Resolved Win64/patched.a and generic29.anpx virus removal need help please

Status
Not open for further replies.
Marcus.P

Marcus.P

Posts: 13   +0
Hi there,
It's finally come that I myself need to ask an expert for help. I'm used to being the one fixing the problems but this one is being really stubborn!

Yesterday I was asked to have a look at my fiancé's parent's desktop computer because they got a virus on it. I've done scans with various programs and it's found these:

Win64/patched.a
Generic29.anpx

and two others but I think they are the same worded differently, still I'll mention them because I'm not taking any chances, they are:

virus.win64.zaccess.a
backdoor.generic15.cgsy

I've tried getting rid of win64/patched.a and it's not budging so I've given up and I'm admitting defeat, I need a pro to help me out this time please :)

I'll be going back next-door (to her parents house) in a few hours or less to try and start fixing this, with your help hopefully.

Many thanks in advance,

Marcus
 
Just to add to the previous post, I've read the preliminary reports that need to be posted, I'll do them as soon as I get back to their computer, I'm just hoping to get the ball rolling asap.

Thanks again.
 
Ok here is the MBAM Log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.18.02
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
alex :: ALEX-PC [administrator]
19/11/2012 14:12:15
mbam-log-2012-11-19 (14-12-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202589
Time elapsed: 2 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
Here is the DDS.txt log:

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by alex at 14:09:11 on 2012-11-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1023 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxcecoms.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files (x86)\Lexmark 4300 Series\lxcemon.exe
C:\Program Files (x86)\Lexmark 4300 Series\ezprint.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\13.2.0\ScriptHelper.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=1006&m=aspire_x3200
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=1006&m=aspire_x3200
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=1006&m=aspire_x3200
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [SiteAdvisor] "C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe"
mRun: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
mRun: [BkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
mRun: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
mRun: [eRecoveryService] <no file>
mRunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe
StartupFolder: C:\Users\alex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %SYSTEMROOT%\system32\nvLsp.dll
LSP: mswsock.dll
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{A5F9A929-8C54-4047-A14A-95F18EB46ECB} : DHCPNameServer = 192.168.2.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=1006&m=aspire_x3200
x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp64&d=1006&m=aspire_x3200
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Skytel] Skytel.exe
x64-Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
x64-Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [LXCECATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXCEtime.dll,RunDLLEntry
x64-Run: [lxcemon.exe] "C:\Program Files (x86)\Lexmark 4300 Series\lxcemon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 4300 Series\ezprint.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\az5cyxdp.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/|http://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B002ceec5-8673-447e-876e-b04702aaae13%7D&mid=b8ff275b6f1d40380ff34d4651a122f4-43bf9f81a70d974202483296ebfa16c4d8f43708&ds=AVG&v=12.2.5.32&lang=us&pr=fr&d=2011-12-10%2011%3A13%3A17&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\npjpi170_07.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - ExtSQL: !HIDDEN! 2010-01-30 01:09; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-4 377936]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-29 30568]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-5-26 269448]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-5-26 24576]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2010-4-16 103472]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-4-26 131072]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-11-11 386344]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-9 711112]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-5-27 117328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
S2 0027471353325030mcinstcleanup;McAfee Application Installer Cleanup (0027471353325030);C:\Windows\TEMP\002747~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\002747~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-18 167264]
S3 DxVGrb;DxVGrb;C:\Windows\System32\drivers\DxVGrb.sys [2012-11-11 222464]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-5-29 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-11-09 00:18:38 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-10-17 15:53:51 10424320 ----a-w- C:\ProgramData\SPL1708.tmp
2012-09-29 19:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-15 10:57:25 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-15 10:57:20 246760 ----a-w- C:\Windows\SysWow64\javaws.exe
2012-09-15 10:57:20 174056 ----a-w- C:\Windows\SysWow64\javaw.exe
2012-09-15 10:57:20 174056 ----a-w- C:\Windows\SysWow64\java.exe
2012-09-15 10:57:19 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-15 10:57:19 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 14:09:37.01 ===============
 
Here is the DDS attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/10/2006 08:11:28
System Uptime: 19/11/2012 12:47:25 (2 hours ago)
.
Motherboard: Acer | | WMCP78M
Processor: AMD Phenom(tm) 8550 Triple-Core Processor | Socket AM2 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 61.343 GiB free.
F: is FIXED (NTFS) - 140 GiB total, 140.008 GiB free.
H: is CDROM ()
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0021
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0021
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Sansa Media Converter
Update for Microsoft Office 2007 (KB2508958)
Acer Arcade Live Main Page
Acer DV Magician
Acer DVDivine
Acer Empowering Technology
Acer eRecovery Management
Acer HomeMedia
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer ScreenSaver
Acer SlideShow DVD
Acer VideoMagician
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Alice Greenfingers
Apple Application Support
Apple Software Update
AV Input Selection
AVG 2011
AVG Security Toolbar
CCleaner
Conexant Polaris Unused CIR Function
CyberLink PowerDirector
eSobi v2
FormatFactory 2.70
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.0
Lexmark 4300 Series
Lexmark Fax Solutions
LightScribe 1.4.142.1
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee Security Scan Plus
McAfee SiteAdvisor
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox (3.6.27)
MP3 Player Utilities 4.00
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Craft Studio
My Craft Studio Professional 2.1.4.2
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
PP Snooper S3 Updater
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Sansa Updater
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Turbo Pizza
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Video Grabber
video4fuze 0.6
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.4
WinRAR archiver
.
==== End Of File ===========================
 
