Win64/patched.a and generic29.anpx virus removal need help please

Resolved
By Marcus.P
Nov 19, 2012
Topic Status:
Not open for further replies.
  1. Hi there,
    It's finally come that I myself need to ask an expert for help. I'm used to being the one fixing the problems but this one is being really stubborn!

    Yesterday I was asked to have a look at my fiancé's parent's desktop computer because they got a virus on it. I've done scans with various programs and it's found these:

    Win64/patched.a
    Generic29.anpx

    and two others but I think they are the same worded differently, still I'll mention them because I'm not taking any chances, they are:

    virus.win64.zaccess.a
    backdoor.generic15.cgsy

    I've tried getting rid of win64/patched.a and it's not budging so I've given up and I'm admitting defeat, I need a pro to help me out this time please :)

    I'll be going back next-door (to her parents house) in a few hours or less to try and start fixing this, with your help hopefully.

    Many thanks in advance,

    Marcus
  2. Marcus.P

    Marcus.P Newcomer, in training Topic Starter

    Just to add to the previous post, I've read the preliminary reports that need to be posted, I'll do them as soon as I get back to their computer, I'm just hoping to get the ball rolling asap.

    Thanks again.
  3. Marcus.P

    Marcus.P Newcomer, in training Topic Starter

    Ok here is the MBAM Log:

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.11.18.02
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    alex :: ALEX-PC [administrator]
    19/11/2012 14:12:15
    mbam-log-2012-11-19 (14-12-15).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 202589
    Time elapsed: 2 minute(s), 57 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  4. Marcus.P

    Marcus.P Newcomer, in training Topic Starter

    Here is the DDS.txt log:

    DDS (Ver_2012-11-07.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by alex at 14:09:11 on 2012-11-19
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1023 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxcecoms.exe
    c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\bin32\nSvcAppFlt.exe
    C:\Program Files\bin32\nSvcIp.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    C:\Windows\RAVCpl64.exe
    C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    C:\Program Files (x86)\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files (x86)\Lexmark 4300 Series\ezprint.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\real\realplayer\Update\realsched.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.2.0\ScriptHelper.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
    C:\Windows\system32\SearchProtocolHost.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=1006&m=aspire_x3200
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=1006&m=aspire_x3200
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=1006&m=aspire_x3200
    uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
    uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    mWinlogon: Userinit = userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    mRun: [SiteAdvisor] "C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe"
    mRun: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
    mRun: [BkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
    mRun: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
    mRun: [eRecoveryService] <no file>
    mRunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe
    StartupFolder: C:\Users\alex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    uPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    LSP: mswsock.dll
    DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{A5F9A929-8C54-4047-A14A-95F18EB46ECB} : DHCPNameServer = 192.168.2.1
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=1006&m=aspire_x3200
    x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=1006&m=aspire_x3200
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Run: [RtHDVCpl] RAVCpl64.exe
    x64-Run: [Skytel] Skytel.exe
    x64-Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    x64-Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
    x64-Run: [LXCECATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXCEtime.dll,RunDLLEntry
    x64-Run: [lxcemon.exe] "C:\Program Files (x86)\Lexmark 4300 Series\lxcemon.exe"
    x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 4300 Series\ezprint.exe"
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\az5cyxdp.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/|http://www.google.co.uk/
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B002ceec5-8673-447e-876e-b04702aaae13%7D&mid=b8ff275b6f1d40380ff34d4651a122f4-43bf9f81a70d974202483296ebfa16c4d8f43708&ds=AVG&v=12.2.5.32&lang=us&pr=fr&d=2011-12-10%2011%3A13%3A17&sap=ku&q=
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_07.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - ExtSQL: !HIDDEN! 2010-01-30 01:09; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-4 377936]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-29 30568]
    R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-5-26 269448]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-3-3 16384]
    R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-5-26 24576]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2010-4-16 103472]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-4-26 45056]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-4-26 131072]
    R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-11-11 386344]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-9 711112]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-5-27 117328]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
    S2 0027471353325030mcinstcleanup;McAfee Application Installer Cleanup (0027471353325030);C:\Windows\TEMP\002747~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\002747~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-18 167264]
    S3 DxVGrb;DxVGrb;C:\Windows\System32\drivers\DxVGrb.sys [2012-11-11 222464]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-5-29 89920]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2012-11-09 00:18:38 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-10-17 15:53:51 10424320 ----a-w- C:\ProgramData\SPL1708.tmp
    2012-09-29 19:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-15 10:57:25 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-15 10:57:20 246760 ----a-w- C:\Windows\SysWow64\javaws.exe
    2012-09-15 10:57:20 174056 ----a-w- C:\Windows\SysWow64\javaw.exe
    2012-09-15 10:57:20 174056 ----a-w- C:\Windows\SysWow64\java.exe
    2012-09-15 10:57:19 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-15 10:57:19 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 14:09:37.01 ===============
  5. Marcus.P

    Marcus.P Newcomer, in training Topic Starter

    Here is the DDS attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-07.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/10/2006 08:11:28
    System Uptime: 19/11/2012 12:47:25 (2 hours ago)
    .
    Motherboard: Acer | | WMCP78M
    Processor: AMD Phenom(tm) 8550 Triple-Core Processor | Socket AM2 | 2200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 139 GiB total, 61.343 GiB free.
    F: is FIXED (NTFS) - 140 GiB total, 140.008 GiB free.
    H: is CDROM ()
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0021
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #3
    PNP Device ID: ROOT\*ISATAP\0021
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Sansa Media Converter
    Update for Microsoft Office 2007 (KB2508958)
    Acer Arcade Live Main Page
    Acer DV Magician
    Acer DVDivine
    Acer Empowering Technology
    Acer eRecovery Management
    Acer HomeMedia
    Acer HomeMedia Connect
    Acer HomeMedia Trial Creator
    Acer ScreenSaver
    Acer SlideShow DVD
    Acer VideoMagician
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.2
    Alice Greenfingers
    Apple Application Support
    Apple Software Update
    AV Input Selection
    AVG 2011
    AVG Security Toolbar
    CCleaner
    Conexant Polaris Unused CIR Function
    CyberLink PowerDirector
    eSobi v2
    FormatFactory 2.70
    Google Earth
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java 7 Update 7
    Java Auto Updater
    JavaFX 2.1.0
    Lexmark 4300 Series
    Lexmark Fax Solutions
    LightScribe 1.4.142.1
    Malwarebytes Anti-Malware version 1.65.1.1000
    McAfee Security Scan Plus
    McAfee SiteAdvisor
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mozilla Firefox (3.6.27)
    MP3 Player Utilities 4.00
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My Craft Studio
    My Craft Studio Professional 2.1.4.2
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    PP Snooper S3 Updater
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Sansa Updater
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Turbo Pizza
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Video Grabber
    video4fuze 0.6
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.1.4
    WinRAR archiver
    .
    ==== End Of File ===========================
  6. Marcus.P

    Marcus.P Newcomer, in training Topic Starter

    Also after having looked around a bit more I thought it may be useful to you if I posted the results of my Farbar Recovery Scan Tool Log. FRST.txt:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
    Ran by alex at 19-11-2012 14:29:00
    Running from C:\Users\alex\Desktop
    Service Pack 2 (X64) OS Language: English(US)
    Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

