Odds are it is the new version of Zero Access. If it's not then the following may help:
Copy the lines between the stars (but not the stars):
****************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"ScanWithAntiVirus"=dword:00000001
****************
Open notepad and paste the above into it. Verify that you have it all then File, Save As, (to your desktop) "NoScan.reg" OK (Make sure you includes the quotes around the file name)
Close notepad and all browsers. Right click on NoScan.reg and select Merge. Allow it to merge. (If you don't see the Merge option you probably left off the quotes and notepad tacked on .txt)
Open Chrome and see if you can download.
If you have another user, try logging on as the other user. If not, create a new user with admin rights and logon as the new user.
Open Chrome and see if you can download.
Finally try booting into Safe Mode with Networking, (Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. )
Choose the Administrator login (usually there is no password so just hit Enter when the password prompt comes up.
If not then it's probably Zero Access. You will need to get a copy of OTL and also of Combofix:
http://www.geekstogo...timers-list-it/http://subs.geekstogo.com/ComboFix.exeIf the download is working again also get aswMBR.exe
http://public.avast....erek/aswMBR.exe (It was taking two hours to download today so if you can get it in a reasonable time don't worry about it.)
Use a friend's computer and download and save the files (Pause your antivirus while downloading or copying as it may object to these tools) save the files to a CD or a clean USB Drive (Do not use one that has been in the sick computer) and move them to the desktop of the sick PC.
Run them as follows:
OTL:
Copy the text in the code box:
DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT
Run OTL
Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
Select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.
aswMBR
Pause your antivirus
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
Combofix
Pause your antivirus
double click on ComboFix to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. (You may want to turn off your screensaver so you can watch what is going on) The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
IF this is Zero Access you will need to run Combofix a second time before you get the log.