Also after having looked around a bit more I thought it may be useful to you if I posted the results of my Farbar Recovery Scan Tool Log. FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
Ran by alex at 19-11-2012 14:29:00
Running from C:\Users\alex\Desktop
Service Pack 2 (X64) OS Language: English(US)
Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==================== One Month Created Files and Folders ========
2012-11-19 14:10 - 2012-11-19 14:10 - 00005191 ____A C:\Users\alex\Desktop\attach.txt
2012-11-19 14:10 - 2012-11-19 14:09 - 00017462 ____A C:\Users\alex\Desktop\dds.txt
2012-11-19 14:08 - 2012-11-19 14:08 - 00688901 ____R (Swearware) C:\Users\alex\Downloads\dds.com
2012-11-19 11:36 - 2012-11-19 11:36 - 00000408 ____A C:\Windows\PFRO.log
2012-11-18 20:15 - 2012-11-18 20:15 - 00000000 ____D C:\FRST
2012-11-18 20:14 - 2012-11-18 20:14 - 01461037 ____A (Farbar) C:\Users\alex\Desktop\FRST64.exe
2012-11-18 20:12 - 2012-11-18 20:12 - 00001794 ____A C:\Users\alex\Desktop\RKreport[2]_S_11182012_02d2012.txt
2012-11-18 20:11 - 2012-11-18 20:11 - 00001757 ____A C:\Users\alex\Desktop\RKreport[1]_S_11182012_02d2011.txt
2012-11-18 19:36 - 2012-11-18 19:36 - 00000774 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-18 19:36 - 2012-11-18 19:36 - 00000000 ____D C:\Program Files\CCleaner
2012-11-18 19:13 - 2012-11-18 19:13 - 00000000 ____D C:\_OTL
2012-11-18 19:00 - 2012-11-18 19:01 - 00602112 ____A (OldTimer Tools) C:\Users\alex\Desktop\OTL.exe
2012-11-18 18:58 - 2012-11-18 18:58 - 00304016 ____A C:\Users\alex\Desktop\[A] Two viruses - generic29.anpx & win64_patched.a - TechSpot Forums.htm
2012-11-18 18:58 - 2012-11-18 18:58 - 00000000 ____D C:\Users\alex\Desktop\[A] Two viruses - generic29.anpx & win64_patched.a - TechSpot Forums_files
2012-11-18 17:25 - 2012-11-18 17:25 - 05002404 ____A (Swearware) C:\Users\alex\Desktop\ComboFix.exe
2012-11-18 17:24 - 2012-11-18 17:24 - 04732416 ____A (AVAST Software) C:\Users\alex\Desktop\aswMBR.exe
2012-11-18 17:21 - 2012-11-18 17:21 - 00175795 ____A C:\Users\alex\Desktop\How tor remove Win64_Patched.A from Win7 Home - TechSpot Forums.htm
2012-11-18 17:20 - 2012-11-18 17:22 - 00000000 ____D C:\Users\alex\Desktop\How tor remove Win64_Patched.A from Win7 Home - TechSpot Forums_files
2012-11-18 17:17 - 2012-11-18 17:17 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Users\alex\AppData\Roaming\Malwarebytes
2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-18 17:17 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-18 17:05 - 2012-11-18 20:11 - 00000000 ____D C:\Users\alex\Desktop\RK_Quarantine
2012-11-18 17:04 - 2012-11-18 17:04 - 00724992 ____A C:\Users\alex\Desktop\RogueKiller.exe
2012-11-18 17:03 - 2012-11-18 20:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-18 17:02 - 2012-10-31 21:49 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\alex\Desktop\TDSSKiller.exe
2012-11-18 17:01 - 2012-11-18 17:01 - 02195061 ____A C:\Users\alex\Downloads\tdsskiller.zip
2012-11-18 16:52 - 2012-11-18 16:54 - 00002121 ____A C:\Users\alex\Downloads\Search.txt
2012-11-18 01:36 - 2012-11-18 01:36 - 00001782 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-11-18 00:43 - 2012-11-18 00:43 - 93076756 ____A C:\Users\alex\Downloads\PSY - GANGNAM STYLE.mp4
2012-11-11 18:10 - 2012-11-11 18:12 - 00000000 ____D C:\Users\Public\CyberLink
2012-11-11 18:10 - 2012-11-11 18:12 - 00000000 ____D C:\Users\alex\Documents\CyberLink
2012-11-11 17:59 - 2012-11-11 17:59 - 00000000 ____D C:\Program Files\Conexant
2012-11-11 17:59 - 2012-06-22 08:29 - 00222464 ____A (Dexetek ) C:\Windows\System32\Drivers\DxVGrb.sys
2012-11-11 17:59 - 2012-06-22 08:29 - 00055808 ____A (Conexant Systems Inc.) C:\Windows\System32\cxtvrate.dll
2012-11-11 17:59 - 2012-06-22 08:29 - 00040960 ____A (Conexant) C:\Windows\System32\y8cnvt.ax
2012-11-11 17:59 - 2012-06-22 08:29 - 00032256 ____A (Conexant Systems, Inc) C:\Windows\System32\CxPolaris.ax
2012-11-11 17:59 - 2012-06-22 08:29 - 00019456 ____A (Conexant Systems, Inc) C:\Windows\System32\cpnotify.ax
2012-11-11 17:59 - 2012-06-22 08:29 - 00016384 ____A C:\Windows\System32\cxEZCAP.ax
2012-11-11 17:59 - 2012-06-22 08:29 - 00016382 ____A C:\Windows\System32\Drivers\merlinD.rom
2012-11-11 17:57 - 2012-11-11 17:58 - 00431034 ____A C:\Users\alex\AppData\Local\dd_vcredistMSI3D22.txt
2012-11-11 17:57 - 2012-11-11 17:58 - 00012194 ____A C:\Users\alex\AppData\Local\dd_vcredistUI3D22.txt
2012-11-11 17:57 - 2012-11-11 17:57 - 00001055 ____A C:\Users\Public\Desktop\CyberLink PowerDirector.lnk
2012-11-11 17:54 - 2012-11-11 17:57 - 00000000 ____D C:\Program Files\CyberLink
2012-11-11 17:53 - 2012-11-11 17:53 - 00000000 ____D C:\Users\All Users\CLSK
2012-10-21 16:03 - 2012-10-21 16:03 - 00000000 ____D C:\Users\alex\AppData\Local\Ilivid Player
2012-10-21 15:58 - 2012-10-21 15:58 - 00823648 ____A (Bandoo Media Inc) C:\Users\alex\Downloads\iLividSetupV1.exe
==================== One Month Modified Files and Folders =======
2012-11-19 14:10 - 2012-11-19 14:10 - 00005191 ____A C:\Users\alex\Desktop\attach.txt
2012-11-19 14:09 - 2012-11-19 14:10 - 00017462 ____A C:\Users\alex\Desktop\dds.txt
2012-11-19 14:08 - 2012-11-19 14:08 - 00688901 ____R (Swearware) C:\Users\alex\Downloads\dds.com
2012-11-19 14:04 - 2010-02-03 11:30 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-19 14:04 - 2010-02-03 11:30 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-19 14:04 - 2006-11-02 15:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-19 14:04 - 2006-11-02 15:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-19 11:46 - 2006-11-02 12:46 - 00761242 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-19 11:42 - 2010-10-18 13:04 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-11-19 11:36 - 2012-11-19 11:36 - 00000408 ____A C:\Windows\PFRO.log
2012-11-19 11:36 - 2008-05-26 23:05 - 00000147 ____A C:\Windows\SysWOW64\agent.log
2012-11-19 11:36 - 2006-11-02 15:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-19 11:36 - 2006-10-11 07:25 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
2012-11-19 01:10 - 2006-11-02 15:42 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-18 20:15 - 2012-11-18 20:15 - 00000000 ____D C:\FRST
2012-11-18 20:14 - 2012-11-18 20:14 - 01461037 ____A (Farbar) C:\Users\alex\Desktop\FRST64.exe
2012-11-18 20:12 - 2012-11-18 20:12 - 00001794 ____A C:\Users\alex\Desktop\RKreport[2]_S_11182012_02d2012.txt
2012-11-18 20:11 - 2012-11-18 20:11 - 00001757 ____A C:\Users\alex\Desktop\RKreport[1]_S_11182012_02d2011.txt
2012-11-18 20:11 - 2012-11-18 17:05 - 00000000 ____D C:\Users\alex\Desktop\RK_Quarantine
2012-11-18 20:07 - 2012-11-18 17:03 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-18 19:51 - 2010-12-20 12:40 - 00000000 ____D C:\Users\alex\AppData\Local\MigWiz
2012-11-18 19:51 - 2007-07-12 01:49 - 00000000 ____D C:\Windows\Panther
2012-11-18 19:36 - 2012-11-18 19:36 - 00000774 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-18 19:36 - 2012-11-18 19:36 - 00000000 ____D C:\Program Files\CCleaner
2012-11-18 19:13 - 2012-11-18 19:13 - 00000000 ____D C:\_OTL
2012-11-18 19:01 - 2012-11-18 19:00 - 00602112 ____A (OldTimer Tools) C:\Users\alex\Desktop\OTL.exe
2012-11-18 18:58 - 2012-11-18 18:58 - 00304016 ____A C:\Users\alex\Desktop\[A] Two viruses - generic29.anpx & win64_patched.a - TechSpot Forums.htm
2012-11-18 18:58 - 2012-11-18 18:58 - 00000000 ____D C:\Users\alex\Desktop\[A] Two viruses - generic29.anpx & win64_patched.a - TechSpot Forums_files
2012-11-18 17:25 - 2012-11-18 17:25 - 05002404 ____A (Swearware) C:\Users\alex\Desktop\ComboFix.exe
2012-11-18 17:24 - 2012-11-18 17:24 - 04732416 ____A (AVAST Software) C:\Users\alex\Desktop\aswMBR.exe
2012-11-18 17:22 - 2012-11-18 17:20 - 00000000 ____D C:\Users\alex\Desktop\How tor remove Win64_Patched.A from Win7 Home - TechSpot Forums_files
2012-11-18 17:21 - 2012-11-18 17:21 - 00175795 ____A C:\Users\alex\Desktop\How tor remove Win64_Patched.A from Win7 Home - TechSpot Forums.htm
2012-11-18 17:17 - 2012-11-18 17:17 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Users\alex\AppData\Roaming\Malwarebytes
2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-18 17:16 - 2010-10-18 13:04 - 00000000 ____D C:\Users\All Users\AVG10
2012-11-18 17:04 - 2012-11-18 17:04 - 00724992 ____A C:\Users\alex\Desktop\RogueKiller.exe
2012-11-18 17:01 - 2012-11-18 17:01 - 02195061 ____A C:\Users\alex\Downloads\tdsskiller.zip
2012-11-18 16:54 - 2012-11-18 16:52 - 00002121 ____A C:\Users\alex\Downloads\Search.txt
2012-11-18 16:54 - 2010-01-31 21:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-18 01:36 - 2012-11-18 01:36 - 00001782 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-11-18 00:43 - 2012-11-18 00:43 - 93076756 ____A C:\Users\alex\Downloads\PSY - GANGNAM STYLE.mp4
2012-11-17 20:12 - 2010-01-26 16:05 - 00000000 ____D C:\Program Files\Lx_cats
2012-11-14 19:34 - 2011-02-26 12:43 - 00000000 ____D C:\Users\alex\AppData\Roaming\My Craft Studio Professional
2012-11-14 19:02 - 2009-12-15 05:27 - 00026112 ____A C:\Users\alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-14 17:22 - 2009-12-15 04:24 - 00000000 ____D C:\Users\alex\AppData\Roaming\SiteAdvisor
2012-11-13 17:39 - 2010-09-30 17:04 - 00000000 ____D C:\Users\alex\AppData\Roaming\vlc
2012-11-11 21:23 - 2008-05-26 22:38 - 00000000 ____D C:\Users\All Users\CyberLink
2012-11-11 18:12 - 2012-11-11 18:10 - 00000000 ____D C:\Users\Public\CyberLink
2012-11-11 18:12 - 2012-11-11 18:10 - 00000000 ____D C:\Users\alex\Documents\CyberLink
2012-11-11 18:08 - 2010-07-19 12:07 - 00000000 ____D C:\Users\alex\AppData\Roaming\CyberLink
2012-11-11 18:04 - 2009-12-15 04:22 - 00075192 ____A C:\Users\alex\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-11 18:03 - 2006-11-02 15:21 - 00306248 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-11 17:59 - 2012-11-11 17:59 - 00000000 ____D C:\Program Files\Conexant
2012-11-11 17:59 - 2009-12-15 04:22 - 00000000 ____D C:\users\alex
2012-11-11 17:58 - 2012-11-11 17:57 - 00431034 ____A C:\Users\alex\AppData\Local\dd_vcredistMSI3D22.txt
2012-11-11 17:58 - 2012-11-11 17:57 - 00012194 ____A C:\Users\alex\AppData\Local\dd_vcredistUI3D22.txt
2012-11-11 17:58 - 2006-11-02 13:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-11-11 17:57 - 2012-11-11 17:57 - 00001055 ____A C:\Users\Public\Desktop\CyberLink PowerDirector.lnk
2012-11-11 17:57 - 2012-11-11 17:54 - 00000000 ____D C:\Program Files\CyberLink
2012-11-11 17:53 - 2012-11-11 17:53 - 00000000 ____D C:\Users\All Users\CLSK
2012-11-11 17:53 - 2008-05-26 22:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-11-09 00:18 - 2012-08-29 14:59 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-09 00:18 - 2011-12-10 11:13 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-11-09 00:18 - 2011-12-10 11:13 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-10-31 21:49 - 2012-11-18 17:02 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\alex\Desktop\TDSSKiller.exe
2012-10-30 23:55 - 2010-05-22 09:42 - 00212405 ____A C:\lxce.log
2012-10-21 16:03 - 2012-10-21 16:03 - 00000000 ____D C:\Users\alex\AppData\Local\Ilivid Player
2012-10-21 15:58 - 2012-10-21 15:58 - 00823648 ____A (Bandoo Media Inc) C:\Users\alex\Downloads\iLividSetupV1.exe
2012-10-20 14:06 - 2012-08-01 15:46 - 00000000 ____D C:\Users\alex\Desktop\magaluf