    ==================== One Month Created Files and Folders ========
    2012-11-19 14:10 - 2012-11-19 14:10 - 00005191 ____A C:\Users\alex\Desktop\attach.txt
    2012-11-19 14:10 - 2012-11-19 14:09 - 00017462 ____A C:\Users\alex\Desktop\dds.txt
    2012-11-19 14:08 - 2012-11-19 14:08 - 00688901 ____R (Swearware) C:\Users\alex\Downloads\dds.com
    2012-11-19 11:36 - 2012-11-19 11:36 - 00000408 ____A C:\Windows\PFRO.log
    2012-11-18 20:15 - 2012-11-18 20:15 - 00000000 ____D C:\FRST
    2012-11-18 20:14 - 2012-11-18 20:14 - 01461037 ____A (Farbar) C:\Users\alex\Desktop\FRST64.exe
    2012-11-18 20:12 - 2012-11-18 20:12 - 00001794 ____A C:\Users\alex\Desktop\RKreport[2]_S_11182012_02d2012.txt
    2012-11-18 20:11 - 2012-11-18 20:11 - 00001757 ____A C:\Users\alex\Desktop\RKreport[1]_S_11182012_02d2011.txt
    2012-11-18 19:36 - 2012-11-18 19:36 - 00000774 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-11-18 19:36 - 2012-11-18 19:36 - 00000000 ____D C:\Program Files\CCleaner
    2012-11-18 19:13 - 2012-11-18 19:13 - 00000000 ____D C:\_OTL
    2012-11-18 19:00 - 2012-11-18 19:01 - 00602112 ____A (OldTimer Tools) C:\Users\alex\Desktop\OTL.exe
    2012-11-18 18:58 - 2012-11-18 18:58 - 00304016 ____A C:\Users\alex\Desktop\[A] Two viruses - generic29.anpx & win64_patched.a - TechSpot Forums.htm
    2012-11-18 18:58 - 2012-11-18 18:58 - 00000000 ____D C:\Users\alex\Desktop\[A] Two viruses - generic29.anpx & win64_patched.a - TechSpot Forums_files
    2012-11-18 17:25 - 2012-11-18 17:25 - 05002404 ____A (Swearware) C:\Users\alex\Desktop\ComboFix.exe
    2012-11-18 17:24 - 2012-11-18 17:24 - 04732416 ____A (AVAST Software) C:\Users\alex\Desktop\aswMBR.exe
    2012-11-18 17:21 - 2012-11-18 17:21 - 00175795 ____A C:\Users\alex\Desktop\How tor remove Win64_Patched.A from Win7 Home - TechSpot Forums.htm
    2012-11-18 17:20 - 2012-11-18 17:22 - 00000000 ____D C:\Users\alex\Desktop\How tor remove Win64_Patched.A from Win7 Home - TechSpot Forums_files
    2012-11-18 17:17 - 2012-11-18 17:17 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Users\alex\AppData\Roaming\Malwarebytes
    2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-18 17:17 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-11-18 17:05 - 2012-11-18 20:11 - 00000000 ____D C:\Users\alex\Desktop\RK_Quarantine
    2012-11-18 17:04 - 2012-11-18 17:04 - 00724992 ____A C:\Users\alex\Desktop\RogueKiller.exe
    2012-11-18 17:03 - 2012-11-18 20:07 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-11-18 17:02 - 2012-10-31 21:49 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\alex\Desktop\TDSSKiller.exe
    2012-11-18 17:01 - 2012-11-18 17:01 - 02195061 ____A C:\Users\alex\Downloads\tdsskiller.zip
    2012-11-18 16:52 - 2012-11-18 16:54 - 00002121 ____A C:\Users\alex\Downloads\Search.txt
    2012-11-18 01:36 - 2012-11-18 01:36 - 00001782 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-11-18 00:43 - 2012-11-18 00:43 - 93076756 ____A C:\Users\alex\Downloads\PSY - GANGNAM STYLE.mp4
    2012-11-11 18:10 - 2012-11-11 18:12 - 00000000 ____D C:\Users\Public\CyberLink
    2012-11-11 18:10 - 2012-11-11 18:12 - 00000000 ____D C:\Users\alex\Documents\CyberLink
    2012-11-11 17:59 - 2012-11-11 17:59 - 00000000 ____D C:\Program Files\Conexant
    2012-11-11 17:59 - 2012-06-22 08:29 - 00222464 ____A (Dexetek ) C:\Windows\System32\Drivers\DxVGrb.sys
    2012-11-11 17:59 - 2012-06-22 08:29 - 00055808 ____A (Conexant Systems Inc.) C:\Windows\System32\cxtvrate.dll
    2012-11-11 17:59 - 2012-06-22 08:29 - 00040960 ____A (Conexant) C:\Windows\System32\y8cnvt.ax
    2012-11-11 17:59 - 2012-06-22 08:29 - 00032256 ____A (Conexant Systems, Inc) C:\Windows\System32\CxPolaris.ax
    2012-11-11 17:59 - 2012-06-22 08:29 - 00019456 ____A (Conexant Systems, Inc) C:\Windows\System32\cpnotify.ax
    2012-11-11 17:59 - 2012-06-22 08:29 - 00016384 ____A C:\Windows\System32\cxEZCAP.ax
    2012-11-11 17:59 - 2012-06-22 08:29 - 00016382 ____A C:\Windows\System32\Drivers\merlinD.rom
    2012-11-11 17:57 - 2012-11-11 17:58 - 00431034 ____A C:\Users\alex\AppData\Local\dd_vcredistMSI3D22.txt
    2012-11-11 17:57 - 2012-11-11 17:58 - 00012194 ____A C:\Users\alex\AppData\Local\dd_vcredistUI3D22.txt
    2012-11-11 17:57 - 2012-11-11 17:57 - 00001055 ____A C:\Users\Public\Desktop\CyberLink PowerDirector.lnk
    2012-11-11 17:54 - 2012-11-11 17:57 - 00000000 ____D C:\Program Files\CyberLink
    2012-11-11 17:53 - 2012-11-11 17:53 - 00000000 ____D C:\Users\All Users\CLSK
    2012-10-21 16:03 - 2012-10-21 16:03 - 00000000 ____D C:\Users\alex\AppData\Local\Ilivid Player
    2012-10-21 15:58 - 2012-10-21 15:58 - 00823648 ____A (Bandoo Media Inc) C:\Users\alex\Downloads\iLividSetupV1.exe
    ==================== One Month Modified Files and Folders =======
    2012-11-19 14:10 - 2012-11-19 14:10 - 00005191 ____A C:\Users\alex\Desktop\attach.txt
    2012-11-19 14:09 - 2012-11-19 14:10 - 00017462 ____A C:\Users\alex\Desktop\dds.txt
    2012-11-19 14:08 - 2012-11-19 14:08 - 00688901 ____R (Swearware) C:\Users\alex\Downloads\dds.com
    2012-11-19 14:04 - 2010-02-03 11:30 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-11-19 14:04 - 2010-02-03 11:30 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-11-19 14:04 - 2006-11-02 15:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-19 14:04 - 2006-11-02 15:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-19 11:46 - 2006-11-02 12:46 - 00761242 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-19 11:42 - 2010-10-18 13:04 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2012-11-19 11:36 - 2012-11-19 11:36 - 00000408 ____A C:\Windows\PFRO.log
    2012-11-19 11:36 - 2008-05-26 23:05 - 00000147 ____A C:\Windows\SysWOW64\agent.log
    2012-11-19 11:36 - 2006-11-02 15:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-19 11:36 - 2006-10-11 07:25 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
    2012-11-19 01:10 - 2006-11-02 15:42 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-11-18 20:15 - 2012-11-18 20:15 - 00000000 ____D C:\FRST
    2012-11-18 20:14 - 2012-11-18 20:14 - 01461037 ____A (Farbar) C:\Users\alex\Desktop\FRST64.exe
    2012-11-18 20:12 - 2012-11-18 20:12 - 00001794 ____A C:\Users\alex\Desktop\RKreport[2]_S_11182012_02d2012.txt
    2012-11-18 20:11 - 2012-11-18 20:11 - 00001757 ____A C:\Users\alex\Desktop\RKreport[1]_S_11182012_02d2011.txt
    2012-11-18 20:11 - 2012-11-18 17:05 - 00000000 ____D C:\Users\alex\Desktop\RK_Quarantine
    2012-11-18 20:07 - 2012-11-18 17:03 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-11-18 19:51 - 2010-12-20 12:40 - 00000000 ____D C:\Users\alex\AppData\Local\MigWiz
    2012-11-18 19:51 - 2007-07-12 01:49 - 00000000 ____D C:\Windows\Panther
    2012-11-18 19:36 - 2012-11-18 19:36 - 00000774 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-11-18 19:36 - 2012-11-18 19:36 - 00000000 ____D C:\Program Files\CCleaner
    2012-11-18 19:13 - 2012-11-18 19:13 - 00000000 ____D C:\_OTL
    2012-11-18 19:01 - 2012-11-18 19:00 - 00602112 ____A (OldTimer Tools) C:\Users\alex\Desktop\OTL.exe
    2012-11-18 18:58 - 2012-11-18 18:58 - 00304016 ____A C:\Users\alex\Desktop\[A] Two viruses - generic29.anpx & win64_patched.a - TechSpot Forums.htm
    2012-11-18 18:58 - 2012-11-18 18:58 - 00000000 ____D C:\Users\alex\Desktop\[A] Two viruses - generic29.anpx & win64_patched.a - TechSpot Forums_files
    2012-11-18 17:25 - 2012-11-18 17:25 - 05002404 ____A (Swearware) C:\Users\alex\Desktop\ComboFix.exe
    2012-11-18 17:24 - 2012-11-18 17:24 - 04732416 ____A (AVAST Software) C:\Users\alex\Desktop\aswMBR.exe
    2012-11-18 17:22 - 2012-11-18 17:20 - 00000000 ____D C:\Users\alex\Desktop\How tor remove Win64_Patched.A from Win7 Home - TechSpot Forums_files
    2012-11-18 17:21 - 2012-11-18 17:21 - 00175795 ____A C:\Users\alex\Desktop\How tor remove Win64_Patched.A from Win7 Home - TechSpot Forums.htm
    2012-11-18 17:17 - 2012-11-18 17:17 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Users\alex\AppData\Roaming\Malwarebytes
    2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-18 17:16 - 2010-10-18 13:04 - 00000000 ____D C:\Users\All Users\AVG10
    2012-11-18 17:04 - 2012-11-18 17:04 - 00724992 ____A C:\Users\alex\Desktop\RogueKiller.exe
    2012-11-18 17:01 - 2012-11-18 17:01 - 02195061 ____A C:\Users\alex\Downloads\tdsskiller.zip
    2012-11-18 16:54 - 2012-11-18 16:52 - 00002121 ____A C:\Users\alex\Downloads\Search.txt
    2012-11-18 16:54 - 2010-01-31 21:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-11-18 01:36 - 2012-11-18 01:36 - 00001782 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-11-18 00:43 - 2012-11-18 00:43 - 93076756 ____A C:\Users\alex\Downloads\PSY - GANGNAM STYLE.mp4
    2012-11-17 20:12 - 2010-01-26 16:05 - 00000000 ____D C:\Program Files\Lx_cats
    2012-11-14 19:34 - 2011-02-26 12:43 - 00000000 ____D C:\Users\alex\AppData\Roaming\My Craft Studio Professional
    2012-11-14 19:02 - 2009-12-15 05:27 - 00026112 ____A C:\Users\alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-11-14 17:22 - 2009-12-15 04:24 - 00000000 ____D C:\Users\alex\AppData\Roaming\SiteAdvisor
    2012-11-13 17:39 - 2010-09-30 17:04 - 00000000 ____D C:\Users\alex\AppData\Roaming\vlc
    2012-11-11 21:23 - 2008-05-26 22:38 - 00000000 ____D C:\Users\All Users\CyberLink
    2012-11-11 18:12 - 2012-11-11 18:10 - 00000000 ____D C:\Users\Public\CyberLink
    2012-11-11 18:12 - 2012-11-11 18:10 - 00000000 ____D C:\Users\alex\Documents\CyberLink
    2012-11-11 18:08 - 2010-07-19 12:07 - 00000000 ____D C:\Users\alex\AppData\Roaming\CyberLink
    2012-11-11 18:04 - 2009-12-15 04:22 - 00075192 ____A C:\Users\alex\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-11-11 18:03 - 2006-11-02 15:21 - 00306248 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-11-11 17:59 - 2012-11-11 17:59 - 00000000 ____D C:\Program Files\Conexant
    2012-11-11 17:59 - 2009-12-15 04:22 - 00000000 ____D C:\users\alex
    2012-11-11 17:58 - 2012-11-11 17:57 - 00431034 ____A C:\Users\alex\AppData\Local\dd_vcredistMSI3D22.txt
    2012-11-11 17:58 - 2012-11-11 17:57 - 00012194 ____A C:\Users\alex\AppData\Local\dd_vcredistUI3D22.txt
    2012-11-11 17:58 - 2006-11-02 13:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2012-11-11 17:57 - 2012-11-11 17:57 - 00001055 ____A C:\Users\Public\Desktop\CyberLink PowerDirector.lnk
    2012-11-11 17:57 - 2012-11-11 17:54 - 00000000 ____D C:\Program Files\CyberLink
    2012-11-11 17:53 - 2012-11-11 17:53 - 00000000 ____D C:\Users\All Users\CLSK
    2012-11-11 17:53 - 2008-05-26 22:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-11-09 00:18 - 2012-08-29 14:59 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-11-09 00:18 - 2011-12-10 11:13 - 00000000 ____D C:\Users\All Users\AVG Secure Search
    2012-11-09 00:18 - 2011-12-10 11:13 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-10-31 21:49 - 2012-11-18 17:02 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\alex\Desktop\TDSSKiller.exe
    2012-10-30 23:55 - 2010-05-22 09:42 - 00212405 ____A C:\lxce.log
    2012-10-21 16:03 - 2012-10-21 16:03 - 00000000 ____D C:\Users\alex\AppData\Local\Ilivid Player
    2012-10-21 15:58 - 2012-10-21 15:58 - 00823648 ____A (Bandoo Media Inc) C:\Users\alex\Downloads\iLividSetupV1.exe
    2012-10-20 14:06 - 2012-08-01 15:46 - 00000000 ____D C:\Users\alex\Desktop\magaluf

