 on XP pro 32bit) couple of treats were found.
Trojan: generic28.bddx
Trojan: cryptic.ect
Trojan: generic_r.awx
Trojan: ZeroAccess.ch

They were related to such files/processes according to my avg2012:
explorer.exe(2940)
Rentia.dll
Rundll32.exe (3272)
explorer.exe(2940):\memory_03610000
explorer.exe(2940) :\memory_014f0000

It was not such a big surprise since a day before my webrowser (opera) behaved in a strange way (it crushed couple of times without any reason) and windows prompted me couple of times [at the system start?] about blocking some functions of “explorer.exe” – which was really strange.

Btw I usually run the system on a limited account (not an administrator account).

So I got worried, searched for answers and finally found your forum.

Using administrator account, I went through all the steps from your “read me first” and “manual” (quarantine, configsys-normal; disabling CDemul; updating java etc.).

I also ran scans: firstly with SAS and then with MB (at that point my AVG was still installed). Later on I uninstalled my AVG using avg-remover and run ComboFix. After that I ran RootRepeal and MGtools (all 5 logs attached – although RR log was empty…..).
Please, help me out to check if the system is already clean or requires more actions.

 

and one more log

 

Thanks Kestrel13! for your answer.

i ran both TDSSkiller and MBRCheck

here are the logs

 

i can see that strange things are still going on with my machine. For instance when logging off from a given profile the background screen doesn't go blue but i can still see a wallpaper from an account from which i just logged off and a pop-up window saying "press ctrl+alt+del+ to log in" etc. normally it was blue.

as well, when i log in again to a given profile, all desktop items are automatically reshuffled, they are ordered on the left hand side of the desktop, although previously i had arranged them all over the desktop.

 

and one more observation, windows explorer seems to have problem all the time (it was initially detected as being infected). Explorer doesn't "remember" settings of the folder view, i.e. i open a folder and set the view as "list" (right now the custom view is "details"). then i exit this folder and re-enter it and the view is again back to "details" instead of "list", which i set. Any clue on that?

 

i also did a full scan with Malwarebytes Anti-Malware and it found couple of things, see the attached log.
what could i do next, should i kill those detected files or leave them for now?

 

thanks for your further support.

OK, i'll scan again with MB in admin mode and then will kill what it finds. at the moment i don't have avg as i uninstalled it before running ComboFix.

can you recommend me some online scanner to do so, or should i go on with re-installing avg (any other recommendable AV)?

 

Full scan log with MB attached.

i didn't reinstall avg yet but downloaded "spybot-search and destroy", which found couple of things, among others some registry changes, which i didn't allow to fix (i was hesitant about messing up with them without advice from someone more experienced). - log attached.

still my windows explorer malfunctions i.e. when i'm logging to my "user account" it doesn't remember desktop setting from the previous session (it orders automatically all the desktop items on the left hand side of the screen). on the other hand, when i log in to my "admin account" then desktop is OK, and icons are arrange all over. btw, my computer got infected when i was using my "user account" (i'm 95% sure of that).

 

Hi Kestrel13! thx again for you help.
i reinstalled avg and ran a full scan in the admin mode. nothing was found. what should go next?

 

windows explorer - still doesn't "remember" the last view in folders or on desktop. otherwise, i cannot see anything else at the moment.

 

Hi Kestrel13!,
i wasn't at the computer for some time and couldn't answer your post.

i've followed your instructions - newly installed AVG does not find anything wrong. MB doesn't find anything either. At the moment, i removed most of the soft, which we used to clean up my computer, re-enabled cd-emul and flushed system restore.

I still have two questions:
1) should i change my msconfig settings? i changed it before to "normal startup mode". if yes, how should i do that?

2) what to do with windows explorer, which still doesn't function right?

your further support is much appreciated.

 

Kestrel13!
thanks a lot for your time and helping me out. i really appreciate your time and effort. as you said, i'll check out soft forum now - hope it'll go as smooth as here
have a good one.