Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware repeatedly changing my proxy server

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware repeatedly changing my proxy server

Unread postby Jesse_Boyer » March 17th, 2014, 5:41 pm

Upon changing my proxy server settings, iTunes can access the network briefly (typically 15-seconds) and then is no longer able to download new podcasts. Something within my system is changing the proxy server settings to use a proxy server and I am not able to figure out what.

I have run AVG anti-virus free edition, SpyBot Search and Destroy, and Malwarebytes. Some found a couple items, but all were resolved per the software and the condition still exists.

I only noticed my iTunes stopped downloading new podcasts, otherwise all seems fine.

Any help is greatly appreciated!

Conditions seem exactly like this closed thread:
viewtopic.php?f=11&t=62176#.UydqxIXla7J

LOGS!
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/16/2012 1:51:04 PM
System Uptime: 3/17/2014 7:34:26 AM (9 hours ago)
.
Motherboard: Dell Inc. | | 08VFX1
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | U2E1 | 1190/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 583 GiB total, 210.864 GiB free.
D: is CDROM ()
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP193: 3/16/2014 4:20:05 PM - Installed AVG 2014
RP194: 3/16/2014 4:22:22 PM - Installed AVG 2014
RP195: 3/16/2014 4:56:19 PM - Removed SpyHunter
RP196: 3/16/2014 5:09:53 PM - Removed SpyHunter
RP197: 3/16/2014 9:34:08 PM - Removed Microsoft Silverlight
RP198: 3/16/2014 9:35:55 PM - Removed Apple Mobile Device Support
RP199: 3/16/2014 9:36:46 PM - Removed Apple Application Support
RP200: 3/16/2014 10:04:41 PM - Removed iTunes
RP201: 3/16/2014 10:08:31 PM - Installed iTunes
.
==== Hosts File Hijack ======================
.
Hosts: 216.239.32.20 google.com www.google.com
Hosts: 216.239.32.20 google.com www.google.ad
Hosts: 216.239.32.20 google.com www.google.ae
Hosts: 216.239.32.20 google.com www.google.com.af
Hosts: 216.239.32.20 google.com www.google.com.ag
Hosts: 216.239.32.20 google.com www.google.com.ai
Hosts: 216.239.32.20 google.com www.google.al
Hosts: 216.239.32.20 google.com www.google.am
Hosts: 216.239.32.20 google.com www.google.co.ao
Hosts: 216.239.32.20 google.com www.google.com.ar
Hosts: 216.239.32.20 google.com www.google.as
Hosts: 216.239.32.20 google.com www.google.at
Hosts: 216.239.32.20 google.com www.google.com.au
Hosts: 216.239.32.20 google.com www.google.az
Hosts: 216.239.32.20 google.com www.google.ba
Hosts: 216.239.32.20 google.com www.google.com.bd
Hosts: 216.239.32.20 google.com www.google.be
Hosts: 216.239.32.20 google.com www.google.bf
Hosts: 216.239.32.20 google.com www.google.bg
Hosts: 216.239.32.20 google.com www.google.com.bh
Hosts: 216.239.32.20 google.com www.google.bi
Hosts: 216.239.32.20 google.com www.google.bj
Hosts: 216.239.32.20 google.com www.google.com.bn
Hosts: 216.239.32.20 google.com www.google.com.bo
Hosts: 216.239.32.20 google.com www.google.com.br
Hosts: 216.239.32.20 google.com www.google.bs
Hosts: 216.239.32.20 google.com www.google.bt
Hosts: 216.239.32.20 google.com www.google.co.bw
Hosts: 216.239.32.20 google.com www.google.by
Hosts: 216.239.32.20 google.com www.google.com.bz
Hosts: 216.239.32.20 google.com www.google.ca
Hosts: 216.239.32.20 google.com www.google.cd
Hosts: 216.239.32.20 google.com www.google.cf
Hosts: 216.239.32.20 google.com www.google.cg
Hosts: 216.239.32.20 google.com www.google.ch
Hosts: 216.239.32.20 google.com www.google.ci
Hosts: 216.239.32.20 google.com www.google.co.ck
Hosts: 216.239.32.20 google.com www.google.cl
Hosts: 216.239.32.20 google.com www.google.cm
Hosts: 216.239.32.20 google.com www.google.cn
Hosts: 216.239.32.20 google.com www.google.com.co
Hosts: 216.239.32.20 google.com www.google.co.cr
Hosts: 216.239.32.20 google.com www.google.com.cu
Hosts: 216.239.32.20 google.com www.google.cv
Hosts: 216.239.32.20 google.com www.google.com.cy
Hosts: 216.239.32.20 google.com www.google.cz
Hosts: 216.239.32.20 google.com www.google.de
Hosts: 216.239.32.20 google.com www.google.dj
Hosts: 216.239.32.20 google.com www.google.dk
Hosts: 216.239.32.20 google.com www.google.dm
Hosts: 216.239.32.20 google.com www.google.com.do
Hosts: 216.239.32.20 google.com www.google.dz
Hosts: 216.239.32.20 google.com www.google.com.ec
Hosts: 216.239.32.20 google.com www.google.ee
Hosts: 216.239.32.20 google.com www.google.com.eg
Hosts: 216.239.32.20 google.com www.google.es
Hosts: 216.239.32.20 google.com www.google.com.et
Hosts: 216.239.32.20 google.com www.google.fi
Hosts: 216.239.32.20 google.com www.google.com.fj
Hosts: 216.239.32.20 google.com www.google.fm
Hosts: 216.239.32.20 google.com www.google.fr
Hosts: 216.239.32.20 google.com www.google.ga
Hosts: 216.239.32.20 google.com www.google.ge
Hosts: 216.239.32.20 google.com www.google.gg
Hosts: 216.239.32.20 google.com www.google.com.gh
Hosts: 216.239.32.20 google.com www.google.com.gi
Hosts: 216.239.32.20 google.com www.google.gl
Hosts: 216.239.32.20 google.com www.google.gm
Hosts: 216.239.32.20 google.com www.google.gp
Hosts: 216.239.32.20 google.com www.google.gr
Hosts: 216.239.32.20 google.com www.google.com.gt
Hosts: 216.239.32.20 google.com www.google.gy
Hosts: 216.239.32.20 google.com www.google.com.hk
Hosts: 216.239.32.20 google.com www.google.hn
Hosts: 216.239.32.20 google.com www.google.hr
Hosts: 216.239.32.20 google.com www.google.ht
Hosts: 216.239.32.20 google.com www.google.hu
Hosts: 216.239.32.20 google.com www.google.co.id
Hosts: 216.239.32.20 google.com www.google.ie
Hosts: 216.239.32.20 google.com www.google.co.il
Hosts: 216.239.32.20 google.com www.google.im
Hosts: 216.239.32.20 google.com www.google.co.in
Hosts: 216.239.32.20 google.com www.google.iq
Hosts: 216.239.32.20 google.com www.google.is
Hosts: 216.239.32.20 google.com www.google.it
Hosts: 216.239.32.20 google.com www.google.je
Hosts: 216.239.32.20 google.com www.google.com.jm
Hosts: 216.239.32.20 google.com www.google.jo
Hosts: 216.239.32.20 google.com www.google.co.jp
Hosts: 216.239.32.20 google.com www.google.co.ke
Hosts: 216.239.32.20 google.com www.google.com.kh
Hosts: 216.239.32.20 google.com www.google.ki
Hosts: 216.239.32.20 google.com www.google.kg
Hosts: 216.239.32.20 google.com www.google.co.kr
Hosts: 216.239.32.20 google.com www.google.com.kw
Hosts: 216.239.32.20 google.com www.google.kz
Hosts: 216.239.32.20 google.com www.google.la
Hosts: 216.239.32.20 google.com www.google.com.lb
Hosts: 216.239.32.20 google.com www.google.li
Hosts: 216.239.32.20 google.com www.google.lk
Hosts: 216.239.32.20 google.com www.google.co.ls
Hosts: 216.239.32.20 google.com www.google.lt
Hosts: 216.239.32.20 google.com www.google.lu
Hosts: 216.239.32.20 google.com www.google.lv
Hosts: 216.239.32.20 google.com www.google.com.ly
Hosts: 216.239.32.20 google.com www.google.co.ma
Hosts: 216.239.32.20 google.com www.google.md
Hosts: 216.239.32.20 google.com www.google.me
Hosts: 216.239.32.20 google.com www.google.mg
Hosts: 216.239.32.20 google.com www.google.mk
Hosts: 216.239.32.20 google.com www.google.ml
Hosts: 216.239.32.20 google.com www.google.com.mm
Hosts: 216.239.32.20 google.com www.google.mn
Hosts: 216.239.32.20 google.com www.google.ms
Hosts: 216.239.32.20 google.com www.google.com.mt
Hosts: 216.239.32.20 google.com www.google.mu
