Live Sec Plat won't go away

[Dpad]

Operating system: Windows 7 Home Premium
Architecture: 64 bit
Antivirus software and on-demand scanners on this system : Malwarebytes
Date and how issue started: 9/11 Not exactly sure what happened, one minute working normally next minute restarting with cool new security program asking to be activated.
Current issues and symptoms: I have run through a few of your guides on removing this pest, but to no avail. I can connect to the internet and run programs, although no crtl-shift-esc action, and pinging going on in the background with selective shutdown of programs.
Steps taken in order to remove the infection: Just ran through some of the guides. http://malwaretips.com/blogs/live-securi...val-guide/
that one to be specific.
REQUESTED LOGS: OTL LOG
aswMBR LOG
I have run the two req. scans but IE shut me down while I was trying to post. I will try to get them into a reply.

[Dpad]

here are the scans

[Jack]

Hi and welcome to the MalwareTips.com forums!

I'm Jack and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

---

Ouch,that's really infected computer.... Apart from the Live Security Platinum rogue, you also have a ZeroAccess rootkit!
Lets clean it up!
STEP 1 : Run a scan with Combofix

Please read and follow very carefully the below instructions

 
Download ComboFix from one of the following locations: 

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)
----------------------------------------------------------------
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop  
 

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts.Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------------

How to run the Combofix scan :

1. Double click on ComboFix.exe & follow the prompts.
2. Accept the disclaimer and allow to update if it asks
3. When finished, it shall produce a log for you. 
4. Please include the C:\ComboFix.txt in your next reply.
   

Additional notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

---

What's next?

Add the following logs to your next post (You can find here details on how to use the Attachment System):
1.Combofix log
2.Let me know if you had any problems with the above instructions and also let me know how things are running now!

[Dpad]

Uh oh....

BSD - Invalid_Work_Qeue_Item

or something to that affect...

While running combo fixer screen blue up! and restarted.
Twice in a row. Get about halfway through a progress bar and bsd'd to oblivion.

Preparing for the worst.

[Jack]

Ok,lets try another approach:
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chamelon mode

1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for yo
5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
7. Upon completion of the scan, if anything has been detected, click on Show Result
8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats
Please add both logs in your next reply.

STEP 2: Run a scan with RogueKiller

1. Please download the latest official version of RogueKiller.
   RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
   
3. After the scan has completed, press the Delete button to remove any malicious registry keys.
   
4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
   

The report has been created on the desktop.In your next reply please post:

All RKreport.txt text files located on your desktop.

---

What's next?

Please add in your next reply:
1.Malwarebytes log
2.RogueKiller logs
3.Let me know if you had any problems with the above instructions and also let me know how things are running now!

[Dpad]

I think it's gone, here are the final logs.

I'm going to run one more malwareB scan. If it all turns up daisies after that all I can say is domo arigato gozaimasu! Thank you very much for the help!

If you can recommend any (free) preventative software that would be awesome too!

[Jack]

OK Dpad,it seems like Malwarebytes and RogueKiller got the hard-core part of that ZeroAccess rootkit.Now it's time to a quick check-up:

STEP 1: Run a scan with ESET Online Scanner

1. Download ESET Online Scanner utility from the below link
   ESET ONLINE SCANNER DOWNLOAD LINK (This link will automatically download ESET Online Scanner on your computer.)
2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Check Scan archives
6. Push the Start button.
7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8. When the scan completes, push List of found threats
9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.
10. Push the back button.
11. Push Finish

---

STEP 2: Run a HitmanPro scan

1. Download the latest official version of HitmanPro.
   HITMANPRO DOWNLOAD LINK (This link will open a download page in a new window from where you can download HitmanPro)
2. Start HitmanPro  by double clicking on the previously downloaded file. and then following the prompts.
   
3. Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click Next .
   
4. Click Activate free license to start the free 30 days trial and remove the malicious files.
   
5. HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
   

Add to your next reply, any log that HitmanPro might generate.

---

STEP 3: Run a scan with OTL by OldTimer

1. Download the OTL utility using the below link :
   OTL DOWNLOAD LINK (This link will automatically download OTL on your computer)
2. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
   
3. When the window appears, underneath Output at the top change it to Minimal Output.
4. Check the boxes beside LOP Check and Purity Check.
5. Click the Run Scan button.
   
6. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
   Please post this 2 logs in your first reply..

Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: OTL.scr, or OTL.com.

---

What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):
1.OTL logs
2.HitmanPro log
4.ESET log
5.Let me know if you had any problems with the above instructions and also let me know how things are running now!