Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Radio sound from speakers...


  • Please log in to reply
10 replies to this topic

#1 mohnabebe

mohnabebe

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 25 March 2014 - 06:18 PM

Hi,

 

Today I noticed that I have a radio sound coming from my speakers. (very very low...you can barely hear it)

 

I'm running WIndows 7 ultimate 64bit, 16gb memory, intel i7 processor...

 

After doing some digging around I realize that this radio station sound is likely some sort of virus/malmware/adware.

 

Can anyone help me get rid of it?

 

Here's the DDS log (and also, Ive attached the attach.txt)

 

-.-------------------------------

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 1.6.0_03
Run by Alex at 0:12:19 on 2014-03-26
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16276.2871 [GMT 1:00]
.
AV: AVG Internet Security Business Edition *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security Business Edition *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\1Password\Agile1pService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\GIGABYTE\WiFiShare\VirtualRouterService.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\GIGABYTE\WiFiShare\WiFiShare.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
E:\Program\iTunes\iTunesHelper.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mindjet\MindManager 14\MmReminderService.exe
C:\Program Files (x86)\Mindjet\MindManager 14\MindManager.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
E:\Program\Microsoft Office\Office14\EXCEL.EXE
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Backblaze\bzserv.exe
E:\Program\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
E:\Program\iTunes\iTunes.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\calc.exe
C:\Program Files (x86)\GSA Captcha Breaker\GSA_CapBreak.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
E:\Program\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
E:\Program\Scrivener\Scrivener.exe
C:\Windows\system32\notepad.exe
C:\Program Files\CCleaner\CCleaner64.exe
E:\Program\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Backblaze\bzbui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyServer = controldec.com:3121
mWinlogon: Userinit = userinit.exe,
BHO: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: 1Password: {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files (x86)\1Password\Agile1pIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [DAEMON Tools Lite] "E:\Program\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [AdobeBridge] <no file>
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
mRun: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "E:\Program\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "E:\Program\Quicktime\QTTask.exe" -atboottime
mRun: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
mRun: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 14\MMReminderService.exe
dRun: [Backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Alex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Alex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Alex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WI-FIS~1.LNK - C:\Windows\Installer\{B106F77C-66D4-4A82-9112-C87DDAAAA6A9}\_AF1D53F3A23CF516B6D73F.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - E:\Program\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - E:\Program\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll/202
IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - C:\Program Files (x86)\1Password\Agile1pIE.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001015-0002-0015-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{72104425-F036-48E6-8149-45ABFD1AD7AE} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{DB42B180-0A94-4ECA-B711-2DA7504F831D} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 14\sys\MmInternetExplorerActiveSetup.vbs
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [BCSSync] "E:\Program\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\Program\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - E:\Program\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t34ir5w4.default-1363763270224\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - controldec.com
FF - prefs.js: network.proxy.ftp_port - 3121
FF - prefs.js: network.proxy.http - controldec.com
FF - prefs.js: network.proxy.http_port - 3121
FF - prefs.js: network.proxy.socks - controldec.com
FF - prefs.js: network.proxy.socks_port - 3121
FF - prefs.js: network.proxy.ssl - controldec.com
FF - prefs.js: network.proxy.ssl_port - 3121
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl64.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: E:\Program\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: E:\Program\Quicktime\Plugins\npqtplugin.dll
FF - plugin: E:\Program\Quicktime\Plugins\npqtplugin2.dll
FF - plugin: E:\Program\Quicktime\Plugins\npqtplugin3.dll
FF - plugin: E:\Program\Quicktime\Plugins\npqtplugin4.dll
FF - plugin: E:\Program\Quicktime\Plugins\npqtplugin5.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - c43f9e4300000000000000fffaddd390
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15830
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1619:18:09
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.zonealarm.hpOld0 -
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=8269b77c4efa4cfcae497dab222fe9cb&tu=10G90007v2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - c43f9e4300000000000000fffaddd390
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15831
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1119:32:32
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN117942615209492-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=8269b77c4efa4cfcae497dab222fe9cb&tu=10G90007v2B0008&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&gu=8269b77c4efa4cfcae497dab222fe9cb&tu=10G90007v2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=8269b77c4efa4cfcae497dab222fe9cb&tu=10G90007v2B0008&sku=&tstsId=&ver=&
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-10-23 45880]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-3-24 14456]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-11-2 16152]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2012-11-2 25056]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-11-2 21616]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-1-30 49952]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-5-5 283200]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2012-11-2 26624]
R2 Agile1Password;1Password;C:\Program Files (x86)\1Password\Agile1pService.exe [2013-5-9 768752]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-9-30 105120]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-10-25 71032]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-10-25 384888]
R2 bzserv;Backblaze Service;C:\Program Files (x86)\Backblaze\bzserv.exe [2013-11-26 233576]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-11-22 828072]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-2 161560]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-11-3 2848168]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-2 363800]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-11-2 27760]
R2 Virtual Router;VirtualRouterService;C:\Program Files (x86)\GIGABYTE\WiFiShare\VirtualRouterService.exe [2012-2-16 12288]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [2014-3-21 1771032]
R2 WSWNA1100;WSWNA1100;C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2012-11-2 297440]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-9-30 158880]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-9-30 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-9-30 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-9-30 110240]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-9-30 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-9-30 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-9-30 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-9-30 280992]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-9-30 519328]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-1-6 59392]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2012-1-6 84608]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-11-2 160256]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-11-2 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-11-2 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-11-2 787736]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2013-5-10 222232]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-11-2 104560]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-11-2 2184816]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-10-25 393080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-11-2 30528]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2012-11-2 960992]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-6-7 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-14 19456]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-14 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-2 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-03-24 07:33:45    --------    d-----w-    C:\Program Files (x86)\Evernote
2014-03-21 13:34:58    --------    d-----w-    C:\ProgramData\AVG Secure Search
2014-03-20 08:30:42    --------    d-----w-    C:\Users\Alex\AppData\Local\Scrivener
2014-03-11 18:50:54    5777288    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-03 07:51:44    --------    d-----w-    C:\Users\Alex\AppData\Local\Mindjet
2014-03-03 07:48:16    --------    d-----w-    C:\ProgramData\Mindjet
2014-03-03 07:48:14    --------    d-----w-    C:\Program Files (x86)\Mindjet
2014-03-03 07:47:40    --------    d-----w-    C:\Users\Alex\AppData\Local\{F5395678-8CEF-4464-BBA8-57FAFEC63626}
.
==================== Find3M  ====================
.
2014-03-21 13:34:17    49952    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2014-03-11 19:21:23    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 19:21:23    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-08 12:40:32    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-01-08 11:49:45    0    ----a-w-    C:\Windows\SysWow64\REN47FA.tmp
2014-01-08 11:49:45    0    ----a-w-    C:\Windows\SysWow64\REN47EA.tmp
2014-01-08 11:49:45    0    ----a-w-    C:\Windows\SysWow64\REN47C9.tmp
2013-02-17 03:27:32    2174976    ----a-w-    C:\Program Files (x86)\Common Files\atimpenc.dll
.
============= FINISH:  0:13:12.63 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 mohnabebe

mohnabebe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 28 March 2014 - 05:08 AM

I'm bumping this as the issue still remains and this thread is burried at like 8th page : /



#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:33 AM

Posted 30 March 2014 - 03:09 PM

Hi mohnabebe
 

the issue still remains and this thread is burried at like 8th page

It maybe on page 8 to you ..... but the Malware Response Team can still see it quite easily.
It doesn't get lost.

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.


Download RogueKiller and save it to your desktop.
  • Close all running processes (security programs etc )
  • Double click RogueKiller icon to run the program
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Scan button.
  • Please copy and paste the report in your next reply.
A copy of the RKreport.txt can be found on your desktop.

Note:
If RogueKiller is blocked, do not hesitate to try running it again.
If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.


In your next reply, please submit:
RKreport.txt


Thanks.

Edited by Starbuck, 30 March 2014 - 03:10 PM.

