Help needed with win64/patch.A

I have been getting a popup from my AVG resident shield alert with the file name "c;\Windows\System32\services.exe"
It also has been redirecting my browser. I completed the browser redirecting thread, and it temporarily fixed the issue, but after a while I had the same problem. I also completed the Malware removal thread that was posted.
Another issue is that my Adobe Reader always launches an update roughly every 15 mins.
Any help with this would be appreciated
Thanks,
-Kenny

 

Welcome to MajorGeeks, Kenny.

Fix items using RogueKiller

• Open RogueKiller again
• Press the Scan button
• When the scan is finished, press the Fix Proxy button.
• Once Fix Proxy is finished, press the Delete button.
• RogueKiller should require a reboot. Allow the reboot.
• Once you have rebooted, scan with RogueKiller again and attach the latest log.

 

I ran the scan, and then clicked "fix proxy." I then rebooted the pc, and ran the scan again, and I have attached the log from the latest scan.

 

Hi,

You missed a step.
I wanted you to scan and press the Delete button as well
Re-read the previous post for clarification.

 

I'm terribly sorry about that. I have done all of those this time and attached the file.

 

Run one more Scan and press Delete again.
Attach the log from the Delete process.

 

I deleted again and these are the logs before and after the reboot.

 

Rescan using HitmanPro
Allow HitmanPro to take the default actions it wants to on the items it detects.
HitmanPro will require a reboot -- Allow HitmanPro to reboot the computer.


Upon reboot, rescan with both HitmanPro and RogueKiller.
Attach latest logs for each program.

 

It said that it could not delete it, and it did not prompt a reboot. I reran the scans and attached the files.

 

Do NOT delete services.exe.
The default action HitmanPro wants to do is Cure
Allow HitmanPro to Cure services.exe

 

There is no Cure option, there are only Replace (default), quarantine, ignore, and report file as safe. When I said delete I meant to say replace.

 

Oh ok, your log was showing Delete as well. Let's try this another way, first, need to get some more information.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
• Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply. (How to attach)

 

I have attached that log

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt

• Save fixlist.txt to your flash drive.
• You should now have both fixlist.txt and FRST64.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

Now reboot normally.

 

Here is that attachment.

 

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure all the options are checked
• Press Scan.
• It will create a log (FSS.txt) in the same directory the tool was run.
• Please attach FSS.txt to your next message. (How to attach)

__

Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)