How To Fix Trojan.Zeroaccess!inf4 detected in services.exe, also Bitcoinminer is repeatedly detected/blocked


TIP: You should click here to fix Windows errors and optimize system speed.


EXE errors occur for a number of reasons but mostly due to problems with the executable files or the EXE files. EXE is the extension of an application in Windows. Similar to the other types of files integral to your computer system, EXE files can run into errors every now and then. Some errors are common but some are hard to troubleshoot and fix.

The softwares you use and the applications required to run by the operating system use EXE files to accomplish their tasks. On that note, a PC contains a lot of EXE files, thousands maybe, that allows a high probability that an error might occur. Sometimes, EXE errors can make an impact in your computer system. Programs may stop working, or your PC can slow down. Worst case is, an EXE error can prevent you from accessing and logging into your computer.

Some issues that can cause EXE errors:

  • Viruses, malware, and spyware
  • Invalid, broken, corrupted or out-of-date files or drivers
  • Conflicting entries in the Windows system registry
  • Application Conflicts

From the Forums

A user in the forum details it further:


NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. I do not currently have a flash drive on hand, but I do have an 4 GB SD card.

I have been prompted to do a manual removal of Trojan.Zeroaccess!inf4 from c:\windows\system32\services.exe. C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Windows\system32\HPSIsvc.exe C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\SysWOW64\DllHost.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Sony\VAIO Smart Network\VSNService.exe C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Apoint\Apoint.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Windows\System32\igfxpers.exe C:\Users\Ii-chan\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Users\Ii-chan\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Program Files\Apoint\Apvfb.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Users\Ii-chan\AppData\Local\WideSearch\wsearch.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Users\Ii-chan\AppData\Local\GetBooks\GetBooks.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Vidalia Bundle\Polipo\polipo.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Users\Ii-chan\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe C:\Windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Sony\VAIO Update\VUAgent.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\explorer.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\splwow64.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\symerr.exe C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\symerr.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\WUDFHost.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Calibre2\calibre.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ii-chan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything. Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go. A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad.