BBPP6nz.png


#4 mohnabebe

mohnabebe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 30 March 2014 - 05:45 PM

Here's what the RKreport.txt looks like:

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Alex [Admin rights]
Mode : Scan -- Date : 03/31/2014 00:42:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : Kernel and Hardware Abstraction Layer (KHALMNPR.EXE [7]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[BROK VAL] HKCR\[...]\command :  () -> MISSING

¤¤¤ Scheduled tasks : 6 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job : C:\Windows\TEMP\{AF8E884A-6EE5-426F-B7D8-78A684C616D3}.exe - --uninstall=1 [x] -> FOUND
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{5B85D6AC-33B8-49C3-B988-6B9C826DE0D7}.exe - --uninstall=1 [x] -> FOUND
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv : C:\Windows\TEMP\{AF8E884A-6EE5-426F-B7D8-78A684C616D3}.exe - --uninstall=1 [x] -> FOUND
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{5B85D6AC-33B8-49C3-B988-6B9C826DE0D7}.exe - --uninstall=1 [x] -> FOUND
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 2 ¤¤¤
[FF][PUP] t34ir5w4.default-1363763270224 : AVG Security Toolbar
[CHR][PUP] Default : AVG Security Toolbar

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (WlanAllocateMemory) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9268AC8)
[Address] EAT @explorer.exe (WlanCloseHandle) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92638A0)
[Address] EAT @explorer.exe (WlanConnect) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9265558)
[Address] EAT @explorer.exe (WlanDeleteProfile) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9266D10)
[Address] EAT @explorer.exe (WlanDisconnect) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92657E8)
[Address] EAT @explorer.exe (WlanEnumInterfaces) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9263A80)
[Address] EAT @explorer.exe (WlanExtractPsdIEDataList) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9268394)
[Address] EAT @explorer.exe (WlanFreeMemory) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF926A5A0)
[Address] EAT @explorer.exe (WlanGetAvailableNetworkList) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9264F88)
[Address] EAT @explorer.exe (WlanGetFilterList) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9267F9C)
[Address] EAT @explorer.exe (WlanGetInterfaceCapability) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9264188)
[Address] EAT @explorer.exe (WlanGetNetworkBssList) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9265268)
[Address] EAT @explorer.exe (WlanGetProfile) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9266A20)
[Address] EAT @explorer.exe (WlanGetProfileCustomUserData) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9267B1C)
[Address] EAT @explorer.exe (WlanGetProfileList) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9267404)
[Address] EAT @explorer.exe (WlanGetSecuritySettings) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9268D88)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStart) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF926935C)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStop) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9269418)
[Address] EAT @explorer.exe (WlanHostedNetworkInitSettings) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92699D8)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryProperty) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92694D4)
[Address] EAT @explorer.exe (WlanHostedNetworkQuerySecondaryKey) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF926A020)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryStatus) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9269B50)
[Address] EAT @explorer.exe (WlanHostedNetworkRefreshSecuritySettings) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9269A94)
[Address] EAT @explorer.exe (WlanHostedNetworkSetProperty) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9269744)
[Address] EAT @explorer.exe (WlanHostedNetworkSetSecondaryKey) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9269D78)
[Address] EAT @explorer.exe (WlanHostedNetworkStartUsing) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92691EC)
[Address] EAT @explorer.exe (WlanHostedNetworkStopUsing) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92692A4)
[Address] EAT @explorer.exe (WlanIhvControl) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9264A00)
[Address] EAT @explorer.exe (WlanOpenHandle) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9261960)
[Address] EAT @explorer.exe (WlanQueryAutoConfigParameter) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9263EE8)
[Address] EAT @explorer.exe (WlanQueryInterface) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9264668)
[Address] EAT @explorer.exe (WlanReasonCodeToString) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9268A54)
[Address] EAT @explorer.exe (WlanRegisterNotification) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9265A08)
[Address] EAT @explorer.exe (WlanRegisterVirtualStationNotification) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF926A358)
[Address] EAT @explorer.exe (WlanRenameProfile) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9266F4C)
[Address] EAT @explorer.exe (WlanSaveTemporaryProfile) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92687D0)
[Address] EAT @explorer.exe (WlanScan) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9264D40)
[Address] EAT @explorer.exe (WlanSetAutoConfigParameter) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9263D10)
[Address] EAT @explorer.exe (WlanSetFilterList) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9267DCC)
[Address] EAT @explorer.exe (WlanSetInterface) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9264470)
[Address] EAT @explorer.exe (WlanSetProfile) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9266760)
[Address] EAT @explorer.exe (WlanSetProfileCustomUserData) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92678A4)
[Address] EAT @explorer.exe (WlanSetProfileEapUserData) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9265CC4)
[Address] EAT @explorer.exe (WlanSetProfileEapXmlUserData) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9265F9C)
[Address] EAT @explorer.exe (WlanSetProfileList) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92671A8)
[Address] EAT @explorer.exe (WlanSetProfilePosition) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9267644)
[Address] EAT @explorer.exe (WlanSetPsdIEDataList) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92681B0)
[Address] EAT @explorer.exe (WlanSetSecuritySettings) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9268B58)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : PUP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG SSD 830 Series ATA Device +++++
--- User ---
[MBR] 3cb45e0da49604395eb2a732ecb2d2f8
[BSP] 05f801617d9877c04fbcfa37e9c3f570 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD10EARX-00N0YB0 ATA Device +++++
--- User ---
[MBR] 51d1c645e40d04f0eab104a1796b11f9
[BSP] 282289a855c4928a1547c2c563d0a6b3 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03312014_004248.txt >>



 



#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:33 AM

Posted 31 March 2014 - 12:05 PM

Hi mohnabebe

Question:
Did you personally set this proxy..uProxyServer = controldec.com:3121



Step 1
  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
When the scan completes >> click on the Registry tab
Put a check next to all of these item below and uncheck the rest: (if found)

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : Kernel and Hardware Abstraction Layer (KHALMNPR.EXE [7]) -> FOUND
[BROK VAL] HKCR\[...]\command : () -> MISSING

  • Now click the Delete button.
  • Please copy and paste the report in your next reply.
A copy of the RKreport.txt can be found on your desktop.


Step 2
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
RKreport.txt
Both reports from Frst


Thanks.

BBPP6nz.png


#6 mohnabebe

mohnabebe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 02 April 2014 - 07:26 PM

Thank you so much for your help.

 

Here's the RKreport.txt

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Alex [Admin rights]
Mode : Remove -- Date : 04/03/2014 02:21:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : Kernel and Hardware Abstraction Layer (KHALMNPR.EXE [7]) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
[BROK VAL] HKCR\[...]\command :  () -> CREATED ("%1" %*)

¤¤¤ Scheduled tasks : 6 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job : C:\Windows\TEMP\{AF8E884A-6EE5-426F-B7D8-78A684C616D3}.exe - --uninstall=1 [x] -> NOT SELECTED
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{5B85D6AC-33B8-49C3-B988-6B9C826DE0D7}.exe - --uninstall=1 [x] -> NOT SELECTED
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> NOT SELECTED
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv : C:\Windows\TEMP\{AF8E884A-6EE5-426F-B7D8-78A684C616D3}.exe - --uninstall=1 [x] -> NOT SELECTED
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{5B85D6AC-33B8-49C3-B988-6B9C826DE0D7}.exe - --uninstall=1 [x] -> NOT SELECTED
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [7] -> NOT SELECTED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 2 ¤¤¤
[FF][PUP] t34ir5w4.default-1363763270224 : AVG Security Toolbar
[CHR][PUP] Default : AVG Security Toolbar

