Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! Don't know whats wrong!

Started by geneandcyra , Apr 29 2013 05:51 PM

  • Please log in to reply

#16
emeraldnzl
Posted 15 May 2013 - 03:03 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okay one last try with the OTL fix. This time we will do it a different way.

Make sure your AVG is disabled then:

Please run OTL.exe

  • Download and save to your desktop the attached OTL fix.txt at the bottom of this post.
  • Copy and paste the contents of OTL fix.txt into the Custom Scans/Fixes panel.

    Posted Image
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
  • If you can't find the log then navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Note: This script was written specifically for this infection on this person's computer. It should NOT to be used on another computer, as it may cause serious damage possibly rendering the machine unusable.
  • 0

Advertisements

#17
geneandcyra
Posted 15 May 2013 - 03:15 PM

geneandcyra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
It's still stopping and "not responding" on the last process
  • 0

#18
geneandcyra
Posted 16 May 2013 - 06:02 PM

geneandcyra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Computer is acting really funny now!
  • 0

#19
emeraldnzl
Posted 16 May 2013 - 06:11 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello geneandcyra,

Don't know what happened there I thought I had answered this yesterday.

In case this happens again PM me if you don't get an answer within 24 hours. :)

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
Note: If the log doesn't appear where you saved OTL when you downloaded it, then a copy of the OTL log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

After that

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. For you system that will be the 64bit version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
When you come back please post
  • OTL.txt
  • FRST.txt
  • 0

#20
geneandcyra
Posted 16 May 2013 - 08:05 PM

geneandcyra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTL logfile created on: 5/16/2013 8:49:41 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cyra\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 34.83% Memory free
3.49 Gb Paging File | 2.25 Gb Available in Paging File | 64.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.01 Gb Total Space | 166.66 Gb Free Space | 76.10% Space Free | Partition Type: NTFS
Drive D: | 13.58 Gb Total Space | 2.25 Gb Free Space | 16.59% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 92.59 Mb Free Space | 93.36% Space Free | Partition Type: FAT32

Computer Name: CYRA-PC | User Name: Cyra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/14 22:23:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cyra\Desktop\OTL.exe
PRC - [2013/02/18 12:55:00 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/02/18 12:55:00 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013/02/01 15:36:46 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/11/19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/18 12:55:00 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/02/18 12:55:00 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2009/08/20 16:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 16:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 16:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/08/05 00:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2013/02/18 12:55:00 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/11 03:18:40 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/18 12:55:00 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/12/10 04:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/11/08 04:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/22 02:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/05 01:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/21 21:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/14 19:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/09 10:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{15832FAB-4654-41FC-8A58-20234A11E4C6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80291
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{15832FAB-4654-41FC-8A58-20234A11E4C6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Cyra\AppData\Local\Roblox\Versions\version-1a23fdbca04d4954\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/17 10:54:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/04/16 17:09:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/18 12:55:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/17 10:54:26 | 000,000,000 | ---D | M]

[2010/06/14 21:43:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cyra\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2013/05/14 18:18:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Users\Cyra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC3A9DF5-608A-4C57-AAA0-29316A1851D6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEA033E6-35CD-4D29-ABE6-CC1F60898884}: DhcpNameServer = 192.168.0.1 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/15 16:34:06 | 000,000,000 | ---D | C] -- C:\Users\Cyra\Desktop\RK_Quarantine
[2013/05/15 15:46:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/14 22:41:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/14 22:40:24 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/14 22:40:21 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/14 22:40:21 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/14 22:40:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/14 22:40:20 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/14 22:40:20 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/14 22:40:20 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/14 22:23:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cyra\Desktop\OTL.exe
[2013/05/14 18:22:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/14 17:56:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/14 17:56:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/14 17:56:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/14 17:56:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/14 17:55:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/14 17:54:53 | 005,066,131 | R--- | C] (Swearware) -- C:\Users\Cyra\Desktop\ComboFix.exe
[2013/05/12 18:20:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/12 11:44:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/12 11:44:01 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/12 11:43:42 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Cyra\Desktop\JRT.exe
[2013/05/11 17:18:19 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/05/11 10:39:43 | 000,000,000 | ---D | C] -- C:\cabs
[2013/04/29 20:42:18 | 000,000,000 | ---D | C] -- C:\Users\Cyra\Documents\AVS4YOU
[2013/04/29 20:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2013/04/29 20:34:46 | 000,000,000 | ---D | C] -- C:\Users\Cyra\AppData\Roaming\AVS4YOU
[2013/04/29 20:31:08 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/04/29 20:31:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2013/04/29 20:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2013/04/28 19:55:47 | 000,000,000 | ---D | C] -- C:\Users\Cyra\AppData\Local\ElevatedDiagnostics