Hosts: 216.239.32.20 google.com www.google.mv
Hosts: 216.239.32.20 google.com www.google.mw
Hosts: 216.239.32.20 google.com www.google.com.mx
Hosts: 216.239.32.20 google.com www.google.com.my
Hosts: 216.239.32.20 google.com www.google.co.mz
Hosts: 216.239.32.20 google.com www.google.com.na
Hosts: 216.239.32.20 google.com www.google.com.nf
Hosts: 216.239.32.20 google.com www.google.com.ng
Hosts: 216.239.32.20 google.com www.google.com.ni
Hosts: 216.239.32.20 google.com www.google.ne
Hosts: 216.239.32.20 google.com www.google.nl
Hosts: 216.239.32.20 google.com www.google.no
Hosts: 216.239.32.20 google.com www.google.com.np
Hosts: 216.239.32.20 google.com www.google.nr
Hosts: 216.239.32.20 google.com www.google.nu
Hosts: 216.239.32.20 google.com www.google.co.nz
Hosts: 216.239.32.20 google.com www.google.com.om
Hosts: 216.239.32.20 google.com www.google.com.pa
Hosts: 216.239.32.20 google.com www.google.com.pe
Hosts: 216.239.32.20 google.com www.google.com.pg
Hosts: 216.239.32.20 google.com www.google.com.ph
Hosts: 216.239.32.20 google.com www.google.com.pk
Hosts: 216.239.32.20 google.com www.google.pl
Hosts: 216.239.32.20 google.com www.google.pn
Hosts: 216.239.32.20 google.com www.google.com.pr
Hosts: 216.239.32.20 google.com www.google.ps
Hosts: 216.239.32.20 google.com www.google.pt
Hosts: 216.239.32.20 google.com www.google.com.py
Hosts: 216.239.32.20 google.com www.google.com.qa
Hosts: 216.239.32.20 google.com www.google.ro
Hosts: 216.239.32.20 google.com www.google.ru
Hosts: 216.239.32.20 google.com www.google.rw
Hosts: 216.239.32.20 google.com www.google.com.sa
Hosts: 216.239.32.20 google.com www.google.com.sb
Hosts: 216.239.32.20 google.com www.google.sc
Hosts: 216.239.32.20 google.com www.google.se
Hosts: 216.239.32.20 google.com www.google.com.sg
Hosts: 216.239.32.20 google.com www.google.sh
Hosts: 216.239.32.20 google.com www.google.si
Hosts: 216.239.32.20 google.com www.google.sk
Hosts: 216.239.32.20 google.com www.google.com.sl
Hosts: 216.239.32.20 google.com www.google.sn
Hosts: 216.239.32.20 google.com www.google.so
Hosts: 216.239.32.20 google.com www.google.sm
Hosts: 216.239.32.20 google.com www.google.st
Hosts: 216.239.32.20 google.com www.google.com.sv
Hosts: 216.239.32.20 google.com www.google.td
Hosts: 216.239.32.20 google.com www.google.tg
Hosts: 216.239.32.20 google.com www.google.co.th
Hosts: 216.239.32.20 google.com www.google.com.tj
Hosts: 216.239.32.20 google.com www.google.tk
Hosts: 216.239.32.20 google.com www.google.tl
Hosts: 216.239.32.20 google.com www.google.tm
Hosts: 216.239.32.20 google.com www.google.tn
Hosts: 216.239.32.20 google.com www.google.to
Hosts: 216.239.32.20 google.com www.google.com.tr
Hosts: 216.239.32.20 google.com www.google.tt
Hosts: 216.239.32.20 google.com www.google.com.tw
Hosts: 216.239.32.20 google.com www.google.co.tz
Hosts: 216.239.32.20 google.com www.google.com.ua
Hosts: 216.239.32.20 google.com www.google.co.ug
Hosts: 216.239.32.20 google.com www.google.co.uk
Hosts: 216.239.32.20 google.com www.google.com.uy
Hosts: 216.239.32.20 google.com www.google.co.uz
Hosts: 216.239.32.20 google.com www.google.com.vc
Hosts: 216.239.32.20 google.com www.google.co.ve
Hosts: 216.239.32.20 google.com www.google.vg
Hosts: 216.239.32.20 google.com www.google.co.vi
Hosts: 216.239.32.20 google.com www.google.com.vn
Hosts: 216.239.32.20 google.com www.google.vu
Hosts: 216.239.32.20 google.com www.google.ws
Hosts: 216.239.32.20 google.com www.google.rs
Hosts: 216.239.32.20 google.com www.google.co.za
Hosts: 216.239.32.20 google.com www.google.co.zm
Hosts: 216.239.32.20 google.com www.google.co.zw
Hosts: 216.239.32.20 google.com www.google.cat
.
==== Installed Programs ======================
.
µTorrent
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
AEMPro
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar Updater
Audacity 2.0.2
AVG 2014
AVG Security Toolbar
Bonjour
BufferChm
C5200
C5200_Help
Catalina Savings Printer
Copy
Dell Edoc Viewer
Destinations
DeviceDiscovery
DocProc
Dropbox
eMachineShop
Fax
Google Chrome
Google Earth
Google Update Helper
GoToAssist Corporate
GPBaseService2
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart All-In-One Driver Software 13.0 Rel. 2
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
insight3d 0.3.2
Intel PROSet Wireless
Intel WiMAX Tutorial
Intel(R) PROSet/Wireless WiFi Software
Intel® PROSet/Wireless WiMAX Software
iTunes
Java 7 Update 40
Java 7 Update 45 (64-bit)
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 27 (64-bit)
Java(TM) 6 Update 30
JavaFX 2.1.0
Junk Mail filter update
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
Network64
OCR Software by I.R.I.S. 13.0
OpenOffice.org 3.3
PdaNet+ for Android 4.15
PowerISO
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
SAMSUNG USB Driver for Mobile Phones
Scan
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
SpyHunter
Status
Synaptics Pointing Device Driver
Toolbox
TP-LINK USB Printer Controller
TrayApp
UnloadSupport
VCDS Release 11.11.6
VCDS Release 12.12.2
Visual Studio 2008 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 1.1.11
WBFS Manager 3.0
WebReg
Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR 4.10 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
3/17/2014 4:28:38 PM, Error: Service Control Manager [7034] - The View Password service terminated unexpectedly. It has done this 1 time(s).
3/17/2014 4:28:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ViewPassword service.
3/17/2014 4:09:20 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
3/16/2014 8:32:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) PROSet/Wireless Event Log service to connect.
3/16/2014 8:32:08 PM, Error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/16/2014 8:31:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/16/2014 8:31:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WinRST service to connect.
3/16/2014 8:31:15 PM, Error: Service Control Manager [7000] - The WinRST service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/16/2014 8:30:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
3/16/2014 8:30:45 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/16/2014 10:12:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5.
3/16/2014 10:01:23 PM, Error: Service Control Manager [7022] - The WinRST service hung on starting.
3/16/2014 10:01:23 PM, Error: Service Control Manager [7022] - The PirritUpdater service hung on starting.
3/16/2014 10:01:23 PM, Error: Service Control Manager [7022] - The PirritDesktop service hung on starting.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16750 BrowserJavaVersion: 10.40.2
Run by JesseBoyer at 16:44:57 on 2014-03-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5941.3221 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Users\JesseBoyer\AppData\Local\PirritSuggestor\PirritService.exe
C:\Program Files (x86)\Pirrit\AutoUpdater.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
C:\Program Files (x86)\WinRST\WinRST.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\JesseBoyer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Users\JesseBoyer\AppData\Local\PirritSuggestor\PirritDesktop.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\My Dell\uaclauncher.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\JesseBoyer\AppData\Local\Temp\n4521\Iminent_1712-b2fcad5e.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