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (WlanAllocateMemory) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9268AC8)
[Address] EAT @explorer.exe (WlanCloseHandle) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92638A0)
[Address] EAT @explorer.exe (WlanConnect) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9265558)
[Address] EAT @explorer.exe (WlanDeleteProfile) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9266D10)
[Address] EAT @explorer.exe (WlanDisconnect) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92657E8)
[Address] EAT @explorer.exe (WlanEnumInterfaces) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9263A80)
[Address] EAT @explorer.exe (WlanExtractPsdIEDataList) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9268394)
[Address] EAT @explorer.exe (WlanFreeMemory) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF926A5A0)
[Address] EAT @explorer.exe (WlanGetAvailableNetworkList) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9264F88)
[Address] EAT @explorer.exe (WlanGetFilterList) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9267F9C)
[Address] EAT @explorer.exe (WlanGetInterfaceCapability) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9264188)
[Address] EAT @explorer.exe (WlanGetNetworkBssList) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9265268)
[Address] EAT @explorer.exe (WlanGetProfile) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9266A20)
[Address] EAT @explorer.exe (WlanGetProfileCustomUserData) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9267B1C)
[Address] EAT @explorer.exe (WlanGetProfileList) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9267404)
[Address] EAT @explorer.exe (WlanGetSecuritySettings) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9268D88)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStart) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF926935C)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStop) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9269418)
[Address] EAT @explorer.exe (WlanHostedNetworkInitSettings) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92699D8)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryProperty) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92694D4)
[Address] EAT @explorer.exe (WlanHostedNetworkQuerySecondaryKey) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF926A020)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryStatus) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9269B50)
[Address] EAT @explorer.exe (WlanHostedNetworkRefreshSecuritySettings) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9269A94)
[Address] EAT @explorer.exe (WlanHostedNetworkSetProperty) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9269744)
[Address] EAT @explorer.exe (WlanHostedNetworkSetSecondaryKey) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9269D78)
[Address] EAT @explorer.exe (WlanHostedNetworkStartUsing) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92691EC)
[Address] EAT @explorer.exe (WlanHostedNetworkStopUsing) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92692A4)
[Address] EAT @explorer.exe (WlanIhvControl) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9264A00)
[Address] EAT @explorer.exe (WlanOpenHandle) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9261960)
[Address] EAT @explorer.exe (WlanQueryAutoConfigParameter) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9263EE8)
[Address] EAT @explorer.exe (WlanQueryInterface) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9264668)
[Address] EAT @explorer.exe (WlanReasonCodeToString) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9268A54)
[Address] EAT @explorer.exe (WlanRegisterNotification) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9265A08)
[Address] EAT @explorer.exe (WlanRegisterVirtualStationNotification) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF926A358)
[Address] EAT @explorer.exe (WlanRenameProfile) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9266F4C)
[Address] EAT @explorer.exe (WlanSaveTemporaryProfile) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92687D0)
[Address] EAT @explorer.exe (WlanScan) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9264D40)
[Address] EAT @explorer.exe (WlanSetAutoConfigParameter) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9263D10)
[Address] EAT @explorer.exe (WlanSetFilterList) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9267DCC)
[Address] EAT @explorer.exe (WlanSetInterface) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9264470)
[Address] EAT @explorer.exe (WlanSetProfile) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9266760)
[Address] EAT @explorer.exe (WlanSetProfileCustomUserData) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92678A4)
[Address] EAT @explorer.exe (WlanSetProfileEapUserData) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9265CC4)
[Address] EAT @explorer.exe (WlanSetProfileEapXmlUserData) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9265F9C)
[Address] EAT @explorer.exe (WlanSetProfileList) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92671A8)
[Address] EAT @explorer.exe (WlanSetProfilePosition) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9267644)
[Address] EAT @explorer.exe (WlanSetPsdIEDataList) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF92681B0)
[Address] EAT @explorer.exe (WlanSetSecuritySettings) : msxml6.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9268B58)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : PUP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG SSD 830 Series ATA Device +++++
--- User ---
[MBR] 3cb45e0da49604395eb2a732ecb2d2f8
[BSP] 05f801617d9877c04fbcfa37e9c3f570 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD10EARX-00N0YB0 ATA Device +++++
--- User ---
[MBR] 51d1c645e40d04f0eab104a1796b11f9
[BSP] 282289a855c4928a1547c2c563d0a6b3 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_04032014_022108.txt >>
RKreport[0]_S_03312014_004248.txt;RKreport[0]_S_04032014_021756.txt



Here's the FRST report followed by Addition report

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Alex (administrator) on ALEX-PC on 03-04-2014 02:22:57
Running from C:\Users\Alex\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(AgileBits) C:\Program Files (x86)\1Password\Agile1pService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Chris Pietschmann (http://pietschsoft.com)) C:\Program Files (x86)\GIGABYTE\WiFiShare\VirtualRouterService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Giga-Byte (http://www.gigabyte.com)) C:\Program Files (x86)\GIGABYTE\WiFiShare\WiFiShare.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Dropbox, Inc.) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) E:\Program\iTunes\iTunesHelper.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 14\MmReminderService.exe
(Technology Nexus AB) C:\Program Files (x86)\Personal\bin\Personal.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
() C:\Program Files (x86)\Backblaze\bzserv.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
() C:\Program Files (x86)\Backblaze\x64\bztransmit64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - E:\Program\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [ISW] - [X]
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [981664 2011-09-30] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-09-30] (Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2012-01-12] (VIA)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [593784 2012-10-25] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2544664 2014-03-21] ()
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [KeyScrambler] - C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [534160 2013-03-26] (QFX Software Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - E:\Program\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - E:\Program\Quicktime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [jswtrayutil] - "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM-x32\...\Run: [MMReminderService] - C:\Program Files (x86)\Mindjet\MindManager 14\MMReminderService.exe [115552 2014-02-18] (Mindjet)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\.DEFAULT\...\Run: [Backblaze] - C:\Program Files (x86)\Backblaze\bzbui.exe [491624 2014-03-13] ()
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-11] (Microsoft Corporation)
HKU\S-1-5-21-620091103-1841065875-1753970387-1000\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-620091103-1841065875-1753970387-1000\...\Run: [DAEMON Tools Lite] - E:\Program\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-620091103-1841065875-1753970387-1000\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109336 2012-11-02] (Siber Systems)
HKU\S-1-5-21-620091103-1841065875-1753970387-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-620091103-1841065875-1753970387-1000\...\Run: [Backblaze] - C:\Program Files (x86)\Backblaze\bzbui.exe [491624 2014-03-13] ()
HKU\S-1-5-21-620091103-1841065875-1753970387-1000\...\MountPoints2: {cd2b3c42-2afc-11e2-8ce8-902b3431686c} - F:\setup.exe
HKU\S-1-5-21-620091103-1841065875-1753970387-1001\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109336 2012-11-02] (Siber Systems)
HKU\S-1-5-21-620091103-1841065875-1753970387-1001\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-620091103-1841065875-1753970387-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-620091103-1841065875-1753970387-1002\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109336 2012-11-02] (Siber Systems)
HKU\S-1-5-21-620091103-1841065875-1753970387-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-03] (AVG Secure Search)
HKU\S-1-5-21-620091103-1841065875-1753970387-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe [1266712 2013-06-08] (AVG Secure Search)
HKU\S-1-5-21-620091103-1841065875-1753970387-1005\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109336 2012-11-02] (Siber Systems)
HKU\S-1-5-21-620091103-1841065875-1753970387-1005\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin
HKU\S-1-5-21-620091103-1841065875-1753970387-1006\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109336 2012-11-02] (Siber Systems)
HKU\S-1-5-21-620091103-1841065875-1753970387-1006\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-03] (AVG Secure Search)
HKU\S-1-5-21-620091103-1841065875-1753970387-1006\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe [1266712 2013-06-08] (AVG Secure Search)
HKU\S-1-5-21-620091103-1841065875-1753970387-1011\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109336 2012-11-02] (Siber Systems)
HKU\S-1-5-21-620091103-1841065875-1753970387-1011\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-03] (AVG Secure Search)
HKU\S-1-5-21-620091103-1841065875-1753970387-1011\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe [1266712 2013-06-08] (AVG Secure Search)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HMA Pro VPN 2.0.lnk
ShortcutTarget: HMA Pro VPN 2.0.lnk -> C:\Program Files (x86)\HMA! Pro VPN\bin\HMA! Pro VPN.exe (Privax)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
Startup: C:\Users\Edwinsoft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Edwinsoft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\HomeToolsHQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\HomeToolsHQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Paid SEnukeXCR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\TotalHealthFix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\TotalHealthFix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Youtube\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Youtube\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?rd=1&ucc=SE&dcc=SE&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC7754F106C25CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&affID=119816&tt=gc_050513_d9119_gc_&babsrc=SP_ss&mntrId=C43F00FFFADDD390
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={43EA5DBA-2307-431A-B0E4-2A6020FF54FB}&mid=f9ad008a59d847d0bc31416272d5819f-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=fr&d=2013-01-30 23:38:20&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 14\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: 1Password - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\jp2ssv.dll No File
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t34ir5w4.default-1363763270224
FF user.js: detected! => C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t34ir5w4.default-1363763270224\user.js
FF SearchEngineOrder.1: Search By ZoneAlarm
FF Homepage: about:home
FF NetworkProxy: "ftp", "controldec.com"
FF NetworkProxy: "ftp_port", 3121
FF NetworkProxy: "http", "controldec.com"
FF NetworkProxy: "http_port", 3121
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "socks", "controldec.com"
FF NetworkProxy: "socks_port", 3121
FF NetworkProxy: "ssl", "controldec.com"
FF NetworkProxy: "ssl_port", 3121
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - E:\Program\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Program\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @se.nexus/Personal - C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t34ir5w4.default-1363763270224\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t34ir5w4.default-1363763270224\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: zonealarm.com - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t34ir5w4.default-1363763270224\Extensions\ffxtlbr@zonealarm.com [2013-05-06]
FF Extension: Follow.net - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t34ir5w4.default-1363763270224\Extensions\support@follow.net [2014-04-03]
FF Extension: SeoQuake - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t34ir5w4.default-1363763270224\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-10-16]
FF Extension: iMacros for Firefox - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t34ir5w4.default-1363763270224\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-03-01]
FF Extension: DownloadHelper - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t34ir5w4.default-1363763270224\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-31]
FF Extension: Evernote Web Clipper - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t34ir5w4.default-1363763270224\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-04-03]
FF Extension: 1Password - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t34ir5w4.default-1363763270224\Extensions\onepassword@agilebits.com.xpi [2013-05-09]
FF Extension: NoDoFollow - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t34ir5w4.default-1363763270224\Extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}.xpi [2013-03-22]
FF Extension: Adblock Plus - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\t34ir5w4.default-1363763270224\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-02]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-05-06]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-11-02]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-05-06]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.5.292
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.5.292 [2014-03-21]

