@Revanx

FRST log shows badly infected machine with two type of rootkits, ZeroAccess and TDL4, an MBR based rootkit.

We shall run three FRSTScript. One by one. After each executed script, try to boot in Windows normaly.

  • If you boot into Windows normally, report it here and do NOT make further changes.
  • If you don’t boot into Windows normally, report it here and continue with steps.

It is important to do the steps one by one. Do not create tree fixlist.txt at the same time. Just follow the steps and doing them one by one
=====================================

Step#1

Open notepad.

[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[
] Copy/Paste the contents of the code box below into Notepad.


START
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-01-24] (Ask)
C:\Program Files (x86)\Ask.com
AppInit_DLLs:     [0 ] ()
AppInit_DLLs-x32:     [0 ] ()
C:\$Recycle.Bin\S-1-5-21-903024167-1320075759-2810401075-1000\$743272f754f8be0f338c3117c8cb7b6d
C:\$Recycle.Bin\S-1-5-18\$743272f754f8be0f338c3117c8cb7b6d
C:\Users\clark\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\clark\AppData\Local\Temp\SHSetup.exe
C:\Users\clark\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\clark\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\clark\AppData\Local\Temp\UNINSTALL.exe
cmd: bootrec /FixMbr
cmd: bootrec /fixBoot
Control:
END

[*] Save it to your USB flashdrive as fixlist.txt
[/list]

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please.


Try to boot Widows normaly.

If you succeed => tell me and do NOT make any further action

If you do not succeed => continue with step 2


Step#2

Open notepad.

[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[
] Copy/Paste the contents of the code box below into Notepad.


Restore point made on: 2013-07-15 09:43:09

[*] Save it to your USB flashdrive as fixlist.txt

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please.


Try to boot Widows normaly.

If you succeed => tell me and do NOT make any further action

If you do not succeed => continue with step 3


Step#3

Open notepad.
[list]
[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[
] Copy/Paste the contents of the code box below into Notepad.


LastRegBack: 2013-07-05 05:31

[*] Save it to your USB flashdrive as fixlist.txt

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please.


Try to boot Widows normaly.

If you succeed => tell me and do NOT make any further action

If you do not succeed => post me fresh FRST.txt logreport, as you did from in your fist post.