Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013 Ran by SYSTEM on MININT-TVAC1AP on 09-11-2013 16:03:14 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-10-31] (Sun Microsystems, Inc.) HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPCam_Menu] - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [49208 2011-05-09] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\Laura\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\Laura\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard) HKU\Laura\...\Run: [EPSON SX125 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGE.EXE /FU "C:\Windows\TEMP\E_S4A96.tmp" /EF "HKCU" HKU\Laura\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd) HKU\Laura\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKU\Laura\...\Run: [AVG-Secure-Search-Update_0913b] - C:\Users\Laura\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 6beedb394d4a47d095591943efcea055-34d0a00f264448a55dc764f9ec03b0a21e572f00 --CMPID 0913b HKU\Laura\...\Winlogon: [Shell] explorer.exe <==== ATTENTION HKU\Mcx1-LAURA-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION AppInit_DLLs-x32: c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll [ ] () ==================== Services (Whitelisted) ================= S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-25] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.) S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] () S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.) S2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-12] (The Within Network, LLC) S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x] ==================== Drivers (Whitelisted) ==================== S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-02-07] (Duplex Secure Ltd.) S2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-12] () S1 Avgdiska; system32\DRIVERS\avgdiska.sys [x] S1 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [x] S1 AVGIDSDriver; system32\DRIVERS\avgidsdrivera.sys [x] S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [x] S1 Avgldx64; system32\DRIVERS\avgldx64.sys [x] S0 Avgloga; system32\DRIVERS\avgloga.sys [x] S0 Avgmfx64; system32\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64; system32\DRIVERS\avgrkx64.sys [x] S1 Avgtdia; system32\DRIVERS\avgtdia.sys [x] S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-09 16:03 - 2013-11-09 16:03 - 00000000 ____D C:\FRST ==================== One Month Modified Files and Folders ======= 2013-11-09 16:03 - 2013-11-09 16:03 - 00000000 ____D C:\FRST 2013-11-09 15:21 - 2012-10-24 14:44 - 00000000 ____D C:\ProgramData\Recovery 2013-11-09 13:12 - 2013-04-12 07:06 - 00000000 ____D C:\users\Mcx1-LAURA-PC 2013-11-09 13:12 - 2012-10-24 05:49 - 00000000 ____D C:\users\Laura 2013-11-09 13:11 - 2013-05-30 03:47 - 00000000 ____D C:\ProgramData\MobileBrServ 2013-11-09 13:11 - 2013-03-13 14:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-11-09 13:11 - 2013-03-13 14:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-11-09 13:11 - 2013-02-18 23:31 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-11-09 13:11 - 2013-01-10 07:13 - 00000000 ____D C:\ProgramData\MFAData 2013-11-09 13:11 - 2012-11-07 09:29 - 00000000 ____D C:\ProgramData\Skype 2013-11-09 13:11 - 2010-03-21 01:11 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-11-09 13:11 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2013-11-09 13:11 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-11-09 13:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-11-09 13:08 - 2013-10-08 03:52 - 00000000 ____D C:\Program Files (x86)\Java 2013-11-09 13:08 - 2013-10-08 03:36 - 00000000 ____D C:\ProgramData\AVG2014 2013-11-09 13:08 - 2012-11-07 09:29 - 00000000 ____D C:\Users\Laura\AppData\Roaming\Skype 2013-10-23 12:42 - 2013-10-08 03:33 - 00000000 ____D C:\Users\Laura\AppData\Local\Avg2014 2013-10-12 00:37 - 2012-11-21 01:55 - 00165013 _____ C:\Windows\setupact.log 2013-10-12 00:37 - 2012-11-20 15:50 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-12 00:37 - 2012-11-20 15:50 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-12 00:37 - 2012-11-20 15:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-12 00:37 - 2010-03-21 00:20 - 01562073 _____ C:\Windows\WindowsUpdate.log 2013-10-10 10:30 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-10 10:30 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-10 09:07 - 2013-10-08 03:38 - 00000965 _____ C:\Users\Public\Desktop\AVG 2014.lnk 2013-10-10 09:06 - 2013-01-10 07:40 - 00000000 ___HD C:\$AVG 2013-10-10 08:58 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT Some content of TEMP: ==================== C:\Users\Laura\AppData\Local\Temp\BURNCDCC.EXE C:\Users\Laura\AppData\Local\Temp\DeltaTB.exe C:\Users\Laura\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Laura\AppData\Local\Temp\ICReinstall_BitLordInstall.exe C:\Users\Laura\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\Laura\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\Laura\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Laura\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Laura\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe C:\Users\Laura\AppData\Local\Temp\mssinstaller.exe C:\Users\Laura\AppData\Local\Temp\npexn8iw.dll C:\Users\Laura\AppData\Local\Temp\ose00000.exe C:\Users\Laura\AppData\Local\Temp\Quarantine.exe C:\Users\Laura\AppData\Local\Temp\Resource.exe C:\Users\Laura\AppData\Local\Temp\SkypeSetup.exe C:\Users\Laura\AppData\Local\Temp\sp58915.exe C:\Users\Laura\AppData\Local\Temp\uninst1.exe C:\Users\Laura\AppData\Local\Temp\UninstallHPSA.exe ==================== Known DLLs (Whitelisted) ================ C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\LPK.dll IS MISSING <==== ATTENTION! ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 1 Restore point made on: 2013-10-12 00:37:33 ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 3836.2 MB Available physical RAM: 3135.02 MB Total Pagefile: 3834.34 MB Available Pagefile: 3126.22 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:284.28 GB) (Free:14.41 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (RECOVERY) (Fixed) (Total:13.52 GB) (Free:2.24 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 Drive g: (20120612_1744) (CDROM) (Total:0.16 GB) (Free:0 GB) CDFS Drive h: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: F26B837D) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=284 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (Size: 966 MB) (Disk ID: 00504FA1) Partition 1: (Active) - (Size=966 MB) - (Type=06) LastRegBack: 2013-10-06 12:27 ==================== End Of Log ============================