Win64/Patched.A virus..urgent help needed by desperate novice

Solved
By LadyhawkeX
Nov 21, 2012
  1. Hi I am new to this forum..I got a very bad Virus and have tried several options to fix it...AVG could not remove and advised I download more softwarewhich was a .rar file. I do not have rar software and I am not downloading another thing to this computer. I also tried Malwarebytes, but it does not touch it and I am getting all kind of weird messages now when I boot up about things that no longer work like sortkey.nlp could not load and IASTORICON not workig..also my Vaio care is not working... I googled the virus and found this site with a blog between a user much more knowledgeable than me and DragonMaster Jay.. so I am hoping you can halp me fix this..please I am desperate, and need my computer desperately...also I tried to do a restore to a a few days ago and that did not fix it and now somw of my windows updates ..won't update...I know this is a system 32 problem but as I said I am not that brilliant when it comes to PCs
  2. Broni

    Broni Malware Annihilator Posts: 46,159   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    What Windows version is it?
  3. LadyhawkeX

    LadyhawkeX Newcomer, in training Topic Starter Posts: 60

    I have Windows 7 Professional
  4. Broni

    Broni Malware Annihilator Posts: 46,159   +251

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  5. LadyhawkeX

    LadyhawkeX Newcomer, in training Topic Starter Posts: 60

    First let me say thanks in advance for your help!! As you will be able to tell as we go on I am not brilliant at fixing my PC so you have to be patient with me please.. I am not sure but I think this is a 64 bit machine.. its a Sony Vaio with and Intel core i5 processor
  6. Broni

    Broni Malware Annihilator Posts: 46,159   +251

    Hold Windows icon key and press Pause/Break key.
    Look at "Sytem type" line.
  7. LadyhawkeX

    LadyhawkeX Newcomer, in training Topic Starter Posts: 60

    Ok I have download both the 32 bit and 64 bit.. so if you can tell me which one I should use I will get on with your instructions and also when send you these files should I use the upload a file option in the post reply...sorry to ask I am really a novice at this, but I can follow instructions
  8. LadyhawkeX

    LadyhawkeX Newcomer, in training Topic Starter Posts: 60

    Aha... very cool.. its 64 bit ok I will get on with this and get back to you and really thanks for your patience
  9. Broni

    Broni Malware Annihilator Posts: 46,159   +251

  10. LadyhawkeX

    LadyhawkeX Newcomer, in training Topic Starter Posts: 60

    Hopefully I did this file upload correctly

    Attached Files:

  11. LadyhawkeX

    LadyhawkeX Newcomer, in training Topic Starter Posts: 60

    Let me know if you need me to cut and paste directly into the reply area... I was not quite sure about this...thanx !-)
     