Chrome:
=======
CHR Extension: (Social Scout Toolkit) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\egmicphebfcldpagjaboeidefclinfnc [2014-03-13]
CHR Extension: (AVG Security Toolbar) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-05-13]
CHR Extension: (Google Wallet) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Social Scout Toolkit: Extra) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbaidhihhopeodhkllknbphegkkeeop [2014-03-13]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.0.5.292\avg.crx [2014-03-21]

==================== Services (Whitelisted) =================

R2 Agile1Password; C:\Program Files (x86)\1Password\Agile1pService.exe [768752 2013-04-02] (AgileBits)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2012-10-25] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-10-25] (BlueStack Systems, Inc.)
R2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [233576 2014-03-13] ()
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 Microsoft SharePoint Workspace Audit Service; E:\Program\Microsoft Office\Office14\GROOVE.EXE [50899608 2012-09-20] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2013-09-25] (The OpenVPN Project)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)
R2 Virtual Router; C:\Program Files (x86)\GIGABYTE\WiFiShare\VirtualRouterService.exe [12288 2012-02-16] (Chris Pietschmann (http://pietschsoft.com))
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
R2 vToolbarUpdater18.0.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-21] (AVG Secure Search)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-09-30] (Atheros)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-03-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-21] (AVG Technologies)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-10-25] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-05] (DT Soft Ltd)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-24] (GFI Software)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-11-02] ()
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222232 2013-03-26] (QFX Software Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 athur; system32\DRIVERS\athurx.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-03 02:22 - 2014-04-03 02:23 - 00031323 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-04-03 02:22 - 2014-04-03 02:22 - 00000000 ____D () C:\FRST
2014-04-03 02:21 - 2014-04-03 02:21 - 00009129 _____ () C:\Users\Alex\Desktop\RKreport[0]_D_04032014_022108.txt
2014-04-03 02:17 - 2014-04-03 02:17 - 00009098 _____ () C:\Users\Alex\Desktop\RKreport[0]_S_04032014_021756.txt
2014-04-03 02:15 - 2014-04-03 02:16 - 02157056 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-04-01 14:18 - 2014-04-01 14:18 - 00000000 ____D () C:\Users\Alex\Desktop\zeropond-newsa.scriv
2014-03-31 00:42 - 2014-03-31 00:42 - 00008992 _____ () C:\Users\Alex\Desktop\RKreport[0]_S_03312014_004248.txt
2014-03-31 00:33 - 2014-04-03 02:21 - 00000000 ____D () C:\Users\Alex\Desktop\RK_Quarantine
2014-03-31 00:29 - 2014-03-31 00:29 - 04527616 _____ () C:\Users\Alex\Desktop\RogueKillerX64.exe
2014-03-30 11:13 - 2014-03-30 11:13 - 00000000 ____D () C:\Users\Alex\AppData\Local\Skype
2014-03-29 11:31 - 2014-03-29 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 13:20 - 2014-03-28 13:20 - 00001168 _____ () C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2014-03-28 13:20 - 2014-03-28 13:20 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-03-27 00:05 - 2014-03-27 00:05 - 00000000 ____D () C:\Users\Alex\AppData\Local\RescueTime.com
2014-03-27 00:05 - 2014-03-27 00:05 - 00000000 ____D () C:\Program Files (x86)\RescueTime
2014-03-26 01:13 - 2014-03-26 01:13 - 00033944 _____ () C:\Users\Alex\Desktop\dds.txt
2014-03-26 01:13 - 2014-03-26 01:13 - 00009305 _____ () C:\Users\Alex\Desktop\attach.txt
2014-03-24 09:33 - 2014-03-24 09:33 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-03-21 22:28 - 2014-03-21 22:28 - 00000000 ____D () C:\Users\Alex\Desktop\zp formula.scriv
2014-03-21 21:21 - 2014-03-21 21:21 - 00000000 ____D () C:\Users\Alex\Desktop\Ryan Deiss - Video Sales Letter.scriv
2014-03-21 15:34 - 2014-03-21 15:35 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-20 23:43 - 2014-03-20 23:43 - 00000000 ____D () C:\Users\Alex\Desktop\Total Product Blueprint - Book.scriv
2014-03-20 23:41 - 2014-03-20 23:41 - 00000000 ____D () C:\Users\Alex\Desktop\test.scriv
2014-03-20 23:40 - 2014-03-20 23:40 - 00000000 ____D () C:\Users\Alex\Desktop\test1.scriv
2014-03-20 23:27 - 2014-03-20 23:27 - 00000000 ____D () C:\Users\Alex\Desktop\zeropound formula.scriv
2014-03-20 23:27 - 2014-03-20 23:27 - 00000000 ____D () C:\Users\Alex\Desktop\testdea.scriv
2014-03-20 15:50 - 2014-03-20 15:50 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-20 10:30 - 2014-03-20 10:30 - 00000000 ____D () C:\Users\Alex\AppData\Local\Scrivener
2014-03-20 10:29 - 2014-03-20 10:29 - 00000607 _____ () C:\Users\Public\Desktop\Scrivener.lnk
2014-03-17 10:05 - 2014-03-17 10:05 - 00040110 _____ () C:\Users\Alex\Desktop\GuestBlogResearch.xlsx
2014-03-13 20:25 - 2014-03-13 20:25 - 00117157 _____ () C:\Users\Alex\Downloads\social-scout-toolkit.zip
2014-03-13 20:25 - 2014-03-13 20:25 - 00117157 _____ () C:\Users\Alex\Downloads\social-scout-toolkit (1).zip
2014-03-13 15:05 - 2014-02-06 20:18 - 00000000 ____D () C:\Users\Alex\Desktop\jquery-survey
2014-03-13 14:54 - 2014-03-13 14:54 - 00000000 ____D () C:\Users\Alex\Desktop\davidlp
2014-03-13 14:51 - 2014-03-13 14:52 - 00000000 ____D () C:\Users\Alex\Desktop\Aff playbook squeeze page
2014-03-13 11:23 - 2014-03-13 11:23 - 00024804 _____ () C:\Users\Alex\Desktop\SWEDISH CV.odt
2014-03-11 20:50 - 2014-03-11 20:50 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-10 00:42 - 2014-03-10 13:22 - 01439716 _____ () C:\Users\Alex\Desktop\fatlosspalce-facebookad-newsfeed-600x315.psd
2014-03-06 13:45 - 2014-03-06 13:45 - 00000000 ____D () C:\Users\Alex\Desktop\home workout revolution photros
2014-03-05 19:02 - 2014-03-05 19:02 - 00002110 _____ () C:\Users\Alex\Desktop\new.html
2014-03-05 15:02 - 2014-03-05 15:02 - 00000179 _____ () C:\Users\Alex\Desktop\offer5.html
2014-03-05 09:51 - 2014-03-05 09:51 - 00001418 _____ () C:\Users\Alex\Desktop\age2.php
2014-03-04 20:37 - 2014-03-04 20:37 - 00984325 _____ () C:\Users\Alex\Desktop\dentist-ppv.psd
2014-03-04 17:25 - 2014-03-04 17:25 - 01376748 _____ () C:\Users\Alex\Desktop\iphone-ppv-mcdonalds-inspiration.psd
2014-03-04 17:16 - 2014-03-04 17:16 - 04741259 _____ () C:\Users\Alex\Desktop\PPV WEIGHT LOSS - MCDONALDS INSPIRATION.psd
2014-03-04 14:35 - 2014-03-04 20:43 - 00000222 _____ () C:\Users\Alex\Desktop\245.html
2014-03-04 14:17 - 2014-03-04 14:17 - 02183093 _____ () C:\Users\Alex\Desktop\zeropound-ppvlander.psd