========== Files - Modified Within 30 Days ==========

[2013/05/16 20:08:57 | 119,843,771 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/05/16 20:06:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 20:06:42 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 19:58:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/16 19:58:33 | 1406,296,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/15 19:20:43 | 000,457,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/15 16:31:32 | 000,816,128 | ---- | M] () -- C:\Users\Cyra\Desktop\RogueKiller.exe
[2013/05/14 22:33:14 | 000,740,814 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/14 22:33:14 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/14 22:33:14 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/14 22:23:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cyra\Desktop\OTL.exe
[2013/05/14 18:18:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/14 17:54:58 | 005,066,131 | R--- | M] (Swearware) -- C:\Users\Cyra\Desktop\ComboFix.exe
[2013/05/12 11:43:43 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Cyra\Desktop\JRT.exe
[2013/05/11 09:30:30 | 000,001,350 | ---- | M] () -- C:\Users\Cyra\Desktop\ROBLOX Player.lnk
[2013/05/11 09:29:23 | 000,001,169 | ---- | M] () -- C:\Users\Cyra\Desktop\ROBLOX Studio 2013.lnk
[2013/04/30 17:39:07 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCyra.job
[2013/04/23 17:49:05 | 000,526,372 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

========== Files Created - No Company Name ==========

[2013/05/15 16:31:30 | 000,816,128 | ---- | C] () -- C:\Users\Cyra\Desktop\RogueKiller.exe
[2013/05/14 17:56:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/14 17:56:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/14 17:56:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/14 17:56:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/14 17:56:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/29 19:22:32 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForCyra.job
[2012/08/11 13:51:06 | 000,004,608 | ---- | C] () -- C:\Users\Cyra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/11 17:12:02 | 000,007,602 | ---- | C] () -- C:\Users\Cyra\AppData\Local\Resmon.ResmonCfg
[2010/04/18 22:18:56 | 000,000,156 | ---- | C] () -- C:\Users\Cyra\webct_upload_applet.properties

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-05-2013
Ran by Cyra (administrator) on 16-05-2013 21:51:57
Running from C:\Users\Cyra\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
(Farbar) C:\Users\Cyra\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-10-31] (Sun Microsystems, Inc.)
HKCU\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-08-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime [282624 2010-12-05] (Apple Computer, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1151152 2013-02-18] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
Startup: C:\Users\Cyra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\Cyra\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
BootExecute: c:\progra~2\avg\avg2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {4322B8A9-133A-415F-AB3F-8DDDCF7D1D24} URL =
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
PDF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
PDF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
PDF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab
PDF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
PDF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx
PDF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.1.1

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
R2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [x]

