Solved Win64/Patched.A virus..urgent help needed by desperate novice

LadyhawkeX

Posts: 60   +0
Hi I am new to this forum..I got a very bad Virus and have tried several options to fix it...AVG could not remove and advised I download more softwarewhich was a .rar file. I do not have rar software and I am not downloading another thing to this computer. I also tried Malwarebytes, but it does not touch it and I am getting all kind of weird messages now when I boot up about things that no longer work like sortkey.nlp could not load and IASTORICON not workig..also my Vaio care is not working... I googled the virus and found this site with a blog between a user much more knowledgeable than me and DragonMaster Jay.. so I am hoping you can halp me fix this..please I am desperate, and need my computer desperately...also I tried to do a restore to a a few days ago and that did not fix it and now somw of my windows updates ..won't update...I know this is a system 32 problem but as I said I am not that brilliant when it comes to PCs
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

What Windows version is it?
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
First let me say thanks in advance for your help!! As you will be able to tell as we go on I am not brilliant at fixing my PC so you have to be patient with me please.. I am not sure but I think this is a 64 bit machine.. its a Sony Vaio with and Intel core i5 processor
 
Ok I have download both the 32 bit and 64 bit.. so if you can tell me which one I should use I will get on with your instructions and also when send you these files should I use the upload a file option in the post reply...sorry to ask I am really a novice at this, but I can follow instructions
 
Aha... very cool.. its 64 bit ok I will get on with this and get back to you and really thanks for your patience
 
Hopefully I did this file upload correctly
 

Attachments

  • FRST.txt
    30.3 KB · Views: 3
  • Search.txt
    602 bytes · Views: 1
Let me know if you need me to cut and paste directly into the reply area... I was not quite sure about this...thanx !-)
 