ZeroAccess:
C:\Windows\Installer\{22f93c74-47c9-2bd8-9fd8-c7faf1282bc5}
C:\Windows\Installer\{22f93c74-47c9-2bd8-9fd8-c7faf1282bc5}\U
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe B8844F93D2C5F1DCDB179AAA9AF134B7 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================

==================== Memory info ===========================
Percentage of memory in use: 63%
Total physical RAM: 2813.74 MB
Available physical RAM: 1014.45 MB
Total Pagefile: 5848.03 MB
Available Pagefile: 3780.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Partitions =============================
1 Drive c: (ACER) (Fixed) (Total:139.41 GB) (Free:61.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive f: (DATA) (Fixed) (Total:140.18 GB) (Free:140.01 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 19 GB 1024 KB
Partition 2 Primary 139 GB 19 GB
Partition 3 Primary 140 GB 158 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C ACER NTFS Partition 139 GB Healthy System (partition with boot components)
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F DATA NTFS Partition 140 GB Healthy
=========================================================
Last Boot: 2012-11-19 11:56
==================== End Of Log =============================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


Farbar Recovery Scan Tool x64

Download Farbar Recovery Scan Tool and save it to a flash drive.


Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
    frst2.jpg

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
 
Thankyou very much, I'll follow these steps in the morning and post the results to you as soon as I have.
It's nice to know I've got some proper help now :)
I would have done it tonight but it's not my pc and it's getting late.