    ZeroAccess:
    C:\Windows\Installer\{22f93c74-47c9-2bd8-9fd8-c7faf1282bc5}
    C:\Windows\Installer\{22f93c74-47c9-2bd8-9fd8-c7faf1282bc5}\U
    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini
    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini
    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe B8844F93D2C5F1DCDB179AAA9AF134B7 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== Restore Points =========================

    ==================== Memory info ===========================
    Percentage of memory in use: 63%
    Total physical RAM: 2813.74 MB
    Available physical RAM: 1014.45 MB
    Total Pagefile: 5848.03 MB
    Available Pagefile: 3780.67 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB
    ==================== Partitions =============================
    1 Drive c: (ACER) (Fixed) (Total:139.41 GB) (Free:61.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive f: (DATA) (Fixed) (Total:140.18 GB) (Free:140.01 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 19 GB 1024 KB
    Partition 2 Primary 139 GB 19 GB
    Partition 3 Primary 140 GB 158 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C ACER NTFS Partition 139 GB Healthy System (partition with boot components)
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 F DATA NTFS Partition 140 GB Healthy
    =========================================================
    Last Boot: 2012-11-19 11:56
    ==================== End Of Log =============================
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    Farbar Recovery Scan Tool x64

    Download Farbar Recovery Scan Tool and save it to a flash drive.