Sorry about the delay it got late here..I think we are in differnt time zones....OK will paste the logs, was not quite sure about that... feels a little exposed and there was an up load function which opens on ones computer. Also I am getting message from the Microsoft folks about unreported issues but I did nothing with it since I think one of yoour conditions is that we do nothing from outside the blog until you finish your work... so here goes
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
Ran by SYSTEM at 21-11-2012 17:46:00
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11490408 2010-12-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2179688 2010-12-03] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [x]
HKLM\...\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2010-12-13] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2010-12-13] (AuthenTec, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [673168 2010-11-17] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VAIO Boot Manager] "C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [734608 2010-12-08] (Sony Corporation)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe [38248 2011-11-10] (Mindjet)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent [x]
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
HKU\Cecilia\...\Run: [VoipBuster] "C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized [23069600 2012-09-11] (VoipBuster)
HKU\Cecilia\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Cecilia\...\Run: [EPSON14FFC7 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S86EA.tmp" /EF "HKCU" [224768 2009-09-14] (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
AppInit_DLLs:
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Services (Whitelisted) ===================
2 ABBYY.Licensing.FineReader.Sprint.9.0; "C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service [759048 2009-05-14] (ABBYY)
3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 avgfws; "C:\Program Files (x86)\AVG\AVG2013\avgfws.exe" [1340976 2012-11-02] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
2 FPLService; "C:\Program Files\TrueSuite\TrueSuite.Service.exe" [290632 2010-12-13] (AuthenTec, Inc)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" [259192 2011-01-29] (Sony Corporation)
2 VMCService; "C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe" [9216 2009-11-16] (Vodafone)
==================== Drivers (Whitelisted) =====================
1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [133632 2009-11-04] (Huawei Technologies Co., Ltd.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2012-11-21 17:17 - 2012-11-21 17:17 - 01476262 ____A C:\Users\Cecilia\Desktop\computer info.bmp
2012-11-21 14:10 - 2012-11-21 14:43 - 00000000 ____D C:\Users\Cecilia\Desktop\MW problem
2012-11-21 08:57 - 2012-11-21 08:57 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-21 08:57 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-21 08:51 - 2012-11-21 08:51 - 00001284 ____A C:\Users\Cecilia\Desktop\mbam-setup-1.65.1.1000.exe - Shortcut.lnk
2012-11-21 08:49 - 2012-11-21 08:49 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Cecilia\Downloads\mbam-setup-1.65.1.1000.exe
2012-11-20 21:39 - 2012-07-26 03:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-20 21:39 - 2012-07-26 03:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-20 21:39 - 2012-07-26 03:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-20 21:39 - 2012-07-26 03:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-20 21:39 - 2012-07-26 03:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-20 21:39 - 2012-07-26 02:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-20 21:39 - 2012-07-26 02:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-20 21:39 - 2012-06-02 14:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-20 21:35 - 2012-09-25 22:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-20 21:35 - 2012-09-25 22:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-20 19:17 - 2012-11-21 08:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-20 19:17 - 2012-11-20 19:17 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\Malwarebytes
2012-11-20 19:17 - 2012-11-20 19:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-20 18:06 - 2012-11-20 21:26 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-11-20 18:05 - 2012-11-20 18:05 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\Media Player Classic
2012-11-20 12:13 - 2012-11-20 13:10 - 00000000 ____D C:\Users\Cecilia\Desktop\NEO exp 2011 & 2012
2012-11-15 12:13 - 2012-11-15 14:37 - 00000000 ____D C:\Users\Cecilia\Documents\Exp Neo
2012-11-13 21:03 - 2012-11-20 21:23 - 00000000 ____D C:\Program Files (x86)\Essentials Codec Pack
2012-11-13 21:03 - 2012-11-13 21:03 - 00001188 ____A C:\Users\Cecilia\Desktop\Media Player Classic.lnk
2012-11-13 21:02 - 2012-11-13 21:02 - 00000000 ____D C:\Program Files (x86)\Yontoo
2012-11-13 21:01 - 2012-11-13 21:01 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2012-11-13 20:55 - 2012-11-13 20:55 - 00000000 ____D C:\Users\Cecilia\AppData\Local\{0BAEF352-9A02-44CE-A574-DD55AF3C863A}
2012-11-11 20:57 - 2012-11-11 20:57 - 00039904 ____A C:\Windows\SysWOW64\dischandler.exe
2012-11-11 17:46 - 2012-11-11 17:46 - 04012544 ____A C:\Windows\System32\ffmpeg.dll