Thanks again
 
Hi again, sorry for the late reply but everyone and their mothers seem to want or need me for some reason today! So I've been continually held up. I managed to get the scans done a little while ago and have been trying to get a chance to post them to you for the past hour!

I put the program on a flash drive and made sure I knew the drive letter as instructed but when I went to run frst.exe from the command prompt it wouldn't run the program, so I went to notepad and clicked to show all file types and it showed up as frst64.exe, so I ran that, I'm not sure if that'll be what the file is called for others too but I just thought I'd let you know.

Here is the FRST.txt log file:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
Ran by SYSTEM at 20-11-2012 13:40:30
Running from H:\
Windows Vista (TM) Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [319488 2008-04-25] ()
HKLM\...\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot [319488 2008-04-25] ()
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [15941152 2008-12-08] (NVIDIA Corporation)
HKLM\...\Run: [LXCECATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCEtime.dll,RunDLLEntry [28672 2007-02-22] ()
HKLM\...\Run: [lxcemon.exe] "C:\Program Files (x86)\Lexmark 4300 Series\lxcemon.exe" [205744 2007-05-17] (Lexmark International, Inc.)
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark 4300 Series\ezprint.exe" [103344 2007-05-17] (Lexmark International Inc.)
HKLM-x32\...\Run: [SiteAdvisor] "C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe" [36640 2007-08-24] ()
HKLM-x32\...\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [204908 2008-01-25] ()
HKLM-x32\...\Run: [BkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [28672 2008-04-25] ()
HKLM-x32\...\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe [172032 2008-08-13] (Acer Inc.)
HKLM-x32\...\Run: [eRecoveryService] [x]
HKLM-x32\...\Run: [WarReg_PopUp] "C:\Program Files (x86)\Acer\WR_PopUp\WarReg_PopUp.exe" [303104 2008-01-29] (Acer Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [417792 2010-02-15] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [273528 2011-08-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-19] ()
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-08-29] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\alex\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
HKLM-x32\...\RunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe [200704 2008-07-16] (Acer Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\alex\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

==================== Services (Whitelisted) ===================

2 Acer HomeMedia Connect Service; "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [269448 2008-01-25] (CyberLink)
3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-07] (AVG Technologies CZ, s.r.o.)
2 BUNAgentSvc; "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" [16384 2008-03-03] (NewTech Infosystems, Inc.)
2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-04-25] ()
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [920064 2008-01-29] ()
2 lxce_device; C:\Windows\system32\lxcecoms.exe -service [566704 2007-03-08] ( )
2 lxce_device; C:\Windows\SysWow64\lxcecoms.exe -service [537520 2007-03-08] ( )
2 McAfee SiteAdvisor Service; C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [103472 2012-10-23] (McAfee, Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [193024 2008-01-29] ()
2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe" [262247 2006-07-19] ()
2 RichVideo64; "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" [386344 2012-06-22] ()
2 SiteAdvisor Service; C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe [341280 2008-05-26] ()
2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()

==================== Drivers (Whitelisted) =====================

3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [117328 2011-05-27] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-02-21] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29264 2011-02-09] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [304720 2011-01-06] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
3 DxVGrb; C:\Windows\System32\Drivers\DxVGrb.sys [222464 2012-06-22] (Dexetek )
2 int15; C:\Windows\SysWow64\Drivers\int15.sys [15392 2008-04-25] (Acer, Inc.)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-19 06:10 - 2012-11-19 06:10 - 00005191 ____A C:\Users\alex\Desktop\attach.txt
2012-11-19 06:10 - 2012-11-19 06:09 - 00017462 ____A C:\Users\alex\Desktop\dds.txt
2012-11-19 06:08 - 2012-11-19 06:08 - 00688901 ____R (Swearware) C:\Users\alex\Downloads\dds.com
2012-11-19 03:36 - 2012-11-20 04:14 - 00001074 ____A C:\Windows\PFRO.log
2012-11-18 12:16 - 2012-11-19 06:29 - 00015424 ____A C:\Users\alex\Desktop\FRST.txt
2012-11-18 12:15 - 2012-11-18 12:15 - 00000000 ____D C:\FRST
2012-11-18 12:14 - 2012-11-18 12:14 - 01461037 ____A (Farbar) C:\Users\alex\Desktop\FRST64.exe
2012-11-18 12:12 - 2012-11-18 12:12 - 00001794 ____A C:\Users\alex\Desktop\RKreport[2]_S_11182012_02d2012.txt
2012-11-18 12:11 - 2012-11-18 12:11 - 00001757 ____A C:\Users\alex\Desktop\RKreport[1]_S_11182012_02d2011.txt
2012-11-18 11:36 - 2012-11-18 11:36 - 00000774 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-18 11:36 - 2012-11-18 11:36 - 00000000 ____D C:\Program Files\CCleaner
2012-11-18 11:13 - 2012-11-18 11:13 - 00000000 ____D C:\_OTL
2012-11-18 11:00 - 2012-11-18 11:01 - 00602112 ____A (OldTimer Tools) C:\Users\alex\Desktop\OTL.exe
2012-11-18 10:58 - 2012-11-18 10:58 - 00304016 ____A C:\Users\alex\Desktop\[A] Two viruses - generic29.anpx & win64_patched.a - TechSpot Forums.htm
2012-11-18 10:58 - 2012-11-18 10:58 - 00000000 ____D C:\Users\alex\Desktop\[A] Two viruses - generic29.anpx & win64_patched.a - TechSpot Forums_files
2012-11-18 09:25 - 2012-11-18 09:25 - 05002404 ____A (Swearware) C:\Users\alex\Desktop\ComboFix.exe
2012-11-18 09:24 - 2012-11-18 09:24 - 04732416 ____A (AVAST Software) C:\Users\alex\Desktop\aswMBR.exe
2012-11-18 09:21 - 2012-11-18 09:21 - 00175795 ____A C:\Users\alex\Desktop\How tor remove Win64_Patched.A from Win7 Home - TechSpot Forums.htm
2012-11-18 09:20 - 2012-11-18 09:22 - 00000000 ____D C:\Users\alex\Desktop\How tor remove Win64_Patched.A from Win7 Home - TechSpot Forums_files
2012-11-18 09:17 - 2012-11-18 09:17 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-18 09:17 - 2012-11-18 09:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-18 09:17 - 2012-11-18 09:17 - 00000000 ____D C:\Users\alex\AppData\Roaming\Malwarebytes
2012-11-18 09:17 - 2012-11-18 09:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-18 09:17 - 2012-09-29 11:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-18 09:05 - 2012-11-18 12:11 - 00000000 ____D C:\Users\alex\Desktop\RK_Quarantine
2012-11-18 09:04 - 2012-11-18 09:04 - 00724992 ____A C:\Users\alex\Desktop\RogueKiller.exe
2012-11-18 09:03 - 2012-11-18 12:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-18 09:02 - 2012-10-31 13:49 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\alex\Desktop\TDSSKiller.exe
2012-11-18 09:01 - 2012-11-18 09:01 - 02195061 ____A C:\Users\alex\Downloads\tdsskiller.zip
2012-11-18 08:52 - 2012-11-18 08:54 - 00002121 ____A C:\Users\alex\Downloads\Search.txt
2012-11-17 17:36 - 2012-11-17 17:36 - 00001782 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-11-17 16:43 - 2012-11-17 16:43 - 93076756 ____A C:\Users\alex\Downloads\PSY - GANGNAM STYLE.mp4
2012-11-11 10:10 - 2012-11-11 10:12 - 00000000 ____D C:\Users\Public\CyberLink
2012-11-11 10:10 - 2012-11-11 10:12 - 00000000 ____D C:\Users\alex\Documents\CyberLink
2012-11-11 09:59 - 2012-11-11 09:59 - 00000000 ____D C:\Program Files\Conexant
2012-11-11 09:59 - 2012-06-22 00:29 - 00222464 ____A (Dexetek ) C:\Windows\System32\Drivers\DxVGrb.sys
2012-11-11 09:59 - 2012-06-22 00:29 - 00055808 ____A (Conexant Systems Inc.) C:\Windows\System32\cxtvrate.dll
2012-11-11 09:59 - 2012-06-22 00:29 - 00040960 ____A (Conexant) C:\Windows\System32\y8cnvt.ax
2012-11-11 09:59 - 2012-06-22 00:29 - 00032256 ____A (Conexant Systems, Inc) C:\Windows\System32\CxPolaris.ax
2012-11-11 09:59 - 2012-06-22 00:29 - 00019456 ____A (Conexant Systems, Inc) C:\Windows\System32\cpnotify.ax
2012-11-11 09:59 - 2012-06-22 00:29 - 00016384 ____A C:\Windows\System32\cxEZCAP.ax
2012-11-11 09:59 - 2012-06-22 00:29 - 00016382 ____A C:\Windows\System32\Drivers\merlinD.rom
2012-11-11 09:57 - 2012-11-11 09:58 - 00431034 ____A C:\Users\alex\AppData\Local\dd_vcredistMSI3D22.txt
2012-11-11 09:57 - 2012-11-11 09:58 - 00012194 ____A C:\Users\alex\AppData\Local\dd_vcredistUI3D22.txt
2012-11-11 09:57 - 2012-11-11 09:57 - 00001055 ____A C:\Users\Public\Desktop\CyberLink PowerDirector.lnk
2012-11-11 09:54 - 2012-11-11 09:57 - 00000000 ____D C:\Program Files\CyberLink
2012-11-11 09:53 - 2012-11-11 09:53 - 00000000 ____D C:\Users\All Users\CLSK
2012-10-21 08:03 - 2012-10-21 08:03 - 00000000 ____D C:\Users\alex\AppData\Local\Ilivid Player
2012-10-21 07:58 - 2012-10-21 07:58 - 00823648 ____A (Bandoo Media Inc) C:\Users\alex\Downloads\iLividSetupV1.exe

