Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: WONT SHUT DOWN! not sure if its a virus or not

18 Feb 2013   #31
alaska skier

Windows 7 home premium 64bit
 
 

here is the rogue killer report, looks bad

RogueKiller V8.5.1 _x64_ [Feb 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Stephen Kagerer [Admin rights]
Mode : Scan -- Date : 02/18/2013 14:19:17
| ARK || FAK || MBR |

Bad processes : 1
[Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc]

Registry Entries : 6
[TASK][SUSP PATH] MagniPicUpdaterTask{7CB4CF25-B289-400F-A672-4E00FCD112E6}.job : C:\ProgramData\Premium\MagniPic\MagniPic.exe /schedule /profile "C:\ProgramData\Premium\MagniPic\profile.ini" [-] -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\Desktop.ini [-] --> FOUND

Driver : [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
--- User ---
[MBR] a7e0b95e3524175fc84db50334f68ff0
[BSP] 9ea1ced1571f36b81b112b3982abe1b2 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 593552 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1218668544 | Size: 15427 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02182013_02d1419.txt >>
RKreport[1]_S_02182013_02d1419.txt


My System SpecsSystem Spec
.
18 Feb 2013   #32
alaska skier

Windows 7 home premium 64bit
 
 

zeroacess is a botnet, ow i just need to get rid of it

scanning with farbar service scanner now
My System SpecsSystem Spec
18 Feb 2013   #33
alaska skier

Windows 7 home premium 64bit
 
 

here's the farbar report

Farbar Service Scanner Version: 18-02-2013
Ran by Stephen Kagerer (administrator) on 18-02-2013 at 14:25:38
Running from "C:\Users\Stephen Kagerer\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
My System SpecsSystem Spec
.

18 Feb 2013   #34
alaska skier

Windows 7 home premium 64bit
 
 

ill do further research on zero access and how to get rid of it
My System SpecsSystem Spec
18 Feb 2013   #35
cottonball

Windows 7 Home Premium
 
 

You do not need to. Please follow these instructions.

Since we are dealing with ZeroAccess, let's approach the issue in a mode before Windows starts.

Need some information in order to proceed...

Confirming the Operating System on the involved computer is Windows Seven 64-bit.

Also, do you have the Repair your computer option in the Advanced Boot Options menu?

To find out:




Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
  • Is the Repair your computer option listed?
If you do not have the option above, do you have your Windows installation CD/DVD available?


And last, do you have a clean USB flash drive available, and do you have access to another computer?
My System SpecsSystem Spec
18 Feb 2013   #36
alaska skier

Windows 7 home premium 64bit
 
 

that explains why i was able to use my computer!!!! it wasent connected to the botnet so it was able to function withought the wireless connection, from here on out i will not be using any networking on this laptop and reply from my mothers laptop
My System SpecsSystem Spec
18 Feb 2013   #37
alaska skier

Windows 7 home premium 64bit
 
 

yes i do to both, lets get this guy!
My System SpecsSystem Spec
18 Feb 2013   #38
cottonball

Windows 7 Home Premium
 
 

Stay cool...

You may want to print these instructions so you can have access to follow them.
Also, you may want to read them once befor you apply them.

Please plug a flash drive into a clean computer.

Go to Start > Computer
  • Double-click Computer, and select the flash drive.
  • Right-click and select: Format
  • Press Start on the Format prompt..
Next, download Farbar Recovery Scan Tool:

Farbar Recovery Scan Tool Download
Select the 64-bit download.

Save the program to the >>> USB flash drive.
Remove the drive from the clean computer.

Next, plug the flash drive into the infected computer.



>>>Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select your language settings, and click: Next
  • Select your User account and click: OK (If you did not set a password, leave blank.)
On the System Recovery Options menu you get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Scan your computer's memory for errors.
  • Command Prompt
Select: Command Prompt
  • In the Command window, at the bliking cursor type notepad and press: Enter
  • In Notepad, under the File menu select: Open
  • Double-click Computer, find the flash drive letter, remember what letter it is, click on it, and press: Open
  • Close out of Notepad.
  • Click the Command window
  • Type x:\frst64.exe, and press: Enter
    Note: Replace the drive letter x with the drive letter of your flash drive!
The tool starts and prepares to run. Follow the prompts.
  • Click Yes to the disclaimer.
  • Press: Scan
  • When done, the program saves the FRST.txt report, on the flash drive.
Click the Command prompt window, and type exit, and press: Enter


Back at the System Recovery Options, press: Restart

When the computer boots back into Windows, please provide the FRST.txt in your reply.
It is located in the USB flash drive.


Need to go out for a while to get some chow. Will get right back here when I get back. By then, you will have the report ready. Please do not use the infected computer for now.
My System SpecsSystem Spec
18 Feb 2013   #39
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Never mind ..
My System SpecsSystem Spec
18 Feb 2013   #40
alaska skier

Windows 7 home premium 64bit
 
 

doing it right now
My System SpecsSystem Spec
Reply

 WONT SHUT DOWN! not sure if its a virus or not




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
wont shut down
when i try to shut down windows it gets stuck on the shutting down and i have to force shut it by holding the power button
General Discussion
Windows wont shut down !
I get some different messages when i try to shut down Windows. Sometimes i get a message that a program is running, and sometimes it just says "shutting down". I waited up to 2 hours but nothing happends. I have of course tried Ctrl-alt-delete, and the task manager, but all the proceses running...
General Discussion
Windows 7 wont shut down
Hey everyone, So this morning, for some stupid reason I desided to update my bios, even tho it has been working fine. What made me update was all the improve this and that on the changelogs :P Anyway, the flashing went fine and all and when it was about to start it didnt get into windows. Now...
General Discussion
Monitor wont shut down
hi i am using windows 7 2-3 month, firs i used 7 RC bulid 7100 which was ok, and than i install 7600 which also works fine. both are x64. now and than i am having problem with my monitor. in power option i set up that he turn off after 10 minutes of inactivity, and after 10 minuts its turned...
General Discussion
Wont shut down
i just upgraded to windows 7 from vista and now it wont shut down it just says it shutting down and stays on that screen
BSOD Help and Support
Computer wont shut down
Hello there. I have a couple of problems.. first of all my computer wont shut down. It looks like it is going to in the beginning and after the "Shutting down" window the screen turns blank but the computer is still running and a couple of seconds later it starts to boot up, I noticed that the...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:42.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App