Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2013 01 Ran by Ryan2011 at 2013-11-12 10:27:52 Run:1 Running from C:\Users\Ryan2011\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered) HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{7805e6ce-aece-7b86-307b-b3236983aa6d}\ \...\???\{7805e6ce-aece-7b86-307b-b3236983aa6d}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) S1 igzvkwcp; \??\C:\Windows\system32\drivers\igzvkwcp.sys [x] C:\Windows\system32\drivers\igzvkwcp.sys C:\Windows\SysWOW64\dveof.txt C:\Windows\7631890drv.spi C:\Windows\assembly\GAC_32\Desktop.ini C:\Windows\assembly\GAC_64\Desktop.ini C:\Users\Ryan2011\AppData\Local\Google\Desktop C:\Program Files (x86)\Google C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => Value was restored successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully. Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5-x64 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll *etadpug => Service deleted successfully. igzvkwcp => Service deleted successfully. "C:\Windows\system32\drivers\igzvkwcp.sys" => File/Directory not found. C:\Windows\SysWOW64\dveof.txt => Moved successfully. C:\Windows\7631890drv.spi => Moved successfully. C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully. Could not move "C:\Windows\assembly\GAC_64\Desktop.ini" => Scheduled to move on reboot. "C:\Users\Ryan2011\AppData\Local\Google\Desktop" directory move: Could not move "C:\Users\Ryan2011\AppData\Local\Google\Desktop" directory. => Scheduled to move on reboot. C:\Program Files (x86)\Google => Moved successfully. C:\Users\Ryan2011\AppData\Local\Google\Update\GoogleUpdate.exe => Moved successfully. "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started. "C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\NisLog.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\NisSrv.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed. =========== Result of Scheduled Files to move =========== C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully. "C:\Users\Ryan2011\AppData\Local\Google\Desktop" => Directory could not move. ==== End of Fixlog ====