==================== One Month Modified Files and Folders =======

2012-11-20 05:32 - 2006-11-02 07:42 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-20 05:32 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-20 05:32 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-20 05:32 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-20 04:48 - 2010-02-03 03:30 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-20 04:20 - 2010-10-18 05:04 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-11-20 04:19 - 2006-11-02 04:46 - 00761242 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-20 04:14 - 2012-11-19 03:36 - 00001074 ____A C:\Windows\PFRO.log
2012-11-20 04:14 - 2010-02-03 03:30 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-20 04:14 - 2008-05-26 15:05 - 00000147 ____A C:\Windows\SysWOW64\agent.log
2012-11-20 04:14 - 2006-10-10 23:25 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
2012-11-19 06:29 - 2012-11-18 12:16 - 00015424 ____A C:\Users\alex\Desktop\FRST.txt
2012-11-19 06:10 - 2012-11-19 06:10 - 00005191 ____A C:\Users\alex\Desktop\attach.txt
2012-11-19 06:09 - 2012-11-19 06:10 - 00017462 ____A C:\Users\alex\Desktop\dds.txt
2012-11-19 06:08 - 2012-11-19 06:08 - 00688901 ____R (Swearware) C:\Users\alex\Downloads\dds.com
2012-11-18 12:15 - 2012-11-18 12:15 - 00000000 ____D C:\FRST
2012-11-18 12:14 - 2012-11-18 12:14 - 01461037 ____A (Farbar) C:\Users\alex\Desktop\FRST64.exe
2012-11-18 12:12 - 2012-11-18 12:12 - 00001794 ____A C:\Users\alex\Desktop\RKreport[2]_S_11182012_02d2012.txt
2012-11-18 12:11 - 2012-11-18 12:11 - 00001757 ____A C:\Users\alex\Desktop\RKreport[1]_S_11182012_02d2011.txt
2012-11-18 12:11 - 2012-11-18 09:05 - 00000000 ____D C:\Users\alex\Desktop\RK_Quarantine
2012-11-18 12:07 - 2012-11-18 09:03 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-18 11:51 - 2010-12-20 04:40 - 00000000 ____D C:\Users\alex\AppData\Local\MigWiz
2012-11-18 11:51 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
2012-11-18 11:36 - 2012-11-18 11:36 - 00000774 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-18 11:36 - 2012-11-18 11:36 - 00000000 ____D C:\Program Files\CCleaner
2012-11-18 11:13 - 2012-11-18 11:13 - 00000000 ____D C:\_OTL
2012-11-18 11:01 - 2012-11-18 11:00 - 00602112 ____A (OldTimer Tools) C:\Users\alex\Desktop\OTL.exe
2012-11-18 10:58 - 2012-11-18 10:58 - 00304016 ____A C:\Users\alex\Desktop\[A] Two viruses - generic29.anpx & win64_patched.a - TechSpot Forums.htm
2012-11-18 10:58 - 2012-11-18 10:58 - 00000000 ____D C:\Users\alex\Desktop\[A] Two viruses - generic29.anpx & win64_patched.a - TechSpot Forums_files
2012-11-18 09:25 - 2012-11-18 09:25 - 05002404 ____A (Swearware) C:\Users\alex\Desktop\ComboFix.exe
2012-11-18 09:24 - 2012-11-18 09:24 - 04732416 ____A (AVAST Software) C:\Users\alex\Desktop\aswMBR.exe
2012-11-18 09:22 - 2012-11-18 09:20 - 00000000 ____D C:\Users\alex\Desktop\How tor remove Win64_Patched.A from Win7 Home - TechSpot Forums_files
2012-11-18 09:21 - 2012-11-18 09:21 - 00175795 ____A C:\Users\alex\Desktop\How tor remove Win64_Patched.A from Win7 Home - TechSpot Forums.htm
2012-11-18 09:17 - 2012-11-18 09:17 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-18 09:17 - 2012-11-18 09:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-18 09:17 - 2012-11-18 09:17 - 00000000 ____D C:\Users\alex\AppData\Roaming\Malwarebytes
2012-11-18 09:17 - 2012-11-18 09:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-18 09:16 - 2010-10-18 05:04 - 00000000 ____D C:\Users\All Users\AVG10
2012-11-18 09:04 - 2012-11-18 09:04 - 00724992 ____A C:\Users\alex\Desktop\RogueKiller.exe
2012-11-18 09:01 - 2012-11-18 09:01 - 02195061 ____A C:\Users\alex\Downloads\tdsskiller.zip
2012-11-18 08:54 - 2012-11-18 08:52 - 00002121 ____A C:\Users\alex\Downloads\Search.txt
2012-11-18 08:54 - 2010-01-31 13:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-17 17:36 - 2012-11-17 17:36 - 00001782 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-11-17 16:43 - 2012-11-17 16:43 - 93076756 ____A C:\Users\alex\Downloads\PSY - GANGNAM STYLE.mp4
2012-11-17 12:12 - 2010-01-26 08:05 - 00000000 ____D C:\Program Files\Lx_cats
2012-11-14 11:34 - 2011-02-26 04:43 - 00000000 ____D C:\Users\alex\AppData\Roaming\My Craft Studio Professional
2012-11-14 11:02 - 2009-12-14 21:27 - 00026112 ____A C:\Users\alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-14 09:22 - 2009-12-14 20:24 - 00000000 ____D C:\Users\alex\AppData\Roaming\SiteAdvisor
2012-11-13 09:39 - 2010-09-30 09:04 - 00000000 ____D C:\Users\alex\AppData\Roaming\vlc
2012-11-11 13:23 - 2008-05-26 14:38 - 00000000 ____D C:\Users\All Users\CyberLink
2012-11-11 10:12 - 2012-11-11 10:10 - 00000000 ____D C:\Users\Public\CyberLink
2012-11-11 10:12 - 2012-11-11 10:10 - 00000000 ____D C:\Users\alex\Documents\CyberLink
2012-11-11 10:08 - 2010-07-19 04:07 - 00000000 ____D C:\Users\alex\AppData\Roaming\CyberLink
2012-11-11 10:04 - 2009-12-14 20:22 - 00075192 ____A C:\Users\alex\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-11 10:03 - 2006-11-02 07:21 - 00306248 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-11 09:59 - 2012-11-11 09:59 - 00000000 ____D C:\Program Files\Conexant
2012-11-11 09:59 - 2009-12-14 20:22 - 00000000 ____D C:\users\alex
2012-11-11 09:58 - 2012-11-11 09:57 - 00431034 ____A C:\Users\alex\AppData\Local\dd_vcredistMSI3D22.txt
2012-11-11 09:58 - 2012-11-11 09:57 - 00012194 ____A C:\Users\alex\AppData\Local\dd_vcredistUI3D22.txt
2012-11-11 09:58 - 2006-11-02 05:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-11-11 09:57 - 2012-11-11 09:57 - 00001055 ____A C:\Users\Public\Desktop\CyberLink PowerDirector.lnk
2012-11-11 09:57 - 2012-11-11 09:54 - 00000000 ____D C:\Program Files\CyberLink
2012-11-11 09:53 - 2012-11-11 09:53 - 00000000 ____D C:\Users\All Users\CLSK
2012-11-11 09:53 - 2008-05-26 14:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-11-08 16:18 - 2012-08-29 06:59 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-08 16:18 - 2011-12-10 03:13 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-11-08 16:18 - 2011-12-10 03:13 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-10-31 13:49 - 2012-11-18 09:02 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\alex\Desktop\TDSSKiller.exe
2012-10-30 15:55 - 2010-05-22 01:42 - 00212405 ____A C:\lxce.log
2012-10-21 08:03 - 2012-10-21 08:03 - 00000000 ____D C:\Users\alex\AppData\Local\Ilivid Player
2012-10-21 07:58 - 2012-10-21 07:58 - 00823648 ____A (Bandoo Media Inc) C:\Users\alex\Downloads\iLividSetupV1.exe