uProxyServer = hxxp=http://127.0.0.1:9880
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IEExtension.Extension: {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\JesseBoyer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [TP-LINK USB Printer Controller] C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe -mini
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\JESSEB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\JesseBoyer\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\JESSEB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\JESSEB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{011DD1A0-8CC4-4D8C-A9DD-2345AD33EC27} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{011DD1A0-8CC4-4D8C-A9DD-2345AD33EC27}\348627F6D6563616374703632323 : DHCPNameServer = 192.168.255.249
TCP: Interfaces\{011DD1A0-8CC4-4D8C-A9DD-2345AD33EC27}\35471697262796467656021313 : DHCPNameServer = 10.111.19.125 8.8.8.8 8.8.4.4 68.94.156.1 68.94.157.1
TCP: Interfaces\{011DD1A0-8CC4-4D8C-A9DD-2345AD33EC27}\84165787 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{011DD1A0-8CC4-4D8C-A9DD-2345AD33EC27}\849454850243 : DHCPNameServer = 10.111.112.1 8.8.8.8 8.8.4.4 68.94.156.1 68.94.157.1
TCP: Interfaces\{011DD1A0-8CC4-4D8C-A9DD-2345AD33EC27}\84F6D656 : DHCPNameServer = 192.168.2.1 75.75.76.76 75.75.75.75
TCP: Interfaces\{DB302849-DA62-4B08-BB61-EE31941001FA} : NameServer = 0.0.0.0
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 216.239.32.20 google.com www.google.com
Hosts: 216.239.32.20 google.com www.google.ad
Hosts: 216.239.32.20 google.com www.google.ae
Hosts: 216.239.32.20 google.com www.google.com.af
Hosts: 216.239.32.20 google.com www.google.com.ag
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JesseBoyer\AppData\Roaming\Mozilla\Firefox\Profiles\d34icct5.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/|http://www.reddit.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\JESSEB~1\AppData\Roaming\CATALI~1\npBcsKtTcHW.dll
FF - plugin: C:\Users\JesseBoyer\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-07-21 15:33; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R?2 PirritDesktop;PirritDesktop;C:\Users\JesseBoyer\AppData\Local\PirritSuggestor\PirritService.exe [2014-3-3 52568]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-25 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-5 50976]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R2 PirritUpdater;PirritUpdater;C:\Program Files (x86)\Pirrit\AutoUpdater.exe [2014-3-3 59904]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-3-16 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-3-16 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-3-16 171416]
R2 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [2014-3-2 1759768]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R2 WinRST;WinRST;C:\Program Files (x86)\WinRST\WinRST.exe [2014-3-3 59904]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2012-1-13 71168]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2012-1-13 175104]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2012-1-13 81920]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2009-12-22 74280]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2012-1-13 7689216]
R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2012-1-24 15360]
R3 TPLINKUDSMBus;TPLINKUDSMBus;C:\Windows\System32\drivers\TplinkUDSMBus.sys [2013-8-4 102688]
S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\drivers\CH341S64.SYS [2011-11-4 58368]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-2-23 95544]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RT-USB;Ross-Tech USB driver;C:\Windows\System32\drivers\RT-USB64.SYS [2010-6-16 70984]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-2-23 203320]
S3 TplinkUDSTcpBus;TplinkUDSTcpBus;C:\Windows\System32\drivers\TplinkUDSTcpBus.sys [2013-8-4 181024]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-1-16 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-17 1255736]
.
=============== Created Last 30 ================
.
2014-03-17 03:09:14 -------- d-----w- C:\Program Files\iPod
2014-03-17 03:09:13 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-17 03:09:13 -------- d-----w- C:\Program Files\iTunes
2014-03-17 03:09:13 -------- d-----w- C:\Program Files (x86)\iTunes
2014-03-17 01:19:20 -------- d-----w- C:\Windows\ERUNT
2014-03-16 21:53:48 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-03-16 21:53:47 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-03-16 21:53:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-16 21:36:02 -------- d-----w- C:\Users\JesseBoyer\AppData\Roaming\AVG2014
2014-03-16 21:31:10 -------- d-----w- C:\Users\JesseBoyer\AppData\Roaming\TuneUp Software
2014-03-16 21:21:47 -------- d-----w- C:\ProgramData\AVG2014
2014-03-16 21:16:38 -------- d-----w- C:\Users\JesseBoyer\AppData\Local\MFAData
2014-03-16 21:16:38 -------- d-----w- C:\Users\JesseBoyer\AppData\Local\Avg2014
2014-03-16 15:00:44 -------- d-----w- C:\Users\JesseBoyer\AppData\Roaming\Malwarebytes
2014-03-16 15:00:33 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-16 15:00:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-16 15:00:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-13 21:13:57 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-13 21:13:57 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-13 21:13:55 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-13 21:13:55 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-13 21:13:31 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-13 21:13:31 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-13 21:13:23 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-13 21:13:23 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-03 22:46:25 -------- d-----w- C:\Users\JesseBoyer\AppData\Roaming\VideoEditor
2014-03-03 22:39:13 -------- d-----w- C:\Users\JesseBoyer\AppData\Local\WinRST
2014-03-03 22:39:12 -------- d-----w- C:\Program Files (x86)\WinRST
2014-03-03 22:39:02 -------- d-----w- C:\Users\JesseBoyer\AppData\Local\PirritSuggestor
2014-03-03 22:39:00 -------- d-----w- C:\Users\JesseBoyer\AppData\Roaming\Pirrit
2014-03-03 22:38:58 -------- d-----w- C:\Program Files (x86)\Pirrit
2014-03-02 22:42:14 -------- d-----w- C:\ProgramData\AVG Secure Search
2014-02-24 02:10:17 -------- d-----w- C:\Users\JesseBoyer\.android
2014-02-24 02:08:42 -------- d-----w- C:\Users\JesseBoyer\AppData\Local\ElevatedDiagnostics
2014-02-24 01:29:58 95544 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2014-02-24 01:29:58 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2014-02-24 01:28:53 -------- d-----w- C:\Program Files\SAMSUNG
2014-02-24 01:19:34 -------- d-----w- C:\ProgramData\Samsung
.
==================== Find3M ====================
.
2014-03-12 21:16:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 21:16:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-02 22:41:57 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-01-24 01:56:20 82920 ----a-w- C:\Windows\SysWow64\mslvddsfilter2.ax
2014-01-01 21:29:01 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
.
============= FINISH: 16:45:33.37 ===============
Jesse_Boyer
Active Member
 