AV: Norton AntiVirus *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . Will that be a sufficient replacement? R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1402000.013\symds64.sys [2012-10-20 493216] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1402000.013\symefa64.sys [2012-10-20 1133216] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-1-15 1388120] R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1402000.013\ccsetx64.sys [2012-10-20 168096] R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD02010.021\ccsetx64.sys [2013-1-4 168096] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-22 279616] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130123.001\IDSviA64.sys [2013-1-23 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1402000.013\ironx64.sys [2012-10-20 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1402000.013\symnets.sys [2012-10-20 432800] R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/12/30 11:49:11];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-12-30 148976] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-6-29 204288] R2 AMPPALR3;IntelR CentrinoR Wireless BluetoothR + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-15 659976] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-4-23 135952] R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-12-30 83240] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-12-30 70952] R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-12-30 312616] R2 DMAgent;IntelR PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688] R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2012-1-1 126520] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-26 13592] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-9-26 2429544] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-23 212944] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccsvchst.exe [2012-10-20 143928] R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccsvchst.exe [2013-1-4 143928] R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-12-30 75248] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-26 2656536] R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-9-26 552584] R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-9-26 969352] R2 WiMAXAppSrv;IntelR PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232] R3 AMPPAL;IntelR CentrinoR Wireless BluetoothR + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144] R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-5-19 84480] R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-5-19 182272] R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-5-19 83968] R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-9-26 344616] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-9-26 39464] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-7 138912] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440] R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-9-26 12312832] R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-4-19 25528] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-10-24 96768] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-10-24 213504] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-9-26 340072] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-26 425064] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-1-23 1286784] S3 AMPPALP;IntelR CentrinoR Wireless BluetoothR + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560] S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-4-19 35256] S3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2012-9-25 20480] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-6-25 272688] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456] S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824] S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232] S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-14 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616] S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-24 1255736] S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-6-21 42392] S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-01-24 01:33:41 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys 2013-01-24 01:23:00 -------- d-----w- C:\Users\Ii-chan\AppData\Local\GetBooks 2013-01-24 01:23:00 -------- d-----w- C:\Users\Ii-chan\AppData\Local\Babylon 2013-01-24 01:22:49 -------- d-----w- C:\ProgramData\Babylon 2013-01-24 01:22:48 -------- d-----w- C:\Users\Ii-chan\AppData\Roaming\Babylon 2013-01-24 01:22:35 -------- d-----w- C:\Users\Ii-chan\AppData\Local\WideSearch 2013-01-24 01:22:30 -------- d-----w- C:\Users\Ii-chan\AppData\Roaming\Free Download Manager 2013-01-24 00:54:41 57436 ----a-w- C:\Windows\DASShp.dll 2013-01-24 00:54:41 217174 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ClearType\ctras.dll 2013-01-24 00:54:38 -------- d-----w- C:\Program Files (x86)\Microsoft Reader 2013-01-24 00:54:31 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2013-01-24 00:54:31 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2013-01-24 00:54:31 221184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll 2013-01-24 00:54:31 221184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2013-01-24 00:54:30 602244 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2013-01-09 05:00:11 750592 ----a-w- C:\Windows\System32\win32spl.dll 2013-01-09 05:00:11 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-09 05:00:03 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2013-01-09 05:00:02 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2013-01-09 05:00:02 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2013-01-09 05:00:02 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2013-01-09 05:00:01 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-01-09 05:00:01 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-01-09 04:58:24 68608 ----a-w- C:\Windows\System32\taskhost.exe 2013-01-09 04:58:23 3149824 ----a-w- C:\Windows\System32\win32k.sys 2013-01-04 08:59:15 168096 ----a-w- C:\Windows\System32\drivers\NSTx64\7DD02010.021\ccsetx64.sys 2013-01-04 08:59:01 -------- d-----w- C:\Windows\System32\drivers\NSTx64\7DD02010.021 . ==================== Find3M ==================== . 2013-01-09 22:12:28 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 22:12:28 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-19 01:37:02 969104 ----a-w- C:\Program Files\uTorrent.exe 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-08 19:29:12 1402312 ----a-w- C:\Windows\SysWow64\msxml4.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll . ============= FINISH: 21:49:46.78 =============== Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so. We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text. Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by Ii-chan at 21:49:01 on 2013-01-23 Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.6060.2045 [GMT -8:00] .

Today Norton Antivirus began to block threats from Trojan.Zeroaccess.B, Trojan.Gen, Trojan.Gen.2, and Trojan.Zeroaccess.C. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.-Security Check-Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop. From what I gather, the fix seems to be quite complicated and I would appreciate some help. Wait until Prescan has finished ...

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. I suspect that these two problems are related, as they started at the same time. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.

Additionally, Bitcoinminer is being repeatedly detected, blocked and quarantined. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.--RogueKiller-- Download & SAVE to your Desktop RogueKiller or from here Quit all programs that you may have started. uStart Page = hxxp://www.google.com/ uSearch Bar = Preserve uProxyServer = 127.0.0.1:8118 uProxyOverride = localhost; 127.0.0.1; <local> mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ips\ipsbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\coieplg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\coieplg.dll EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> uRun: [Best Buy pc app] C:\Users\Ii-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms uRun: [Google Update] "C:\Users\Ii-chan\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [Free Download Manager] C:\Users\Ii-chan\AppData\Roaming\Free Download Manager\fdm.exe -autorun uRun: [WideSearch] C:\Users\Ii-chan\AppData\Local\WideSearch\wsearch.exe uRun: [GetBooks] "C:\Users\Ii-chan\AppData\Local\GetBooks\GetBooks.exe" a1690a988b8442db3cce70eaf88c1ae3 mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun: [BCSSync] "C:\Program Files (x86)\Office14\BCSSync.exe" /DelayServices mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [RemoteControl11] "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{D6902170-4215-41CA-B9D1-9BBD15F1A144} : DHCPNameServer = 202.100.128.68 202.100.138.68 TCP: Interfaces\{E9CDFEE0-A30F-4642-8B0A-9FB2D955C2A6} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{E9CDFEE0-A30F-4642-8B0A-9FB2D955C2A6}\24167656C6E45647 : DHCPNameServer = 208.67.222.123 208.67.220.123 TCP: Interfaces\{E9CDFEE0-A30F-4642-8B0A-9FB2D955C2A6}\353686F6F6C6 : DHCPNameServer = 8.8.8.8 8.8.4.4 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - x64-DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== .

Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. My system is running 64 bit Windows 7 Home Premium w/ SP 1. Then Click on "Scan" button Wait until the Status box shows "Scan Finished"click on "delete" Wait until the Status box shows "Deleting Finished" Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo I'm not sure if Norton is having a problem deleting/quarantining Bitcoinminer, or if it is actually being downloaded over and over.

Looking at similar threads, it looks like I'll need to use a flash drive to run removal tools.



What causes Trojan.Zeroaccess!inf4 detected in services.exe, also Bitcoinminer is repeatedly detected/blocked

Commonly, if a type of EXE error occurs on a frequent basis there is only one thing you need to perform first before you do anything else - clean the system registry. Chances are, your Windows registry has some corrupt files that need cleaning or repairing. One thing to avoid such types of EXE errors is by using an anti-virus or similar tools. They are your best weapon to fight against EXE errors caused by malware infections.

So, how do you fix an EXE error and avoid future crashes?

  1. Always protect your PC with an anti-virus software program.
  2. Run a registry cleaner regularly to remove and repair corrupt Windows registry entries.
  3. Keep your PC Drivers updated.
  4. Make sure to use a good internet connection to download programs from the internet to ensure that they are downloaded intact and not corrupt.
  5. Avoid accessing suspicious websites and opening emails from unknown sources.

 

More info on Trojan.Zeroaccess!inf4 detected in services.exe, also Bitcoinminer is repeatedly detected/blocked


RECOMMENDED: Click here to fix Windows errors and optimize system speed.

Trojan.Zeroaccess!inf4 on Services .exe - no BFE

To learn more about these types of infections, you can refer to:What danger is presented be rootkits?Rootkits and how to combat themr00tkit Analysis: What Is A RootkitIf your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult.

Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. You should consider them to be compromised and change each password using a clean computer, not the infected one. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no fur...


dwm.exe(Trojan.BitcoinMiner) detected by Malwarebytes

AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
. C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files (x86)\Kaspersky Lab\...


ZeroAccess Trojan Detected

If you are not sure which version applies to your system download both of them and try to run them. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.   Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. Please attach it to your reply.




Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run.


ZeroAccess Trojan Detected on PC

mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-14 87656]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MSIDriver_IO_2;MSIDriver_IO_2;c:\program files\msi\osd hot keys\MSI_MAINSYS.sys [2009-8-25 26936]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1011232]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-3 1343400]
.
=============== Created Last 30 ================
.
2012-06-22 22:45:03 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 22:44:37 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 22:44:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 22:44:12 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 22:37:31 -------...


Trojan.Zeroaccess!inf4 on my PC

Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). I really don't care about that but I'd like to make sure my other accounts don't get compromised.
 
Any help would be greatly appreciated.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.45.2
Run by Riste at 14:14:54 on 2014-04-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.1616 [GMT -4:00]
. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. uStart Page = hxxp://www.google.com/
uURLSearchHooks: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\6.6\dealioToolbarIE.dll
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit = userinit.exe,
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53...


Trojan zeroaccess.inf4 please help me

Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.The tool will start to run.When the tool opens click Yes to the disclaimer.Place a check next to List Drivers MD5 as well as the default check marks that are already therePress Scan button.FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:services.exenow press the search buttonwhen the search is complete, search.txt will also be written to your USBtype exit and reboot the computer normallyplease copy and paste both logs in your reply.(FRST.txt and Search.txt)




If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand PromptSelect Command PromptIn the command window type in notepad and press Enter.The notepad opens. Thank You





Please do the following:Download the appropriate vers...


ZeroAccess Trojan detected by McAfee

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive. Select your user account and click Next. However it keeps coming back and new files are always placed in a subfolder under C:\Windows\installer

Here are the log files after running through the exact diagnostic procedures described in your forum here. If prompted, press any key to start Windows from the installation disc.

There will be two options to choose from. Plug the flashdrive into the infected PC. The notepad opens.

One if you do not have your Windows 7 boot DVD and another when you have your DVD. Select US as the keyboard language settings, and then click Next. I very much appreciate any advice you can give me for how to remove this!
 