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-16 21:51 - 2013-05-16 21:51 - 01877462 ____A (Farbar) C:\Users\Cyra\Desktop\FRST64.exe
2013-05-16 21:51 - 2013-05-16 21:51 - 00000000 ____D C:\FRST
2013-05-16 21:08 - 2013-05-16 21:08 - 00064252 ____A C:\Users\Cyra\Desktop\OTL.Txt
2013-05-15 17:12 - 2013-05-15 17:12 - 00002094 ____A C:\Users\Cyra\Desktop\OTL fix.txt
2013-05-15 16:43 - 2013-05-15 16:43 - 00001316 ____A C:\Users\Cyra\Desktop\RKreport[3]_SC_05152013_02d1643.txt
2013-05-15 16:38 - 2013-05-15 16:38 - 00001869 ____A C:\Users\Cyra\Desktop\RKreport[2]_D_05152013_02d1638.txt
2013-05-15 16:37 - 2013-05-15 16:37 - 00001885 ____A C:\Users\Cyra\Desktop\RKreport[1]_S_05152013_02d1637.txt
2013-05-15 16:34 - 2013-05-15 16:37 - 00000000 ____D C:\Users\Cyra\Desktop\RK_Quarantine
2013-05-15 16:31 - 2013-05-15 16:31 - 00816128 ____A C:\Users\Cyra\Desktop\RogueKiller.exe
2013-05-14 22:41 - 2013-05-06 09:39 - 09060352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-14 22:41 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-14 22:41 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-14 22:40 - 2013-05-06 09:04 - 06033408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-14 22:40 - 2013-04-10 01:51 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-14 22:40 - 2013-04-10 01:51 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-14 22:40 - 2013-04-10 01:51 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-14 22:40 - 2013-04-10 01:47 - 00735232 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-14 22:40 - 2013-04-10 01:47 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-14 22:40 - 2013-04-10 01:46 - 12294656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-14 22:40 - 2013-04-10 01:46 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-14 22:40 - 2013-04-10 01:46 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-14 22:40 - 2013-04-10 01:46 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-14 22:40 - 2013-04-10 01:08 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-14 22:40 - 2013-04-10 01:07 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-14 22:40 - 2013-04-10 01:07 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-14 22:40 - 2013-04-10 01:03 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-14 22:40 - 2013-04-10 01:03 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-14 22:40 - 2013-04-10 01:03 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-14 22:40 - 2013-04-10 01:02 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-14 22:40 - 2013-04-10 01:02 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-14 22:40 - 2013-04-10 01:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-14 22:40 - 2013-04-09 23:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-14 22:23 - 2013-05-14 22:23 - 00602112 ____A (OldTimer Tools) C:\Users\Cyra\Desktop\OTL.exe
2013-05-14 18:22 - 2013-05-14 18:22 - 00018775 ____A C:\ComboFix.txt
2013-05-14 17:56 - 2013-05-14 18:22 - 00000000 ____D C:\Qoobox
2013-05-14 17:56 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-14 17:56 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-14 17:56 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-14 17:56 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-14 17:56 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-14 17:56 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-14 17:56 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-14 17:56 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-14 17:55 - 2013-05-14 18:20 - 00000000 ____D C:\Windows\erdnt
2013-05-14 17:54 - 2013-05-14 17:54 - 05066131 ____R (Swearware) C:\Users\Cyra\Desktop\ComboFix.exe
2013-05-12 18:20 - 2013-05-12 18:20 - 00000000 ____D C:\_OTL
2013-05-12 11:49 - 2013-05-12 11:49 - 00006362 ____A C:\Users\Cyra\Desktop\JRT.txt
2013-05-12 11:44 - 2013-05-12 11:44 - 00000000 ____D C:\Windows\ERUNT
2013-05-12 11:44 - 2013-05-12 11:44 - 00000000 ____D C:\JRT
2013-05-12 11:43 - 2013-05-12 11:43 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Cyra\Desktop\JRT.exe
2013-05-11 17:18 - 2013-05-11 17:18 - 00000000 ____D C:\Windows\pss
2013-05-11 10:39 - 2013-05-11 10:39 - 00000000 ____D C:\cabs
2013-04-29 20:42 - 2013-04-29 20:42 - 00000000 ____D C:\Users\Cyra\Documents\AVS4YOU
2013-04-29 20:35 - 2013-04-29 20:35 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-04-29 20:34 - 2013-04-29 20:34 - 00000000 ____D C:\Users\Cyra\AppData\Roaming\AVS4YOU
2013-04-29 20:31 - 2013-04-29 21:36 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-04-29 20:31 - 2011-06-23 13:26 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-04-29 19:22 - 2013-04-30 17:39 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForCyra.job
2013-04-23 19:36 - 2013-04-12 10:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2013-05-16 23:39 - 2010-04-17 22:33 - 00000000 ____D C:\users\Cyra
2013-05-16 23:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-05-16 21:51 - 2013-05-16 21:51 - 01877462 ____A (Farbar) C:\Users\Cyra\Desktop\FRST64.exe