ZeroAccess:
C:\Windows\Installer\{22f93c74-47c9-2bd8-9fd8-c7faf1282bc5}
C:\Windows\Installer\{22f93c74-47c9-2bd8-9fd8-c7faf1282bc5}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe B8844F93D2C5F1DCDB179AAA9AF134B7 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-14 10:40:36
Restore point made on: 2012-11-15 13:32:11
Restore point made on: 2012-11-16 15:01:02
Restore point made on: 2012-11-17 13:07:26
Restore point made on: 2012-11-18 07:57:07
Restore point made on: 2012-11-19 08:27:19
Restore point made on: 2012-11-20 04:51:42

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 2813.94 MB
Available physical RAM: 2417.32 MB
Total Pagefile: 2720.87 MB
Available Pagefile: 2483.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (ACER) (Fixed) (Total:139.41 GB) (Free:63.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:140.18 GB) (Free:140.01 GB) NTFS
6 Drive h: () (Removable) (Total:3.77 GB) (Free:0.82 GB) FAT32
7 Drive x: (PQSERVICE) (Fixed) (Total:18.5 GB) (Free:8.1 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 2526 KB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 3872 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 19 GB 1024 KB
Partition 2 Primary 139 GB 19 GB
Partition 3 Primary 140 GB 158 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 X PQSERVICE NTFS Partition 19 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C ACER NTFS Partition 139 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D DATA NTFS Partition 140 GB Healthy

=========================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3870 MB 50 KB

==================================================================================

Disk: 3
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 H FAT32 Removable 3870 MB Healthy

=========================================================

Last Boot: 2012-11-20 04:22

==================== End Of Log =============================
 
And here is the Search.txt log file:

Farbar Recovery Scan Tool (x64) Version: 18-11-2012
Ran by SYSTEM at 2012-11-20 13:41:08
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2012-05-29 09:29] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2012-05-29 09:26] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SysWOW64\services.exe
[2012-05-29 09:29] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\System32\services.exe
[2012-05-29 09:26] - [2009-04-10 23:10] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2010-01-29 08:58] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2010-01-29 08:58] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

====== End Of Search ======
 
FRST Fixlist

Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 

Attachments

  • fixlist.txt
    227 bytes · Views: 3
Hi, thanks for the reply, I just ran the fix and this is the Fixlog.txt file:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2012
Ran by SYSTEM at 2012-11-21 18:33:44 Run:1
Running from H:\

==============================================

C:\Windows\Installer\{22f93c74-47c9-2bd8-9fd8-c7faf1282bc5} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\SysWOW64\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

I'm not sure if it's supposed to be doing this but I've restarted the computer and its just got a black screen with a cursor at the moment. The HDD light has stopped flashing also... (This happened after it came up with the loading into windows progress bar thing)
 
Just to let you know, the screen is still black and nothing is happening I tried getting task manager up but that hasn't worked, all I can see is a cursor on a black background.
This happened after the loading bar came up that would usually lead into windows and the desktop appearing.
There are no other user accounts so it would usually boot straight to desktop.

So just to clarify it's not starting windows, it is instead going to a black screen with only the white cursor showing up.
Just so you know, I followed your steps to the letter, so there was no room for error on my part.

Hope this can be fixed, it's not my pc. :S

Thankyou
 
Sorry for delay. I just came back from my short vacation. :)

I would like to see a new log from FRST please. :)
 
Hi there, just to let you know I had to fix the problem myself, as this wasn't my computer the owner wanted it fixed before next week because they needed to use it, I do apologise for having to sort the rest myself. What I did was I put in a windows vista disk and used it to repair the computer.