Posts: 2
Joined: March 17th, 2014, 5:34 pm
Advertisement
Register to Remove

Re: Malware repeatedly changing my proxy server

Unread postby Cypher » March 18th, 2014, 11:04 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
µTorrent
Ask Toolbar Updater
AVG Security Toolbar
Java 7 Update 40
Java 7 Update 45 (64-bit)
Java(TM) 6 Update 22
Java(TM) 6 Update 27 (64-bit)
Java(TM) 6 Update 30
SpyHunter


Next.

First please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.

Next please download zoek.exe and save it to your desktop.
  • Close any open browsers.
  • Right click on zoek.exe and select " Run as administrator " to run it.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  • Click the More Options button below the large panel and check the box:

    • Auto Clean
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Logs/Information to Post in your Next Reply

  • zoek-results.log.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware repeatedly changing my proxy server

Unread postby Jesse_Boyer » March 18th, 2014, 8:33 pm

Registry backup complete.



Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by JesseBoyer on Tue 03/18/2014 at 18:58:07.45.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\JesseBoyer\Desktop\zoek.exe [Scan all users] [Checkboxes used]

===== Runcheck 18:59:39.37 =====

--- Create Environment Variables 18:59:40.62
--- Create System Restore Point 18:59:50.20
--- Checking Input 19:00:02.40
--- AU AppData Check 19:00:07.42
--- Remove From Windows Installer 19:00:11.23
--- IE Startpage Check 19:00:57.06
--- Program Files DB Check 19:01:19.81
--- C:\Users\Default\AppData\Roaming DB Check 19:01:55.09
--- C:\Users\Default User\AppData\Roaming DB Check 19:01:55.09
--- C:\Users\JesseBoyer\AppData\Roaming DB Check 19:01:55.09
--- C:\Users\Jesse_Boyer\AppData\Roaming DB Check 19:01:55.09
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 19:01:55.09
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 19:01:55.09
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 19:01:55.09
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 19:01:55.09
--- C:\Users\JesseBoyer DB Check 19:03:38.91
--- C:\PROGRA~3 DB Check 19:03:54.70
--- C:\Users\Default\AppData\Local DB Check 19:03:55.60
--- C:\Users\Default User\AppData\Local DB Check 19:03:55.60
--- C:\Users\JesseBoyer\AppData\Local DB Check 19:03:55.60
--- C:\Users\Jesse_Boyer\AppData\Local DB Check 19:03:55.60
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 19:03:55.60
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 19:03:55.60
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 19:03:55.60
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 19:03:55.60
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 19:05:05.27
--- C:\Users\JesseBoyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 19:05:11.56
--- Tasks DB Check 19:05:15.09
--- Downloads DB Check 19:05:17.58
--- C:\Users\JesseBoyer\AppData\LocalLow DB Check 19:05:21.22
--- C:\Users\Jesse_Boyer\AppData\LocalLow DB Check 19:05:21.22
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 19:05:21.22
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 19:05:21.22
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 19:05:21.22
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 19:05:21.22
--- Tasks2 DB Check 19:06:15.88
--- Documents DB Check 19:06:31.15
--- C:\Users\JESSEB~1\AppData\Roaming\Mozilla\Firefox\Profiles\d34icct5.default DB Check 19:06:34.65
--- C:\Users\JESSE_~1\AppData\Roaming\Mozilla\Firefox\Profiles\9y47y6g1.default DB Check 19:06:34.65
--- C:\Users\JesseBoyer\Desktop DB Check 19:06:39.33
--- Services DB Check 19:06:46.72
--- FF prefs.js DB Check 19:06:59.93
--- Del by CLSID 19:07:52.21
--- Delete Services 19:08:22.35
--- Firefox Fix 19:08:37.01

Also, this is the 'zoek-results.log' file I found in the C: directory.

