possible virus, which forum to go to for help

Wow, gotta hand it to malwarebytes! Unreal!!
I do have other things found by that Rouge Killer program I used, but it isn't stating virus. He is the latest report...
RogueKiller V8.4.3 _x64_ [Jan 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : RogueKiller
Blog : tigzy-RK
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : greg [Admin rights]
Mode : Scan -- Date : 01/25/2013 21:53:06
| ARK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 19 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Services\Microsoft\RunOnce : Z1 (cmd /c "C:\Users\greg\AppData\Local\Temp\Rar$EXa0.995\mbar\mbar.exe" /cleanup /s) -> FOUND
[TASK][SUSP PATH] AmiUpdXp : C:\Users\greg\AppData\Local\SwvUpdater\Updater.exe -> FOUND
[TASK][SUSP PATH] Updater21804.exe : C:\Users\greg\AppData\Local\Updater21804\Updater21804.exe /extensionid=21804 /extensionname="Coupon Companion Plugin" /chromeid=jneaojaoiajhnemidnjhoempalnidbhj -> FOUND
[TASK][SUSP PATH] {08C1F234-568C-4E01-A173-0CE24EC7480E} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {0AE7B435-789A-4706-B760-CEBE58093B40} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {4338847E-E938-4FF6-8CC0-5D7332A25EE5} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {4C915BC5-464F-45D1-8DAC-5EBD614BE23F} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {6FE37CCF-0EB5-4144-8DDE-A628D33493C0} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {9051A283-39ED-4164-BFD2-F9AA48668EF0} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {B94F491E-0B54-4E4E-A7A6-19FA3F5FA826} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {F9BEEBEA-4C20-45DC-B6AE-35302F8A99E4} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[HJPOL] HKCU\[...]\Services\Microsoft\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD204UI ATA Device +++++
--- User ---
[MBR] 7dc8ed4fba1d6234107389db834b6c05
[BSP] cac14c49d7f039a9758c50803549fbbd : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: ST3160812AS ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive3: SanDisk Cruzer USB Device +++++
--- User ---
[MBR] bfc2508142cb31e56488e57ad8f80c9c
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 30532 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[3]_S_01252013_02d2153.txt >>
RKreport[1]_S_01252013_02d1959.txt ; RKreport[2]_S_01252013_02d2055.txt ; RKreport[3]_S_01252013_02d2153.txt

unlike the regular malwarebytes, this did not store a log. i looked high and low for it, unless it put it somewhere unknown. I searched my pc for mbar and i didn't find that particular scan. Damn...

cottonball said:

Is there an MBAR folder on your Desktop, or wherever you unzipped the program?

In any event, press on with the instructions for FRST64. We need to make sure ZeroAccess is truly gone. It is best to use more than one program to confirm.




Verify that your system is now running normally, and that the following items are functional:

1. Internet access
2. Windows Update
3. Windows Firewall

Post back.

MBAR can also give the Firewall a repair shot, if needed. However, we need that MBAR folder.
There is an application called fixdamage in it. You would need to run the 'fixdamage' tool, and reboot.

If you have no luck finding the folder, right-click the downloaded MBAR file on the Desktop, and select: Extract here...

I will have to figure out was frst64 means, and i'll check that...then get back to you. I did not find that log file anywhere.

I have the MBAR folder, there is just NO log found that held the info where the virus was located. I thought that is what you were after. I see the "fix damage" exe program within. I figured out what frst means and did not appear to have an issue, as there was nothing to "fix". I re-ran the Roguekiller program, and it did not show anything. What is it I need to attempt with that "fix damage" setting?

cottonball said:

Sorry! Was not specific enough.

Look at the instructions in Post #22 for Farbar Recovery Scan Tool x64 (FRST64)

Also, check the Firewall, Internet access, Windows Update, etc. to make sure all is well.

ok, sorry but I will have to get at this in the morning. I have an attachment of the scan report. It was to large to c/p. See you tomorrow and you were a great help.