I'm guessing it just replaced the files that were missing which were needed for windows to load. Since doing so, the computer now loads normally and there seems to be no further problems.
I've done an avg scan, which showed nothing. I also did a Farbar scan and I used the OTL program and got a log from that, lastly I used MBAM. Nothing showed up in any of the scans and im assuming that the virus was removed.

So I thankyou very much for all your time and help in removing the virus.
Once again, I'm sorry I had to finish the fix myself but needs must.

I'll send the logs that were produced from the scans I ran and if you wish you can let me know if im right in thinking things are ok now.

Many Thanks

Marcus
 
Here is the FRST.txt log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
Ran by alex at 23-11-2012 16:55:33
Running from C:\Users\alex\Desktop
Service Pack 2 (X64) OS Language: English(US)
Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==================== One Month Created Files and Folders ========
2012-11-19 14:10 - 2012-11-19 14:10 - 00005191 ____A C:\Users\alex\Desktop\attach.txt
2012-11-19 14:10 - 2012-11-19 14:09 - 00017462 ____A C:\Users\alex\Desktop\dds.txt
2012-11-19 14:08 - 2012-11-19 14:08 - 00688901 ____R (Swearware) C:\Users\alex\Downloads\dds.com
2012-11-19 11:36 - 2012-11-21 10:50 - 00001406 ____A C:\Windows\PFRO.log
2012-11-18 20:15 - 2012-11-18 20:15 - 00000000 ____D C:\FRST
2012-11-18 20:14 - 2012-11-18 20:14 - 01461037 ____A (Farbar) C:\Users\alex\Desktop\FRST64.exe
2012-11-18 20:12 - 2012-11-18 20:12 - 00001794 ____A C:\Users\alex\Desktop\RKreport[2]_S_11182012_02d2012.txt
2012-11-18 20:11 - 2012-11-18 20:11 - 00001757 ____A C:\Users\alex\Desktop\RKreport[1]_S_11182012_02d2011.txt
2012-11-18 19:36 - 2012-11-18 19:36 - 00000774 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-18 19:36 - 2012-11-18 19:36 - 00000000 ____D C:\Program Files\CCleaner
2012-11-18 19:13 - 2012-11-18 19:13 - 00000000 ____D C:\_OTL
2012-11-18 19:00 - 2012-11-18 19:01 - 00602112 ____A (OldTimer Tools) C:\Users\alex\Desktop\OTL.exe
2012-11-18 17:25 - 2012-11-18 17:25 - 05002404 ____A (Swearware) C:\Users\alex\Desktop\ComboFix.exe
2012-11-18 17:24 - 2012-11-18 17:24 - 04732416 ____A (AVAST Software) C:\Users\alex\Desktop\aswMBR.exe
2012-11-18 17:17 - 2012-11-18 17:17 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Users\alex\AppData\Roaming\Malwarebytes
2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-18 17:17 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-18 17:05 - 2012-11-18 20:11 - 00000000 ____D C:\Users\alex\Desktop\RK_Quarantine
2012-11-18 17:04 - 2012-11-18 17:04 - 00724992 ____A C:\Users\alex\Desktop\RogueKiller.exe
2012-11-18 17:03 - 2012-11-18 20:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-18 17:02 - 2012-10-31 21:49 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\alex\Desktop\TDSSKiller.exe
2012-11-18 17:01 - 2012-11-18 17:01 - 02195061 ____A C:\Users\alex\Downloads\tdsskiller.zip
2012-11-18 16:52 - 2012-11-18 16:54 - 00002121 ____A C:\Users\alex\Downloads\Search.txt
2012-11-18 01:36 - 2012-11-18 01:36 - 00001782 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-11-18 00:43 - 2012-11-18 00:43 - 93076756 ____A C:\Users\alex\Downloads\PSY - GANGNAM STYLE.mp4
2012-11-11 18:10 - 2012-11-11 18:12 - 00000000 ____D C:\Users\Public\CyberLink
2012-11-11 18:10 - 2012-11-11 18:12 - 00000000 ____D C:\Users\alex\Documents\CyberLink
2012-11-11 17:59 - 2012-11-11 17:59 - 00000000 ____D C:\Program Files\Conexant
2012-11-11 17:59 - 2012-06-22 08:29 - 00222464 ____A (Dexetek ) C:\Windows\System32\Drivers\DxVGrb.sys
2012-11-11 17:59 - 2012-06-22 08:29 - 00055808 ____A (Conexant Systems Inc.) C:\Windows\System32\cxtvrate.dll
2012-11-11 17:59 - 2012-06-22 08:29 - 00040960 ____A (Conexant) C:\Windows\System32\y8cnvt.ax
2012-11-11 17:59 - 2012-06-22 08:29 - 00032256 ____A (Conexant Systems, Inc) C:\Windows\System32\CxPolaris.ax
2012-11-11 17:59 - 2012-06-22 08:29 - 00019456 ____A (Conexant Systems, Inc) C:\Windows\System32\cpnotify.ax
2012-11-11 17:59 - 2012-06-22 08:29 - 00016384 ____A C:\Windows\System32\cxEZCAP.ax
2012-11-11 17:59 - 2012-06-22 08:29 - 00016382 ____A C:\Windows\System32\Drivers\merlinD.rom
2012-11-11 17:57 - 2012-11-11 17:58 - 00431034 ____A C:\Users\alex\AppData\Local\dd_vcredistMSI3D22.txt
2012-11-11 17:57 - 2012-11-11 17:58 - 00012194 ____A C:\Users\alex\AppData\Local\dd_vcredistUI3D22.txt
2012-11-11 17:57 - 2012-11-11 17:57 - 00001055 ____A C:\Users\Public\Desktop\CyberLink PowerDirector.lnk
2012-11-11 17:54 - 2012-11-11 17:57 - 00000000 ____D C:\Program Files\CyberLink
2012-11-11 17:53 - 2012-11-11 17:53 - 00000000 ____D C:\Users\All Users\CLSK
==================== One Month Modified Files and Folders =======
2099-12-31 16:25 - 2006-11-02 15:42 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2099-12-31 16:23 - 2010-01-26 16:05 - 00000000 ____D C:\Program Files\Lx_cats
2012-11-23 16:48 - 2010-02-03 11:30 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-23 16:42 - 2010-02-03 11:30 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-23 16:35 - 2006-11-02 12:46 - 00761242 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-23 16:31 - 2010-10-18 13:04 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-11-23 16:28 - 2008-05-26 23:05 - 00000147 ____A C:\Windows\SysWOW64\agent.log
2012-11-23 16:28 - 2006-11-02 15:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-23 16:28 - 2006-11-02 15:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-23 16:28 - 2006-11-02 15:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-23 16:28 - 2006-10-11 07:25 - 00000000 ____A C:\Windows\System32\LogConfigTemp.xml
2012-11-21 10:50 - 2012-11-19 11:36 - 00001406 ____A C:\Windows\PFRO.log
2012-11-19 14:10 - 2012-11-19 14:10 - 00005191 ____A C:\Users\alex\Desktop\attach.txt
2012-11-19 14:09 - 2012-11-19 14:10 - 00017462 ____A C:\Users\alex\Desktop\dds.txt
2012-11-19 14:08 - 2012-11-19 14:08 - 00688901 ____R (Swearware) C:\Users\alex\Downloads\dds.com
2012-11-18 20:15 - 2012-11-18 20:15 - 00000000 ____D C:\FRST
2012-11-18 20:14 - 2012-11-18 20:14 - 01461037 ____A (Farbar) C:\Users\alex\Desktop\FRST64.exe
2012-11-18 20:12 - 2012-11-18 20:12 - 00001794 ____A C:\Users\alex\Desktop\RKreport[2]_S_11182012_02d2012.txt
2012-11-18 20:11 - 2012-11-18 20:11 - 00001757 ____A C:\Users\alex\Desktop\RKreport[1]_S_11182012_02d2011.txt
2012-11-18 20:11 - 2012-11-18 17:05 - 00000000 ____D C:\Users\alex\Desktop\RK_Quarantine
2012-11-18 20:07 - 2012-11-18 17:03 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-18 19:51 - 2010-12-20 12:40 - 00000000 ____D C:\Users\alex\AppData\Local\MigWiz
2012-11-18 19:51 - 2007-07-12 01:49 - 00000000 ____D C:\Windows\Panther
2012-11-18 19:36 - 2012-11-18 19:36 - 00000774 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-18 19:36 - 2012-11-18 19:36 - 00000000 ____D C:\Program Files\CCleaner
2012-11-18 19:13 - 2012-11-18 19:13 - 00000000 ____D C:\_OTL
2012-11-18 19:01 - 2012-11-18 19:00 - 00602112 ____A (OldTimer Tools) C:\Users\alex\Desktop\OTL.exe
2012-11-18 17:25 - 2012-11-18 17:25 - 05002404 ____A (Swearware) C:\Users\alex\Desktop\ComboFix.exe
2012-11-18 17:24 - 2012-11-18 17:24 - 04732416 ____A (AVAST Software) C:\Users\alex\Desktop\aswMBR.exe
2012-11-18 17:17 - 2012-11-18 17:17 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Users\alex\AppData\Roaming\Malwarebytes
2012-11-18 17:17 - 2012-11-18 17:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-18 17:16 - 2010-10-18 13:04 - 00000000 ____D C:\Users\All Users\AVG10
2012-11-18 17:04 - 2012-11-18 17:04 - 00724992 ____A C:\Users\alex\Desktop\RogueKiller.exe
2012-11-18 17:01 - 2012-11-18 17:01 - 02195061 ____A C:\Users\alex\Downloads\tdsskiller.zip
2012-11-18 16:54 - 2012-11-18 16:52 - 00002121 ____A C:\Users\alex\Downloads\Search.txt
2012-11-18 16:54 - 2010-01-31 21:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-18 01:36 - 2012-11-18 01:36 - 00001782 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-11-18 00:43 - 2012-11-18 00:43 - 93076756 ____A C:\Users\alex\Downloads\PSY - GANGNAM STYLE.mp4
2012-11-14 19:34 - 2011-02-26 12:43 - 00000000 ____D C:\Users\alex\AppData\Roaming\My Craft Studio Professional
2012-11-14 19:02 - 2009-12-15 05:27 - 00026112 ____A C:\Users\alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-14 17:22 - 2009-12-15 04:24 - 00000000 ____D C:\Users\alex\AppData\Roaming\SiteAdvisor
2012-11-13 17:39 - 2010-09-30 17:04 - 00000000 ____D C:\Users\alex\AppData\Roaming\vlc
2012-11-11 21:23 - 2008-05-26 22:38 - 00000000 ____D C:\Users\All Users\CyberLink
2012-11-11 18:12 - 2012-11-11 18:10 - 00000000 ____D C:\Users\Public\CyberLink
2012-11-11 18:12 - 2012-11-11 18:10 - 00000000 ____D C:\Users\alex\Documents\CyberLink
2012-11-11 18:08 - 2010-07-19 12:07 - 00000000 ____D C:\Users\alex\AppData\Roaming\CyberLink
2012-11-11 18:04 - 2009-12-15 04:22 - 00075192 ____A C:\Users\alex\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-11 18:03 - 2006-11-02 15:21 - 00306248 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-11 17:59 - 2012-11-11 17:59 - 00000000 ____D C:\Program Files\Conexant
2012-11-11 17:59 - 2009-12-15 04:22 - 00000000 ____D C:\users\alex
2012-11-11 17:58 - 2012-11-11 17:57 - 00431034 ____A C:\Users\alex\AppData\Local\dd_vcredistMSI3D22.txt
2012-11-11 17:58 - 2012-11-11 17:57 - 00012194 ____A C:\Users\alex\AppData\Local\dd_vcredistUI3D22.txt
2012-11-11 17:58 - 2006-11-02 13:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-11-11 17:57 - 2012-11-11 17:57 - 00001055 ____A C:\Users\Public\Desktop\CyberLink PowerDirector.lnk
2012-11-11 17:57 - 2012-11-11 17:54 - 00000000 ____D C:\Program Files\CyberLink
2012-11-11 17:53 - 2012-11-11 17:53 - 00000000 ____D C:\Users\All Users\CLSK
2012-11-11 17:53 - 2008-05-26 22:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-11-09 00:18 - 2012-08-29 14:59 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-09 00:18 - 2011-12-10 11:13 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-11-09 00:18 - 2011-12-10 11:13 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-10-31 21:49 - 2012-11-18 17:02 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\alex\Desktop\TDSSKiller.exe
2012-10-30 23:55 - 2010-05-22 09:42 - 00212405 ____A C:\lxce.log