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by JesseBoyer on Tue 03/18/2014 at 18:58:07.45.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\JesseBoyer\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

3/18/2014 7:00:00 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PirritDesktop deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PirritDesktop deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PirritUpdater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PirritUpdater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.0.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.0.0 deleted successfully


OTL logfile created on: 3/18/2014 7:22:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JesseBoyer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16844)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 3.48 Gb Available Physical Memory | 60.01% Memory free
11.60 Gb Paging File | 8.98 Gb Available in Paging File | 77.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.88 Gb Total Space | 213.69 Gb Free Space | 36.66% Space Free | Partition Type: NTFS

Computer Name: JESSEBOYER-PC | User Name: JesseBoyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/18 19:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JesseBoyer\Desktop\OTL.exe
PRC - [2014/03/12 16:16:13 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2014/03/02 17:41:57 | 002,539,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2014/02/26 17:42:58 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\WinRST\WinRST.exe
PRC - [2014/02/20 16:33:04 | 000,052,568 | ---- | M] () -- C:\Users\JesseBoyer\AppData\Local\PirritSuggestor\PirritService.exe
PRC - [2014/02/20 16:33:02 | 000,191,320 | ---- | M] () -- C:\Users\JesseBoyer\AppData\Local\PirritSuggestor\PirritDesktop.exe
PRC - [2014/02/20 15:13:08 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Pirrit\AutoUpdater.exe
PRC - [2014/02/17 08:01:30 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/01/22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/01/07 17:30:34 | 001,054,432 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
PRC - [2014/01/02 19:32:12 | 033,508,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\JesseBoyer\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/11/20 07:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/18 03:21:48 | 000,041,984 | ---- | M] () -- c:\Users\JesseBoyer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmproulng.dll
MOD - [2014/03/12 16:16:12 | 016,276,872 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2014/03/02 17:41:57 | 002,539,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2014/03/02 17:41:57 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll
MOD - [2014/02/20 16:33:02 | 000,191,320 | ---- | M] () -- C:\Users\JesseBoyer\AppData\Local\PirritSuggestor\PirritDesktop.exe
MOD - [2014/02/17 08:01:30 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/01/07 17:30:34 | 001,054,432 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
MOD - [2013/12/17 21:25:54 | 003,610,624 | ---- | M] () -- C:\Users\JesseBoyer\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 18:55:02 | 025,100,288 | ---- | M] () -- C:\Users\JesseBoyer\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/01/16 15:57:10 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/06/07 16:39:40 | 000,911,872 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/06/07 16:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/03/05 11:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 11:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 11:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2014/03/12 16:16:13 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/26 17:42:58 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WinRST\WinRST.exe -- (WinRST)
SRV - [2014/02/17 08:01:30 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/01/22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/16 19:42:48 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/03/02 17:41:57 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/11/25 21:47:22 | 000,196,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/11/25 21:47:20 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/11/25 21:47:20 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/03/09 19:31:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/21 09:47:26 | 000,102,688 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TplinkUDSMBus.sys -- (TPLINKUDSMBus)
DRV:64bit: - [2012/09/21 09:44:16 | 000,181,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TplinkUDSTcpBus.sys -- (TplinkUDSTcpBus)
DRV:64bit: - [2012/08/24 02:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/13 11:09:17 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/13 11:09:17 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/11/25 02:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/11/04 17:00:00 | 000,058,368 | ---- | M] (http://www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CH341S64.SYS -- (CH341SER_A64)
DRV:64bit: - [2011/08/24 23:43:54 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(http://www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2011/08/24 23:43:54 | 000,095,544 | ---- | M] (DEVGURU Co., LTD.(http://www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/16 16:01:30 | 000,070,984 | ---- | M] (Ross-Tech LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RT-USB64.SYS -- (RT-USB)
DRV:64bit: - [2010/05/31 15:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/05/16 20:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2010/05/16 20:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/05/16 20:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2009/12/22 02:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/12 21:23:46 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 D7 AD A9 52 41 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=http://127.0.0.1:9880

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin: C:\Program Files\Java\jre6\bin\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\JESSEB~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/21 15:33:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248 [2014/03/02 17:42:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/21 15:33:02 | 000,000,000 | ---D | M]