==================== One Month Modified Files and Folders =======

2014-04-03 02:23 - 2014-04-03 02:22 - 00031323 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-04-03 02:22 - 2014-04-03 02:22 - 00000000 ____D () C:\FRST
2014-04-03 02:21 - 2014-04-03 02:21 - 00009129 _____ () C:\Users\Alex\Desktop\RKreport[0]_D_04032014_022108.txt
2014-04-03 02:21 - 2014-03-31 00:33 - 00000000 ____D () C:\Users\Alex\Desktop\RK_Quarantine
2014-04-03 02:17 - 2014-04-03 02:17 - 00009098 _____ () C:\Users\Alex\Desktop\RKreport[0]_S_04032014_021756.txt
2014-04-03 02:16 - 2014-04-03 02:15 - 02157056 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-04-03 02:13 - 2013-01-26 17:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-03 02:05 - 2013-05-09 13:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 01:50 - 2012-11-03 01:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 01:18 - 2012-11-12 18:46 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\vlc
2014-04-02 23:46 - 2012-11-21 01:17 - 00000132 _____ () C:\Users\Alex\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-04-02 23:37 - 2012-11-24 12:02 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Skype
2014-04-02 13:02 - 2013-12-06 07:50 - 01685586 ____N () C:\Windows\WindowsUpdate.log
2014-04-02 07:05 - 2013-05-09 13:57 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-02 01:24 - 2013-01-11 23:28 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\GSA Search Engine Ranker
2014-04-01 14:18 - 2014-04-01 14:18 - 00000000 ____D () C:\Users\Alex\Desktop\zeropond-newsa.scriv
2014-04-01 01:16 - 2013-05-11 15:07 - 00000000 ____D () C:\Users\Alex\AppData\Local\Apple Computer
2014-03-31 10:40 - 2013-01-12 16:01 - 00000000 ___RD () C:\Users\Alex\Dropbox
2014-03-31 10:40 - 2012-12-17 20:35 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Dropbox
2014-03-31 07:00 - 2013-05-09 13:57 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-31 07:00 - 2013-05-09 13:57 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 01:08 - 2013-01-11 23:28 - 00000000 ____D () C:\Program Files (x86)\GSA Search Engine Ranker
2014-03-31 00:42 - 2014-03-31 00:42 - 00008992 _____ () C:\Users\Alex\Desktop\RKreport[0]_S_03312014_004248.txt
2014-03-31 00:34 - 2009-07-14 06:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-31 00:34 - 2009-07-14 06:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-31 00:30 - 2012-11-02 13:47 - 00000000 ____D () C:\Users\Alex\.VirtualBox
2014-03-31 00:29 - 2014-03-31 00:29 - 04527616 _____ () C:\Users\Alex\Desktop\RogueKillerX64.exe
2014-03-31 00:26 - 2012-11-15 14:58 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\FileZilla
2014-03-30 20:58 - 2012-11-29 14:59 - 00000000 ____D () C:\Users\Alex\AppData\Local\CrashDumps
2014-03-30 11:13 - 2014-03-30 11:13 - 00000000 ____D () C:\Users\Alex\AppData\Local\Skype
2014-03-30 11:13 - 2012-11-24 12:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-30 11:13 - 2012-11-24 12:01 - 00000000 ____D () C:\ProgramData\Skype
2014-03-29 11:31 - 2014-03-29 11:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 19:48 - 2013-01-20 14:31 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\GSA Captcha Breaker
2014-03-28 13:20 - 2014-03-28 13:20 - 00001168 _____ () C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2014-03-28 13:20 - 2014-03-28 13:20 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2014-03-28 13:20 - 2012-11-29 13:22 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-03-28 13:20 - 2012-11-02 11:52 - 00000000 ____D () C:\Users\Alex
2014-03-28 13:14 - 2014-03-03 11:29 - 00053703 _____ () C:\Users\Alex\Desktop\Affiliate business.mmap
2014-03-28 13:12 - 2013-01-12 12:41 - 00000000 ____D () C:\Users\Alex\Desktop\Working
2014-03-27 14:18 - 2013-03-11 14:23 - 00000000 ____D () C:\Program Files (x86)\GSA Captcha Breaker
2014-03-27 00:05 - 2014-03-27 00:05 - 00000000 ____D () C:\Users\Alex\AppData\Local\RescueTime.com
2014-03-27 00:05 - 2014-03-27 00:05 - 00000000 ____D () C:\Program Files (x86)\RescueTime
2014-03-26 23:49 - 2012-11-02 15:55 - 00000000 ____D () C:\Users\Alex\Documents\Virtualbox Shared Folder
2014-03-26 14:55 - 2013-05-25 22:03 - 00477184 _____ () C:\Users\Alex\Downloads\DreamlineWorksheet2.0(1).xls
2014-03-26 01:13 - 2014-03-26 01:13 - 00033944 _____ () C:\Users\Alex\Desktop\dds.txt
2014-03-26 01:13 - 2014-03-26 01:13 - 00009305 _____ () C:\Users\Alex\Desktop\attach.txt
2014-03-24 13:53 - 2012-11-02 11:55 - 00000000 ___RD () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-24 09:34 - 2012-11-10 10:49 - 00000000 ____D () C:\Users\Alex\AppData\Local\Evernote
2014-03-24 09:33 - 2014-03-24 09:33 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-03-21 22:28 - 2014-03-21 22:28 - 00000000 ____D () C:\Users\Alex\Desktop\zp formula.scriv
2014-03-21 21:21 - 2014-03-21 21:21 - 00000000 ____D () C:\Users\Alex\Desktop\Ryan Deiss - Video Sales Letter.scriv
2014-03-21 19:36 - 2013-01-31 00:38 - 00000000 ____D () C:\Users\Alex\AppData\Local\AVG Secure Search
2014-03-21 15:35 - 2014-03-21 15:34 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-21 15:35 - 2013-05-20 22:19 - 00003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-03-21 15:34 - 2013-01-31 00:38 - 00049952 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-03-21 15:34 - 2013-01-31 00:38 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-03-21 13:20 - 2013-12-08 23:30 - 00000132 _____ () C:\Users\Alex\AppData\Roaming\Adobe GIF Format CS6 Prefs
2014-03-20 23:43 - 2014-03-20 23:43 - 00000000 ____D () C:\Users\Alex\Desktop\Total Product Blueprint - Book.scriv
2014-03-20 23:41 - 2014-03-20 23:41 - 00000000 ____D () C:\Users\Alex\Desktop\test.scriv
2014-03-20 23:40 - 2014-03-20 23:40 - 00000000 ____D () C:\Users\Alex\Desktop\test1.scriv
2014-03-20 23:27 - 2014-03-20 23:27 - 00000000 ____D () C:\Users\Alex\Desktop\zeropound formula.scriv
2014-03-20 23:27 - 2014-03-20 23:27 - 00000000 ____D () C:\Users\Alex\Desktop\testdea.scriv
2014-03-20 21:14 - 2009-07-14 07:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-20 15:50 - 2014-03-20 15:50 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-03-20 10:30 - 2014-03-20 10:30 - 00000000 ____D () C:\Users\Alex\AppData\Local\Scrivener
2014-03-20 10:29 - 2014-03-20 10:29 - 00000607 _____ () C:\Users\Public\Desktop\Scrivener.lnk
2014-03-17 10:05 - 2014-03-17 10:05 - 00040110 _____ () C:\Users\Alex\Desktop\GuestBlogResearch.xlsx
2014-03-17 02:00 - 2013-01-26 17:04 - 00000000 ____D () C:\Users\Alex\AppData\Local\Avg2013
2014-03-13 20:25 - 2014-03-13 20:25 - 00117157 _____ () C:\Users\Alex\Downloads\social-scout-toolkit.zip
2014-03-13 20:25 - 2014-03-13 20:25 - 00117157 _____ () C:\Users\Alex\Downloads\social-scout-toolkit (1).zip
2014-03-13 14:54 - 2014-03-13 14:54 - 00000000 ____D () C:\Users\Alex\Desktop\davidlp
2014-03-13 14:52 - 2014-03-13 14:51 - 00000000 ____D () C:\Users\Alex\Desktop\Aff playbook squeeze page
2014-03-13 11:23 - 2014-03-13 11:23 - 00024804 _____ () C:\Users\Alex\Desktop\SWEDISH CV.odt
2014-03-13 11:14 - 2013-11-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Backblaze
2014-03-11 22:13 - 2012-11-03 01:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 21:21 - 2012-11-03 01:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 21:21 - 2012-11-03 01:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 20:50 - 2014-03-11 20:50 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 10:51 - 2012-11-02 11:57 - 00129024 _____ () C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-10 14:29 - 2013-01-31 10:17 - 00001456 _____ () C:\Users\Alex\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-03-10 13:22 - 2014-03-10 00:42 - 01439716 _____ () C:\Users\Alex\Desktop\fatlosspalce-facebookad-newsfeed-600x315.psd
2014-03-06 17:28 - 2013-01-14 16:03 - 00000000 ____D () C:\Windows\Minidump
2014-03-06 13:45 - 2014-03-06 13:45 - 00000000 ____D () C:\Users\Alex\Desktop\home workout revolution photros
2014-03-05 19:02 - 2014-03-05 19:02 - 00002110 _____ () C:\Users\Alex\Desktop\new.html
2014-03-05 15:02 - 2014-03-05 15:02 - 00000179 _____ () C:\Users\Alex\Desktop\offer5.html
2014-03-05 09:51 - 2014-03-05 09:51 - 00001418 _____ () C:\Users\Alex\Desktop\age2.php
2014-03-04 20:43 - 2014-03-04 14:35 - 00000222 _____ () C:\Users\Alex\Desktop\245.html
2014-03-04 20:37 - 2014-03-04 20:37 - 00984325 _____ () C:\Users\Alex\Desktop\dentist-ppv.psd
2014-03-04 17:25 - 2014-03-04 17:25 - 01376748 _____ () C:\Users\Alex\Desktop\iphone-ppv-mcdonalds-inspiration.psd
2014-03-04 17:16 - 2014-03-04 17:16 - 04741259 _____ () C:\Users\Alex\Desktop\PPV WEIGHT LOSS - MCDONALDS INSPIRATION.psd
2014-03-04 14:17 - 2014-03-04 14:17 - 02183093 _____ () C:\Users\Alex\Desktop\zeropound-ppvlander.psd
2014-03-04 12:34 - 2012-12-17 11:57 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Personal

Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\ntdll_dump.dll
C:\Users\TotalHealthFix\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\TotalHealthFix\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 15:41

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Alex at 2014-04-03 02:23:30
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security Business Edition (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security Business Edition (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.23 - GIGABYTE)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.04.000.98 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Atheros Outlook Addin 2010 (HKCU\...\BB108A893815B64BF41C4574C3324FB7371AA244) (Version: 1.0.0.0 - Microsoft)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AutoHotkey 1.1.09.02 (HKLM\...\AutoHotkey) (Version: 1.1.09.02 - Lexikos)
AVG (HKLM\...\AVG) (Version: 3460 - AVG Technologies)
AVG 2013 (Version: 13.0.3465 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3722 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.0.5.292 - AVG Technologies)
Backblaze (HKLM-x32\...\Backblaze) (Version:  - Backblaze, Inc)
BankID Security Application (HKLM-x32\...\{929E7499-4B50-4C7A-8F15-D21E4061E046}) (Version: 4.19.3 - Technology Nexus)
BatchPurifier (HKLM-x32\...\{552D540B-CC79-4596-A1AA-5F31FBBAC78C}) (Version: 5.0.0 - Digital Confidence)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{5303CFB5-D635-44F0-A94B-9611E81F07C4}) (Version: 8.3.0.1471 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
CuteRank 3.5.5 (HKLM-x32\...\CuteRank) (Version: 3.5.5 - CuteRank.Net)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3823EC5A-1CA4-42CA-9D5B-F94ABD65410D}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Easy Tune 6 B12.0309.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.0309.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.109 - Etron Technology) Hidden
Evernote v. 5.2.1 (HKLM-x32\...\{5E6D0ABA-ABDE-11E3-9AED-00163E98E7D6}) (Version: 5.2.1.3108 - Evernote Corp.)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GSA Captcha Breaker v2.50 (HKLM-x32\...\GSA Captcha Breaker_is1) (Version: 2.50 - GSA Software)
GSA Search Engine Ranker v8.08 (HKLM-x32\...\GSA Search Engine Ranker_is1) (Version: 8.08 - GSA Software)
GSA SEO Indexer v1.70 (HKLM-x32\...\GSA SEO Indexer_is1) (Version: 1.70 - GSA Software)
HMA! Pro VPN 2.8.2.4 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.2.4 - )
Image Optimizer 3.0 (HKLM-x32\...\{07EA4E9F-BD35-4F38-9809-D825B772B833}) (Version: 3.0 - Geeks Ltd)
Inspyder Backlink Monitor (HKLM\...\{FD161119-FE24-443D-AD08-E269522F88EC}_is1) (Version:  - Inspyder Software Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.1.0.0 - QFX Software Corporation)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mindjet MindManager 14 (HKLM-x32\...\{03532547-7ABD-46F3-80FD-E81FCC53EF1E}) (Version: 14.1.190 - Mindjet)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 en-US) (HKCU\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.2 - )
Notification Center (HKLM-x32\...\{384FA0C0-BB19-4CA0-8DB4-5FD4E938277F}) (Version: 0.7.7.813 - BlueStack Systems, Inc.)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Oracle VM VirtualBox 4.2.4 (HKLM\...\{867DE0DC-A93F-41EA-9654-A212514FA946}) (Version: 4.2.4 - Oracle Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RescueTime 2.9.4.1125 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
RoboForm 7-8-3-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-8-3-5 - Siber Systems)
Samsung SSD Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 3.1 - Samsung Electronics)
Scrivener (HKLM-x32\...\Scrivener 1610) (Version: 1610 - Literature and Latte)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.15723 - TeamViewer)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{59446CD0-D49A-4154-BDD5-59CB3B6F89AC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{57CEB66B-DD29-4883-92A2-671331657B52}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3E381AC3-30C3-41D7-9B27-B3F3E17BDCB8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A6C194EA-C6CB-4314-9E43-AD1F4A1E9D74}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{204B60A2-CCEA-4075-9F58-B7BC1BA5E742}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{14F6B53A-6703-40EA-9566-0A09E62866E5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{14F6B53A-6703-40EA-9566-0A09E62866E5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{BA61259D-63F0-4177-A0E1-E4064EC2B470}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{E84E9B25-BEB6-4F2F-84BB-755CDA8E89C0}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition (HKLM\...\{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{8D07F876-D93A-4CF7-B801-1D41AB2BF60B}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1C381677-BE03-49CC-AFCA-242AA6094621}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1C381677-BE03-49CC-AFCA-242AA6094621}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0B6EF241-90CC-4AC7-B36F-2EECB12E61CF}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7861C766-2AA2-4A50-AB75-A57D451CEA76}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{4C975BB2-B3EE-4F66-A8E7-5C917B7C439D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{762C2438-9257-42BC-BD3D-6D02EC138D18}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{55C3C61D-31E9-4ECF-B29B-C1C6A8FB68FB}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E1757044-ECB2-4551-B1D5-5E39F7E109CE}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E1757044-ECB2-4551-B1D5-5E39F7E109CE}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Wi-Fi Share v1.0.1.0 (HKLM-x32\...\{B106F77C-66D4-4A82-9112-C87DDAAAA6A9}) (Version: 1.0.0 - Gigabyte)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wunderlist (HKCU\...\f4d33ae8dc11fa61) (Version: 2.0.6.12 - 6 Wunderkinder GmbH)
ZoneAlarm Firewall (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.000.504 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (x32 Version: 1.8.11.11 - Check Point Software Technologies LTD) Hidden