Please do the below so that we can boot to System Recovery Options to run a scan. Select the operating system you want to repair, and then click Next.

Select your user account an click Next. Under File menu select Open. Select Command Prompt
In the command window type in notepad and press Enter. Option2: Enter System Recovery Options by using Windows installation disc:
Insert the installation disc.

Click Repair your computer. Use the arrow keys to select the Repair your computer menu item. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive. If your computer is not configured to start from a CD or DVD, check your BIOS settings.

It wi...


Detected: ZeroAccess (trojan) (Mcafee)

mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-6-22 771536]
R0 mfewfpk;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-4 196440]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-22 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-8-9 35256]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-9-22 172632]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-1-10 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-2-22 28160]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-8-23 272688]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2012-1-12 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\drivers\usb3Hub.sys [2012-8-9 48096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Window...


ZeroAccess Trojan detected; can't remove

McAfee scan shows the ZeroAccess virus located in my recycle bin. uStart Page = hxxp://www.dell.com
uDefault_Page_URL = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\...


Trojan.Zeroaccess!inf4 infection

It would start windows 7 home premium edition correctly, and I would be able to log in, but then it would freeze. The files from DDS are attached below. I tried rebooting twice, but had the same result each time. C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Man...


Trojan.Zeroaccess!inf4 removal?

Right click that file and select Send To>Compressed (zipped) file. Anyone else had success in removing this?
Hey guys.

I'm the IT dept for the my company and an employee has somehow gotten this virus on his computer. I tried the Trojan Removal tool that Symantec recommended but it couldn't find the virus. Attach that zipped file in your next reply as well








Trojan.zeroaccess!inF4 removal. Please help

Please remember to copy the entire post so you do not miss any instructions.I need to get some reports to get a base to start from so I need you to run these programs first.-Download DDS-Please download DDS from one of the links below and save it to your desktop:Download DDS and save it to your desktopLink1Link2Link3Double-Click on dds.scr and a command window will appear. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. I used Malwarebytes, that did not delete it either because once it asked me to restart my laptop, the trojan attacked me again. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process.

I tried to delete it myself becuase Norton asks for a manual removal but I'm not able to delete services.
 
I used all the Norton tools to delete it. Removing malware can be unpredictable and ...


Need help with Trojan.Zeroaccess!inf4 virus

Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. I'm running windows 7, 64 bit, any help is appreciated. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt).

If you are not sure which version applies to your system download both of them and try to run them. Please attach it to your reply. 





how to remove trojan.zeroaccess!inf4

i can not access repair my computer other wise it seems to freeze. and i can not access google though i assume that's the virus' fault please any help removing said virus would be much appreciated I'm running on an inspiron mini 10 32-bit with windows 7 starter i have the cd's to do the factory default but i dont know what order to run cd's and last time i tried i had to go pay to have it reinstalled inspiron mini 10 32-bit tutorial recovery disks windows 7http://is.gd/mzqkQsSee if these help.http://www.pctechbytes.com/dell/del...http://www.sevenforums.com/backup-r... i have BSOD error code 0x7e various others in () .

alright well ill give a little back ground information on the state my computer. i currently have the above mentioned virus.


Infected with Trojan.Zeroaccess!inf4


running windows 7, Norton keeps popping up with this warning I am infected with Trojan.Zeroaccess!inf4, but Norton is unable to remove it. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: Backup any files that cannot be replaced. I've also tried Malwarebytes and Microsoft security.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs&quo...


Infected with Trojan.Zeroaccess!inf4, Trojan.Gen, Packed.Generic.382 + 1 more

Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.-Security Check-Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. Thankfully my bank noticed something was happening too and shut down the online banking before any $ damage was done. No more online banking till this gets fixed
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 1.6.0_31
Run by Owner at 22:30:05 on 2013-02-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.6143.1974 [GMT -5:00]
.

uStart Page = hxxp://rogers.com/smartkey
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=sx2800&r=173603107707p0318v1j5k4971524o
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=sx2800&r=173603107707p0318v1j5k4971524o
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&...