[2013/01/08 12:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JesseBoyer\AppData\Roaming\Mozilla\Extensions
[2014/03/17 16:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JesseBoyer\AppData\Roaming\Mozilla\Firefox\Profiles\d34icct5.default\extensions
[2012/09/19 16:50:03 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\JesseBoyer\AppData\Roaming\Mozilla\Firefox\Profiles\d34icct5.default\extensions\amznUWL2@amazon.com.xpi
[2014/03/18 18:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/19 20:46:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/17 08:01:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.facebook.com/lists/101359719895616
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\JesseBoyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\JesseBoyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\JesseBoyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Cast = C:\Users\JesseBoyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.218.0.5_0\
CHR - Extension: Google Search = C:\Users\JesseBoyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\JesseBoyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.25_0\
CHR - Extension: Google Wallet = C:\Users\JesseBoyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\JesseBoyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/03/17 20:46:12 | 000,000,019 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TP-LINK USB Printer Controller] C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Users\JesseBoyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JesseBoyer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\JesseBoyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\JesseBoyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{011DD1A0-8CC4-4D8C-A9DD-2345AD33EC27}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB302849-DA62-4B08-BB61-EE31941001FA}: NameServer = 0.0.0.0
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/01/10 19:42:19 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{72e62adc-7586-11e3-a480-f04da259b4b7}\Shell - "" = AutoRun
O33 - MountPoints2\{72e62adc-7586-11e3-a480-f04da259b4b7}\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{9f006777-9cee-11e3-a241-f04da259b4b7}\Shell - "" = AutoRun
O33 - MountPoints2\{9f006777-9cee-11e3-a241-f04da259b4b7}\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/18 19:20:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JesseBoyer\Desktop\OTL.exe
[2014/03/18 19:07:51 | 000,000,000 | ---D | C] -- C:\zoek
[2014/03/18 18:57:51 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/03/18 18:45:01 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/03/18 18:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/03/18 18:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/03/17 20:45:51 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/03/17 20:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/03/17 17:15:30 | 000,000,000 | ---D | C] -- C:\Users\JesseBoyer\AppData\Roaming\AVG
[2014/03/17 17:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014/03/17 17:12:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/03/16 22:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/03/16 22:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/16 22:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/16 22:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/03/16 22:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/03/16 22:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/03/16 20:19:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/16 16:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/03/16 16:53:48 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/03/16 16:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/03/16 16:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/03/16 16:36:02 | 000,000,000 | ---D | C] -- C:\Users\JesseBoyer\AppData\Roaming\AVG2014
[2014/03/16 16:31:10 | 000,000,000 | ---D | C] -- C:\Users\JesseBoyer\AppData\Roaming\TuneUp Software
[2014/03/16 16:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/03/16 16:16:38 | 000,000,000 | ---D | C] -- C:\Users\JesseBoyer\AppData\Local\MFAData
[2014/03/16 16:16:38 | 000,000,000 | ---D | C] -- C:\Users\JesseBoyer\AppData\Local\Avg2014
[2014/03/16 10:00:44 | 000,000,000 | ---D | C] -- C:\Users\JesseBoyer\AppData\Roaming\Malwarebytes
[2014/03/16 10:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/16 10:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/16 10:00:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/16 10:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/03/03 17:46:25 | 000,000,000 | ---D | C] -- C:\Users\JesseBoyer\AppData\Roaming\VideoEditor
[2014/03/03 17:46:25 | 000,000,000 | ---D | C] -- C:\Users\JesseBoyer\Documents\FlashIntegro
[2014/03/03 17:39:13 | 000,000,000 | ---D | C] -- C:\Users\JesseBoyer\AppData\Local\WinRST
[2014/03/03 17:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRST
[2014/03/03 17:39:02 | 000,000,000 | ---D | C] -- C:\Users\JesseBoyer\AppData\Local\PirritSuggestor
[2014/03/03 17:39:00 | 000,000,000 | ---D | C] -- C:\Users\JesseBoyer\AppData\Roaming\Pirrit
[2014/03/03 17:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pirrit
[2014/03/03 17:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VDCS video editor
[2014/03/03 17:37:37 | 000,082,920 | ---- | C] (Flash-Integro LLC) -- C:\Windows\SysWow64\mslvddsfilter2.ax
[2014/03/03 17:37:35 | 000,638,976 | ---- | C] (DivXNetworks, Inc.) -- C:\Windows\SysWow64\divx.dll
[2014/03/03 17:37:35 | 000,438,272 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp6vfw.dll
[2014/03/03 17:37:35 | 000,261,632 | ---- | C] (MainConcept) -- C:\Windows\SysWow64\mcdvd_32.dll
[2014/03/03 17:37:35 | 000,221,215 | ---- | C] (DivXNetworks, Inc.) -- C:\Windows\SysWow64\divxdec.ax
[2014/03/03 17:37:35 | 000,082,944 | ---- | C] (Voxware, Inc.) -- C:\Windows\SysWow64\vct3216.acm
[2014/03/03 17:37:35 | 000,081,920 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\AC3ACM.acm
[2014/03/03 17:37:35 | 000,038,912 | ---- | C] (NCT Company) -- C:\Windows\SysWow64\alf2cd.acm
[2014/03/03 17:37:35 | 000,013,239 | ---- | C] (SHARP Corporation) -- C:\Windows\SysWow64\Scg726.acm
[2014/03/03 17:37:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\FlashIntegro
[2014/03/02 17:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2014/02/23 21:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
[2014/02/23 21:10:17 | 000,000,000 | ---D | C] -- C:\Users\JesseBoyer\.android
[2014/02/23 21:08:42 | 000,000,000 | ---D | C] -- C:\Users\JesseBoyer\AppData\Local\ElevatedDiagnostics
[2014/02/23 20:29:58 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(http://www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2014/02/23 20:29:58 | 000,095,544 | ---- | C] (DEVGURU Co., LTD.(http://www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2014/02/23 20:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2014/02/23 20:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/09/04 19:01:20 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\JesseBoyer\AppData\Local\BcsKtYcHW.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/18 19:20:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JesseBoyer\Desktop\OTL.exe
[2014/03/18 19:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/18 19:00:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/18 18:57:17 | 001,285,120 | ---- | M] () -- C:\Users\JesseBoyer\Desktop\zoek.exe
[2014/03/18 18:45:49 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-JESSEBOYER-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/18 18:44:25 | 000,002,237 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/03/18 18:27:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/18 16:15:11 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/18 03:28:09 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/18 03:28:09 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/18 03:26:48 | 000,733,998 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/18 03:26:48 | 000,631,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/18 03:26:48 | 000,108,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/18 03:21:04 | 000,000,441 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2014/03/18 03:18:53 | 376,848,383 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/17 20:46:12 | 000,000,019 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/03/17 20:45:51 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/03/17 16:28:58 | 000,581,957 | ---- | M] () -- C:\Users\JesseBoyer\Desktop\adwcleaner-1.606-en.exe
[2014/03/16 22:09:53 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/13 18:45:29 | 000,297,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/09 18:09:20 | 000,078,829 | ---- | M] () -- C:\Users\JesseBoyer\Desktop\Sup.jpg
[2014/03/03 17:39:03 | 000,008,953 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.hitmanpro
[2014/03/03 17:35:25 | 000,000,690 | ---- | M] () -- C:\Users\JesseBoyer\Desktop\VCDS Release 12.12.lnk
[2014/03/02 17:42:34 | 000,003,730 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2014/03/02 17:41:57 | 000,050,976 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/02/28 04:03:45 | 000,792,520 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/23 21:36:00 | 000,001,115 | ---- | M] () -- C:\Users\JesseBoyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/18 18:57:14 | 001,285,120 | ---- | C] () -- C:\Users\JesseBoyer\Desktop\zoek.exe
[2014/03/18 18:45:49 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-JESSEBOYER-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/03/18 18:44:25 | 000,002,237 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2014/03/17 16:28:58 | 000,581,957 | ---- | C] () -- C:\Users\JesseBoyer\Desktop\adwcleaner-1.606-en.exe
[2014/03/16 22:09:53 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/16 16:53:54 | 000,001,393 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/03/09 18:09:20 | 000,078,829 | ---- | C] () -- C:\Users\JesseBoyer\Desktop\Sup.jpg
[2014/03/03 17:37:35 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014/03/03 17:37:35 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\lame.ax
[2014/03/03 17:37:35 | 000,156,910 | ---- | C] () -- C:\Windows\WMSysPr8.prx
[2014/03/03 17:37:35 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2014/03/03 17:37:35 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2014/02/23 21:36:00 | 000,001,115 | ---- | C] () -- C:\Users\JesseBoyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
[2013/09/04 19:01:19 | 000,893,239 | ---- | C] () -- C:\Users\JesseBoyer\AppData\Local\a.zip
[2013/05/20 16:03:53 | 000,003,730 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2012/11/25 21:39:25 | 000,792,520 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/28 14:37:12 | 000,027,520 | ---- | C] () -- C:\Users\JesseBoyer\AppData\Local\dt.dat
[2012/07/21 15:32:00 | 000,210,645 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2012/07/21 15:32:00 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2012/07/21 15:20:49 | 000,210,819 | ---- | C] () -- C:\Windows\hpoins21.dat
[2012/07/21 15:20:49 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2012/01/16 19:42:43 | 000,103,784 | ---- | C] () -- C:\Users\JesseBoyer\GoToAssistDownloadHelper.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/10 18:57:57 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\Audacity
[2012/11/04 15:29:14 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\Auslogics
[2014/03/17 17:15:30 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\AVG
[2014/03/16 16:36:02 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\AVG2014
[2013/09/04 19:01:17 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\Catalina – Print Savings
[2013/01/08 16:18:18 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\DAEMON Tools Lite
[2014/03/18 03:22:04 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\Dropbox
[2014/01/31 16:41:47 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\DropboxMaster
[2013/10/30 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\eMachineShop
[2013/12/19 21:54:39 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\Mael
[2013/01/08 16:48:00 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\Mipony
[2012/03/30 18:04:00 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\OpenOffice.org
[2012/01/16 20:25:11 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\PCDr
[2013/10/30 20:14:03 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\PGP
[2014/03/03 17:39:00 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\Pirrit
[2012/11/05 06:18:20 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\PowerISO
[2014/03/16 16:31:10 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\TuneUp Software
[2014/03/18 18:33:44 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\uTorrent
[2014/03/03 17:46:25 | 000,000,000 | ---D | M] -- C:\Users\JesseBoyer\AppData\Roaming\VideoEditor