==================== Restore Points  =========================


==================== Hosts content: ==========================

2013-02-04 22:31 - 2014-04-03 02:12 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {034A25FC-C1E8-47D6-A029-EE6093E02760} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-09] (Google Inc.)
Task: {2142F9B5-1E79-4F08-BC8E-A0A371DC3F11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-09] (Google Inc.)
Task: {477FBD81-7E69-4DB2-8C07-CC1124C946D3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {50463B1C-AC1F-4D78-8C28-2BBE832E5183} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2012-11-02] (Siber Systems)
Task: {62201036-9AA1-4412-9AA6-7152B2A22489} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {65A857A7-A5E4-4B47-8F87-6AAA7C7A189E} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{AF8E884A-6EE5-426F-B7D8-78A684C616D3}.exe
Task: {725E8347-757B-494F-9C91-3966C8124696} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{5B85D6AC-33B8-49C3-B988-6B9C826DE0D7}.exe
Task: {AD0B6388-CF11-4D9F-989F-C313461CB3E1} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLJNJMJIMNMMMOJLMCNOJIMMMMMCNLMHMIMLJCNNJNJHMGMCNLJJMKJKJMJHMMMIMNMLMOMPMJNJICMIMCNHMCNMMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMOLDJKJHIJNKJCMJNNICMJNDJCMKJBJ"
Task: {B56EBD73-18E5-43F6-952D-96DF29A2C09B} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {B71C03CB-2E76-4C30-9DB4-73E1F47CD6AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{AF8E884A-6EE5-426F-B7D8-78A684C616D3}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{5B85D6AC-33B8-49C3-B988-6B9C826DE0D7}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2012-11-02 12:09 - 2012-01-06 03:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-11-02 17:18 - 2009-07-20 13:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2012-11-02 12:10 - 2012-01-12 15:21 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-11-02 12:10 - 2012-01-12 15:21 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-11-02 17:18 - 2009-07-20 05:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () E:\Program\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-11-02 13:33 - 2011-07-28 18:06 - 00297440 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2012-11-02 13:33 - 2011-07-28 18:06 - 08247264 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
2013-11-26 10:12 - 2014-03-13 01:23 - 00233576 _____ () C:\Program Files (x86)\Backblaze\bzserv.exe
2014-03-21 15:34 - 2014-03-21 15:34 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
2013-01-31 00:38 - 2014-03-21 15:34 - 02544664 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2013-11-26 10:12 - 2014-03-13 01:23 - 02952296 _____ () C:\Program Files (x86)\Backblaze\x64\bztransmit64.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Alex\AppData\Roaming\Dropbox\bin\libcef.dll
2012-11-02 12:09 - 2011-12-16 11:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-11-02 13:33 - 2011-07-27 12:53 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2012-11-02 13:33 - 2009-08-28 17:50 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
2014-02-18 14:02 - 2014-02-18 14:02 - 00151880 _____ () C:\Program Files (x86)\Mindjet\MindManager 14\zlib.dll
2014-03-21 15:34 - 2014-03-21 15:34 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll
2014-03-14 17:50 - 2014-03-14 17:50 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-03-14 17:50 - 2014-03-14 17:50 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-03-14 17:56 - 2014-03-14 17:56 - 21115392 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2014-03-14 17:56 - 2014-03-14 17:56 - 00983054 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
2014-03-14 17:56 - 2014-03-14 17:56 - 00133134 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
2014-03-14 17:56 - 2014-03-14 17:56 - 00189454 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll
2013-08-07 21:25 - 2013-08-07 21:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-03-29 11:31 - 2014-03-29 11:31 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== Faulty Device Manager Devices =============

Name: PS/2 Mouse
Description: PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2014 05:26:53 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Scrivener because of this error.

Program: Scrivener
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (03/30/2014 05:26:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: Scrivener.exe, version: 1.6.1.0, time stamp: 0x52718d53
Faulting module name: QtGui4.dll, version: 4.8.4.0, time stamp: 0x512b8791
Exception code: 0xc0000096
Fault offset: 0x005a9334
Faulting process id: 0x678c
Faulting application start time: 0xScrivener.exe0
Faulting application path: Scrivener.exe1
Faulting module path: Scrivener.exe2
Report Id: Scrivener.exe3

Error: (03/27/2014 06:23:09 PM) (Source: Application Hang) (User: )
Description: The program Evernote.exe version 5.2.1.3108 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5394

Start Time: 01cf481ace272308

Termination Time: 30

Application Path: C:\Program Files (x86)\Evernote\Evernote\Evernote.exe

Report Id: 082b0c00-b5cc-11e3-81ba-0008caa9aedc

Error: (03/27/2014 02:54:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: KeyScrambler.exe, version: 3.1.0.0, time stamp: 0x5152166f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00572640
Faulting process id: 0x1584
Faulting application start time: 0xKeyScrambler.exe0
Faulting application path: KeyScrambler.exe1
Faulting module path: KeyScrambler.exe2
Report Id: KeyScrambler.exe3

Error: (03/27/2014 01:40:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: Scrivener.exe, version: 1.6.1.0, time stamp: 0x52718d53
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x33ba0000
Faulting process id: 0x678c
Faulting application start time: 0xScrivener.exe0
Faulting application path: Scrivener.exe1
Faulting module path: Scrivener.exe2
Report Id: Scrivener.exe3

Error: (03/27/2014 01:39:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: Scrivener.exe, version: 1.6.1.0, time stamp: 0x52718d53
Faulting module name: QtGui4.dll, version: 4.8.4.0, time stamp: 0x512b8791
Exception code: 0xc0000409
Fault offset: 0x0058878c
Faulting process id: 0x5638
Faulting application start time: 0xScrivener.exe0
Faulting application path: Scrivener.exe1
Faulting module path: Scrivener.exe2
Report Id: Scrivener.exe3

Error: (03/27/2014 01:39:31 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Scrivener because of this error.

Program: Scrivener
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (03/27/2014 01:39:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: Scrivener.exe, version: 1.6.1.0, time stamp: 0x52718d53
Faulting module name: Scrivener.exe, version: 1.6.1.0, time stamp: 0x52718d53
Exception code: 0xc0000096
Fault offset: 0x00350002
Faulting process id: 0x5638
Faulting application start time: 0xScrivener.exe0
Faulting application path: Scrivener.exe1
Faulting module path: Scrivener.exe2
Report Id: Scrivener.exe3

Error: (03/27/2014 08:13:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 14.0.7109.5000, time stamp: 0x522a4035
Faulting module name: RPCRT4.dll, version: 6.1.7601.18205, time stamp: 0x51dba4dc
Exception code: 0xc0020043
Fault offset: 0x000000000008a5d3
Faulting process id: 0x3454
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3

Error: (03/25/2014 11:56:01 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Scrivener because of this error.