2013-05-16 21:51 - 2013-05-16 21:51 - 00000000 ____D C:\FRST
2013-05-16 21:08 - 2013-05-16 21:08 - 00064252 ____A C:\Users\Cyra\Desktop\OTL.Txt
2013-05-16 20:15 - 2010-03-10 04:33 - 01268834 ____A C:\Windows\WindowsUpdate.log
2013-05-16 20:09 - 2011-10-14 19:27 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-05-16 20:06 - 2009-07-14 00:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-16 20:06 - 2009-07-14 00:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-16 19:58 - 2011-11-13 13:54 - 00114904 ____A C:\Windows\setupact.log
2013-05-16 19:58 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-16 19:25 - 2013-01-06 10:55 - 00000000 ____D C:\Users\Cyra\Desktop\BUSA 3060 Quantitive
2013-05-15 19:20 - 2009-07-14 00:45 - 00457328 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 17:12 - 2013-05-15 17:12 - 00002094 ____A C:\Users\Cyra\Desktop\OTL fix.txt
2013-05-15 16:43 - 2013-05-15 16:43 - 00001316 ____A C:\Users\Cyra\Desktop\RKreport[3]_SC_05152013_02d1643.txt
2013-05-15 16:38 - 2013-05-15 16:38 - 00001869 ____A C:\Users\Cyra\Desktop\RKreport[2]_D_05152013_02d1638.txt
2013-05-15 16:37 - 2013-05-15 16:37 - 00001885 ____A C:\Users\Cyra\Desktop\RKreport[1]_S_05152013_02d1637.txt
2013-05-15 16:37 - 2013-05-15 16:34 - 00000000 ____D C:\Users\Cyra\Desktop\RK_Quarantine
2013-05-15 16:31 - 2013-05-15 16:31 - 00816128 ____A C:\Users\Cyra\Desktop\RogueKiller.exe
2013-05-15 16:05 - 2011-09-23 07:17 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 16:04 - 2009-10-30 22:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-15 15:45 - 2010-03-10 04:36 - 00393090 ____A C:\Windows\PFRO.log
2013-05-14 22:33 - 2009-07-14 01:13 - 00740814 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-14 22:23 - 2013-05-14 22:23 - 00602112 ____A (OldTimer Tools) C:\Users\Cyra\Desktop\OTL.exe
2013-05-14 18:22 - 2013-05-14 18:22 - 00018775 ____A C:\ComboFix.txt
2013-05-14 18:22 - 2013-05-14 17:56 - 00000000 ____D C:\Qoobox
2013-05-14 18:22 - 2009-07-13 23:20 - 00000000 ___RD C:\users\Default
2013-05-14 18:20 - 2013-05-14 17:55 - 00000000 ____D C:\Windows\erdnt
2013-05-14 18:18 - 2010-06-20 14:49 - 00000000 ____D C:\Users\Cyra\AppData\Local\CrashDumps
2013-05-14 18:18 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini
2013-05-14 17:54 - 2013-05-14 17:54 - 05066131 ____R (Swearware) C:\Users\Cyra\Desktop\ComboFix.exe
2013-05-13 20:47 - 2010-04-25 20:38 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-05-12 18:20 - 2013-05-12 18:20 - 00000000 ____D C:\_OTL
2013-05-12 13:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-05-12 11:49 - 2013-05-12 11:49 - 00006362 ____A C:\Users\Cyra\Desktop\JRT.txt
2013-05-12 11:44 - 2013-05-12 11:44 - 00000000 ____D C:\Windows\ERUNT
2013-05-12 11:44 - 2013-05-12 11:44 - 00000000 ____D C:\JRT
2013-05-12 11:43 - 2013-05-12 11:43 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Cyra\Desktop\JRT.exe
2013-05-11 17:18 - 2013-05-11 17:18 - 00000000 ____D C:\Windows\pss
2013-05-11 10:44 - 2010-04-22 06:54 - 00000000 ____D C:\Users\Cyra\AppData\Roaming\CyberLink
2013-05-11 10:39 - 2013-05-11 10:39 - 00000000 ____D C:\cabs
2013-05-11 10:11 - 2011-08-25 22:30 - 00000000 ____D C:\Users\Cyra\AppData\Roaming\Yahoo!
2013-05-11 09:30 - 2013-02-02 17:07 - 00001350 ____A C:\Users\Cyra\Desktop\ROBLOX Player.lnk
2013-05-11 09:29 - 2013-02-01 19:22 - 00001169 ____A C:\Users\Cyra\Desktop\ROBLOX Studio 2013.lnk
2013-05-06 09:39 - 2013-05-14 22:41 - 09060352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-06 09:04 - 2013-05-14 22:40 - 06033408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-01 17:33 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\NDF
2013-04-30 17:59 - 2013-02-27 14:45 - 00000000 ____D C:\Users\Cyra\AppData\Local\LogMeIn Rescue Applet
2013-04-30 17:39 - 2013-04-29 19:22 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForCyra.job
2013-04-29 21:37 - 2012-08-25 19:58 - 00000000 ____D C:\ProgramData\Yahoo!
2013-04-29 21:37 - 2012-08-25 19:57 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-04-29 21:37 - 2012-08-05 13:55 - 00000000 ____D C:\Program Files (x86)\Viva Media
2013-04-29 21:36 - 2013-04-29 20:31 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-04-29 20:42 - 2013-04-29 20:42 - 00000000 ____D C:\Users\Cyra\Documents\AVS4YOU
2013-04-29 20:35 - 2013-04-29 20:35 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-04-29 20:34 - 2013-04-29 20:34 - 00000000 ____D C:\Users\Cyra\AppData\Roaming\AVS4YOU
2013-04-29 20:34 - 2010-04-17 10:41 - 00122904 ____A C:\Users\Cyra\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-28 20:34 - 2009-10-30 22:05 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2013-04-16 17:10 - 2010-11-04 23:21 - 00000000 ____D C:\ProgramData\MFAData
2013-04-16 17:09 - 2011-10-14 19:29 - 00000844 ____A C:\Users\Public\Desktop\AVG 2012.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-14 20:30