  12. Broni

    Broni Malware Annihilator Posts: 46,159   +251

  13. LadyhawkeX

    LadyhawkeX Newcomer, in training Topic Starter Posts: 60

    Sorry about the delay it got late here..I think we are in differnt time zones....OK will paste the logs, was not quite sure about that... feels a little exposed and there was an up load function which opens on ones computer. Also I am getting message from the Microsoft folks about unreported issues but I did nothing with it since I think one of yoour conditions is that we do nothing from outside the blog until you finish your work... so here goes
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
    Ran by SYSTEM at 21-11-2012 17:46:00
    Running from G:\
    Windows 7 Professional (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11490408 2010-12-03] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2179688 2010-12-03] (Realtek Semiconductor)
    HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [x]
    HKLM\...\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2010-12-13] (AuthenTec, Inc.)
    HKLM\...\Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2010-12-13] (AuthenTec, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-07-29] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [673168 2010-11-17] (Sony Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [VAIO Boot Manager] "C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [734608 2010-12-08] (Sony Corporation)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe [38248 2011-11-10] (Mindjet)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM-x32\...\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent [x]
    HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
    HKU\Cecilia\...\Run: [VoipBuster] "C:\Program Files (x86)\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized [23069600 2012-09-11] (VoipBuster)
    HKU\Cecilia\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17418928 2012-07-13] (Skype Technologies S.A.)
    HKU\Cecilia\...\Run: [EPSON14FFC7 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S86EA.tmp" /EF "HKCU" [224768 2009-09-14] (SEIKO EPSON CORPORATION)
    Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
    AppInit_DLLs:
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    ==================== Services (Whitelisted) ===================
    2 ABBYY.Licensing.FineReader.Sprint.9.0; "C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service [759048 2009-05-14] (ABBYY)
    3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    2 avgfws; "C:\Program Files (x86)\AVG\AVG2013\avgfws.exe" [1340976 2012-11-02] (AVG Technologies CZ, s.r.o.)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
    2 FPLService; "C:\Program Files\TrueSuite\TrueSuite.Service.exe" [290632 2010-12-13] (AuthenTec, Inc)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
    3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()
    2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" [259192 2011-01-29] (Sony Corporation)
    2 VMCService; "C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe" [9216 2009-11-16] (Vodafone)
    ==================== Drivers (Whitelisted) =====================
    1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
    3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [133632 2009-11-04] (Huawei Technologies Co., Ltd.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-11-21 17:17 - 2012-11-21 17:17 - 01476262 ____A C:\Users\Cecilia\Desktop\computer info.bmp
    2012-11-21 14:10 - 2012-11-21 14:43 - 00000000 ____D C:\Users\Cecilia\Desktop\MW problem
    2012-11-21 08:57 - 2012-11-21 08:57 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-21 08:57 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-11-21 08:51 - 2012-11-21 08:51 - 00001284 ____A C:\Users\Cecilia\Desktop\mbam-setup-1.65.1.1000.exe - Shortcut.lnk
