Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2013 Ran by Ryan2011 at 2013-10-30 10:17:47 Run:3 Running from C:\Users\Ryan2011\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered) HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{7805e6ce-aece-7b86-307b-b3236983aa6d}\ \...\???\{7805e6ce-aece-7b86-307b-b3236983aa6d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) S1 vosbcrlp; \??\C:\Windows\system32\drivers\vosbcrlp.sys [x] 2013-10-07 09:32 - 2013-10-07 09:34 - 66628672 _____ C:\Users\Ryan2011\Downloads\teen sex tape.mp4 2013-10-07 09:29 - 2013-10-07 09:30 - 40951236 _____ C:\Users\Ryan2011\Downloads\bbw Kiki outdoor play.mp4 C:\Windows\assembly\GAC_32\Desktop.ini C:\Windows\assembly\GAC_64\Desktop.ini C:\Users\Ryan2011\AppData\Local\Google\Desktop C:\Program Files (x86)\Google\Desktop C:\Windows\system32\drivers\vosbcrlp.sys DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => Value was restored successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully. Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5-x64 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll *etadpug => Service deleted successfully. vosbcrlp => Service deleted successfully. C:\Users\Ryan2011\Downloads\teen sex tape.mp4 => Moved successfully. C:\Users\Ryan2011\Downloads\bbw Kiki outdoor play.mp4 => Moved successfully. C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully. C:\Users\Ryan2011\AppData\Local\Google\Desktop => Moved successfully. "C:\Program Files (x86)\Google\Desktop" directory move: Could not move "C:\Program Files (x86)\Google\Desktop" directory. => Scheduled to move on reboot. "C:\Windows\system32\drivers\vosbcrlp.sys" => File/Directory not found. "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started. "C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed. =========== Result of Scheduled Files to move =========== "C:\Program Files (x86)\Google\Desktop" => Directory could not move. ==== End of Fixlog ====