2012-11-11 17:45 - 2012-11-11 17:45 - 04376576 ____A C:\Windows\System32\ffdshow.ax
2012-11-11 17:45 - 2012-11-11 17:45 - 00474624 ____A C:\Windows\System32\ff_kernelDeint.dll
2012-11-11 17:45 - 2012-11-11 17:45 - 00156672 ____A C:\Windows\System32\ff_libmad.dll
2012-11-11 17:45 - 2012-11-11 17:45 - 00127488 ____A C:\Windows\System32\ff_vfw.dll
2012-11-11 17:44 - 2012-11-11 17:44 - 01532928 ____A C:\Windows\System32\ff_samplerate.dll
2012-11-11 17:44 - 2012-11-11 17:44 - 00631296 ____A C:\Windows\System32\TomsMoComp_ff.dll
2012-11-11 17:44 - 2012-11-11 17:44 - 00223232 ____A C:\Windows\System32\ff_libdts.dll
2012-11-11 17:44 - 2012-11-11 17:44 - 00183296 ____A C:\Windows\System32\ff_unrar.dll
2012-11-11 17:44 - 2012-11-11 17:44 - 00116224 ____A C:\Windows\System32\ff_liba52.dll
2012-11-11 17:44 - 2012-11-11 17:44 - 00114688 ____A C:\Windows\System32\ff_wmv9.dll
2012-11-11 17:42 - 2012-11-11 17:42 - 03915776 ____A C:\Windows\SysWOW64\ffmpeg.dll
2012-11-11 17:41 - 2012-11-11 17:41 - 03504128 ____A C:\Windows\SysWOW64\ffdshow.ax
2012-11-11 17:41 - 2012-11-11 17:41 - 00271360 ____A C:\Windows\SysWOW64\TomsMoComp_ff.dll
2012-11-11 17:41 - 2012-11-11 17:41 - 00112640 ____A C:\Windows\SysWOW64\ff_vfw.dll
2012-11-11 17:40 - 2012-11-11 17:40 - 01525760 ____A C:\Windows\SysWOW64\ff_samplerate.dll
2012-11-11 17:40 - 2012-11-11 17:40 - 00211968 ____A C:\Windows\SysWOW64\ff_libdts.dll
2012-11-11 17:40 - 2012-11-11 17:40 - 00157184 ____A C:\Windows\SysWOW64\ff_unrar.dll
2012-11-11 17:40 - 2012-11-11 17:40 - 00147456 ____A C:\Windows\SysWOW64\ff_libmad.dll
2012-11-11 17:40 - 2012-11-11 17:40 - 00114688 ____A C:\Windows\SysWOW64\ff_liba52.dll
2012-11-11 17:40 - 2012-11-11 17:40 - 00099840 ____A C:\Windows\SysWOW64\ff_wmv9.dll
2012-11-11 13:34 - 2012-11-11 13:34 - 08000584 ____A C:\Windows\System32\avcodec-lav-54.dll
2012-11-11 13:34 - 2012-11-11 13:34 - 01497768 ____A (1f0.de - Hendrik Leppkes) C:\Windows\System32\LAVVideo.ax
2012-11-11 13:34 - 2012-11-11 13:34 - 01137384 ____A C:\Windows\System32\avformat-lav-54.dll
2012-11-11 13:34 - 2012-11-11 13:34 - 00503464 ____A (1f0.de - Hendrik Leppkes) C:\Windows\System32\LAVSplitter.ax
2012-11-11 13:34 - 2012-11-11 13:34 - 00405200 ____A C:\Windows\System32\swscale-lav-2.dll
2012-11-11 13:34 - 2012-11-11 13:34 - 00364712 ____A (Intel Corp.) C:\Windows\System32\IntelQuickSyncDecoder.dll
2012-11-11 13:34 - 2012-11-11 13:34 - 00274600 ____A (1f0.de - Hendrik Leppkes) C:\Windows\System32\LAVAudio.ax
2012-11-11 13:34 - 2012-11-11 13:34 - 00252792 ____A C:\Windows\System32\avutil-lav-52.dll
2012-11-11 13:34 - 2012-11-11 13:34 - 00215720 ____A C:\Windows\System32\libbluray.dll
2012-11-11 13:34 - 2012-11-11 13:34 - 00181568 ____A C:\Windows\System32\avfilter-lav-3.dll
2012-11-11 13:34 - 2012-11-11 13:34 - 00178472 ____A C:\Windows\System32\avresample-lav-1.dll
2012-11-11 13:32 - 2012-11-11 13:32 - 07870928 ____A C:\Windows\SysWOW64\avcodec-lav-54.dll
2012-11-11 13:32 - 2012-11-11 13:32 - 01182696 ____A C:\Windows\SysWOW64\avformat-lav-54.dll
2012-11-11 13:32 - 2012-11-11 13:32 - 01172648 ____A (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\LAVVideo.ax
2012-11-11 13:32 - 2012-11-11 13:32 - 00413864 ____A (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\LAVSplitter.ax
2012-11-11 13:32 - 2012-11-11 13:32 - 00382120 ____A C:\Windows\SysWOW64\swscale-lav-2.dll
2012-11-11 13:32 - 2012-11-11 13:32 - 00281768 ____A (Intel Corp.) C:\Windows\SysWOW64\IntelQuickSyncDecoder.dll
2012-11-11 13:32 - 2012-11-11 13:32 - 00241832 ____A (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\LAVAudio.ax
2012-11-11 13:32 - 2012-11-11 13:32 - 00238528 ____A C:\Windows\SysWOW64\avutil-lav-52.dll
2012-11-11 13:32 - 2012-11-11 13:32 - 00183976 ____A C:\Windows\SysWOW64\libbluray.dll
2012-11-11 13:32 - 2012-11-11 13:32 - 00167728 ____A C:\Windows\SysWOW64\avfilter-lav-3.dll
2012-11-11 13:32 - 2012-11-11 13:32 - 00158096 ____A C:\Windows\SysWOW64\avresample-lav-1.dll
2012-11-08 18:21 - 2012-11-08 18:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2012-11-08 18:21 - 2012-11-08 18:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2012-11-08 13:05 - 2012-11-08 18:20 - 00000000 ____D C:\Users\Cecilia\Documents\AGV
2012-11-08 12:59 - 2012-11-08 12:59 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\AVG2013
2012-11-08 12:45 - 2012-11-08 18:21 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-11-08 12:45 - 2012-11-08 12:45 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\TuneUp Software
2012-11-08 12:43 - 2012-11-20 21:23 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-08 12:03 - 2012-11-08 15:18 - 00000000 ____D C:\Users\Cecilia\AppData\Local\Avg2013
2012-11-08 12:03 - 2012-11-08 12:03 - 00000000 ____D C:\Users\Cecilia\AppData\Local\MFAData
2012-11-08 12:01 - 2012-11-08 12:01 - 04418888 ____A (AVG Technologies) C:\Users\Cecilia\Documents\avg_avc_stb_all_2013_2742.exe
2012-11-02 16:54 - 2012-11-02 16:54 - 00000000 ____A C:\Users\Cecilia\Sti_Trace.log
2012-10-30 15:46 - 2012-11-21 09:42 - 01229538 ____A C:\Users\Cecilia\Downloads\TR177_Metamodel_Ecore.zip
2012-10-30 12:40 - 2012-11-21 11:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-30 11:34 - 2012-10-30 16:56 - 00000000 ____D C:\Users\Cecilia\Desktop\Today
2012-10-22 13:02 - 2012-10-22 13:02 - 00154464 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys

==================== One Month Modified Files and Folders =======
2012-11-21 17:45 - 2012-11-21 17:45 - 00000000 ____D C:\FRST
2012-11-21 17:37 - 2011-11-26 15:30 - 01502050 ____A C:\Windows\WindowsUpdate.log
2012-11-21 17:34 - 2011-11-28 21:00 - 00000000 ____D C:\Users\Cecilia\Documents\Outlook
2012-11-21 17:25 - 2011-11-26 17:05 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\Skype
2012-11-21 17:22 - 2009-07-14 04:45 - 00013888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-21 17:22 - 2009-07-14 04:45 - 00013888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-21 17:17 - 2012-11-21 17:17 - 01476262 ____A C:\Users\Cecilia\Desktop\computer info.bmp
2012-11-21 17:10 - 2011-11-28 19:55 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-21 17:06 - 2012-04-02 11:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-21 17:05 - 2011-03-30 05:47 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-21 16:59 - 2009-07-14 05:13 - 00730512 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-21 16:05 - 2011-03-30 05:47 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-21 14:46 - 2012-04-12 10:56 - 00000476 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job
2012-11-21 14:46 - 2011-03-30 06:03 - 00349986 ____A C:\Windows\PFRO.log
2012-11-21 14:46 - 2009-07-14 05:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-21 14:46 - 2009-07-14 04:51 - 00069267 ____A C:\Windows\setupact.log
2012-11-21 14:43 - 2012-11-21 14:10 - 00000000 ____D C:\Users\Cecilia\Desktop\MW problem
2012-11-21 14:43 - 2012-07-16 16:11 - 00000000 ____D C:\Users\Cecilia\Desktop\Charandas
2012-11-21 14:14 - 2012-05-21 11:47 - 00000000 ____D C:\Users\Cecilia\Desktop\FRAMEWRKS METHOD MODEL
2012-11-21 11:00 - 2012-10-30 12:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-21 10:41 - 2011-11-26 15:31 - 00124504 ____A C:\Users\Cecilia\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-21 09:42 - 2012-10-30 15:46 - 01229538 ____A C:\Users\Cecilia\Downloads\TR177_Metamodel_Ecore.zip
2012-11-21 08:57 - 2012-11-21 08:57 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-21 08:57 - 2012-11-20 19:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-21 08:53 - 2012-08-12 15:25 - 00000000 ____D C:\Users\Cecilia\Downloads\Complete
2012-11-21 08:51 - 2012-11-21 08:51 - 00001284 ____A C:\Users\Cecilia\Desktop\mbam-setup-1.65.1.1000.exe - Shortcut.lnk
2012-11-21 08:49 - 2012-11-21 08:49 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Cecilia\Downloads\mbam-setup-1.65.1.1000.exe
2012-11-21 08:34 - 2009-07-14 04:45 - 00444632 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-20 21:38 - 2011-11-28 20:14 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-20 21:38 - 2009-07-14 02:34 - 00000510 ____A C:\Windows\win.ini
2012-11-20 21:26 - 2012-11-20 18:06 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-11-20 21:26 - 2012-08-12 15:13 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\BitTorrent
2012-11-20 21:26 - 2011-11-26 15:31 - 00000000 ____D C:\users\Cecilia
2012-11-20 21:26 - 2011-03-30 05:26 - 00000000 ____D C:\Users\All Users\Sony Corporation
2012-11-20 21:26 - 2009-07-14 03:20 - 00000000 __RSD C:\Windows\Media
2012-11-20 21:26 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\System32\NDF
2012-11-20 21:26 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2012-11-20 21:26 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2012-11-20 21:26 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-20 21:23 - 2012-11-13 21:03 - 00000000 ____D C:\Program Files (x86)\Essentials Codec Pack
2012-11-20 21:23 - 2012-11-08 12:43 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-20 19:17 - 2012-11-20 19:17 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\Malwarebytes
2012-11-20 19:17 - 2012-11-20 19:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-20 18:05 - 2012-11-20 18:05 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\Media Player Classic
2012-11-20 15:24 - 2012-08-12 15:26 - 00000000 ____D C:\Users\Cecilia\Downloads\Pending
2012-11-20 13:10 - 2012-11-20 12:13 - 00000000 ____D C:\Users\Cecilia\Desktop\NEO exp 2011 & 2012
2012-11-20 09:36 - 2011-12-01 16:33 - 00000000 ____D C:\Users\Cecilia\Documents\Neosynapse
2012-11-15 14:37 - 2012-11-15 12:13 - 00000000 ____D C:\Users\Cecilia\Documents\Exp Neo
2012-11-13 21:03 - 2012-11-13 21:03 - 00001188 ____A C:\Users\Cecilia\Desktop\Media Player Classic.lnk
2012-11-13 21:02 - 2012-11-13 21:02 - 00000000 ____D C:\Program Files (x86)\Yontoo
2012-11-13 21:01 - 2012-11-13 21:01 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2012-11-13 20:55 - 2012-11-13 20:55 - 00000000 ____D C:\Users\Cecilia\AppData\Local\{0BAEF352-9A02-44CE-A574-DD55AF3C863A}
2012-11-13 15:16 - 2011-12-01 16:41 - 00000000 ____D C:\Users\Cecilia\Documents\Flights
2012-11-11 20:57 - 2012-11-11 20:57 - 00039904 ____A C:\Windows\SysWOW64\dischandler.exe
2012-11-11 17:46 - 2012-11-11 17:46 - 04012544 ____A C:\Windows\System32\ffmpeg.dll
2012-11-11 17:45 - 2012-11-11 17:45 - 04376576 ____A C:\Windows\System32\ffdshow.ax
2012-11-11 17:45 - 2012-11-11 17:45 - 00474624 ____A C:\Windows\System32\ff_kernelDeint.dll
2012-11-11 17:45 - 2012-11-11 17:45 - 00156672 ____A C:\Windows\System32\ff_libmad.dll
2012-11-11 17:45 - 2012-11-11 17:45 - 00127488 ____A C:\Windows\System32\ff_vfw.dll
2012-11-11 17:44 - 2012-11-11 17:44 - 01532928 ____A C:\Windows\System32\ff_samplerate.dll
2012-11-11 17:44 - 2012-11-11 17:44 - 00631296 ____A C:\Windows\System32\TomsMoComp_ff.dll
2012-11-11 17:44 - 2012-11-11 17:44 - 00223232 ____A C:\Windows\System32\ff_libdts.dll
2012-11-11 17:44 - 2012-11-11 17:44 - 00183296 ____A C:\Windows\System32\ff_unrar.dll
2012-11-11 17:44 - 2012-11-11 17:44 - 00116224 ____A C:\Windows\System32\ff_liba52.dll
2012-11-11 17:44 - 2012-11-11 17:44 - 00114688 ____A C:\Windows\System32\ff_wmv9.dll
2012-11-11 17:42 - 2012-11-11 17:42 - 03915776 ____A C:\Windows\SysWOW64\ffmpeg.dll
2012-11-11 17:41 - 2012-11-11 17:41 - 03504128 ____A C:\Windows\SysWOW64\ffdshow.ax
2012-11-11 17:41 - 2012-11-11 17:41 - 00271360 ____A C:\Windows\SysWOW64\TomsMoComp_ff.dll
2012-11-11 17:41 - 2012-11-11 17:41 - 00112640 ____A C:\Windows\SysWOW64\ff_vfw.dll
2012-11-11 17:40 - 2012-11-11 17:40 - 01525760 ____A C:\Windows\SysWOW64\ff_samplerate.dll
2012-11-11 17:40 - 2012-11-11 17:40 - 00211968 ____A C:\Windows\SysWOW64\ff_libdts.dll
2012-11-11 17:40 - 2012-11-11 17:40 - 00157184 ____A C:\Windows\SysWOW64\ff_unrar.dll
2012-11-11 17:40 - 2012-11-11 17:40 - 00147456 ____A C:\Windows\SysWOW64\ff_libmad.dll
2012-11-11 17:40 - 2012-11-11 17:40 - 00114688 ____A C:\Windows\SysWOW64\ff_liba52.dll
2012-11-11 17:40 - 2012-11-11 17:40 - 00099840 ____A C:\Windows\SysWOW64\ff_wmv9.dll
2012-11-11 13:34 - 2012-11-11 13:34 - 08000584 ____A C:\Windows\System32\avcodec-lav-54.dll
2012-11-11 13:34 - 2012-11-11 13:34 - 01497768 ____A (1f0.de - Hendrik Leppkes) C:\Windows\System32\LAVVideo.ax
2012-11-11 13:34 - 2012-11-11 13:34 - 01137384 ____A C:\Windows\System32\avformat-lav-54.dll
2012-11-11 13:34 - 2012-11-11 13:34 - 00503464 ____A (1f0.de - Hendrik Leppkes) C:\Windows\System32\LAVSplitter.ax
2012-11-11 13:34 - 2012-11-11 13:34 - 00405200 ____A C:\Windows\System32\swscale-lav-2.dll
2012-11-11 13:34 - 2012-11-11 13:34 - 00364712 ____A (Intel Corp.) C:\Windows\System32\IntelQuickSyncDecoder.dll
2012-11-11 13:34 - 2012-11-11 13:34 - 00274600 ____A (1f0.de - Hendrik Leppkes) C:\Windows\System32\LAVAudio.ax
2012-11-11 13:34 - 2012-11-11 13:34 - 00252792 ____A C:\Windows\System32\avutil-lav-52.dll
2012-11-11 13:34 - 2012-11-11 13:34 - 00215720 ____A C:\Windows\System32\libbluray.dll
2012-11-11 13:34 - 2012-11-11 13:34 - 00181568 ____A C:\Windows\System32\avfilter-lav-3.dll
2012-11-11 13:34 - 2012-11-11 13:34 - 00178472 ____A C:\Windows\System32\avresample-lav-1.dll
2012-11-11 13:32 - 2012-11-11 13:32 - 07870928 ____A C:\Windows\SysWOW64\avcodec-lav-54.dll
2012-11-11 13:32 - 2012-11-11 13:32 - 01182696 ____A C:\Windows\SysWOW64\avformat-lav-54.dll
2012-11-11 13:32 - 2012-11-11 13:32 - 01172648 ____A (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\LAVVideo.ax
2012-11-11 13:32 - 2012-11-11 13:32 - 00413864 ____A (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\LAVSplitter.ax
2012-11-11 13:32 - 2012-11-11 13:32 - 00382120 ____A C:\Windows\SysWOW64\swscale-lav-2.dll
2012-11-11 13:32 - 2012-11-11 13:32 - 00281768 ____A (Intel Corp.) C:\Windows\SysWOW64\IntelQuickSyncDecoder.dll
2012-11-11 13:32 - 2012-11-11 13:32 - 00241832 ____A (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\LAVAudio.ax
2012-11-11 13:32 - 2012-11-11 13:32 - 00238528 ____A C:\Windows\SysWOW64\avutil-lav-52.dll
2012-11-11 13:32 - 2012-11-11 13:32 - 00183976 ____A C:\Windows\SysWOW64\libbluray.dll
2012-11-11 13:32 - 2012-11-11 13:32 - 00167728 ____A C:\Windows\SysWOW64\avfilter-lav-3.dll
2012-11-11 13:32 - 2012-11-11 13:32 - 00158096 ____A C:\Windows\SysWOW64\avresample-lav-1.dll
2012-11-10 16:17 - 2012-04-30 08:37 - 00000000 ____D C:\SIRIUS12
2012-11-09 15:46 - 2012-02-29 11:15 - 00040727 ____A C:\test.xml
2012-11-08 18:21 - 2012-11-08 18:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2012-11-08 18:21 - 2012-11-08 18:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2012-11-08 18:21 - 2012-11-08 12:45 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-11-08 18:21 - 2012-08-04 14:55 - 00000000 ___HD C:\$AVG
2012-11-08 18:20 - 2012-11-08 13:05 - 00000000 ____D C:\Users\Cecilia\Documents\AGV
2012-11-08 16:45 - 2012-08-31 18:33 - 00000000 ____D C:\Users\Cecilia\Desktop\Zachman
2012-11-08 15:18 - 2012-11-08 12:03 - 00000000 ____D C:\Users\Cecilia\AppData\Local\Avg2013
2012-11-08 13:02 - 2011-11-28 20:00 - 00000000 ____D C:\Users\All Users\AVG2012
2012-11-08 12:59 - 2012-11-08 12:59 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\AVG2013
2012-11-08 12:59 - 2011-11-28 19:59 - 00000000 ____D C:\Program Files (x86)\AVG
2012-11-08 12:45 - 2012-11-08 12:45 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\TuneUp Software
2012-11-08 12:03 - 2012-11-08 12:03 - 00000000 ____D C:\Users\Cecilia\AppData\Local\MFAData
2012-11-08 12:01 - 2012-11-08 12:01 - 04418888 ____A (AVG Technologies) C:\Users\Cecilia\Documents\avg_avc_stb_all_2013_2742.exe
2012-11-06 08:51 - 2012-06-27 10:22 - 00000000 ____D C:\Users\Cecilia\Documents\Extracted Files
2012-11-02 16:54 - 2012-11-02 16:54 - 00000000 ____A C:\Users\Cecilia\Sti_Trace.log
2012-11-02 14:47 - 2012-05-08 18:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-30 16:56 - 2012-10-30 11:34 - 00000000 ____D C:\Users\Cecilia\Desktop\Today
2012-10-30 15:51 - 2012-06-26 07:43 - 00000000 ____D C:\Users\Cecilia\Desktop\FAST
2012-10-23 14:27 - 2012-10-20 11:18 - 00000000 ____D C:\Users\Cecilia\Documents\Tapes of Master
2012-10-23 08:34 - 2011-12-01 16:34 - 00000000 ____D C:\Users\Cecilia\Documents\Lyrics poetry quotes
2012-10-22 13:02 - 2012-10-22 13:02 - 00154464 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-10-30 13:53:40
Restore point made on: 2012-11-08 10:01:21
Restore point made on: 2012-11-08 12:43:34
Restore point made on: 2012-11-08 12:44:06
Restore point made on: 2012-11-09 23:17:50
Restore point made on: 2012-11-16 00:37:07
Restore point made on: 2012-11-20 20:48:42
Restore point made on: 2012-11-20 21:37:40
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 4011.86 MB
Available physical RAM: 3361.42 MB
Total Pagefile: 4010.01 MB
Available Pagefile: 3354.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:451.33 GB) (Free:250.17 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:14.34 GB) (Free:1.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 977 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 14 GB 1024 KB
Partition 2 Primary 100 MB 14 GB
Partition 3 Primary 451 GB 14 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 14 GB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 451 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 977 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 977 MB Healthy
=========================================================
Last Boot: 2012-11-15 14:31
==================== End Of Log =============================
 
And the next one.....looking forwar to hearing from you...the text log seems like a lot of info for you to wade thru... I am impressed !-)

Farbar Recovery Scan Tool (x64) Version: 18-11-2012
Ran by SYSTEM at 2012-11-21 17:48:30
Running from G:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 23:19] - [2009-07-14 01:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 23:19] - [2009-07-14 01:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======
 
Good Morning !-) so perhaps when I did the resotore it got rid tof the Virus??? I did a scan after the restore and it did not pop up, but I read in some other blogs here that it did not necessarily mean it was gone... here is the info from AVG when this happend on the 20th..I can't copy and paste it so I will just re write it.. Detection name: Vurus idnetified Win64/Patched.A Description:c:\Windows\System32\services.exe Serverity:High State:infected Date 20/11/2012, 18:52:40 and additionally it said it Cannot be cleaned....remove manually(this was a link to some program I mentioned in my original paot that was some .rar file... also with is alert was something called Adaware Generic.NCF and soem trojan horse called BackDoor.Generic15.CJWN... these kept poping up until I did the restore after that I ran AVG again and it found nothing but I was getting these weird messages about some of my programs not being able to loadTrueSuite Touch Control (some Vaio thing) and somthing called 'sortkey.nlp not loading and something called IASTORICON not working.... don't know what these are... so I am going to link you put in here and follow the instructions... I think its a holiday over there so I will try not to bug you too much... thanks for your dilligence and have a good one!!!
 