    2012-11-21 08:49 - 2012-11-21 08:49 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Cecilia\Downloads\mbam-setup-1.65.1.1000.exe
    2012-11-20 21:39 - 2012-07-26 03:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
    2012-11-20 21:39 - 2012-07-26 03:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
    2012-11-20 21:39 - 2012-07-26 03:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
    2012-11-20 21:39 - 2012-07-26 03:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
    2012-11-20 21:39 - 2012-07-26 03:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-20 21:39 - 2012-07-26 02:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
    2012-11-20 21:39 - 2012-07-26 02:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
    2012-11-20 21:39 - 2012-06-02 14:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2012-11-20 21:35 - 2012-09-25 22:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2012-11-20 21:35 - 2012-09-25 22:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2012-11-20 19:17 - 2012-11-21 08:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-20 19:17 - 2012-11-20 19:17 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\Malwarebytes
    2012-11-20 19:17 - 2012-11-20 19:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-20 18:06 - 2012-11-20 21:26 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-11-20 18:05 - 2012-11-20 18:05 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\Media Player Classic
    2012-11-20 12:13 - 2012-11-20 13:10 - 00000000 ____D C:\Users\Cecilia\Desktop\NEO exp 2011 & 2012
    2012-11-15 12:13 - 2012-11-15 14:37 - 00000000 ____D C:\Users\Cecilia\Documents\Exp Neo
    2012-11-13 21:03 - 2012-11-20 21:23 - 00000000 ____D C:\Program Files (x86)\Essentials Codec Pack
    2012-11-13 21:03 - 2012-11-13 21:03 - 00001188 ____A C:\Users\Cecilia\Desktop\Media Player Classic.lnk
    2012-11-13 21:02 - 2012-11-13 21:02 - 00000000 ____D C:\Program Files (x86)\Yontoo
    2012-11-13 21:01 - 2012-11-13 21:01 - 00000000 ____D C:\Windows\SysWOW64\C2MP
    2012-11-13 20:55 - 2012-11-13 20:55 - 00000000 ____D C:\Users\Cecilia\AppData\Local\{0BAEF352-9A02-44CE-A574-DD55AF3C863A}
    2012-11-11 20:57 - 2012-11-11 20:57 - 00039904 ____A C:\Windows\SysWOW64\dischandler.exe
    2012-11-11 17:46 - 2012-11-11 17:46 - 04012544 ____A C:\Windows\System32\ffmpeg.dll
    2012-11-11 17:45 - 2012-11-11 17:45 - 04376576 ____A C:\Windows\System32\ffdshow.ax
    2012-11-11 17:45 - 2012-11-11 17:45 - 00474624 ____A C:\Windows\System32\ff_kernelDeint.dll
    2012-11-11 17:45 - 2012-11-11 17:45 - 00156672 ____A C:\Windows\System32\ff_libmad.dll
    2012-11-11 17:45 - 2012-11-11 17:45 - 00127488 ____A C:\Windows\System32\ff_vfw.dll
    2012-11-11 17:44 - 2012-11-11 17:44 - 01532928 ____A C:\Windows\System32\ff_samplerate.dll
    2012-11-11 17:44 - 2012-11-11 17:44 - 00631296 ____A C:\Windows\System32\TomsMoComp_ff.dll
    2012-11-11 17:44 - 2012-11-11 17:44 - 00223232 ____A C:\Windows\System32\ff_libdts.dll
    2012-11-11 17:44 - 2012-11-11 17:44 - 00183296 ____A C:\Windows\System32\ff_unrar.dll
    2012-11-11 17:44 - 2012-11-11 17:44 - 00116224 ____A C:\Windows\System32\ff_liba52.dll
    2012-11-11 17:44 - 2012-11-11 17:44 - 00114688 ____A C:\Windows\System32\ff_wmv9.dll
    2012-11-11 17:42 - 2012-11-11 17:42 - 03915776 ____A C:\Windows\SysWOW64\ffmpeg.dll
    2012-11-11 17:41 - 2012-11-11 17:41 - 03504128 ____A C:\Windows\SysWOW64\ffdshow.ax
    2012-11-11 17:41 - 2012-11-11 17:41 - 00271360 ____A C:\Windows\SysWOW64\TomsMoComp_ff.dll
    2012-11-11 17:41 - 2012-11-11 17:41 - 00112640 ____A C:\Windows\SysWOW64\ff_vfw.dll
    2012-11-11 17:40 - 2012-11-11 17:40 - 01525760 ____A C:\Windows\SysWOW64\ff_samplerate.dll
    2012-11-11 17:40 - 2012-11-11 17:40 - 00211968 ____A C:\Windows\SysWOW64\ff_libdts.dll
    2012-11-11 17:40 - 2012-11-11 17:40 - 00157184 ____A C:\Windows\SysWOW64\ff_unrar.dll
    2012-11-11 17:40 - 2012-11-11 17:40 - 00147456 ____A C:\Windows\SysWOW64\ff_libmad.dll
    2012-11-11 17:40 - 2012-11-11 17:40 - 00114688 ____A C:\Windows\SysWOW64\ff_liba52.dll
    2012-11-11 17:40 - 2012-11-11 17:40 - 00099840 ____A C:\Windows\SysWOW64\ff_wmv9.dll
    2012-11-11 13:34 - 2012-11-11 13:34 - 08000584 ____A C:\Windows\System32\avcodec-lav-54.dll
    2012-11-11 13:34 - 2012-11-11 13:34 - 01497768 ____A (1f0.de - Hendrik Leppkes) C:\Windows\System32\LAVVideo.ax
    2012-11-11 13:34 - 2012-11-11 13:34 - 01137384 ____A C:\Windows\System32\avformat-lav-54.dll
    2012-11-11 13:34 - 2012-11-11 13:34 - 00503464 ____A (1f0.de - Hendrik Leppkes) C:\Windows\System32\LAVSplitter.ax
    2012-11-11 13:34 - 2012-11-11 13:34 - 00405200 ____A C:\Windows\System32\swscale-lav-2.dll
    2012-11-11 13:34 - 2012-11-11 13:34 - 00364712 ____A (Intel Corp.) C:\Windows\System32\IntelQuickSyncDecoder.dll
    2012-11-11 13:34 - 2012-11-11 13:34 - 00274600 ____A (1f0.de - Hendrik Leppkes) C:\Windows\System32\LAVAudio.ax
    2012-11-11 13:34 - 2012-11-11 13:34 - 00252792 ____A C:\Windows\System32\avutil-lav-52.dll
    2012-11-11 13:34 - 2012-11-11 13:34 - 00215720 ____A C:\Windows\System32\libbluray.dll
    2012-11-11 13:34 - 2012-11-11 13:34 - 00181568 ____A C:\Windows\System32\avfilter-lav-3.dll
    2012-11-11 13:34 - 2012-11-11 13:34 - 00178472 ____A C:\Windows\System32\avresample-lav-1.dll
    2012-11-11 13:32 - 2012-11-11 13:32 - 07870928 ____A C:\Windows\SysWOW64\avcodec-lav-54.dll
    2012-11-11 13:32 - 2012-11-11 13:32 - 01182696 ____A C:\Windows\SysWOW64\avformat-lav-54.dll
    2012-11-11 13:32 - 2012-11-11 13:32 - 01172648 ____A (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\LAVVideo.ax
    2012-11-11 13:32 - 2012-11-11 13:32 - 00413864 ____A (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\LAVSplitter.ax
    2012-11-11 13:32 - 2012-11-11 13:32 - 00382120 ____A C:\Windows\SysWOW64\swscale-lav-2.dll
    2012-11-11 13:32 - 2012-11-11 13:32 - 00281768 ____A (Intel Corp.) C:\Windows\SysWOW64\IntelQuickSyncDecoder.dll
    2012-11-11 13:32 - 2012-11-11 13:32 - 00241832 ____A (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\LAVAudio.ax
    2012-11-11 13:32 - 2012-11-11 13:32 - 00238528 ____A C:\Windows\SysWOW64\avutil-lav-52.dll
    2012-11-11 13:32 - 2012-11-11 13:32 - 00183976 ____A C:\Windows\SysWOW64\libbluray.dll
    2012-11-11 13:32 - 2012-11-11 13:32 - 00167728 ____A C:\Windows\SysWOW64\avfilter-lav-3.dll
    2012-11-11 13:32 - 2012-11-11 13:32 - 00158096 ____A C:\Windows\SysWOW64\avresample-lav-1.dll
    2012-11-08 18:21 - 2012-11-08 18:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2012-11-08 18:21 - 2012-11-08 18:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
    2012-11-08 13:05 - 2012-11-08 18:20 - 00000000 ____D C:\Users\Cecilia\Documents\AGV
    2012-11-08 12:59 - 2012-11-08 12:59 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\AVG2013
    2012-11-08 12:45 - 2012-11-08 18:21 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2012-11-08 12:45 - 2012-11-08 12:45 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\TuneUp Software
    2012-11-08 12:43 - 2012-11-20 21:23 - 00000000 ____D C:\Users\All Users\AVG2013
    2012-11-08 12:03 - 2012-11-08 15:18 - 00000000 ____D C:\Users\Cecilia\AppData\Local\Avg2013
    2012-11-08 12:03 - 2012-11-08 12:03 - 00000000 ____D C:\Users\Cecilia\AppData\Local\MFAData
    2012-11-08 12:01 - 2012-11-08 12:01 - 04418888 ____A (AVG Technologies) C:\Users\Cecilia\Documents\avg_avc_stb_all_2013_2742.exe
    2012-11-02 16:54 - 2012-11-02 16:54 - 00000000 ____A C:\Users\Cecilia\Sti_Trace.log
    2012-10-30 15:46 - 2012-11-21 09:42 - 01229538 ____A C:\Users\Cecilia\Downloads\TR177_Metamodel_Ecore.zip
    2012-10-30 12:40 - 2012-11-21 11:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-10-30 11:34 - 2012-10-30 16:56 - 00000000 ____D C:\Users\Cecilia\Desktop\Today
    2012-10-22 13:02 - 2012-10-22 13:02 - 00154464 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys

    ==================== One Month Modified Files and Folders =======
    2012-11-21 17:45 - 2012-11-21 17:45 - 00000000 ____D C:\FRST
    2012-11-21 17:37 - 2011-11-26 15:30 - 01502050 ____A C:\Windows\WindowsUpdate.log
    2012-11-21 17:34 - 2011-11-28 21:00 - 00000000 ____D C:\Users\Cecilia\Documents\Outlook
    2012-11-21 17:25 - 2011-11-26 17:05 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\Skype
    2012-11-21 17:22 - 2009-07-14 04:45 - 00013888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-21 17:22 - 2009-07-14 04:45 - 00013888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-21 17:17 - 2012-11-21 17:17 - 01476262 ____A C:\Users\Cecilia\Desktop\computer info.bmp
    2012-11-21 17:10 - 2011-11-28 19:55 - 00000000 ____D C:\Users\All Users\MFAData
    2012-11-21 17:06 - 2012-04-02 11:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-11-21 17:05 - 2011-03-30 05:47 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-11-21 16:59 - 2009-07-14 05:13 - 00730512 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-21 16:05 - 2011-03-30 05:47 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-11-21 14:46 - 2012-04-12 10:56 - 00000476 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job
    2012-11-21 14:46 - 2011-03-30 06:03 - 00349986 ____A C:\Windows\PFRO.log
    2012-11-21 14:46 - 2009-07-14 05:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-21 14:46 - 2009-07-14 04:51 - 00069267 ____A C:\Windows\setupact.log
    2012-11-21 14:43 - 2012-11-21 14:10 - 00000000 ____D C:\Users\Cecilia\Desktop\MW problem
    2012-11-21 14:43 - 2012-07-16 16:11 - 00000000 ____D C:\Users\Cecilia\Desktop\Charandas
    2012-11-21 14:14 - 2012-05-21 11:47 - 00000000 ____D C:\Users\Cecilia\Desktop\FRAMEWRKS METHOD MODEL
    2012-11-21 11:00 - 2012-10-30 12:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-11-21 10:41 - 2011-11-26 15:31 - 00124504 ____A C:\Users\Cecilia\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-11-21 09:42 - 2012-10-30 15:46 - 01229538 ____A C:\Users\Cecilia\Downloads\TR177_Metamodel_Ecore.zip
    2012-11-21 08:57 - 2012-11-21 08:57 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-21 08:57 - 2012-11-20 19:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-21 08:53 - 2012-08-12 15:25 - 00000000 ____D C:\Users\Cecilia\Downloads\Complete
    2012-11-21 08:51 - 2012-11-21 08:51 - 00001284 ____A C:\Users\Cecilia\Desktop\mbam-setup-1.65.1.1000.exe - Shortcut.lnk
    2012-11-21 08:49 - 2012-11-21 08:49 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Cecilia\Downloads\mbam-setup-1.65.1.1000.exe
    2012-11-21 08:34 - 2009-07-14 04:45 - 00444632 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-11-20 21:38 - 2011-11-28 20:14 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-11-20 21:38 - 2009-07-14 02:34 - 00000510 ____A C:\Windows\win.ini
    2012-11-20 21:26 - 2012-11-20 18:06 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-11-20 21:26 - 2012-08-12 15:13 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\BitTorrent
    2012-11-20 21:26 - 2011-11-26 15:31 - 00000000 ____D C:\users\Cecilia
    2012-11-20 21:26 - 2011-03-30 05:26 - 00000000 ____D C:\Users\All Users\Sony Corporation
    2012-11-20 21:26 - 2009-07-14 03:20 - 00000000 __RSD C:\Windows\Media
    2012-11-20 21:26 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-11-20 21:26 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
    2012-11-20 21:26 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
    2012-11-20 21:26 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2012-11-20 21:23 - 2012-11-13 21:03 - 00000000 ____D C:\Program Files (x86)\Essentials Codec Pack
    2012-11-20 21:23 - 2012-11-08 12:43 - 00000000 ____D C:\Users\All Users\AVG2013
    2012-11-20 19:17 - 2012-11-20 19:17 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\Malwarebytes
    2012-11-20 19:17 - 2012-11-20 19:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-20 18:05 - 2012-11-20 18:05 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\Media Player Classic
    2012-11-20 15:24 - 2012-08-12 15:26 - 00000000 ____D C:\Users\Cecilia\Downloads\Pending
    2012-11-20 13:10 - 2012-11-20 12:13 - 00000000 ____D C:\Users\Cecilia\Desktop\NEO exp 2011 & 2012
    2012-11-20 09:36 - 2011-12-01 16:33 - 00000000 ____D C:\Users\Cecilia\Documents\Neosynapse