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 3/18/2014 7:22:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JesseBoyer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16844)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 3.48 Gb Available Physical Memory | 60.01% Memory free
11.60 Gb Paging File | 8.98 Gb Available in Paging File | 77.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.88 Gb Total Space | 213.69 Gb Free Space | 36.66% Space Free | Partition Type: NTFS

Computer Name: JESSEBOYER-PC | User Name: JesseBoyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F2E45F-26F1-41DD-BB7A-5B1CE9238C77}" = lport=7437 | protocol=17 | dir=in | name=tp-link usb printer controller udp port |
"{082D61F8-1D22-4668-BA54-DABC0A89B145}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1013BD7C-E339-4E08-B384-275EE7DCE9BE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1DCC64F9-F341-4467-B7B6-1003AF5F1954}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A381B85-4B4E-49D5-87D6-D13E0829A5D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{52CBCDD5-2826-4802-BFD1-3EC699348FA3}" = lport=138 | protocol=17 | dir=in | app=system |
"{61E4C09A-F8F5-4C50-A481-6AF73C277D34}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{624904EC-51CB-4F8F-8897-4D6A8A69689D}" = rport=138 | protocol=17 | dir=out | app=system |
"{6A42409F-2980-49C9-963D-616B45AC5C71}" = rport=137 | protocol=17 | dir=out | app=system |
"{75C27E9F-FA1E-4240-BBFD-3A4AC3BD1F73}" = rport=2869 | protocol=6 | dir=out | app=system |
"{7A8168F3-D63A-40B2-B702-867BC805433C}" = lport=445 | protocol=6 | dir=in | app=system |
"{881707FA-DE68-4838-945A-2BBA9F59CE7E}" = lport=137 | protocol=17 | dir=in | app=system |
"{8DBD1E29-B94C-4BFB-B749-24C2DD38A20F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9D041D7F-4DA0-41C0-B2E9-602751B3AB5E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9E3C88B1-D61A-4716-88E0-95B1317E19DB}" = rport=139 | protocol=6 | dir=out | app=system |
"{AD6DEA16-D771-450D-9644-0512229E83AF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe |
"{B155F498-87F0-4353-AB5B-F58F283BCC80}" = lport=139 | protocol=6 | dir=in | app=system |
"{D4150BEA-6771-4E01-9428-946707371D97}" = rport=445 | protocol=6 | dir=out | app=system |
"{D72E6033-95A1-4BB5-BA4C-992D328BD2D1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E922B7A7-D79C-4BC0-94B3-DBB9A536FC9C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E9EED992-67FF-4B90-A6DF-7F3F82ACF036}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EF1969EB-1DF1-470A-B530-C5576A446C71}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BC331B-0771-477F-A271-7EBE66CB2973}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{0853ADFA-0406-410D-9854-57ECB36967F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0D2BE99E-4BD9-4E24-ACA5-3746FBC17024}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0DA40BB4-B67E-4D4A-9FF7-ABA220F2C822}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0EEBFE44-1229-4D90-B75B-99413D951D78}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{190105CF-513A-4E8A-9468-BFF70A3B6954}" = protocol=6 | dir=in | app=c:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe |
"{19E260E3-B945-44D1-A3FF-90E620FE9E0C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{1C08B120-A538-4197-8953-0A68FEB170C0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{1E08B5CA-214B-4203-AC77-A99E1669FB28}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{25401D08-D4F1-42DB-B071-372D627BE341}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{2A780FE1-1EA8-4841-A113-998CB880C83E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2E3BD454-96EA-467E-95A4-54DF1EED5C38}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{2EFE8055-8F83-4284-BBC6-BBCB023755A0}" = protocol=17 | dir=in | app=c:\users\jesseboyer\appdata\roaming\dropbox\bin\dropbox.exe |
"{3403BB8A-8CF2-4438-850D-BC49CFF48C87}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{3BA7882D-795A-4037-85B3-9C795FBEF42E}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{3EEDAD63-6335-43DB-8E38-95572CC97E83}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{3F157C54-9E2A-4C63-9EB9-F3C56A09CF75}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{405B530B-8152-4F5D-BC71-816D200253E2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{40C621D7-42A0-426F-9E07-CCA2A248D6A2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{4C55B7A3-DBB6-4C6A-A827-17349FF24749}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{50A13334-2236-4CB0-84C5-47360DB64E3A}" = protocol=17 | dir=in | app=c:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe |
"{56DBC181-44C8-493D-85FF-D1AF1BDAA780}" = protocol=17 | dir=in | app=c:\users\jesseboyer\appdata\roaming\utorrent\utorrent.exe |
"{63A0430C-AF8F-45AB-A601-52705EFD7D08}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{63A40D94-9E45-4F77-9771-30AFD5964B55}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{66F268B5-214C-4E64-8FAF-D7113F7DCCB6}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{698A56A4-F52C-4805-A65B-97C30039806C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{70CD9163-77EA-457B-84DD-C1F0D47127D8}" = protocol=6 | dir=in | app=c:\users\jesseboyer\appdata\roaming\utorrent\utorrent.exe |
"{77ECBCDC-6616-4BBE-B4E7-6A77C0EE7493}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{7BD8702C-0FEB-4EE5-A9F4-0E521F21264B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{83C2C7B0-9543-424A-BD84-E43776740B19}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{83C8D52E-19B4-4AC8-BD3C-A13B628A0A8B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{8C4773AB-1034-4F7A-B51E-8F02B8593E43}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{8FB14676-6501-45C3-B2FB-DC6E0DF012BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{90317147-748A-41D1-8BDE-31789B3B482E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{91B81B48-2BDA-4A95-9AE2-C68DABE6E110}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{953BA64B-3B88-4E5B-B904-2E9D9B939BAC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{9B2F439B-EC62-4A4B-9BD0-F2011769B3A0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{9C747C14-7DBF-4F03-9A47-619ED42CDB49}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9DF456EF-A553-40AB-8DF4-6DF9BCD4FFAE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{A9D0C74F-AC2A-4C7C-B713-69826320530C}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{AF5FE67D-792F-477E-AD90-8F11DCEB6B70}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