Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-09-2013 01
Ran by ewamarcin at 2013-09-10 19:40:09 Run:1
Running from E:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{3727a244-36ea-3993-9945-46cb2618ed21}\ \...\???\{3727a244-36ea-3993-9945-46cb2618ed21}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [x]
Task: {463A6406-2D83-4D81-ADD1-63AF1081AF53} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert
Task: {CC3EBC27-CDFE-49B1-B01D-6B93FCF05D0A} - System32\Tasks\EPUpdater => C:\Users\EWAMAR~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoControlPanel] 0
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
C:\Users\EWAMAR~1\AppData\Local\Google
C:\Program Files (x86)\Google
C:\ProgramData\BDQ8yN3Dy.dat
C:\ProgramData\WoUFM7V7.exe_.b
C:\ProgramData\WoUFM7V7.exe.b
C:\ProgramData\BrowserDefender
C:\Users\ewamarcin\AppData\Roaming\Aqlo
C:\Users\ewamarcin\AppData\Roaming\Bakua
C:\Users\ewamarcin\AppData\Roaming\Fighters
C:\Users\ewamarcin\AppData\Roaming\Ixaf
C:\Users\ewamarcin\AppData\Roaming\OpenCandy
C:\Users\ewamarcin\AppData\Roaming\PerformerSoft
C:\Users\ewamarcin\AppData\Roaming\Screensaver
C:\Users\ewamarcin\AppData\Roaming\Mozilla
C:\Program Files (x86)\Mozilla Firefox
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
*etadpug => Service deleted successfully.
BrowserDefendert => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{463A6406-2D83-4D81-ADD1-63AF1081AF53} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{463A6406-2D83-4D81-ADD1-63AF1081AF53} => Key deleted successfully.
C:\Windows\System32\Tasks\BrowserDefendert => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC3EBC27-CDFE-49B1-B01D-6B93FCF05D0A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC3EBC27-CDFE-49B1-B01D-6B93FCF05D0A} => Key deleted successfully.
C:\Windows\System32\Tasks\EPUpdater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoActiveDesktop => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoActiveDesktopChanges => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MSESysprep.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseoobe.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseooberes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisLog.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisSrv.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisWFP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SqmApi.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.
C:\Users\EWAMAR~1\AppData\Local\Google => Moved successfully.
C:\Program Files (x86)\Google => Moved successfully.
C:\ProgramData\BDQ8yN3Dy.dat => Moved successfully.
C:\ProgramData\WoUFM7V7.exe_.b => Moved successfully.
C:\ProgramData\WoUFM7V7.exe.b => Moved successfully.
C:\ProgramData\BrowserDefender => Moved successfully.
C:\Users\ewamarcin\AppData\Roaming\Aqlo => Moved successfully.
C:\Users\ewamarcin\AppData\Roaming\Bakua => Moved successfully.
C:\Users\ewamarcin\AppData\Roaming\Fighters => Moved successfully.
C:\Users\ewamarcin\AppData\Roaming\Ixaf => Moved successfully.
C:\Users\ewamarcin\AppData\Roaming\OpenCandy => Moved successfully.
C:\Users\ewamarcin\AppData\Roaming\PerformerSoft => Moved successfully.
C:\Users\ewamarcin\AppData\Roaming\Screensaver => Moved successfully.
C:\Users\ewamarcin\AppData\Roaming\Mozilla => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox => Moved successfully.


The system needs a manual reboot. 

==== End of Fixlog ====