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================

==================== Memory info ===========================
Percentage of memory in use: 61%
Total physical RAM: 2813.74 MB
Available physical RAM: 1076.39 MB
Total Pagefile: 5854.03 MB
Available Pagefile: 4066.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Partitions =============================
1 Drive c: (ACER) (Fixed) (Total:139.41 GB) (Free:62.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive f: (DATA) (Fixed) (Total:140.18 GB) (Free:140.01 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 19 GB 1024 KB
Partition 2 Primary 139 GB 19 GB
Partition 3 Primary 140 GB 158 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C ACER NTFS Partition 139 GB Healthy System (partition with boot components)
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F DATA NTFS Partition 140 GB Healthy
=========================================================
Last Boot: 2012-11-23 16:34
==================== End Of Log =============================
 
Status
Not open for further replies.

Similar threads

S
Solved "generic32.CEMU" "win64/patched.A" "generic31.ZCS" "generic29.ANPX" "generic15.CGSY" the lists go on
2
Replies
46
Views
10K
Broni
Broni
jskelington2641
Solved Win64/Patched.A in c:\Windows\System32\services.exe and Trojan horse Generic29.ANPX
2
Replies
25
Views
12K
Broni
Broni
P
  • Locked
Inactive [A] Two viruses - generic29.anpx & win64/patched.a
2
Replies
32
Views
6K
Broni
Broni

Latest posts

Back