Help deleting Rootkit.ZeroAccess

[essexboy]

Could you run it one more time...  This is a really weird situation that I have not yet come across

[LaLuz]

should I uninstall it and download a fresh copy?

[essexboy]

Yes that may be advisable.. 

Link 1
Link 2

[LaLuz]

i wasn't sure if you wanted me to add that CFSript.txt file to it, so I didn't do that.  ComboFix detected rootkit.zeroaccess again, the log is attached.

I forgot to ask, is this IP address correct?   TCP: DhcpNameServer = 192.168.2.1

[essexboy]

Now I am totally baffled as to where it is detecting it...  None of the other tools find a trace in any shape or form

As an aside did you install this programme USB Lock AP

forgot to ask, is this IP address correct?   TCP: DhcpNameServer = 192.168.2.1Yes it is your router

[LaLuz]

That application was on the new USB that I've used to create the OSO2Disk.  I must confess to you that I had to remove the battery to reset the BIOS password in order to change the booting settings.  I don't know if that has anything to do with not being able to boot from the USB 

[essexboy]

Yes that is a USB locking application.  It disables USB's from being written to or read 

How is the computer behaving as I am a tad suspicious about combofix's report

[LaLuz]

I was able to download that OTLPE on the USB.  I can view the contents of the USB. 

As far as the PC performance, here are my issues:

1.  The internet slows down all of a suden, and my links from my favorites don't always work.

2.  Some of my desktop and start menu icons are not working and they display a folder with a windows screen over it.  The icons don't work with just a click, I have to right click and select open.

[essexboy]

OK I am just going to check something out

[essexboy]

Could you download Dr Web and run the programme from safe mode please http://www.freedrweb.com/cureit

Basic instructions are on the download page, or if you like I will now be creating some instructions in the use of it

 

[essexboy]

Please download Dr Web Cureit from here to your desktop

The file will be randomly named
Reboot to safe mode
Run Dr Web
Tick the I agree box and select continue
Click select objects for scanning


Tick all boxes as shown
Click the wrench and select automatically apply actions to threats 


Press start scan

The scan will now commence


Once the scan has finished click open report


A notepad will open
Select File > Save as..
Save it to your desktop
Upload the file to Mediafire and post the sharing link, or if you have dropbox then put it there and post the public link 

[LaLuz]

Here is the report.

http://www.mediafire.com/?cqhpdlgydatd7jq

I was finally able to run OTL and I'm including a copy of the report.

[essexboy]

Ta downloading now

[essexboy]

Again as clean as a babies bum 

OK download this zip file to your desktop

http://www.dougknox.com/xp/fileassoc/linkfile_fix.zip

Extract the reg file and double click
Reboot and try the desktop icons .. Do they work

[LaLuz]

yes the icons work, but the ones listed on the start menu still display that weird folder with some windows page over it.

When I run Curit it said that some Trojan.Swizzor.18340 was found, did that show in the report? 

Also I'm not sure if you saw the OTL report that I added to my reply.