WONT SHUT DOWN! not sure if its a virus or not

Page 4 of 7 FirstFirst ... 23456 ... LastLast

  1. Posts : 39
    Windows 7 home premium 64bit
    Thread Starter
       #31

    here is the rogue killer report, looks bad

    RogueKiller V8.5.1 _x64_ [Feb 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : RogueKiller - Geeks to Go Forums
    Website : Download RogueKiller (Official website)
    Blog : tigzy-RK

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode with network support
    User : Stephen Kagerer [Admin rights]
    Mode : Scan -- Date : 02/18/2013 14:19:17
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [TASK][SUSP PATH] MagniPicUpdaterTask{7CB4CF25-B289-400F-A672-4E00FCD112E6}.job : C:\ProgramData\Premium\MagniPic\MagniPic.exe /schedule /profile "C:\ProgramData\Premium\MagniPic\profile.ini" [-] -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\Desktop.ini [-] --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
    --- User ---
    [MBR] a7e0b95e3524175fc84db50334f68ff0
    [BSP] 9ea1ced1571f36b81b112b3982abe1b2 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 593552 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1218668544 | Size: 15427 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_02182013_02d1419.txt >>
    RKreport[1]_S_02182013_02d1419.txt
      My Computer


  2. Posts : 39
    Windows 7 home premium 64bit
    Thread Starter
       #32

    zeroacess is a botnet, ow i just need to get rid of it

    scanning with farbar service scanner now
      My Computer


  3. Posts : 39
    Windows 7 home premium 64bit
    Thread Starter
       #33

    here's the farbar report

    Farbar Service Scanner Version: 18-02-2013
    Ran by Stephen Kagerer (administrator) on 18-02-2013 at 14:25:38
    Running from "C:\Users\Stephen Kagerer\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Network
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.

    BITS Service is not running. Checking service configuration:
    The start type of BITS service is OK.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.

    EventSystem Service is not running. Checking service configuration:
    The start type of EventSystem service is OK.
    The ImagePath of EventSystem service is OK.
    The ServiceDll of EventSystem service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
      My Computer


  4. Posts : 39
    Windows 7 home premium 64bit
    Thread Starter
       #34

    ill do further research on zero access and how to get rid of it
      My Computer


  5. Posts : 2,470
    Windows 7 Home Premium
       #35

    You do not need to. Please follow these instructions.

    Since we are dealing with ZeroAccess, let's approach the issue in a mode before Windows starts.

    Need some information in order to proceed...

    Confirming the Operating System on the involved computer is Windows Seven 64-bit.

    Also, do you have the Repair your computer option in the Advanced Boot Options menu?

    To find out:




    Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
    • Is the Repair your computer option listed?
    If you do not have the option above, do you have your Windows installation CD/DVD available?


    And last, do you have a clean USB flash drive available, and do you have access to another computer?
      My Computer


  6. Posts : 39
    Windows 7 home premium 64bit
    Thread Starter
       #36

    that explains why i was able to use my computer!!!! it wasent connected to the botnet so it was able to function withought the wireless connection, from here on out i will not be using any networking on this laptop and reply from my mothers laptop
      My Computer


  7. Posts : 39
    Windows 7 home premium 64bit
    Thread Starter
       #37

    yes i do to both, lets get this guy!
      My Computer


  8. Posts : 2,470
    Windows 7 Home Premium
       #38

    Stay cool...

    You may want to print these instructions so you can have access to follow them.
    Also, you may want to read them once befor you apply them.

    Please plug a flash drive into a clean computer.

    Go to Start > Computer
    • Double-click Computer, and select the flash drive.
    • Right-click and select: Format
    • Press Start on the Format prompt..
    Next, download Farbar Recovery Scan Tool:

    Farbar Recovery Scan Tool Download
    Select the 64-bit download.

    Save the program to the >>> USB flash drive.
    Remove the drive from the clean computer.

    Next, plug the flash drive into the infected computer.



    >>>Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select your language settings, and click: Next
    • Select your User account and click: OK (If you did not set a password, leave blank.)
    On the System Recovery Options menu you get the following options:
    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Scan your computer's memory for errors.
    • Command Prompt
    Select: Command Prompt
    • In the Command window, at the bliking cursor type notepad and press: Enter
    • In Notepad, under the File menu select: Open
    • Double-click Computer, find the flash drive letter, remember what letter it is, click on it, and press: Open
    • Close out of Notepad.
    • Click the Command window
    • Type x:\frst64.exe, and press: Enter
      Note: Replace the drive letter x with the drive letter of your flash drive!
    The tool starts and prepares to run. Follow the prompts.
    • Click Yes to the disclaimer.
    • Press: Scan
    • When done, the program saves the FRST.txt report, on the flash drive.
    Click the Command prompt window, and type exit, and press: Enter


    Back at the System Recovery Options, press: Restart

    When the computer boots back into Windows, please provide the FRST.txt in your reply.
    It is located in the USB flash drive.


    Need to go out for a while to get some chow. Will get right back here when I get back. By then, you will have the report ready. Please do not use the infected computer for now.
      My Computer


  9. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #39

    Never mind ..
      My Computer


  10. Posts : 39
    Windows 7 home premium 64bit
    Thread Starter
       #40

    doing it right now
      My Computer


 
Page 4 of 7 FirstFirst ... 23456 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:08.
Find Us