Norton repeatedly detects intrusion attempts, Trojan detected

Also, earlier in the process of being infected some of the Google search results would be redirected away from their intended links (Wikipedia to something else, for example). Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. If asked to restart the computer, please do so immediately.

Application path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE. When I tried accessing internet after this, I still got the same Norton notifications about intrusion attempts. I downloaded Malwarebyte's Anti-Malware, and after doing scans (quick and full), the program found that I had

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack)
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite)

and

Files Infected:
C:\Documents and Settings\All Users\Application Data\sysReserve.ini (Malware.Trace)

These entries were removed, and the com...


Trojan.zeroaccess.C and Trojan.Gen.2 detected by Symantec

I will start from beginning, my system suddenly showed popups that "your system is infected by virus" and suddenly it was an havoc, some software started running some scan automatically and started showing that I have 34 files infected with trojans, and demanded to install their antivirus to prevent. I am unable to update start my windows update.
2. Somehow I removed that application from my system as it was preventing to start any other application/window from my system. The worst gift I got on Christmas! :cry

I have attached logs of the risk and tamper protection from Symantec antivirus.

I am unable to put on my windows firewall. Please help me as this is my business laptop and I am afraid if this will affect my important files. I updated my antivirus after that and my antivirus popped another alert for the backdoor trojan at somewhat same location same location:
C:\$Recycle.Bin\S-1-5-18\$b4666e4c9c567965803d996177a3523f\

While zeroaccess Trojan was at:
C:\$Recycle.Bin\S-1-5-18\$b4666e4c9c567965803d996177a3523f\U\

I am unsure if they are still in my system or not. But they certainly have done some damage:
1.

Below is the log attached of backdoor trojan:
 

Meanwhile my Symantec antivirus was showing some popup screens again and again that it has detected these 2 viruses in every 2 minutes. Regards
Ankit
 




I know admins must have been busy.

It was a trap and didn't cl...


Trojan detected and Internet Blocked

The first time the tool is run, it makes also another log (Addition.txt). INFO: HKCU has more than 50 listed domains. You attempted to reach [email protected] but the certificate that the server presented has been revoked by its issuer. The following corrective action will be taken in 0 milliseconds: Restart the service.
11/08/2013 15:13:07, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
11/08/2013 15:12:54, error: Service Control Manager [7031] - The Avira Real-Time Protection service terminated unexpectedly.

It has done this 1 time(s). INFO: HKLM has more than 50 listed domains. Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB2172ED2]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! DDS (Ver_2012-11-20.01)
.

If you wish to scan all of them, select the 'Force scan all domains' option.
. Please attach it to your reply.

 

Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlackBerry Device Manager (Blackberry Device Manager) - Research In Motion Limited - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdat...


Services.exe detected as Trojan horse Dropper.Generic_c.MMI

Because it's an integral system file, AVG white lists it but I'm still concerned about how it could be affecting my computer. what is your operating system?Please run the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. Right click that file and select Send To>Compressed (zipped) file. Thank you for taking the time to read this.

NEXTPlease download aswMBR to your desktop.Double click the aswMBR.exe icon to run itWhen asked if you want to download Avast's virus definitions please select Yes.Click the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.You will also notice another file created on the desktop named MBR.dat. When done, two DDS.txt's will open.
AVG alerted me that services.exe (c:/windows/system32/services.exe) is a trojan horse.

Attach that zipped file in your next reply as well




Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. Any instructions on resolving this problem would be greatly appreciate.



LATEST TIP: You should click here to fix Windows errors and optimize system speed.



Recommended Links:

(1) Download (Trojan.Zeroaccess!inf4 detected in services.exe, also Bitcoinminer is repeatedly detected/blocked) repair utility.

(2) Trojan.Zeroaccess!inf4 detected in services.exe, also Bitcoinminer is repeatedly detected/blocked

(3) Trojan.Zeroaccess!inf4 on Services .exe - no BFE

(4) dwm.exe(Trojan.BitcoinMiner) detected by Malwarebytes

(5) ZeroAccess Trojan Detected

 
Note: Manual troubleshooting of Trojan.Zeroaccess!inf4 detected in services.exe, also Bitcoinminer is repeatedly detected/blocked is only recommended for advanced computer users.Download this automatic repair tool instead.