B37AA7C1-3F3D-468C-94C9-CDCB7011AC96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BADF9C1C-5E77-4FBC-810C-0AD5231DC900}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{BCD00955-7D2F-4F94-AA0B-A9FF3228AAF3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BEB91549-3886-40D3-9C20-A0F4382A54FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{CA7BADB1-AAC0-408C-93B8-61D2119CA247}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CC35AAEB-F853-4ECC-BFE4-2CA8A5D81D6D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{D76FAA9E-E8B0-49BE-ADB2-2C8AC3D2E2EF}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{D9541C9B-D11F-4CDC-B7ED-296B7615C057}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DA46FB0F-B872-46A6-B34F-C7306FA27EBF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{DC696E23-E695-4C87-9FFC-CB4E47609E81}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{DDFE8140-F9B9-4E5F-AECE-36E4C143C3BC}" = protocol=6 | dir=in | app=c:\users\jesseboyer\appdata\roaming\dropbox\bin\dropbox.exe |
"{E22041CF-248E-4852-BA7D-350C5A059DDB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{EDAD4515-F5F8-4166-A5A0-9085D8213B6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFDCC927-94AE-4F11-95C0-F9016C3A8BC3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{F3D6325A-C538-4B23-A346-49C63ECA0195}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{F726E23F-626F-4BDA-A74B-0D9DCD057675}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{F749333B-871B-4FD3-A769-6567B179234E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8FF4838-5C9D-48F6-AA9B-5BDDFE12D3E2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{FD88183C-C48B-4718-9CBC-3987AE8E927B}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{FEAB8C26-D88F-40CA-A8AD-85434B4F015D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{CA57EAF3-5CAC-4A6B-A4F1-DBD173FAA5BF}C:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe |
"TCP Query User{CED12EFA-E3A9-4948-8BC6-F4974DDB0D96}D:\usb print service client setup\tl-wdr3600\usb printer setup wizard.exe" = protocol=6 | dir=in | app=d:\usb print service client setup\tl-wdr3600\usb printer setup wizard.exe |
"TCP Query User{F1A0C2B4-D29B-4329-AA9D-D1AE0A86AD5A}C:\users\jesseboyer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jesseboyer\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0534CDD9-EF65-4695-981E-313558E52342}C:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe |
"UDP Query User{0DB0C02E-38EA-4FAD-97B1-1B5BC40C7243}D:\usb print service client setup\tl-wdr3600\usb printer setup wizard.exe" = protocol=17 | dir=in | app=d:\usb print service client setup\tl-wdr3600\usb printer setup wizard.exe |
"UDP Query User{ADD653B5-AD35-41E6-8AC3-004BE4D99CBA}C:\users\jesseboyer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jesseboyer\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi Software
"{DFB2D93E-DEAE-4DF5-8863-CE2AB8F0B6AB}" = AVG 2014
"{E1A9DC0F-CF86-4570-A270-591A83C5B22C}" = AVG 2014
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AVG" = AVG 2014
"F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443" = Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"PC-Doctor for Windows" = My Dell
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EC900B5-28EE-4472-A9FF-B11A879EC838}" = TP-LINK USB Printer Controller
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{907611B4-1B1B-4810-88CD-965FA49F35F6}" = C5200
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{BBBA5E54-5B3C-11DE-BAEA-F9C855D89593}" = insight3d 0.3.2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"AEMPro" = AEMPro
"Audacity_is1" = Audacity 2.0.2
"AVG Secure Search" = AVG Security Toolbar
"eMachineShop_is1" = eMachineShop
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PdaNet_is1" = PdaNet+ for Android 4.15
"PowerISO" = PowerISO
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"VCDS Release 11.11" = VCDS Release 11.11.6
"VCDS Release 12.12" = VCDS Release 12.12.2
"VLC media player" = VLC media player 1.1.11
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/17/2014 10:52:51 PM | Computer Name = JesseBoyer-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 27.0.1.5156, time
stamp: 0x52fc0faa Faulting module name: xul.dll, version: 27.0.1.5156, time stamp:
0x52fc0f79 Exception code: 0xc0000005 Fault offset: 0x001560c7 Faulting process id:
0x1300 Faulting application start time: 0x01cf4254609aacf8 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\xul.dll Report Id: 64a26cb4-ae48-11e3-b791-f04da259b4b7

[ System Events ]
Error - 3/18/2014 8:08:30 PM | Computer Name = JesseBoyer-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/18/2014 8:08:31 PM | Computer Name = JesseBoyer-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/18/2014 8:08:31 PM | Computer Name = JesseBoyer-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/18/2014 8:08:32 PM | Computer Name = JesseBoyer-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/18/2014 8:08:33 PM | Computer Name = JesseBoyer-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/18/2014 8:08:33 PM | Computer Name = JesseBoyer-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/18/2014 8:08:34 PM | Computer Name = JesseBoyer-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/18/2014 8:08:35 PM | Computer Name = JesseBoyer-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/18/2014 8:08:35 PM | Computer Name = JesseBoyer-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/18/2014 8:08:36 PM | Computer Name = JesseBoyer-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >
Jesse_Boyer
Active Member
 
Posts: 2
Joined: March 17th, 2014, 5:34 pm

Re: Malware repeatedly changing my proxy server

Unread postby Cypher » March 19th, 2014, 6:58 am

Hi,
Upon changing my proxy server settings, iTunes can access the network briefly (typically 15-seconds) and then is no longer able to download new podcasts. Something within my system is changing the proxy server settings to use a proxy server and I am not able to figure out what.
Is this the proxy you want to use?
ProxyServer" = http=http://127.0.0.1:9880

The Zoek log you posted does not look complete, could you post it again please.
The log should be stored on your C: drive.
C:\ directory named "zoek-results.log"
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware repeatedly changing my proxy server

Unread postby Cypher » March 22nd, 2014, 7:05 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware