Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
ZeroAccess removal incomplete
Message
<blockquote data-quote="Homieside" data-source="post: 150512" data-attributes="member: 16949"><p>Greetings,</p><p> </p><p>Thanks for the easy to follow redirect virus removal guide, it worked very well, but I am one of the lucky ones and my virus just wont go away.</p><p>I have used McAfee for years with no issue, but it has met it's ultimate foe...ZeroAccess.</p><p>Rogue Killer keeps finding 1 last run key which it then returns an error on.</p><p> </p><p>First</p><p><span style="font-size: 10px">RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy</span></p><p><span style="font-size: 10px">mail : tigzyRK<at>gmail<dot>com</span></p><p><span style="font-size: 10px">Feedback : </span><a href="http://www.adlice.com/forum/" target="_blank"><span style="font-size: 10px">http://www.adlice.com/forum/</span></a></p><p><span style="font-size: 10px">Website : </span><a href="http://www.adlice.com/softwares/roguekiller/" target="_blank"><span style="font-size: 10px">http://www.adlice.com/softwares/roguekiller/</span></a></p><p><span style="font-size: 10px">Blog : </span><a href="http://www.adlice.com" target="_blank"><span style="font-size: 10px">http://www.adlice.com</span></a></p><p><span style="font-size: 10px">Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version</span></p><p><span style="font-size: 10px">Started in : Normal mode</span></p><p><span style="font-size: 10px">User : Shawn [Admin rights]</span></p><p><span style="font-size: 10px">Mode : Scan -- Date : 12/28/2013 15:44:40</span></p><p><span style="font-size: 10px">| ARK || FAK || MBR |</span></p><p><span style="font-size: 10px">¤¤¤ Bad processes : 0 ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ Registry Entries : 8 ¤¤¤</span></p><p><span style="font-size: 10px">[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{f4156ecb-7547-284c-2ee5-580753d84100}\?��?��?��\?��?��?��\???ﯹ๛\{f4156ecb-7547-284c-2ee5-580753d84100}\GoogleUpdate.exe" >) -> FOUND</span></p><p><span style="font-size: 10px">[RUN][SUSP PATH] HKCU\[...]\Run : Orics (regsvr32.exe C:\Users\Shawn\AppData\Local\Orics\MciUsb.dll [x][-]) -> FOUND</span></p><p><span style="font-size: 10px">[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND</span></p><p><span style="font-size: 10px">[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND</span></p><p><span style="font-size: 10px">[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND</span></p><p><span style="font-size: 10px">[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND</span></p><p><span style="font-size: 10px">[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND</span></p><p><span style="font-size: 10px">[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND</span></p><p><span style="font-size: 10px">¤¤¤ Scheduled tasks : 0 ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ Startup Entries : 0 ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ Web browsers : 0 ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ Browser Addons : 0 ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ Particular Files / Folders: ¤¤¤</span></p><p><span style="font-size: 10px">[ZeroAccess][Folder] Install : C:\Users\Shawn\AppData\Local\Google\Desktop\Install [-] --> FOUND</span></p><p><span style="font-size: 10px">¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ External Hives: ¤¤¤</span></p><p><span style="font-size: 10px">-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]</span></p><p><span style="font-size: 10px">-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]</span></p><p><span style="font-size: 10px">-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]</span></p><p><span style="font-size: 10px">-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]</span></p><p><span style="font-size: 10px">-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]</span></p><p><span style="font-size: 10px">¤¤¤ Infection : ZeroAccess ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ HOSTS File: ¤¤¤</span></p><p><span style="font-size: 10px">--> %SystemRoot%\System32\drivers\etc\hosts</span></p><p> </p><p>Second</p><p><span style="font-size: 10px">RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy</span></p><p><span style="font-size: 10px">mail : tigzyRK<at>gmail<dot>com</span></p><p><span style="font-size: 10px">Feedback : </span><a href="http://www.adlice.com/forum/" target="_blank"><span style="font-size: 10px">http://www.adlice.com/forum/</span></a></p><p><span style="font-size: 10px">Website : </span><a href="http://www.adlice.com/softwares/roguekiller/" target="_blank"><span style="font-size: 10px">http://www.adlice.com/softwares/roguekiller/</span></a></p><p><span style="font-size: 10px">Blog : </span><a href="http://www.adlice.com" target="_blank"><span style="font-size: 10px">http://www.adlice.com</span></a></p><p><span style="font-size: 10px">Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version</span></p><p><span style="font-size: 10px">Started in : Normal mode</span></p><p><span style="font-size: 10px">User : Shawn [Admin rights]</span></p><p><span style="font-size: 10px">Mode : Remove -- Date : 12/28/2013 15:46:53</span></p><p><span style="font-size: 10px">| ARK || FAK || MBR |</span></p><p><span style="font-size: 10px">¤¤¤ Bad processes : 0 ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ Registry Entries : 8 ¤¤¤</span></p><p><span style="font-size: 10px">[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{f4156ecb-7547-284c-2ee5-580753d84100}\?��?��?��\?��?��?��\???ﯹ๛\{f4156ecb-7547-284c-2ee5-580753d84100}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error</span></p><p><span style="font-size: 10px">[RUN][SUSP PATH] HKCU\[...]\Run : Orics (regsvr32.exe C:\Users\Shawn\AppData\Local\Orics\MciUsb.dll [x][-]) -> DELETED</span></p><p><span style="font-size: 10px">[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED</span></p><p><span style="font-size: 10px">[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED</span></p><p><span style="font-size: 10px">[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified. </span></p><p><span style="font-size: 10px">[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. </span></p><p><span style="font-size: 10px">[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)</span></p><p><span style="font-size: 10px">[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)</span></p><p><span style="font-size: 10px">¤¤¤ Scheduled tasks : 0 ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ Startup Entries : 0 ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ Web browsers : 0 ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ Browser Addons : 0 ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ Particular Files / Folders: ¤¤¤</span></p><p><span style="font-size: 10px">[ZeroAccess][Folder] Install : C:\Users\Shawn\AppData\Local\Google\Desktop\Install [-] --> DELETED</span></p><p><span style="font-size: 10px">[ZeroAccess][Folder] L : C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{F4156~1\2E2F~1\28F0~1\E628~1\{F4156~1\L [-] --> DELETED</span></p><p><span style="font-size: 10px">[ZeroAccess][Folder] U : C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{F4156~1\2E2F~1\28F0~1\E628~1\{F4156~1\U [-] --> DELETED</span></p><p><span style="font-size: 10px">[ZeroAccess][Folder] {F4156~1 : C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{F4156~1\2E2F~1\28F0~1\E628~1\{F4156~1 [-] --> DELETED</span></p><p><span style="font-size: 10px">[ZeroAccess][Folder] E628~1 : C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{F4156~1\2E2F~1\28F0~1\E628~1 [-] --> DELETED</span></p><p><span style="font-size: 10px">[ZeroAccess][Folder] 28F0~1 : C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{F4156~1\2E2F~1\28F0~1 [-] --> DELETED</span></p><p><span style="font-size: 10px">[ZeroAccess][Folder] 2E2F~1 : C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{F4156~1\2E2F~1 [-] --> DELETED</span></p><p><span style="font-size: 10px">[ZeroAccess][Folder] {F4156~1 : C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{F4156~1 [-] --> DELETED</span></p><p><span style="font-size: 10px">¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ External Hives: ¤¤¤</span></p><p><span style="font-size: 10px">-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]</span></p><p><span style="font-size: 10px">-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]</span></p><p><span style="font-size: 10px">-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]</span></p><p><span style="font-size: 10px">-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]</span></p><p><span style="font-size: 10px">-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]</span></p><p><span style="font-size: 10px">¤¤¤ Infection : ZeroAccess ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ HOSTS File: ¤¤¤</span></p><p><span style="font-size: 10px">--> %SystemRoot%\System32\drivers\etc\hosts</span></p><p> </p><p>All after</p><p><span style="font-size: 10px">RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy</span></p><p><span style="font-size: 10px">mail : tigzyRK<at>gmail<dot>com</span></p><p><span style="font-size: 10px">Feedback : </span><a href="http://www.adlice.com/forum/" target="_blank"><span style="font-size: 10px">http://www.adlice.com/forum/</span></a></p><p><span style="font-size: 10px">Website : </span><a href="http://www.adlice.com/softwares/roguekiller/" target="_blank"><span style="font-size: 10px">http://www.adlice.com/softwares/roguekiller/</span></a></p><p><span style="font-size: 10px">Blog : </span><a href="http://www.adlice.com" target="_blank"><span style="font-size: 10px">http://www.adlice.com</span></a></p><p><span style="font-size: 10px">Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version</span></p><p><span style="font-size: 10px">Started in : Normal mode</span></p><p><span style="font-size: 10px">User : Shawn [Admin rights]</span></p><p><span style="font-size: 10px">Mode : Remove -- Date : 12/28/2013 16:56:44</span></p><p><span style="font-size: 10px">| ARK || FAK || MBR |</span></p><p><span style="font-size: 10px">¤¤¤ Bad processes : 0 ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ Registry Entries : 1 ¤¤¤</span></p><p><span style="font-size: 10px">[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{f4156ecb-7547-284c-2ee5-580753d84100}\?��?��?��\?��?��?��\???ﯹ๛\{f4156ecb-7547-284c-2ee5-580753d84100}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error</span></p><p><span style="font-size: 10px">¤¤¤ Scheduled tasks : 0 ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ Startup Entries : 0 ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ Web browsers : 0 ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ Browser Addons : 0 ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ Particular Files / Folders: ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ External Hives: ¤¤¤</span></p><p><span style="font-size: 10px">-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]</span></p><p><span style="font-size: 10px">-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]</span></p><p><span style="font-size: 10px">-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]</span></p><p><span style="font-size: 10px">-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]</span></p><p><span style="font-size: 10px">-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]</span></p><p><span style="font-size: 10px">¤¤¤ Infection : ZeroAccess ¤¤¤</span></p><p><span style="font-size: 10px">¤¤¤ HOSTS File: ¤¤¤</span></p><p><span style="font-size: 10px">--> %SystemRoot%\System32\drivers\etc\hosts</span></p><p> </p><p>Any additional help is greatly appreciated, this one is tough.</p></blockquote><p></p>
[QUOTE="Homieside, post: 150512, member: 16949"] Greetings, Thanks for the easy to follow redirect virus removal guide, it worked very well, but I am one of the lucky ones and my virus just wont go away. I have used McAfee for years with no issue, but it has met it's ultimate foe...ZeroAccess. Rogue Killer keeps finding 1 last run key which it then returns an error on. First [SIZE=2]RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : [/SIZE][URL='http://www.adlice.com/forum/'][SIZE=2]http://www.adlice.com/forum/[/SIZE][/URL] [SIZE=2]Website : [/SIZE][URL='http://www.adlice.com/softwares/roguekiller/'][SIZE=2]http://www.adlice.com/softwares/roguekiller/[/SIZE][/URL] [SIZE=2]Blog : [/SIZE][URL='http://www.adlice.com'][SIZE=2]http://www.adlice.com[/SIZE][/URL] [SIZE=2]Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Shawn [Admin rights] Mode : Scan -- Date : 12/28/2013 15:44:40 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{f4156ecb-7547-284c-2ee5-580753d84100}\?��?��?��\?��?��?��\???ﯹ๛\{f4156ecb-7547-284c-2ee5-580753d84100}\GoogleUpdate.exe" >) -> FOUND [RUN][SUSP PATH] HKCU\[...]\Run : Orics (regsvr32.exe C:\Users\Shawn\AppData\Local\Orics\MciUsb.dll [x][-]) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][Folder] Install : C:\Users\Shawn\AppData\Local\Google\Desktop\Install [-] --> FOUND ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ -> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts[/SIZE] Second [SIZE=2]RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : [/SIZE][URL='http://www.adlice.com/forum/'][SIZE=2]http://www.adlice.com/forum/[/SIZE][/URL] [SIZE=2]Website : [/SIZE][URL='http://www.adlice.com/softwares/roguekiller/'][SIZE=2]http://www.adlice.com/softwares/roguekiller/[/SIZE][/URL] [SIZE=2]Blog : [/SIZE][URL='http://www.adlice.com'][SIZE=2]http://www.adlice.com[/SIZE][/URL] [SIZE=2]Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Shawn [Admin rights] Mode : Remove -- Date : 12/28/2013 15:46:53 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{f4156ecb-7547-284c-2ee5-580753d84100}\?��?��?��\?��?��?��\???ﯹ๛\{f4156ecb-7547-284c-2ee5-580753d84100}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error [RUN][SUSP PATH] HKCU\[...]\Run : Orics (regsvr32.exe C:\Users\Shawn\AppData\Local\Orics\MciUsb.dll [x][-]) -> DELETED [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified. [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][Folder] Install : C:\Users\Shawn\AppData\Local\Google\Desktop\Install [-] --> DELETED [ZeroAccess][Folder] L : C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{F4156~1\2E2F~1\28F0~1\E628~1\{F4156~1\L [-] --> DELETED [ZeroAccess][Folder] U : C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{F4156~1\2E2F~1\28F0~1\E628~1\{F4156~1\U [-] --> DELETED [ZeroAccess][Folder] {F4156~1 : C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{F4156~1\2E2F~1\28F0~1\E628~1\{F4156~1 [-] --> DELETED [ZeroAccess][Folder] E628~1 : C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{F4156~1\2E2F~1\28F0~1\E628~1 [-] --> DELETED [ZeroAccess][Folder] 28F0~1 : C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{F4156~1\2E2F~1\28F0~1 [-] --> DELETED [ZeroAccess][Folder] 2E2F~1 : C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{F4156~1\2E2F~1 [-] --> DELETED [ZeroAccess][Folder] {F4156~1 : C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{F4156~1 [-] --> DELETED ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ -> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts[/SIZE] All after [SIZE=2]RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : [/SIZE][URL='http://www.adlice.com/forum/'][SIZE=2]http://www.adlice.com/forum/[/SIZE][/URL] [SIZE=2]Website : [/SIZE][URL='http://www.adlice.com/softwares/roguekiller/'][SIZE=2]http://www.adlice.com/softwares/roguekiller/[/SIZE][/URL] [SIZE=2]Blog : [/SIZE][URL='http://www.adlice.com'][SIZE=2]http://www.adlice.com[/SIZE][/URL] [SIZE=2]Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Shawn [Admin rights] Mode : Remove -- Date : 12/28/2013 16:56:44 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Shawn\AppData\Local\Google\Desktop\Install\{f4156ecb-7547-284c-2ee5-580753d84100}\?��?��?��\?��?��?��\???ﯹ๛\{f4156ecb-7547-284c-2ee5-580753d84100}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ -> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts[/SIZE] Any additional help is greatly appreciated, this one is tough. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
