This fix you shall deploy from normal mode as some malicius services are still loaded.
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
START
() C:\Users\SAMSUNG\AppData\Local\GetBooks\GetBooks.exe
HKCU\...\Run: [GetBooks] - C:\Users\SAMSUNG\AppData\Local\GetBooks\GetBooks.exe [509440 2013-05-15] ()
C:\Users\SAMSUNG\AppData\Local\GetBooks
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=00c0ab9a-df4a-455b-aec2-db82b7a2f123&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=00c0ab9a-df4a-455b-aec2-db82b7a2f123&searchtype=ds&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=00c0ab9a-df4a-455b-aec2-db82b7a2f123&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
CHR Extension: (Ask Toolbar) - C:\Users\SAMSUNG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpbjobobnmcnepdoldijfgmgogbe\21.54118_0
C:\Users\SAMSUNG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpbjobobnmcnepdoldijfgmgogbe
CHR Extension: (Missing e) - C:\Users\SAMSUNG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.14.3_0
C:\Users\SAMSUNG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid
CHR Extension: (UnfollowHater) - C:\Users\SAMSUNG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjobkfnjnakiggjoafelkncclbonjhm\1.0.13_0
C:\Users\SAMSUNG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjobkfnjnakiggjoafelkncclbonjhm
CHR Extension: (Chrome In-App Payments service) - C:\Users\SAMSUNG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
C:\Users\SAMSUNG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
CHR HKLM\...\Chrome\Extension: [aaaajpbjobobnmcnepdoldijfgmgogbe] - C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3-V7\CRX\ToolbarCR.crx
C:\ProgramData\AskPartnerNetwork
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{a9dc3b77-a104-26f7-d8cc-b3ee5a1d846e}\ \...\???\{a9dc3b77-a104-26f7-d8cc-b3ee5a1d846e}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
CMD: netsh winsock reset
CMD: ipconfig /flushdns
END
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
------ next -------
Reboot(restart) mashine once more time....
------ next -------
Re-run FRST, just press Scan button and post me fresh created FRST log.