    2012-11-15 14:37 - 2012-11-15 12:13 - 00000000 ____D C:\Users\Cecilia\Documents\Exp Neo
    2012-11-13 21:03 - 2012-11-13 21:03 - 00001188 ____A C:\Users\Cecilia\Desktop\Media Player Classic.lnk
    2012-11-13 21:02 - 2012-11-13 21:02 - 00000000 ____D C:\Program Files (x86)\Yontoo
    2012-11-13 21:01 - 2012-11-13 21:01 - 00000000 ____D C:\Windows\SysWOW64\C2MP
    2012-11-13 20:55 - 2012-11-13 20:55 - 00000000 ____D C:\Users\Cecilia\AppData\Local\{0BAEF352-9A02-44CE-A574-DD55AF3C863A}
    2012-11-13 15:16 - 2011-12-01 16:41 - 00000000 ____D C:\Users\Cecilia\Documents\Flights
    2012-11-11 20:57 - 2012-11-11 20:57 - 00039904 ____A C:\Windows\SysWOW64\dischandler.exe
    2012-11-11 17:46 - 2012-11-11 17:46 - 04012544 ____A C:\Windows\System32\ffmpeg.dll
    2012-11-11 17:45 - 2012-11-11 17:45 - 04376576 ____A C:\Windows\System32\ffdshow.ax
    2012-11-11 17:45 - 2012-11-11 17:45 - 00474624 ____A C:\Windows\System32\ff_kernelDeint.dll
    2012-11-11 17:45 - 2012-11-11 17:45 - 00156672 ____A C:\Windows\System32\ff_libmad.dll
    2012-11-11 17:45 - 2012-11-11 17:45 - 00127488 ____A C:\Windows\System32\ff_vfw.dll
    2012-11-11 17:44 - 2012-11-11 17:44 - 01532928 ____A C:\Windows\System32\ff_samplerate.dll
    2012-11-11 17:44 - 2012-11-11 17:44 - 00631296 ____A C:\Windows\System32\TomsMoComp_ff.dll
    2012-11-11 17:44 - 2012-11-11 17:44 - 00223232 ____A C:\Windows\System32\ff_libdts.dll
    2012-11-11 17:44 - 2012-11-11 17:44 - 00183296 ____A C:\Windows\System32\ff_unrar.dll
    2012-11-11 17:44 - 2012-11-11 17:44 - 00116224 ____A C:\Windows\System32\ff_liba52.dll
    2012-11-11 17:44 - 2012-11-11 17:44 - 00114688 ____A C:\Windows\System32\ff_wmv9.dll
    2012-11-11 17:42 - 2012-11-11 17:42 - 03915776 ____A C:\Windows\SysWOW64\ffmpeg.dll
    2012-11-11 17:41 - 2012-11-11 17:41 - 03504128 ____A C:\Windows\SysWOW64\ffdshow.ax
    2012-11-11 17:41 - 2012-11-11 17:41 - 00271360 ____A C:\Windows\SysWOW64\TomsMoComp_ff.dll
    2012-11-11 17:41 - 2012-11-11 17:41 - 00112640 ____A C:\Windows\SysWOW64\ff_vfw.dll
    2012-11-11 17:40 - 2012-11-11 17:40 - 01525760 ____A C:\Windows\SysWOW64\ff_samplerate.dll
    2012-11-11 17:40 - 2012-11-11 17:40 - 00211968 ____A C:\Windows\SysWOW64\ff_libdts.dll
    2012-11-11 17:40 - 2012-11-11 17:40 - 00157184 ____A C:\Windows\SysWOW64\ff_unrar.dll
    2012-11-11 17:40 - 2012-11-11 17:40 - 00147456 ____A C:\Windows\SysWOW64\ff_libmad.dll
    2012-11-11 17:40 - 2012-11-11 17:40 - 00114688 ____A C:\Windows\SysWOW64\ff_liba52.dll
    2012-11-11 17:40 - 2012-11-11 17:40 - 00099840 ____A C:\Windows\SysWOW64\ff_wmv9.dll
    2012-11-11 13:34 - 2012-11-11 13:34 - 08000584 ____A C:\Windows\System32\avcodec-lav-54.dll
    2012-11-11 13:34 - 2012-11-11 13:34 - 01497768 ____A (1f0.de - Hendrik Leppkes) C:\Windows\System32\LAVVideo.ax
    2012-11-11 13:34 - 2012-11-11 13:34 - 01137384 ____A C:\Windows\System32\avformat-lav-54.dll
    2012-11-11 13:34 - 2012-11-11 13:34 - 00503464 ____A (1f0.de - Hendrik Leppkes) C:\Windows\System32\LAVSplitter.ax
    2012-11-11 13:34 - 2012-11-11 13:34 - 00405200 ____A C:\Windows\System32\swscale-lav-2.dll
    2012-11-11 13:34 - 2012-11-11 13:34 - 00364712 ____A (Intel Corp.) C:\Windows\System32\IntelQuickSyncDecoder.dll
    2012-11-11 13:34 - 2012-11-11 13:34 - 00274600 ____A (1f0.de - Hendrik Leppkes) C:\Windows\System32\LAVAudio.ax
    2012-11-11 13:34 - 2012-11-11 13:34 - 00252792 ____A C:\Windows\System32\avutil-lav-52.dll
    2012-11-11 13:34 - 2012-11-11 13:34 - 00215720 ____A C:\Windows\System32\libbluray.dll
    2012-11-11 13:34 - 2012-11-11 13:34 - 00181568 ____A C:\Windows\System32\avfilter-lav-3.dll
    2012-11-11 13:34 - 2012-11-11 13:34 - 00178472 ____A C:\Windows\System32\avresample-lav-1.dll
    2012-11-11 13:32 - 2012-11-11 13:32 - 07870928 ____A C:\Windows\SysWOW64\avcodec-lav-54.dll
    2012-11-11 13:32 - 2012-11-11 13:32 - 01182696 ____A C:\Windows\SysWOW64\avformat-lav-54.dll
    2012-11-11 13:32 - 2012-11-11 13:32 - 01172648 ____A (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\LAVVideo.ax
    2012-11-11 13:32 - 2012-11-11 13:32 - 00413864 ____A (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\LAVSplitter.ax
    2012-11-11 13:32 - 2012-11-11 13:32 - 00382120 ____A C:\Windows\SysWOW64\swscale-lav-2.dll
    2012-11-11 13:32 - 2012-11-11 13:32 - 00281768 ____A (Intel Corp.) C:\Windows\SysWOW64\IntelQuickSyncDecoder.dll
    2012-11-11 13:32 - 2012-11-11 13:32 - 00241832 ____A (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\LAVAudio.ax
    2012-11-11 13:32 - 2012-11-11 13:32 - 00238528 ____A C:\Windows\SysWOW64\avutil-lav-52.dll
    2012-11-11 13:32 - 2012-11-11 13:32 - 00183976 ____A C:\Windows\SysWOW64\libbluray.dll
    2012-11-11 13:32 - 2012-11-11 13:32 - 00167728 ____A C:\Windows\SysWOW64\avfilter-lav-3.dll
    2012-11-11 13:32 - 2012-11-11 13:32 - 00158096 ____A C:\Windows\SysWOW64\avresample-lav-1.dll
    2012-11-10 16:17 - 2012-04-30 08:37 - 00000000 ____D C:\SIRIUS12
    2012-11-09 15:46 - 2012-02-29 11:15 - 00040727 ____A C:\test.xml
    2012-11-08 18:21 - 2012-11-08 18:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2012-11-08 18:21 - 2012-11-08 18:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
    2012-11-08 18:21 - 2012-11-08 12:45 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2012-11-08 18:21 - 2012-08-04 14:55 - 00000000 ___HD C:\$AVG
    2012-11-08 18:20 - 2012-11-08 13:05 - 00000000 ____D C:\Users\Cecilia\Documents\AGV
    2012-11-08 16:45 - 2012-08-31 18:33 - 00000000 ____D C:\Users\Cecilia\Desktop\Zachman
    2012-11-08 15:18 - 2012-11-08 12:03 - 00000000 ____D C:\Users\Cecilia\AppData\Local\Avg2013
    2012-11-08 13:02 - 2011-11-28 20:00 - 00000000 ____D C:\Users\All Users\AVG2012
    2012-11-08 12:59 - 2012-11-08 12:59 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\AVG2013
    2012-11-08 12:59 - 2011-11-28 19:59 - 00000000 ____D C:\Program Files (x86)\AVG
    2012-11-08 12:45 - 2012-11-08 12:45 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\TuneUp Software
    2012-11-08 12:03 - 2012-11-08 12:03 - 00000000 ____D C:\Users\Cecilia\AppData\Local\MFAData
    2012-11-08 12:01 - 2012-11-08 12:01 - 04418888 ____A (AVG Technologies) C:\Users\Cecilia\Documents\avg_avc_stb_all_2013_2742.exe
    2012-11-06 08:51 - 2012-06-27 10:22 - 00000000 ____D C:\Users\Cecilia\Documents\Extracted Files
    2012-11-02 16:54 - 2012-11-02 16:54 - 00000000 ____A C:\Users\Cecilia\Sti_Trace.log
    2012-11-02 14:47 - 2012-05-08 18:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-10-30 16:56 - 2012-10-30 11:34 - 00000000 ____D C:\Users\Cecilia\Desktop\Today
    2012-10-30 15:51 - 2012-06-26 07:43 - 00000000 ____D C:\Users\Cecilia\Desktop\FAST
    2012-10-23 14:27 - 2012-10-20 11:18 - 00000000 ____D C:\Users\Cecilia\Documents\Tapes of Master
    2012-10-23 08:34 - 2011-12-01 16:34 - 00000000 ____D C:\Users\Cecilia\Documents\Lyrics poetry quotes
    2012-10-22 13:02 - 2012-10-22 13:02 - 00154464 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-10-30 13:53:40
    Restore point made on: 2012-11-08 10:01:21
    Restore point made on: 2012-11-08 12:43:34
    Restore point made on: 2012-11-08 12:44:06
    Restore point made on: 2012-11-09 23:17:50
    Restore point made on: 2012-11-16 00:37:07
    Restore point made on: 2012-11-20 20:48:42
    Restore point made on: 2012-11-20 21:37:40
    ==================== Memory info ===========================
    Percentage of memory in use: 16%
    Total physical RAM: 4011.86 MB
    Available physical RAM: 3361.42 MB
    Total Pagefile: 4010.01 MB
    Available Pagefile: 3354.09 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ==================== Partitions =============================
    1 Drive c: () (Fixed) (Total:451.33 GB) (Free:250.17 GB) NTFS
    2 Drive e: (Recovery) (Fixed) (Total:14.34 GB) (Free:1.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive g: () (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 977 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 14 GB 1024 KB
    Partition 2 Primary 100 MB 14 GB
    Partition 3 Primary 451 GB 14 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Recovery NTFS Partition 14 GB Healthy Hidden
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 451 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 977 MB 16 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT Removable 977 MB Healthy
    =========================================================
    Last Boot: 2012-11-15 14:31
    ==================== End Of Log =============================
  14. LadyhawkeX

    LadyhawkeX Newcomer, in training Topic Starter Posts: 60

    And the next one.....looking forwar to hearing from you...the text log seems like a lot of info for you to wade thru... I am impressed !-)

    Farbar Recovery Scan Tool (x64) Version: 18-11-2012
    Ran by SYSTEM at 2012-11-21 17:48:30
    Running from G:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 23:19] - [2009-07-14 01:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 23:19] - [2009-07-14 01:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======
  15. Broni

    Broni Malware Annihilator Posts: 46,159   +251

    I don't really see much there.
    What exactly is reported by AVG (file name? location?).

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
  16. LadyhawkeX

    LadyhawkeX Newcomer, in training Topic Starter Posts: 60

    Good Morning !-) so perhaps when I did the resotore it got rid tof the Virus??? I did a scan after the restore and it did not pop up, but I read in some other blogs here that it did not necessarily mean it was gone... here is the info from AVG when this happend on the 20th..I can't copy and paste it so I will just re write it.. Detection name: Vurus idnetified Win64/Patched.A Description:c:\Windows\System32\services.exe Serverity:High State:infected Date 20/11/2012, 18:52:40 and additionally it said it Cannot be cleaned....remove manually(this was a link to some program I mentioned in my original paot that was some .rar file... also with is alert was something called Adaware Generic.NCF and soem trojan horse called BackDoor.Generic15.CJWN... these kept poping up until I did the restore after that I ran AVG again and it found nothing but I was getting these weird messages about some of my programs not being able to loadTrueSuite Touch Control (some Vaio thing) and somthing called 'sortkey.nlp not loading and something called IASTORICON not working.... don't know what these are... so I am going to link you put in here and follow the instructions... I think its a holiday over there so I will try not to bug you too much... thanks for your dilligence and have a good one!!!
  17. Broni

    Broni Malware Annihilator Posts: 46,159   +251

  18. LadyhawkeX

    LadyhawkeX Newcomer, in training Topic Starter Posts: 60

    Quick question.. in step 3... Mirror 1 Mirror 2... how does one know which to download?
     
  19. Broni

    Broni Malware Annihilator Posts: 46,159   +251

    It doesn't matter.
    That's just in case one of the links is not working.
  20. LadyhawkeX

    LadyhawkeX Newcomer, in training Topic Starter Posts: 60

    Heres the Malware log
    Internet Explorer 9.0.8112.16421
    Cecilia :: SILVER [administrator]
    Protection: Enabled
    22/11/2012 17:21:37
    mbam-log-2012-11-22 (17-21-37).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208046
    Time elapsed: 3 minute(s), 49 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  21. LadyhawkeX

    LadyhawkeX Newcomer, in training Topic Starter Posts: 60

    Here is the aswMBR log
    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-22 17:29:50
    -----------------------------
    17:29:50.602 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:29:50.602 Number of processors: 4 586 0x2A07
    17:29:50.603 ComputerName: SILVER UserName:
    17:29:53.181 Initialize success
    17:33:58.117 AVAST engine defs: 12112200
    17:34:08.045 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    17:34:08.052 Disk 0 Vendor: TOSHIBA_ GH01 Size: 476940MB BusType: 3
    17:34:08.068 Disk 0 MBR read successfully
    17:34:08.073 Disk 0 MBR scan
    17:34:08.079 Disk 0 Windows 7 default MBR code
    17:34:08.090 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14680 MB offset 2048
    17:34:08.109 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 30066688
    17:34:08.122 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462158 MB offset 30271488
    17:34:08.142 Disk 0 scanning C:\Windows\system32\drivers
    17:34:21.085 Service scanning
    17:35:07.203 Modules scanning
    17:35:07.211 Disk 0 trace - called modules:
    17:35:07.215
    17:35:08.728 AVAST engine scan C:\Windows
    17:35:11.318 AVAST engine scan C:\Windows\system32
    17:39:09.643 AVAST engine scan C:\Windows\system32\drivers
    17:39:27.309 AVAST engine scan C:\Users\Cecilia
    17:39:57.721 Disk 0 MBR has been saved successfully to "C:\Users\Cecilia\Desktop\MBR.dat"
    17:39:57.725 The log file has been saved successfully to "C:\Users\Cecilia\Desktop\aswMBR.txt"
  22. LadyhawkeX

    LadyhawkeX Newcomer, in training Topic Starter Posts: 60

    This is not good... I download that aswMBR updated it and then ran the scan... during the scan my skype crasedthem my voipbustr crashed and just after I posted the aswMBR log my computer crashed... I am now running in safe mode with networking...I am thinking this is not good
  23. Broni

    Broni Malware Annihilator Posts: 46,159   +251

    aswMBR doesn't make any changes. It's just a scanner.
    Do you have any problem with starting in normal mode?
  24. LadyhawkeX

    LadyhawkeX Newcomer, in training Topic Starter Posts: 60

    Don't know will try that and see what happens.. and get back to you
  25. LadyhawkeX

    LadyhawkeX Newcomer, in training Topic Starter Posts: 60

    I am on my other computer now my main computer would not start... so I shut it down and tried again it started again but I got that IASTORICON has stopped working message again and another one...wlet you if any others come uphich is new.."sorttbls.nlp" not working...Vaiocare not working...What is this??? something is wrong here...I am getting paranoid about downloading this DDS thing


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.