    Please make sure to get the 64-bit version

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  8. Marcus.P

    Marcus.P Newcomer, in training Topic Starter

    Thankyou very much, I'll follow these steps in the morning and post the results to you as soon as I have.
    It's nice to know I've got some proper help now :)
    I would have done it tonight but it's not my pc and it's getting late.

    Thanks again
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Cool. Looking forward to it. ;)
  10. Marcus.P

    Marcus.P Newcomer, in training Topic Starter

    Hi again, sorry for the late reply but everyone and their mothers seem to want or need me for some reason today! So I've been continually held up. I managed to get the scans done a little while ago and have been trying to get a chance to post them to you for the past hour!

    I put the program on a flash drive and made sure I knew the drive letter as instructed but when I went to run frst.exe from the command prompt it wouldn't run the program, so I went to notepad and clicked to show all file types and it showed up as frst64.exe, so I ran that, I'm not sure if that'll be what the file is called for others too but I just thought I'd let you know.

    Here is the FRST.txt log file:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
    Ran by SYSTEM at 20-11-2012 13:40:30
    Running from H:\
    Windows Vista (TM) Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
    HKLM\...\Run: [Skytel] Skytel.exe [x]
    HKLM\...\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [319488 2008-04-25] ()
    HKLM\...\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot [319488 2008-04-25] ()
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [15941152 2008-12-08] (NVIDIA Corporation)
    HKLM\...\Run: [LXCECATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCEtime.dll,RunDLLEntry [28672 2007-02-22] ()
    HKLM\...\Run: [lxcemon.exe] "C:\Program Files (x86)\Lexmark 4300 Series\lxcemon.exe" [205744 2007-05-17] (Lexmark International, Inc.)
    HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark 4300 Series\ezprint.exe" [103344 2007-05-17] (Lexmark International Inc.)
    HKLM-x32\...\Run: [SiteAdvisor] "C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe" [36640 2007-08-24] ()
    HKLM-x32\...\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [204908 2008-01-25] ()
    HKLM-x32\...\Run: [BkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [28672 2008-04-25] ()
    HKLM-x32\...\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe [172032 2008-08-13] (Acer Inc.)
    HKLM-x32\...\Run: [eRecoveryService] [x]
    HKLM-x32\...\Run: [WarReg_PopUp] "C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe" [303104 2008-01-29] (Acer Incorporated)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-01-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [417792 2010-02-15] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-07-31] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [273528 2011-08-17] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
    HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-19] ()
    HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-08-29] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKU\alex\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
    HKU\Default\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
    HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
    HKU\Default User\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
    HKLM-x32\...\RunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe [200704 2008-07-16] (Acer Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Startup: C:\Users\alex\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

    ==================== Services (Whitelisted) ===================

    2 Acer HomeMedia Connect Service; "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [269448 2008-01-25] (CyberLink)
    3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-07] (AVG Technologies CZ, s.r.o.)
    2 BUNAgentSvc; "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" [16384 2008-03-03] (NewTech Infosystems, Inc.)
    2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-04-25] ()
    2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [920064 2008-01-29] ()
    2 lxce_device; C:\Windows\system32\lxcecoms.exe -service [566704 2007-03-08] ( )
    2 lxce_device; C:\Windows\SysWow64\lxcecoms.exe -service [537520 2007-03-08] ( )
    2 McAfee SiteAdvisor Service; C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [103472 2012-10-23] (McAfee, Inc.)
    3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
    2 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [193024 2008-01-29] ()
    2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
    2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe" [262247 2006-07-19] ()
    2 RichVideo64; "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" [386344 2012-06-22] ()
    2 SiteAdvisor Service; C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe [341280 2008-05-26] ()
    2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()