Heres the Malware log
Internet Explorer 9.0.8112.16421
Cecilia :: SILVER [administrator]
Protection: Enabled
22/11/2012 17:21:37
mbam-log-2012-11-22 (17-21-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208046
Time elapsed: 3 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
Here is the aswMBR log
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-22 17:29:50
-----------------------------
17:29:50.602 OS Version: Windows x64 6.1.7601 Service Pack 1
17:29:50.602 Number of processors: 4 586 0x2A07
17:29:50.603 ComputerName: SILVER UserName:
17:29:53.181 Initialize success
17:33:58.117 AVAST engine defs: 12112200
17:34:08.045 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:34:08.052 Disk 0 Vendor: TOSHIBA_ GH01 Size: 476940MB BusType: 3
17:34:08.068 Disk 0 MBR read successfully
17:34:08.073 Disk 0 MBR scan
17:34:08.079 Disk 0 Windows 7 default MBR code
17:34:08.090 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14680 MB offset 2048
17:34:08.109 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 30066688
17:34:08.122 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462158 MB offset 30271488
17:34:08.142 Disk 0 scanning C:\Windows\system32\drivers
17:34:21.085 Service scanning
17:35:07.203 Modules scanning
17:35:07.211 Disk 0 trace - called modules:
17:35:07.215
17:35:08.728 AVAST engine scan C:\Windows
17:35:11.318 AVAST engine scan C:\Windows\system32
17:39:09.643 AVAST engine scan C:\Windows\system32\drivers
17:39:27.309 AVAST engine scan C:\Users\Cecilia
17:39:57.721 Disk 0 MBR has been saved successfully to "C:\Users\Cecilia\Desktop\MBR.dat"
17:39:57.725 The log file has been saved successfully to "C:\Users\Cecilia\Desktop\aswMBR.txt"
 
This is not good... I download that aswMBR updated it and then ran the scan... during the scan my skype crasedthem my voipbustr crashed and just after I posted the aswMBR log my computer crashed... I am now running in safe mode with networking...I am thinking this is not good
 
aswMBR doesn't make any changes. It's just a scanner.
Do you have any problem with starting in normal mode?
 
I am on my other computer now my main computer would not start... so I shut it down and tried again it started again but I got that IASTORICON has stopped working message again and another one...wlet you if any others come uphich is new.."sorttbls.nlp" not working...Vaiocare not working...What is this??? something is wrong here...I am getting paranoid about downloading this DDS thing
 
Back