Program: Scrivener
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0


System errors:
=============
Error: (04/03/2014 01:06:37 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (04/01/2014 02:45:06 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/28/2014 06:58:49 PM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (03/28/2014 06:39:04 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/26/2014 03:43:52 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/26/2014 02:15:14 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/24/2014 09:29:27 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/24/2014 09:36:09 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/24/2014 09:26:33 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/19/2014 05:57:23 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Microsoft Office Sessions:
=========================
Error: (03/30/2014 05:26:53 PM) (Source: Application Error)(User: )
Description: Scrivener000000000

Error: (03/30/2014 05:26:53 PM) (Source: Application Error)(User: )
Description: Scrivener.exe1.6.1.052718d53QtGui4.dll4.8.4.0512b8791c0000096005a9334678c01cf49b159cdb4d3E:\Program\Scrivener\Scrivener.exeE:\Program\Scrivener\QtGui4.dllb803f0f3-b81f-11e3-81ba-0008caa9aedc

Error: (03/27/2014 06:23:09 PM) (Source: Application Hang)(User: )
Description: Evernote.exe5.2.1.3108539401cf481ace27230830C:\Program Files (x86)\Evernote\Evernote\Evernote.exe082b0c00-b5cc-11e3-81ba-0008caa9aedc

Error: (03/27/2014 02:54:18 PM) (Source: Application Error)(User: )
Description: KeyScrambler.exe3.1.0.05152166funknown0.0.0.000000000c000000500572640158401cf3491b45c8deeC:\Program Files (x86)\KeyScrambler\KeyScrambler.exeunknowne869822d-b5ae-11e3-81ba-0008caa9aedc

Error: (03/27/2014 01:40:44 PM) (Source: Application Error)(User: )
Description: Scrivener.exe1.6.1.052718d53unknown0.0.0.000000000c000000533ba0000678c01cf49b159cdb4d3E:\Program\Scrivener\Scrivener.exeunknowna154e889-b5a4-11e3-81ba-0008caa9aedc

Error: (03/27/2014 01:39:43 PM) (Source: Application Error)(User: )
Description: Scrivener.exe1.6.1.052718d53QtGui4.dll4.8.4.0512b8791c00004090058878c563801cf484fb3fe7c98E:\Program\Scrivener\Scrivener.exeE:\Program\Scrivener\QtGui4.dll7c9ce936-b5a4-11e3-81ba-0008caa9aedc

Error: (03/27/2014 01:39:31 PM) (Source: Application Error)(User: )
Description: Scrivener000000000

Error: (03/27/2014 01:39:31 PM) (Source: Application Error)(User: )
Description: Scrivener.exe1.6.1.052718d53Scrivener.exe1.6.1.052718d53c000009600350002563801cf484fb3fe7c98E:\Program\Scrivener\Scrivener.exeE:\Program\Scrivener\Scrivener.exe75814c57-b5a4-11e3-81ba-0008caa9aedc

Error: (03/27/2014 08:13:17 AM) (Source: Application Error)(User: )
Description: EXCEL.EXE14.0.7109.5000522a4035RPCRT4.dll6.1.7601.1820551dba4dcc0020043000000000008a5d3345401cf3b888659585dE:\Program\Microsoft Office\Office14\EXCEL.EXEC:\Windows\system32\RPCRT4.dlle2f4f2be-b576-11e3-81ba-0008caa9aedc

Error: (03/25/2014 11:56:01 AM) (Source: Application Error)(User: )
Description: Scrivener000000000


CodeIntegrity Errors:
===================================
  Date: 2014-04-03 02:22:04.339
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-03 01:04:15.571
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 22:01:16.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 21:44:30.465
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 17:14:49.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 17:04:05.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 13:07:45.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 12:19:05.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 11:50:59.269
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-01 11:29:41.224
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 16276.06 MB
Available physical RAM: 10400.76 MB
Total Pagefile: 32550.3 MB
Available Pagefile: 26800.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:4.39 GB) NTFS
Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:524.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 058A6522)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1800CF8A)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:33 AM

Posted 03 April 2014 - 12:18 PM

Hi mohnabebe


Did you miss my question:

Did you personally set this proxy..uProxyServer = controldec.com:3121


ZoneAlarm Security (x32 Version: 11.0.000.504

This is a very old version.
Is it the full security suite or just the Free firewall?
Do you use this firewall?

What version of AVG are you using?
Report is giving different versions

AVG 2013

AVG Internet Security Business Edition


Thanks

BBPP6nz.png


#8 mohnabebe

mohnabebe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 03 April 2014 - 12:47 PM

Hi starbuck,

 

Yeah I set the proxy myself, so no worries there.

 

Regarding Zonealarm, it's the free firewall. Not sure if its needed but I have it installed.

 

And here's what AVG displays when I look:
 

AVG version: 3465
Vius database version: 3722/7292
Linkscanner version: 2205
AVG Security Toolbar Version: 18.0.5.292
Anti-spam version: 6.5.17
 

It's AVG internet security business edition

 

Thanks.



#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:33 AM

Posted 03 April 2014 - 03:07 PM

Hi mohnabebe

Yeah I set the proxy myself, so no worries there.

Thanks for the confirmation.
I'll leave that out of the fix then.

It's AVG internet security business edition

I did think it may be.
This is from the AVG Business Edition tutorial

avgbusedit_zps848eb335.png

Why not save some resources and use the AVG firewall?
If you did, ZoneAlarm could be uninstalled.
Entirely up to you.


Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.



Step 2
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Step 3
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 8 and save it to your desktop.
  • Scroll down to where it says "Java SE 8".
  • Click the "Download JRE 8" button.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
    .
    Java 7 Update 45
    .
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
In your next reply, please submit:
Fixlog.txt
Also let me know how the system is running.... still getting the Radio sound problem?
So far i have seen nothing in the reports to indicate this.
The normal signs are not there.




Thanks.

Attached Files


BBPP6nz.png


#10 mohnabebe

mohnabebe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 04 April 2014 - 03:57 PM

Thanks.

 

I've done everything as you explained.

 

And yes, I still get that radio sound strangely.

 

Here's the report:
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Alex at 2014-04-04 22:22:48 Run:1
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [ISW] - [X]
HKU\S-1-5-21-620091103-1841065875-1753970387-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-620091103-1841065875-1753970387-1001\...\Run: [AdobeBridge] - [X]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
S3 athur; system32\DRIVERS\athurx.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Alex\AppData\Local\Temp\ntdll_dump.dll
C:\Users\TotalHealthFix\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\TotalHealthFix\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
Reboot:


*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ISW => Value not found.
HKU\S-1-5-21-620091103-1841065875-1753970387-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKU\S-1-5-21-620091103-1841065875-1753970387-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
athur => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Alex\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\TotalHealthFix\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\TotalHealthFix\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====



#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:33 AM

Posted 04 April 2014 - 06:09 PM

Hi mohnabebe

I said earlier that the reports haven't shown the normal signs for this type of problem.
There is malware that creates this problem by patching a particular file.
Although the reports haven't thrown this up, i think it best that we check for it anyway.

Please re-run FRST again, but this time type the following in the edit box after Search: rpcss.dll
Click the Search File(s) button
It will make a log (Search.txt)- please post this report in your next reply.

When you first posted you stated:

Today I noticed that I have a radio sound coming from my speakers. (very very low...you can barely hear it)

the date and time was: 26 March 2014 - 12:18 AM.

The only thing i see around this time and date (in the reports) are the start of some errors in the error log:

Error: (03/25/2014 11:56:01 AM) (Source: Application Error)(User: )
Description: Scrivener000000000

Error: (03/25/2014 11:56:01 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Scrivener because of this error.

Program: Scrivener
File:

I know this is thinking outside of the box...... but i'm trying to explore every avenue to try and pin point entries in the reports and the start of the problem.
Can you think of anything else that may have happened around that time/date.

Have you tried another set of speakers just in case it's a problem with them?

Please try and answer these questions and post the search result from FRST.

Thanks

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users