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2013
Ran by Cyra at 2013-05-16 21:52:54 Run:
Running from C:\Users\Cyra\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Acrobat.com (Version: 1.6.65)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe AIR (Version: 3.4.0.2540)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Reader 9.1 MUI (Version: 9.1.0)
Adobe Shockwave Player (Version: 11.0)
AMD USB Filter Driver (Version: 1.0.10.84)
ATI Catalyst Install Manager (Version: 3.0.732.0)
AVG 2012 (Version: 12.0.3162)
AVG 2012 (Version: 12.1.2241)
AVG 2012 (Version: 2012.1.2241)
AVG Security Toolbar (Version: 14.2.0.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Full Existing (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Full New (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Light (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Previews Common (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0804.2223.38385)
Catalyst Control Center InstallProxy (Version: 2009.0804.2223.38385)
Catalyst Control Center Localization All (Version: 2009.0804.2223.38385)
CCC Help Chinese Standard (Version: 2009.0804.2222.38385)
CCC Help Chinese Traditional (Version: 2009.0804.2222.38385)
CCC Help Czech (Version: 2009.0804.2222.38385)
CCC Help Danish (Version: 2009.0804.2222.38385)
CCC Help Dutch (Version: 2009.0804.2222.38385)
CCC Help English (Version: 2009.0804.2222.38385)
CCC Help Finnish (Version: 2009.0804.2222.38385)
CCC Help French (Version: 2009.0804.2222.38385)
CCC Help German (Version: 2009.0804.2222.38385)
CCC Help Greek (Version: 2009.0804.2222.38385)
CCC Help Hungarian (Version: 2009.0804.2222.38385)
CCC Help Italian (Version: 2009.0804.2222.38385)
CCC Help Japanese (Version: 2009.0804.2222.38385)
CCC Help Korean (Version: 2009.0804.2222.38385)
CCC Help Norwegian (Version: 2009.0804.2222.38385)
CCC Help Polish (Version: 2009.0804.2222.38385)
CCC Help Portuguese (Version: 2009.0804.2222.38385)
CCC Help Russian (Version: 2009.0804.2222.38385)
CCC Help Spanish (Version: 2009.0804.2222.38385)
CCC Help Swedish (Version: 2009.0804.2222.38385)
CCC Help Thai (Version: 2009.0804.2222.38385)
CCC Help Turkish (Version: 2009.0804.2222.38385)
ccc-core-static (Version: 2009.0804.2223.38385)
ccc-utility64 (Version: 2009.0804.2223.38385)
Coupon Printer for Windows (Version: 5.0.0.1)
CyberLink DVD Suite (Version: 7.0.2111)
CyberLink PowerDVD 8 (Version: 8.0.1.1005)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Google Update Helper (Version: 1.3.21.111)
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP Games (Version: 1.0.0.71)
HP Product Detection (Version: 10.7.9.0)
HP Quick Launch Buttons (Version: 6.50.7.1)
HP Setup (Version: 1.2.3560.3170)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Support Assistant (Version: 4.4.6.3)
HP Update (Version: 5.001.000.014)
HP User Guides 0148 (Version: 1.01.0005)
HP Wireless Assistant (Version: 3.50.9.1)
HPAsset component for HP Active Support Library (Version: 3.0.1.0)
IDT Audio (Version: 1.0.6225.0)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 15 (64-bit) (Version: 6.0.150)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 35 (Version: 6.0.350)
Java™ SE Development Kit 6 Update 15 (64-bit) (Version: 1.6.0.150)
JSWPFCom (Version: 1.07.0000)
JSWPFGradeK (Version: 1.07.0000)
JumpStart 3D Ages 4-6
Junk Mail filter update (Version: 14.0.8089.726)
LightScribe System Software (Version: 1.18.8.1)
LSI HDA Modem (Version: 2.1.94)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Live Search Toolbar (Version: 3.0.566.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MSVCRT (Version: 14.0.1468.721)
OpenOffice.org 3.3 (Version: 3.3.9567)
Power2Go (Version: 6.0.3311)
QLBCASL (Version: 6.40.17.2)
QuickTime (Version: 7.1)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0007)
Realtek USB 2.0 Card Reader (Version: 6.1.7100.30094)
Recovery Manager (Version: 5.5.2202)
Respondus LockDown Browser (Version: 1.02.0001)
ROBLOX Player for Cyra
ROBLOX Studio 2013 for Cyra
SmartWebPrinting (Version: 140.0.186.000)
Synaptics Pointing Device Driver (Version: 13.2.4.12)
Unity Web Player (Version: 2.1.0f5_16147)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update Installer for WildTangent Games App
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)

==================== Restore Points =========================

12-05-2013 17:04:57 Scheduled Checkpoint
14-05-2013 21:56:46 ComboFix created restore point
15-05-2013 02:27:50 Windows Update
15-05-2013 19:51:00 Windows Update
16-05-2013 01:45:37 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/16/2013 07:22:09 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a04

Start Time: 01ce528c0aafda67

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (05/16/2013 07:21:06 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10d0

Start Time: 01ce528b9eb22cd0

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (05/15/2013 05:55:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/15/2013 05:55:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/15/2013 05:55:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/15/2013 05:55:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/15/2013 05:30:25 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e8

Start Time: 01ce51b0fde0983d

Termination Time: 16

Application Path: C:\Users\Cyra\Desktop\OTL.exe

Report Id: 99fa58c8-bda6-11e2-a330-c80aa92e12e1

Error: (05/15/2013 03:59:05 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (05/14/2013 10:27:19 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e8c

Start Time: 01ce51133960c48d

Termination Time: 15

Application Path: C:\Users\Cyra\Desktop\OTL.exe

Report Id: 8481b698-bd06-11e2-9f8e-c80aa92e12e1

Error: (05/14/2013 09:39:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (05/16/2013 08:01:29 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (05/16/2013 07:58:38 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/16/2013 06:09:57 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (05/16/2013 06:07:42 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/16/2013 06:07:32 PM) (Source: Service Control Manager) (User: )
Description: The AMD External Events Utility service failed to start due to the following error:
%%1053

Error: (05/16/2013 06:07:32 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.

Error: (05/16/2013 07:02:33 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (05/16/2013 07:00:04 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/16/2013 06:59:43 AM) (Source: Service Control Manager) (User: )
Description: The AMD External Events Utility service failed to start due to the following error:
%%1053

Error: (05/16/2013 06:59:43 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.


