No one should have been on this computer but me
If you say so. ;D
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1639554464-675732369-1436308505-1000\$ee66691e3833ad3d2d0c9efbdca20170\n. ATTENTION! ====> ZeroAccess?
HKU\Kiosk\...\Policies\system: [NoDispSettingsPage] 1
HKU\Kiosk\...\Policies\system: [DisableRegistryTools] 1
HKU\Kiosk\...\Policies\system: [NoDispScrSavPage] 1
HKU\Kiosk\...\Policies\system: [NoDispCPL] 1
HKU\Kiosk\...\Policies\system: [NoDispBackgroundPage] 1
HKU\Kiosk\...\Policies\system: [NoDispAppearancePage] 1
HKU\Kiosk\...\Policies\system: [DisableChangePassword] 1
HKU\Kiosk\...\Policies\system: [DisableLockWorkstation] 1
HKU\Kiosk\...\Policies\system: [DisableTaskMgr] 1
BHO-x32: No Name - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
Toolbar: HKLM-x32 - No Name - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 07 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
CHR Extension: (Chrome In-App Payments service) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{ee66691e-3833-ad3d-2d0c-9efbdca20170}\ \...\???\{ee66691e-3833-ad3d-2d0c-9efbdca20170}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
2013-10-12 04:30 - 2013-10-12 04:31 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2013-10-12 04:29 - 2013-10-12 04:29 - 01805736 _____ (Symantec Corporation) C:\Users\owner\Downloads\FixZeroAccess.exe
2013-10-12 04:29 - 2013-10-12 04:29 - 01805736 _____ (Symantec Corporation) C:\Users\owner\Downloads\FixZeroAccess (1).exe
C:\$Recycle.Bin\S-1-5-21-1639554464-675732369-1436308505-1000
C:\Users\owner\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
CMD: netsh winsock reset
CMD: ipconfig /flushdns
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
-------- next --------
Please download ESET Services Repair tool, available here, and save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.
http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe
Post here fresh created logreports.
-------- next --------
Re-run FRST, just press Scan button and post me fresh created FRST.txt log