    ==================== Drivers (Whitelisted) =====================

    3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [117328 2011-05-27] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-02-21] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29264 2011-02-09] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [304720 2011-01-06] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
    3 DxVGrb; C:\Windows\System32\Drivers\DxVGrb.sys [222464 2012-06-22] (Dexetek )
    2 int15; C:\Windows\SysWow64\Drivers\int15.sys [15392 2008-04-25] (Acer, Inc.)
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-11-19 06:10 - 2012-11-19 06:10 - 00005191 ____A C:\Users\alex\Desktop\attach.txt
    2012-11-19 06:10 - 2012-11-19 06:09 - 00017462 ____A C:\Users\alex\Desktop\dds.txt
    2012-11-19 06:08 - 2012-11-19 06:08 - 00688901 ____R (Swearware) C:\Users\alex\Downloads\dds.com
    2012-11-19 03:36 - 2012-11-20 04:14 - 00001074 ____A C:\Windows\PFRO.log
    2012-11-18 12:16 - 2012-11-19 06:29 - 00015424 ____A C:\Users\alex\Desktop\FRST.txt
    2012-11-18 12:15 - 2012-11-18 12:15 - 00000000 ____D C:\FRST
    2012-11-18 12:14 - 2012-11-18 12:14 - 01461037 ____A (Farbar) C:\Users\alex\Desktop\FRST64.exe
    2012-11-18 12:12 - 2012-11-18 12:12 - 00001794 ____A C:\Users\alex\Desktop\RKreport[2]_S_11182012_02d2012.txt
    2012-11-18 12:11 - 2012-11-18 12:11 - 00001757 ____A C:\Users\alex\Desktop\RKreport[1]_S_11182012_02d2011.txt
    2012-11-18 11:36 - 2012-11-18 11:36 - 00000774 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-11-18 11:36 - 2012-11-18 11:36 - 00000000 ____D C:\Program Files\CCleaner
    2012-11-18 11:13 - 2012-11-18 11:13 - 00000000 ____D C:\_OTL
    2012-11-18 11:00 - 2012-11-18 11:01 - 00602112 ____A (OldTimer Tools) C:\Users\alex\Desktop\OTL.exe
    2012-11-18 10:58 - 2012-11-18 10:58 - 00304016 ____A C:\Users\alex\Desktop\[A] Two viruses - generic29.anpx & win64_patched.a - TechSpot Forums.htm
    2012-11-18 10:58 - 2012-11-18 10:58 - 00000000 ____D C:\Users\alex\Desktop\[A] Two viruses - generic29.anpx & win64_patched.a - TechSpot Forums_files
    2012-11-18 09:25 - 2012-11-18 09:25 - 05002404 ____A (Swearware) C:\Users\alex\Desktop\ComboFix.exe
    2012-11-18 09:24 - 2012-11-18 09:24 - 04732416 ____A (AVAST Software) C:\Users\alex\Desktop\aswMBR.exe
    2012-11-18 09:21 - 2012-11-18 09:21 - 00175795 ____A C:\Users\alex\Desktop\How tor remove Win64_Patched.A from Win7 Home - TechSpot Forums.htm
    2012-11-18 09:20 - 2012-11-18 09:22 - 00000000 ____D C:\Users\alex\Desktop\How tor remove Win64_Patched.A from Win7 Home - TechSpot Forums_files
    2012-11-18 09:17 - 2012-11-18 09:17 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-18 09:17 - 2012-11-18 09:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-18 09:17 - 2012-11-18 09:17 - 00000000 ____D C:\Users\alex\AppData\Roaming\Malwarebytes
    2012-11-18 09:17 - 2012-11-18 09:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-18 09:17 - 2012-09-29 11:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-11-18 09:05 - 2012-11-18 12:11 - 00000000 ____D C:\Users\alex\Desktop\RK_Quarantine
    2012-11-18 09:04 - 2012-11-18 09:04 - 00724992 ____A C:\Users\alex\Desktop\RogueKiller.exe
    2012-11-18 09:03 - 2012-11-18 12:07 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-11-18 09:02 - 2012-10-31 13:49 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\alex\Desktop\TDSSKiller.exe
    2012-11-18 09:01 - 2012-11-18 09:01 - 02195061 ____A C:\Users\alex\Downloads\tdsskiller.zip
    2012-11-18 08:52 - 2012-11-18 08:54 - 00002121 ____A C:\Users\alex\Downloads\Search.txt
    2012-11-17 17:36 - 2012-11-17 17:36 - 00001782 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-11-17 16:43 - 2012-11-17 16:43 - 93076756 ____A C:\Users\alex\Downloads\PSY - GANGNAM STYLE.mp4
    2012-11-11 10:10 - 2012-11-11 10:12 - 00000000 ____D C:\Users\Public\CyberLink
    2012-11-11 10:10 - 2012-11-11 10:12 - 00000000 ____D C:\Users\alex\Documents\CyberLink
    2012-11-11 09:59 - 2012-11-11 09:59 - 00000000 ____D C:\Program Files\Conexant
    2012-11-11 09:59 - 2012-06-22 00:29 - 00222464 ____A (Dexetek ) C:\Windows\System32\Drivers\DxVGrb.sys
    2012-11-11 09:59 - 2012-06-22 00:29 - 00055808 ____A (Conexant Systems Inc.) C:\Windows\System32\cxtvrate.dll
    2012-11-11 09:59 - 2012-06-22 00:29 - 00040960 ____A (Conexant) C:\Windows\System32\y8cnvt.ax
    2012-11-11 09:59 - 2012-06-22 00:29 - 00032256 ____A (Conexant Systems, Inc) C:\Windows\System32\CxPolaris.ax
    2012-11-11 09:59 - 2012-06-22 00:29 - 00019456 ____A (Conexant Systems, Inc) C:\Windows\System32\cpnotify.ax
    2012-11-11 09:59 - 2012-06-22 00:29 - 00016384 ____A C:\Windows\System32\cxEZCAP.ax
    2012-11-11 09:59 - 2012-06-22 00:29 - 00016382 ____A C:\Windows\System32\Drivers\merlinD.rom
    2012-11-11 09:57 - 2012-11-11 09:58 - 00431034 ____A C:\Users\alex\AppData\Local\dd_vcredistMSI3D22.txt
    2012-11-11 09:57 - 2012-11-11 09:58 - 00012194 ____A C:\Users\alex\AppData\Local\dd_vcredistUI3D22.txt
    2012-11-11 09:57 - 2012-11-11 09:57 - 00001055 ____A C:\Users\Public\Desktop\CyberLink PowerDirector.lnk
    2012-11-11 09:54 - 2012-11-11 09:57 - 00000000 ____D C:\Program Files\CyberLink
    2012-11-11 09:53 - 2012-11-11 09:53 - 00000000 ____D C:\Users\All Users\CLSK
    2012-10-21 08:03 - 2012-10-21 08:03 - 00000000 ____D C:\Users\alex\AppData\Local\Ilivid Player
    2012-10-21 07:58 - 2012-10-21 07:58 - 00823648 ____A (Bandoo Media Inc) C:\Users\alex\Downloads\iLividSetupV1.exe

    ==================== One Month Modified Files and Folders =======

    2012-11-20 05:32 - 2006-11-02 07:42 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-11-20 05:32 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-20 05:32 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-20 05:32 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-20 04:48 - 2010-02-03 03:30 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-11-20 04:20 - 2010-10-18 05:04 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2012-11-20 04:19 - 2006-11-02 04:46 - 00761242 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-20 04:14 - 2012-11-19 03:36 - 00001074 ____A C:\Windows\PFRO.log
    2012-11-20 04:14 - 2010-02-03 03:30 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-11-20 04:14 - 2008-05-26 15:05 - 00000147 ____A C:\Windows\SysWOW64\agent.log
    2012-11-20 04:14 - 2006-10-10 23:25 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
    2012-11-19 06:29 - 2012-11-18 12:16 - 00015424 ____A C:\Users\alex\Desktop\FRST.txt
    2012-11-19 06:10 - 2012-11-19 06:10 - 00005191 ____A C:\Users\alex\Desktop\attach.txt
    2012-11-19 06:09 - 2012-11-19 06:10 - 00017462 ____A C:\Users\alex\Desktop\dds.txt
    2012-11-19 06:08 - 2012-11-19 06:08 - 00688901 ____R (Swearware) C:\Users\alex\Downloads\dds.com
    2012-11-18 12:15 - 2012-11-18 12:15 - 00000000 ____D C:\FRST
    2012-11-18 12:14 - 2012-11-18 12:14 - 01461037 ____A (Farbar) C:\Users\alex\Desktop\FRST64.exe
    2012-11-18 12:12 - 2012-11-18 12:12 - 00001794 ____A C:\Users\alex\Desktop\RKreport[2]_S_11182012_02d2012.txt
    2012-11-18 12:11 - 2012-11-18 12:11 - 00001757 ____A C:\Users\alex\Desktop\RKreport[1]_S_11182012_02d2011.txt
    2012-11-18 12:11 - 2012-11-18 09:05 - 00000000 ____D C:\Users\alex\Desktop\RK_Quarantine
    2012-11-18 12:07 - 2012-11-18 09:03 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-11-18 11:51 - 2010-12-20 04:40 - 00000000 ____D C:\Users\alex\AppData\Local\MigWiz
    2012-11-18 11:51 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
    2012-11-18 11:36 - 2012-11-18 11:36 - 00000774 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-11-18 11:36 - 2012-11-18 11:36 - 00000000 ____D C:\Program Files\CCleaner
    2012-11-18 11:13 - 2012-11-18 11:13 - 00000000 ____D C:\_OTL
    2012-11-18 11:01 - 2012-11-18 11:00 - 00602112 ____A (OldTimer Tools) C:\Users\alex\Desktop\OTL.exe
    2012-11-18 10:58 - 2012-11-18 10:58 - 00304016 ____A C:\Users\alex\Desktop\[A] Two viruses - generic29.anpx & win64_patched.a - TechSpot Forums.htm
    2012-11-18 10:58 - 2012-11-18 10:58 - 00000000 ____D C:\Users\alex\Desktop\[A] Two viruses - generic29.anpx & win64_patched.a - TechSpot Forums_files
    2012-11-18 09:25 - 2012-11-18 09:25 - 05002404 ____A (Swearware) C:\Users\alex\Desktop\ComboFix.exe
    2012-11-18 09:24 - 2012-11-18 09:24 - 04732416 ____A (AVAST Software) C:\Users\alex\Desktop\aswMBR.exe
    2012-11-18 09:22 - 2012-11-18 09:20 - 00000000 ____D C:\Users\alex\Desktop\How tor remove Win64_Patched.A from Win7 Home - TechSpot Forums_files
    2012-11-18 09:21 - 2012-11-18 09:21 - 00175795 ____A C:\Users\alex\Desktop\How tor remove Win64_Patched.A from Win7 Home - TechSpot Forums.htm
    2012-11-18 09:17 - 2012-11-18 09:17 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-18 09:17 - 2012-11-18 09:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-18 09:17 - 2012-11-18 09:17 - 00000000 ____D C:\Users\alex\AppData\Roaming\Malwarebytes
    2012-11-18 09:17 - 2012-11-18 09:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-18 09:16 - 2010-10-18 05:04 - 00000000 ____D C:\Users\All Users\AVG10
    2012-11-18 09:04 - 2012-11-18 09:04 - 00724992 ____A C:\Users\alex\Desktop\RogueKiller.exe
    2012-11-18 09:01 - 2012-11-18 09:01 - 02195061 ____A C:\Users\alex\Downloads\tdsskiller.zip
    2012-11-18 08:54 - 2012-11-18 08:52 - 00002121 ____A C:\Users\alex\Downloads\Search.txt
    2012-11-18 08:54 - 2010-01-31 13:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-11-17 17:36 - 2012-11-17 17:36 - 00001782 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-11-17 16:43 - 2012-11-17 16:43 - 93076756 ____A C:\Users\alex\Downloads\PSY - GANGNAM STYLE.mp4
    2012-11-17 12:12 - 2010-01-26 08:05 - 00000000 ____D C:\Program Files\Lx_cats
    2012-11-14 11:34 - 2011-02-26 04:43 - 00000000 ____D C:\Users\alex\AppData\Roaming\My Craft Studio Professional
    2012-11-14 11:02 - 2009-12-14 21:27 - 00026112 ____A C:\Users\alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-11-14 09:22 - 2009-12-14 20:24 - 00000000 ____D C:\Users\alex\AppData\Roaming\SiteAdvisor
    2012-11-13 09:39 - 2010-09-30 09:04 - 00000000 ____D C:\Users\alex\AppData\Roaming\vlc
    2012-11-11 13:23 - 2008-05-26 14:38 - 00000000 ____D C:\Users\All Users\CyberLink
    2012-11-11 10:12 - 2012-11-11 10:10 - 00000000 ____D C:\Users\Public\CyberLink
    2012-11-11 10:12 - 2012-11-11 10:10 - 00000000 ____D C:\Users\alex\Documents\CyberLink
    2012-11-11 10:08 - 2010-07-19 04:07 - 00000000 ____D C:\Users\alex\AppData\Roaming\CyberLink
    2012-11-11 10:04 - 2009-12-14 20:22 - 00075192 ____A C:\Users\alex\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-11-11 10:03 - 2006-11-02 07:21 - 00306248 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-11-11 09:59 - 2012-11-11 09:59 - 00000000 ____D C:\Program Files\Conexant
    2012-11-11 09:59 - 2009-12-14 20:22 - 00000000 ____D C:\users\alex
    2012-11-11 09:58 - 2012-11-11 09:57 - 00431034 ____A C:\Users\alex\AppData\Local\dd_vcredistMSI3D22.txt
    2012-11-11 09:58 - 2012-11-11 09:57 - 00012194 ____A C:\Users\alex\AppData\Local\dd_vcredistUI3D22.txt
    2012-11-11 09:58 - 2006-11-02 05:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2012-11-11 09:57 - 2012-11-11 09:57 - 00001055 ____A C:\Users\Public\Desktop\CyberLink PowerDirector.lnk
    2012-11-11 09:57 - 2012-11-11 09:54 - 00000000 ____D C:\Program Files\CyberLink
    2012-11-11 09:53 - 2012-11-11 09:53 - 00000000 ____D C:\Users\All Users\CLSK
    2012-11-11 09:53 - 2008-05-26 14:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-11-08 16:18 - 2012-08-29 06:59 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-11-08 16:18 - 2011-12-10 03:13 - 00000000 ____D C:\Users\All Users\AVG Secure Search
    2012-11-08 16:18 - 2011-12-10 03:13 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-10-31 13:49 - 2012-11-18 09:02 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\alex\Desktop\TDSSKiller.exe
    2012-10-30 15:55 - 2010-05-22 01:42 - 00212405 ____A C:\lxce.log
    2012-10-21 08:03 - 2012-10-21 08:03 - 00000000 ____D C:\Users\alex\AppData\Local\Ilivid Player
    2012-10-21 07:58 - 2012-10-21 07:58 - 00823648 ____A (Bandoo Media Inc) C:\Users\alex\Downloads\iLividSetupV1.exe


    ZeroAccess:
    C:\Windows\Installer\{22f93c74-47c9-2bd8-9fd8-c7faf1282bc5}
    C:\Windows\Installer\{22f93c74-47c9-2bd8-9fd8-c7faf1282bc5}\U

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe B8844F93D2C5F1DCDB179AAA9AF134B7 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-11-14 10:40:36
    Restore point made on: 2012-11-15 13:32:11
    Restore point made on: 2012-11-16 15:01:02
    Restore point made on: 2012-11-17 13:07:26
    Restore point made on: 2012-11-18 07:57:07
    Restore point made on: 2012-11-19 08:27:19
    Restore point made on: 2012-11-20 04:51:42

    ==================== Memory info ===========================

    Percentage of memory in use: 14%
    Total physical RAM: 2813.94 MB
    Available physical RAM: 2417.32 MB
    Total Pagefile: 2720.87 MB
    Available Pagefile: 2483.35 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: (ACER) (Fixed) (Total:139.41 GB) (Free:63.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (DATA) (Fixed) (Total:140.18 GB) (Free:140.01 GB) NTFS
    6 Drive h: () (Removable) (Total:3.77 GB) (Free:0.82 GB) FAT32
    7 Drive x: (PQSERVICE) (Fixed) (Total:18.5 GB) (Free:8.1 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 2526 KB
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 Online 3872 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 19 GB 1024 KB
    Partition 2 Primary 139 GB 19 GB
    Partition 3 Primary 140 GB 158 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 X PQSERVICE NTFS Partition 19 GB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 C ACER NTFS Partition 139 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 D DATA NTFS Partition 140 GB Healthy

    =========================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3870 MB 50 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 H FAT32 Removable 3870 MB Healthy

    =========================================================

    Last Boot: 2012-11-20 04:22

    ==================== End Of Log =============================
  11. Marcus.P

    Marcus.P Newcomer, in training Topic Starter

    And here is the Search.txt log file:

    Farbar Recovery Scan Tool (x64) Version: 18-11-2012
    Ran by SYSTEM at 2012-11-20 13:41:08
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2012-05-29 09:29] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2012-05-29 09:26] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
    [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

    C:\Windows\SysWOW64\services.exe
    [2012-05-29 09:29] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\System32\services.exe
    [2012-05-29 09:26] - [2009-04-10 23:10] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

    C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2010-01-29 08:58] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2010-01-29 08:58] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

    ====== End Of Search ======
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.

    Attached Files:

  13. Marcus.P

    Marcus.P Newcomer, in training Topic Starter

    Hi, thanks for the reply, I just ran the fix and this is the Fixlog.txt file:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2012
    Ran by SYSTEM at 2012-11-21 18:33:44 Run:1
    Running from H:\

    ==============================================

    C:\Windows\Installer\{22f93c74-47c9-2bd8-9fd8-c7faf1282bc5} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\SysWOW64\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====

    I'm not sure if it's supposed to be doing this but I've restarted the computer and its just got a black screen with a cursor at the moment. The HDD light has stopped flashing also... (This happened after it came up with the loading into windows progress bar thing)
     
  14. Marcus.P

    Marcus.P Newcomer, in training Topic Starter

    Just to let you know, the screen is still black and nothing is happening I tried getting task manager up but that hasn't worked, all I can see is a cursor on a black background.
    This happened after the loading bar came up that would usually lead into windows and the desktop appearing.
    There are no other user accounts so it would usually boot straight to desktop.

    So just to clarify it's not starting windows, it is instead going to a black screen with only the white cursor showing up.
    Just so you know, I followed your steps to the letter, so there was no room for error on my part.

    Hope this can be fixed, it's not my pc. :S

    Thankyou
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Sorry for delay. I just came back from my short vacation. :)

    I would like to see a new log from FRST please. :)
  16. Marcus.P

    Marcus.P Newcomer, in training Topic Starter

    Hi there, just to let you know I had to fix the problem myself, as this wasn't my computer the owner wanted it fixed before next week because they needed to use it, I do apologise for having to sort the rest myself. What I did was I put in a windows vista disk and used it to repair the computer.

    I'm guessing it just replaced the files that were missing which were needed for windows to load. Since doing so, the computer now loads normally and there seems to be no further problems.
    I've done an avg scan, which showed nothing. I also did a Farbar scan and I used the OTL program and got a log from that, lastly I used MBAM. Nothing showed up in any of the scans and im assuming that the virus was removed.

    So I thankyou very much for all your time and help in removing the virus.
    Once again, I'm sorry I had to finish the fix myself but needs must.

    I'll send the logs that were produced from the scans I ran and if you wish you can let me know if im right in thinking things are ok now.

    Many Thanks

    Marcus
  17. Marcus.P

    Marcus.P Newcomer, in training Topic Starter

    Here is the FRST.txt log:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
    Ran by alex at 23-11-2012 16:55:33
    Running from C:\Users\alex\Desktop
    Service Pack 2 (X64) OS Language: English(US)
    Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

    ==================== One Month Created Files and Folders ========
    2012-11-19 14:10 - 2012-11-19 14:10 - 00005191 ____A C:\Users\alex\Desktop\attach.txt
    2012-11-19 14:10 - 2012-11-19 14:09 - 00017462 ____A C:\Users\alex\Desktop\dds.txt
    2012-11-19 14:08 - 2012-11-19 14:08 - 00688901 ____R (Swearware) C:\Users\alex\Downloads\dds.com
    2012-11-19 11:36 - 2012-11-21 10:50 - 00001406 ____A C:\Windows\PFRO.log
    2012-11-18 20:15 - 2012-11-18 20:15 - 00000000 ____D C:\FRST
    2012-11-18 20:14 - 2012-11-18 20:14 - 01461037 ____A (Farbar) C:\Users\alex\Desktop\FRST64.exe
    2012-11-18 20:12 - 2012-11-18 20:12 - 00001794 ____A C:\Users\alex\Desktop\RKreport[2]_S_11182012_02d2012.txt
    2012-11-18 20:11 - 2012-11-18 20:11 - 00001757 ____A C:\Users\alex\Desktop\RKreport[1]_S_11182012_02d2011.txt
    2012-11-18 19:36 - 2012-11-18 19:36 - 00000774 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-11-18 19:36 - 2012-11-18 19:36 - 00000000 ____D C:\Program Files\CCleaner
    2012-11-18 19:13 - 2012-11-18 19:13 - 00000000 ____D C:\_OTL
    2012-11-18 19:00 - 2012-11-18 19:01 - 00602112 ____A (OldTimer Tools) C:\Users\alex\Desktop\OTL.exe
    2012-11-18 17:25 - 2012-11-18 17:25 - 05002404 ____A (Swearware) C:\Users\alex\Desktop\ComboFix.exe
    2012-11-18 17:24 - 2012-11-18 17:24 - 04732416 ____A (AVAST Software) C:\Users\alex\Desktop\aswMBR.exe
    2012-11-18 17:17 - 2012-11-18 17:17 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Users\alex\AppData\Roaming\Malwarebytes
    2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-18 17:17 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-11-18 17:05 - 2012-11-18 20:11 - 00000000 ____D C:\Users\alex\Desktop\RK_Quarantine
    2012-11-18 17:04 - 2012-11-18 17:04 - 00724992 ____A C:\Users\alex\Desktop\RogueKiller.exe
    2012-11-18 17:03 - 2012-11-18 20:07 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-11-18 17:02 - 2012-10-31 21:49 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\alex\Desktop\TDSSKiller.exe
    2012-11-18 17:01 - 2012-11-18 17:01 - 02195061 ____A C:\Users\alex\Downloads\tdsskiller.zip
    2012-11-18 16:52 - 2012-11-18 16:54 - 00002121 ____A C:\Users\alex\Downloads\Search.txt
    2012-11-18 01:36 - 2012-11-18 01:36 - 00001782 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-11-18 00:43 - 2012-11-18 00:43 - 93076756 ____A C:\Users\alex\Downloads\PSY - GANGNAM STYLE.mp4
    2012-11-11 18:10 - 2012-11-11 18:12 - 00000000 ____D C:\Users\Public\CyberLink
    2012-11-11 18:10 - 2012-11-11 18:12 - 00000000 ____D C:\Users\alex\Documents\CyberLink
    2012-11-11 17:59 - 2012-11-11 17:59 - 00000000 ____D C:\Program Files\Conexant
    2012-11-11 17:59 - 2012-06-22 08:29 - 00222464 ____A (Dexetek ) C:\Windows\System32\Drivers\DxVGrb.sys
    2012-11-11 17:59 - 2012-06-22 08:29 - 00055808 ____A (Conexant Systems Inc.) C:\Windows\System32\cxtvrate.dll
    2012-11-11 17:59 - 2012-06-22 08:29 - 00040960 ____A (Conexant) C:\Windows\System32\y8cnvt.ax
    2012-11-11 17:59 - 2012-06-22 08:29 - 00032256 ____A (Conexant Systems, Inc) C:\Windows\System32\CxPolaris.ax
    2012-11-11 17:59 - 2012-06-22 08:29 - 00019456 ____A (Conexant Systems, Inc) C:\Windows\System32\cpnotify.ax
    2012-11-11 17:59 - 2012-06-22 08:29 - 00016384 ____A C:\Windows\System32\cxEZCAP.ax
    2012-11-11 17:59 - 2012-06-22 08:29 - 00016382 ____A C:\Windows\System32\Drivers\merlinD.rom
    2012-11-11 17:57 - 2012-11-11 17:58 - 00431034 ____A C:\Users\alex\AppData\Local\dd_vcredistMSI3D22.txt
    2012-11-11 17:57 - 2012-11-11 17:58 - 00012194 ____A C:\Users\alex\AppData\Local\dd_vcredistUI3D22.txt
    2012-11-11 17:57 - 2012-11-11 17:57 - 00001055 ____A C:\Users\Public\Desktop\CyberLink PowerDirector.lnk
    2012-11-11 17:54 - 2012-11-11 17:57 - 00000000 ____D C:\Program Files\CyberLink
    2012-11-11 17:53 - 2012-11-11 17:53 - 00000000 ____D C:\Users\All Users\CLSK
    ==================== One Month Modified Files and Folders =======
    2099-12-31 16:25 - 2006-11-02 15:42 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2099-12-31 16:23 - 2010-01-26 16:05 - 00000000 ____D C:\Program Files\Lx_cats
    2012-11-23 16:48 - 2010-02-03 11:30 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-11-23 16:42 - 2010-02-03 11:30 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-11-23 16:35 - 2006-11-02 12:46 - 00761242 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-23 16:31 - 2010-10-18 13:04 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2012-11-23 16:28 - 2008-05-26 23:05 - 00000147 ____A C:\Windows\SysWOW64\agent.log
    2012-11-23 16:28 - 2006-11-02 15:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-23 16:28 - 2006-11-02 15:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-23 16:28 - 2006-11-02 15:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-23 16:28 - 2006-10-11 07:25 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
    2012-11-21 10:50 - 2012-11-19 11:36 - 00001406 ____A C:\Windows\PFRO.log
    2012-11-19 14:10 - 2012-11-19 14:10 - 00005191 ____A C:\Users\alex\Desktop\attach.txt
    2012-11-19 14:09 - 2012-11-19 14:10 - 00017462 ____A C:\Users\alex\Desktop\dds.txt
    2012-11-19 14:08 - 2012-11-19 14:08 - 00688901 ____R (Swearware) C:\Users\alex\Downloads\dds.com
    2012-11-18 20:15 - 2012-11-18 20:15 - 00000000 ____D C:\FRST
    2012-11-18 20:14 - 2012-11-18 20:14 - 01461037 ____A (Farbar) C:\Users\alex\Desktop\FRST64.exe
    2012-11-18 20:12 - 2012-11-18 20:12 - 00001794 ____A C:\Users\alex\Desktop\RKreport[2]_S_11182012_02d2012.txt
    2012-11-18 20:11 - 2012-11-18 20:11 - 00001757 ____A C:\Users\alex\Desktop\RKreport[1]_S_11182012_02d2011.txt
    2012-11-18 20:11 - 2012-11-18 17:05 - 00000000 ____D C:\Users\alex\Desktop\RK_Quarantine
    2012-11-18 20:07 - 2012-11-18 17:03 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-11-18 19:51 - 2010-12-20 12:40 - 00000000 ____D C:\Users\alex\AppData\Local\MigWiz
    2012-11-18 19:51 - 2007-07-12 01:49 - 00000000 ____D C:\Windows\Panther
    2012-11-18 19:36 - 2012-11-18 19:36 - 00000774 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-11-18 19:36 - 2012-11-18 19:36 - 00000000 ____D C:\Program Files\CCleaner
    2012-11-18 19:13 - 2012-11-18 19:13 - 00000000 ____D C:\_OTL
    2012-11-18 19:01 - 2012-11-18 19:00 - 00602112 ____A (OldTimer Tools) C:\Users\alex\Desktop\OTL.exe
    2012-11-18 17:25 - 2012-11-18 17:25 - 05002404 ____A (Swearware) C:\Users\alex\Desktop\ComboFix.exe
    2012-11-18 17:24 - 2012-11-18 17:24 - 04732416 ____A (AVAST Software) C:\Users\alex\Desktop\aswMBR.exe
    2012-11-18 17:17 - 2012-11-18 17:17 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Users\alex\AppData\Roaming\Malwarebytes
    2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-18 17:16 - 2010-10-18 13:04 - 00000000 ____D C:\Users\All Users\AVG10
    2012-11-18 17:04 - 2012-11-18 17:04 - 00724992 ____A C:\Users\alex\Desktop\RogueKiller.exe
    2012-11-18 17:01 - 2012-11-18 17:01 - 02195061 ____A C:\Users\alex\Downloads\tdsskiller.zip
    2012-11-18 16:54 - 2012-11-18 16:52 - 00002121 ____A C:\Users\alex\Downloads\Search.txt
    2012-11-18 16:54 - 2010-01-31 21:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-11-18 01:36 - 2012-11-18 01:36 - 00001782 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-11-18 00:43 - 2012-11-18 00:43 - 93076756 ____A C:\Users\alex\Downloads\PSY - GANGNAM STYLE.mp4
    2012-11-14 19:34 - 2011-02-26 12:43 - 00000000 ____D C:\Users\alex\AppData\Roaming\My Craft Studio Professional
    2012-11-14 19:02 - 2009-12-15 05:27 - 00026112 ____A C:\Users\alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-11-14 17:22 - 2009-12-15 04:24 - 00000000 ____D C:\Users\alex\AppData\Roaming\SiteAdvisor
    2012-11-13 17:39 - 2010-09-30 17:04 - 00000000 ____D C:\Users\alex\AppData\Roaming\vlc
    2012-11-11 21:23 - 2008-05-26 22:38 - 00000000 ____D C:\Users\All Users\CyberLink
    2012-11-11 18:12 - 2012-11-11 18:10 - 00000000 ____D C:\Users\Public\CyberLink
    2012-11-11 18:12 - 2012-11-11 18:10 - 00000000 ____D C:\Users\alex\Documents\CyberLink
    2012-11-11 18:08 - 2010-07-19 12:07 - 00000000 ____D C:\Users\alex\AppData\Roaming\CyberLink
    2012-11-11 18:04 - 2009-12-15 04:22 - 00075192 ____A C:\Users\alex\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-11-11 18:03 - 2006-11-02 15:21 - 00306248 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-11-11 17:59 - 2012-11-11 17:59 - 00000000 ____D C:\Program Files\Conexant
    2012-11-11 17:59 - 2009-12-15 04:22 - 00000000 ____D C:\users\alex
    2012-11-11 17:58 - 2012-11-11 17:57 - 00431034 ____A C:\Users\alex\AppData\Local\dd_vcredistMSI3D22.txt
    2012-11-11 17:58 - 2012-11-11 17:57 - 00012194 ____A C:\Users\alex\AppData\Local\dd_vcredistUI3D22.txt
    2012-11-11 17:58 - 2006-11-02 13:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2012-11-11 17:57 - 2012-11-11 17:57 - 00001055 ____A C:\Users\Public\Desktop\CyberLink PowerDirector.lnk
    2012-11-11 17:57 - 2012-11-11 17:54 - 00000000 ____D C:\Program Files\CyberLink
    2012-11-11 17:53 - 2012-11-11 17:53 - 00000000 ____D C:\Users\All Users\CLSK
    2012-11-11 17:53 - 2008-05-26 22:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-11-09 00:18 - 2012-08-29 14:59 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-11-09 00:18 - 2011-12-10 11:13 - 00000000 ____D C:\Users\All Users\AVG Secure Search
    2012-11-09 00:18 - 2011-12-10 11:13 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-10-31 21:49 - 2012-11-18 17:02 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\alex\Desktop\TDSSKiller.exe
    2012-10-30 23:55 - 2010-05-22 09:42 - 00212405 ____A C:\lxce.log

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== Restore Points =========================

    ==================== Memory info ===========================
    Percentage of memory in use: 61%
    Total physical RAM: 2813.74 MB
    Available physical RAM: 1076.39 MB
    Total Pagefile: 5854.03 MB
    Available Pagefile: 4066.39 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB
    ==================== Partitions =============================
    1 Drive c: (ACER) (Fixed) (Total:139.41 GB) (Free:62.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive f: (DATA) (Fixed) (Total:140.18 GB) (Free:140.01 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 19 GB 1024 KB
    Partition 2 Primary 139 GB 19 GB
    Partition 3 Primary 140 GB 158 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C ACER NTFS Partition 139 GB Healthy System (partition with boot components)
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 F DATA NTFS Partition 140 GB Healthy
    =========================================================
    Last Boot: 2012-11-23 16:34
    ==================== End Of Log =============================
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay. Topic closed. :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.