Rootkit?

Are these really rootkits? If so, how can I remove them because when I try to perform an action, it says they cant accessed.

Can you post a new Screenshot with the Detections please?

And also give some information about your system(OS,32 or 64 bit, other installed security tools…)

I have a 64 vit, win 7, Hp. I have mbam, sas, and malwarebytes rootkit remover.

Thats wierd.

Can you do what is shown in this topic please and attach your logs, DONT COPY AND PASTE.

http://forum.avast.com/index.php?topic=53253.0

After that malware removers are notified, maybe i need some too, i dont know if the detection i have is a false positive
or valid. ;D

Monitoring…

Sorry for the late reply. Working on in today.

this seems to be the Windows update issue …sometimes happens if you scan after a win update

if you reboot and scan again, do you still get it ?

Here are the logs.

EDIT: aswMBR is taking forever to download. When I click the download link, my speed is in B/s rather than my normal speed which is A LOT higher.

I will try again and see.

I got aswMBR from cnet.

http://i.imgur.com/weVCzW0.jpg
Please download TDSSKiller

[*]Double click TDSSKiller.exe
[*]Press Start Scan but do nothing else as we are just looking for what is there.
[*]If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
[*]Attach the log in your next reply

[*]A copy of the log will be saved automatically to the root of the drive (typically C:)


TDSSKiller log

ComboFix

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

Note: It is important that it is saved directly to your desktop
If you get a message saying “Illegal operation attempted on a registry key that has been marked for deletion”, please restart your computer.


IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here


Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.

CF log

http://i.imgur.com/OJQgrbU.png
Tweaking.com Registry Backup

[]Download the tool found here to your Desktop so it is easy to find.
[
]Double click on the file you just downloaded to install it to your system.

[*]Once the tool is installed, double-click on the Tweaking.com Registry Backup icon
Note The tool should automatically open to the Backup Registry tab.

http://i.imgur.com/TRfuT3t.jpg

[*]Press Backup Now
[*]When the back up is complete, the tool will tell you that Successful / Files Backed Up
[*]You have now successfully backed up your Registry.

http://i.imgur.com/ttLR1ki.jpg

Run OTL.exe

[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL


:Services

:OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{E9F3BDB7-6BC2-4009-9878-CA24A5315326}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
O2:[b]64bit:[/b] - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O15 - HKU\S-1-5-21-1691826831-2016053247-2653556577-1000\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1691826831-2016053247-2653556577-1000\..Trusted Domains: aeriagames.com ([]https in Trusted sites)

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[start explorer]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )

Attach the new OTL log and let me know how your system is running. :slight_smile:

Still need help?

Second OTL log.

and let me know how your system is running.
:)

Oh, I forgot about that. It’s doing fine. After running the registry backup there’s a bunch of files on the desktop. I’m guessing those are the backups.

Hi,

Yes there will be some files that populate occasionally as we work through this… Let’s check for anything remaining that needs to go.

http://i.imgur.com/GUZVCQN.jpg
Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
[*]Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.[*] Turn off the real time scanner of any existing antivirus program while performing the online scan[*]Tick the box next to YES, I accept the Terms of Use.[*]Click Start[*]When asked, allow the activex control to install[*]Click Start[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.[*]Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.[*]Click Scan[]Wait for the scan to finish[]When the scan is done, if it shows a screen that says “Threats found!”, then click “List of found threats”, and then click “Export to text file…”[] Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.[]Close the ESET online scan, and let me know how things are now.