Microsoft Office Sessions:
=========================
Error: (05/16/2013 07:22:09 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.7601.17514a0401ce528c0aafda670C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (05/16/2013 07:21:06 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.7601.1751410d001ce528b9eb22cd00C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (05/15/2013 05:55:52 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (05/15/2013 05:55:47 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (05/15/2013 05:55:47 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (05/15/2013 05:55:47 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (05/15/2013 05:30:25 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.01e801ce51b0fde0983d16C:\Users\Cyra\Desktop\OTL.exe99fa58c8-bda6-11e2-a330-c80aa92e12e1

Error: (05/15/2013 03:59:05 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Security, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (05/14/2013 10:27:19 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.0e8c01ce51133960c48d15C:\Users\Cyra\Desktop\OTL.exe8481b698-bd06-11e2-9f8e-c80aa92e12e1

Error: (05/14/2013 09:39:48 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8


CodeIntegrity Errors:
===================================
Date: 2013-05-14 18:17:31.251
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-14 18:17:30.861
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 79%
Total physical RAM: 1788.2 MB
Available physical RAM: 363.96 MB
Total Pagefile: 3576.4 MB
Available Pagefile: 2093.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:219.01 GB) (Free:166.51 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.58 GB) (Free:2.25 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: E48393F7)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=219 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================
  • 0

#21
emeraldnzl
Posted 16 May 2013 - 09:17 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please download Security Check by screen317 from here .

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
When you return please post
  • Fixlog.txt
  • checkup.txt
  • 0

#22
geneandcyra
Posted 17 May 2013 - 05:07 PM

geneandcyra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2013
Ran by Cyra at 2013-05-17 18:27:19 Run:1
Running from C:\Users\Cyra\Desktop
Boot Mode: Normal
==============================================

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4322B8A9-133A-415F-AB3F-8DDDCF7D1D24} => Key deleted successfully.
HKCR\CLSID\{4322B8A9-133A-415F-AB3F-8DDDCF7D1D24} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.

==== End of Fixlog ====
Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 22
Java™ 6 Update 35
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
  • 0

#23
emeraldnzl
Posted 17 May 2013 - 05:21 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Is that the paid for version of AVG?

The reason I ask is because Windows Firewall is enabled and if you have the paid for version their may well be conflict occurring.

Now

Your Java is out of date. Older versions are vunerable to attack.

Please follow these steps:

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
After that

Please download Farbar Service Scanner and run.

  • Make sure the following options are checked:


  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Other Services

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]
  • 0

#24
geneandcyra
Posted 17 May 2013 - 06:20 PM

geneandcyra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Farbar Service Scanner Version: 14-04-2013
Ran by Cyra (administrator) on 17-05-2013 at 20:17:49
Running from "C:\Users\Cyra\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#25
emeraldnzl
Posted 17 May 2013 - 08:07 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
You didn't answer the question about whether the AVG program you have is the paid for version with it's own firewall.

Tell me next time if you think there might be conflict.

Meantime

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.

  • 0

Advertisements

#26
geneandcyra
Posted 18 May 2013 - 07:35 PM

geneandcyra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

it's extremely slow, I'm getting popups from AVG talking about tracking cookies and I'm not sure what to do with it, oh and I don't have the paid version
  • 0

#27
emeraldnzl
Posted 18 May 2013 - 07:42 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

it's extremely slow, I'm getting popups from AVG talking about tracking cookies and I'm not sure what to do with it,


It will likely be AVG slowing it down. If it locks then probably the best work around would be to uninstall AVG until you are finished here. Reinstall afterwards. Not much you can do about the pop ups. Same answer really uninstall it until you are finished.

oh and I don't have the paid version


Probably why Windows Firewall is enabled then.
  • 0

#28
geneandcyra
Posted 18 May 2013 - 08:37 PM

geneandcyra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
okay thanks, should i delete all the things I downloaded
  • 0

#29
emeraldnzl
Posted 18 May 2013 - 08:56 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

okay thanks, should i delete all the things I downloaded


I take it the ESET Scan didn't complete? If that is what you are referring to then yes just delete what is there and follow the instructions to redo the download and scan.
  • 0

#30
geneandcyra
Posted 20 May 2013 - 03:50 PM

geneandcyra

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
it completed I replied back with what was in the log, which wasn't but 3 lines, didn't know if I selected the correct thing.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP