Buy Malwarebytes antimalware











This site is hosted at Hostgator.com




Sponsored Adverts

Sponsored Ads

These adverts come direct from Google adsense



Recent Posts

Pages: 1 2 [3] 4 5 6 7 8 ... 10
21
hi - there's definitely something wacky going on here
a few days ago i noticed my evernote desktop application wasn't syncing. then malwarebytes wasn't updating. then all the icons on my desktop disappeared as did my user folder from my c: drive. i have recovered the destktop andc:drive (made then visible again) but there's somthing still in there. also when i turn on the computer (or restart it like i've done about 20 times) it opens to the homescreen of my user, not to the screen to choose which user to use the computer as, like it usually did. i've run malware bytes, malware chameleon, combofix, adwclearner, rogue killer and tdss killer. i'm pretty sure i'm running windows 7.
please ask me for any other info i can give to help!
thank you so so much and here's to happy hedgehogs! :)


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by Catie Grimm at 23:06:30 on 2015-03-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8091.3307 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_11&param1=1&param2=f%253D1%26b%3D{browser}%26cc%3Dca%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyEzz0Azyzy0F0ByBtD0CtN0D0Tzu0StCtCyCyDtN1L2XzutAtFyBtFyCtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDtA0CyCyByByC0CtGtAyB0BzztGtB0EtC0FtGtCyEyCyEtGtDtA0E0DyE0DyC0AyCyD0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0EtA0D0CyDtAtAtGtAzz0F0BtGyE0AyD0FtG0BtB0ByBtG0B0C0F0D0F0E0D0D0FyE0C0E2Q%26cr%3D1262163613%26a%3Dwny_wnzp_15_11%26os%3DWindows 7 Home Premium
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [HP Photosmart 5510d series (NET)] "C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" -deviceID "CN256310JF05RW:NW" -scfn "HP Photosmart 5510d series (NET)" -AutoStart 1
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\CATIEG~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\CATIEG~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{BF6FE22F-3528-4094-BE9B-09FB038439DC} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{BF6FE22F-3528-4094-BE9B-09FB038439DC}\341666560294E6475627E6164796F6E616C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BF6FE22F-3528-4094-BE9B-09FB038439DC}\3486164602841627279637723702E4564777F627B6 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{BF6FE22F-3528-4094-BE9B-09FB038439DC}\3656371627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BF6FE22F-3528-4094-BE9B-09FB038439DC}\77F6E6465627C616E646 : DHCPNameServer = 192.168.0.7
TCP: Interfaces\{BF6FE22F-3528-4094-BE9B-09FB038439DC}\84F6D656027596D2649602E4564777F627B6 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2011-12-5 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-1-23 30056]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-15 659976]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-20 77128]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-3-27 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-3-27 1104208]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-4-23 135952]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2014-11-20 226584]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2013-6-7 1641768]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-9 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-10-9 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-10-9 161560]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-9 363800]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-2-13 95232]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-2-13 747008]
R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2015-2-23 352144]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 hswpan;WPAN Driver;C:\Windows\System32\drivers\hswpan.sys [2011-12-7 108288]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-3-21 60928]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-10-9 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2011-12-5 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2011-12-5 785688]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-12-20 25496]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-3-18 129752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-9 565352]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2011-10-14 20016]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/01/23 09:35:16;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-2-8 244720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-12 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-3-27 1304912]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2015-3-11 43664]
S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-9-13 1098296]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-3-10 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-12-20 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-6-25 272688]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-7-17 124560]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-10-9 259688]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2013-1-8 401856]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-16 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-29 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-03-18 23:16:41   129752   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-03-18 23:16:29   93400   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2015-03-18 23:16:29   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2015-03-18 23:16:29   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2015-03-18 23:16:29   --------   d-----w-   C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-18 22:40:28   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-03-18 22:39:11   11910896   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B1D5B464-7CFE-4BA1-A20E-E22787058397}\mpengine.dll
2015-03-18 22:26:30   --------   d-----w-   C:\$RECYCLE.BIN
2015-03-18 22:11:18   98816   ----a-w-   C:\Windows\sed.exe
2015-03-18 22:11:18   256000   ----a-w-   C:\Windows\PEV.exe
2015-03-18 22:11:18   208896   ----a-w-   C:\Windows\MBR.exe
2015-03-18 21:46:54   --------   d-----w-   C:\Windows\pss
2015-03-18 16:23:02   11910896   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-17 20:33:04   --------   d-----w-   C:\Users\Catie Grimm\AppData\Local\CyberLink
2015-03-17 15:08:10   --------   d-----w-   C:\ProgramData\Licenses
2015-03-17 15:08:07   129872   ----a-w-   C:\Windows\SysWow64\MSSTDFMT.DLL
2015-03-17 09:37:09   35064   ----a-w-   C:\Windows\System32\drivers\TrueSight.sys
2015-03-17 09:37:03   --------   d-----w-   C:\ProgramData\RogueKiller
2015-03-17 09:27:23   129752   ----a-w-   C:\Windows\System32\drivers\366D782C.sys
2015-03-17 04:24:01   --------   d-----w-   C:\Users\Catie Grimm\AppData\Local\Zotero
2015-03-16 21:01:47   --------   d-----w-   C:\Users\Catie Grimm\AppData\Local\WebEx
2015-03-13 04:51:22   --------   d-----w-   C:\Users\Catie Grimm\AppData\Local\Scrivener
2015-03-13 04:18:31   --------   d-----w-   C:\Program Files (x86)\Scrivener
2015-03-12 07:13:59   82432   ----a-w-   C:\Windows\System32\cryptsp.dll
2015-03-12 00:16:02   --------   d-----w-   C:\Users\Catie Grimm\AppData\Local\WinZip
2015-03-12 00:13:35   43664   ----a-w-   C:\Windows\System32\drivers\hitmanpro37.sys
2015-03-11 23:35:33   --------   d-----w-   C:\Users\Catie Grimm\AppData\Local\Windows Live
2015-03-10 19:13:41   372224   ----a-w-   C:\Windows\System32\atmfd.dll
2015-03-10 19:13:40   46080   ----a-w-   C:\Windows\System32\atmlib.dll
2015-03-10 19:13:40   41984   ----a-w-   C:\Windows\System32\lpk.dll
2015-03-10 19:13:40   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
2015-03-10 19:13:40   299008   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2015-03-10 19:13:40   14336   ----a-w-   C:\Windows\System32\dciman32.dll
2015-03-10 19:13:40   10240   ----a-w-   C:\Windows\SysWow64\dciman32.dll
2015-03-10 19:13:39   70656   ----a-w-   C:\Windows\SysWow64\fontsub.dll
2015-03-10 19:13:39   25600   ----a-w-   C:\Windows\SysWow64\lpk.dll
2015-03-10 19:13:39   100864   ----a-w-   C:\Windows\System32\fontsub.dll
2015-03-10 19:09:11   465920   ----a-w-   C:\Windows\System32\WMPhoto.dll
2015-03-10 19:09:11   417792   ----a-w-   C:\Windows\SysWow64\WMPhoto.dll
2015-03-03 20:27:02   950272   ----a-w-   C:\Windows\System32\perftrack.dll
2015-03-03 20:27:02   91136   ----a-w-   C:\Windows\System32\wdi.dll
2015-03-03 20:27:02   76800   ----a-w-   C:\Windows\SysWow64\wdi.dll
2015-03-03 20:27:02   29696   ----a-w-   C:\Windows\System32\powertracker.dll
2015-02-26 08:23:45   --------   d-----w-   C:\Program Files\iPod
2015-02-26 08:23:45   --------   d-----w-   C:\Program Files (x86)\iTunes
2015-02-26 08:23:44   --------   d-----w-   C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-26 08:23:44   --------   d-----w-   C:\Program Files\iTunes
2015-02-26 08:18:21   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2015-02-26 08:18:21   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2015-02-26 08:18:21   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2015-02-26 08:18:21   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2015-02-26 08:18:21   159744   ----a-w-   C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2015-02-23 23:11:00   --------   d-----w-   C:\Users\Catie Grimm\AppData\Local\Skype
2015-02-23 23:10:37   --------   d-----r-   C:\Program Files (x86)\Skype
2015-02-23 19:57:04   --------   d-----w-   C:\Users\Catie Grimm\AppData\Local\Macroplant_LLC
2015-02-23 19:42:38   190480   ----a-w-   C:\Windows\System32\CbFsMntNtf3.dll
2015-02-23 19:42:33   158224   ----a-w-   C:\Windows\SysWow64\CbFsMntNtf3.dll
2015-02-23 19:42:33   141328   ----a-w-   C:\Windows\System32\CbFsNetRdr3.dll
2015-02-23 19:42:31   223760   ----a-w-   C:\Windows\SysWow64\CbFsNetRdr3.dll
2015-02-23 19:41:03   352144   ----a-w-   C:\Windows\System32\drivers\cbfs3.sys
2015-02-23 19:40:53   --------   d-----w-   C:\Program Files (x86)\iExplorer
2015-02-22 19:01:57   --------   d-----w-   C:\Users\Catie Grimm\AppData\Local\Microsoft Help
2015-02-21 18:41:22   1188440   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{442884DC-F2C7-404F-BE94-9D89BBCD9D72}\gapaengine.dll
2015-02-18 10:03:36   --------   d-----w-   C:\Users\Catie Grimm\AppData\Local\Apple Computer
2015-02-18 10:03:08   33240   ----a-w-   C:\Windows\System32\drivers\GEARAspiWDM.sys
2015-02-18 09:55:22   --------   d-----w-   C:\Users\Catie Grimm\AppData\Local\Apple
2015-02-18 09:54:44   --------   d-----w-   C:\Program Files\Bonjour
2015-02-18 09:54:44   --------   d-----w-   C:\Program Files (x86)\Bonjour
2015-02-18 00:09:08   --------   d-sh--w-   C:\Users\Catie Grimm\AppData\Local\EmieBrowserModeList
.
==================== Find3M  ====================
.
2015-03-06 05:56:10   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10   155576   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33   341504   ----a-w-   C:\Windows\System32\schannel.dll
2015-03-06 05:42:33   28160   ----a-w-   C:\Windows\System32\secur32.dll
2015-03-06 05:42:29   314880   ----a-w-   C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29   309760   ----a-w-   C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27   728064   ----a-w-   C:\Windows\System32\kerberos.dll
2015-03-06 05:42:27   1461760   ----a-w-   C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20   22016   ----a-w-   C:\Windows\System32\credssp.dll
2015-03-06 05:41:46   31232   ----a-w-   C:\Windows\System32\lsass.exe
2015-03-06 05:41:31   64000   ----a-w-   C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16   60416   ----a-w-   C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57   146432   ----a-w-   C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56   686080   ----a-w-   C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26   248832   ----a-w-   C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22   221184   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18   550912   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31   50176   ----a-w-   C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50   60416   ----a-w-   C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43   146432   ----a-w-   C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20   686080   ----a-w-   C:\Windows\SysWow64\adtschema.dll
2015-03-03 13:17:35   295552   ------w-   C:\Windows\System32\MpSigStub.exe
2015-02-26 03:25:44   3204096   ----a-w-   C:\Windows\System32\win32k.sys
2015-02-20 03:06:02   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-02-20 03:05:49   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2015-02-20 02:50:14   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2015-02-20 02:49:29   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2015-02-20 02:49:19   584192   ----a-w-   C:\Windows\System32\vbscript.dll
2015-02-20 02:47:56   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2015-02-20 02:35:17   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-02-20 02:35:05   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2015-02-20 02:34:24   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2015-02-20 02:32:34   6035456   ----a-w-   C:\Windows\System32\jscript9.dll
2015-02-20 02:26:12   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2015-02-20 02:22:35   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2015-02-20 02:13:57   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-02-20 02:09:08   503296   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2015-02-20 02:08:59   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2015-02-20 02:08:13   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06:44   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2015-02-20 01:56:54   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2015-02-20 01:56:07   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2015-02-20 01:47:06   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2015-02-20 01:46:45   2125824   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-02-20 01:41:52   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30:39   4300288   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2015-02-20 01:28:25   2358784   ----a-w-   C:\Windows\System32\wininet.dll
2015-02-20 01:24:21   2052608   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2015-02-20 01:23:19   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:01:25   1888256   ----a-w-   C:\Windows\SysWow64\wininet.dll
2015-02-04 03:16:29   609280   ----a-w-   C:\Windows\System32\generaltel.dll
2015-02-04 03:16:20   762368   ----a-w-   C:\Windows\System32\invagent.dll
2015-02-04 03:16:16   414720   ----a-w-   C:\Windows\System32\devinv.dll
2015-02-04 03:16:14   894976   ----a-w-   C:\Windows\System32\appraiser.dll
2015-02-04 03:16:13   227328   ----a-w-   C:\Windows\System32\aepdu.dll
2015-02-04 03:16:13   192000   ----a-w-   C:\Windows\System32\aepic.dll
2015-02-04 03:13:28   1098752   ----a-w-   C:\Windows\System32\aeinv.dll
2015-02-03 03:34:39   693176   ----a-w-   C:\Windows\System32\winload.efi
2015-02-03 03:34:38   5554104   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2015-02-03 03:34:36   94656   ----a-w-   C:\Windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29   616360   ----a-w-   C:\Windows\System32\winresume.efi
2015-02-03 03:30:58   631808   ----a-w-   C:\Windows\System32\evr.dll
2015-02-03 03:29:19   8704   ----a-w-   C:\Windows\System32\pcaevts.dll
2015-02-03 03:28:49   2048   ----a-w-   C:\Windows\System32\mferror.dll
2015-02-03 03:28:14   6656   ----a-w-   C:\Windows\System32\apisetschema.dll
2015-02-03 03:19:12   663552   ----a-w-   C:\Windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31   3973048   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31   3917760   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55   50176   ----a-w-   C:\Windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48   23040   ----a-w-   C:\Windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18   12625408   ----a-w-   C:\Windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03   2048   ----a-w-   C:\Windows\SysWow64\mferror.dll
2015-02-03 03:08:07   6656   ----a-w-   C:\Windows\SysWow64\apisetschema.dll
2015-02-03 02:32:25   61440   ----a-w-   C:\Windows\System32\drivers\appid.sys
2015-01-30 23:56:51   459336   ----a-w-   C:\Windows\System32\drivers\cng.sys
2015-01-27 23:36:21   1239720   ----a-w-   C:\Windows\System32\aitstatic.exe
2015-01-17 02:48:38   1067520   ----a-w-   C:\Windows\System32\msctf.dll
2015-01-17 02:30:42   828928   ----a-w-   C:\Windows\SysWow64\msctf.dll
.
============= FINISH: 23:07:17.41 ===============
22
*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
*  Click START then RUN
*  Now type Combofix /Uninstall in the runbox  and click OK.  Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://myonlinesecurity.co.uk/how-to-protect-yourself-and-tighten-security/ for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests.

Then pay an urgent visit to windows update & make sure you are fully updated,  that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
23
fix log generated ... k9 has been removed !! THANK YOU ! AVG is scanning as I type/post.

Nick


---------------------




Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Al Ray at 2015-03-11 16:45:58 Run:1
Running from C:\Users\Al Ray\Desktop
Loaded Profiles: Al Ray (Available profiles: Al Ray)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************

() C:\Program Files\K9-PC Protector\k9amUninstall.exe
C:\Program Files\K9-PC Protector\k9amUninstall.exe
C:\Program Files\K9-PC Protector\
C:\Program Files\K9-PCFixer\
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=4seKMaFs0Pv95h-YgKzNBfBYfIU?q={searchTerms}
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
2015-03-05 16:05 - 2015-03-05 16:06 - 00000000 ____D () C:\Users\Al Ray\AppData\Roaming\K9AMW
2015-03-05 16:05 - 2015-03-05 16:05 - 00000845 _____ () C:\Users\Public\Desktop\K9-PC Protector.lnk
2015-03-05 16:05 - 2015-03-05 16:05 - 00000000 ____D () C:\Users\Al Ray\AppData\Roaming\K9Tools
2015-03-05 16:05 - 2015-03-05 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K9-PC Protector
2015-03-05 16:04 - 2015-03-05 17:22 - 00000000 ____D () C:\Program Files\K9-PC Protector
2015-03-05 16:04 - 2015-03-05 16:46 - 00000268 _____ () C:\Windows\Tasks\K9-PCFixer_UPDATES.job
2015-03-05 16:04 - 2015-03-05 16:46 - 00000260 _____ () C:\Windows\Tasks\K9-PCFixer_DEFAULT.job
2015-03-05 16:04 - 2015-03-05 16:05 - 00000000 ____D () C:\ProgramData\K9Tools
2015-03-05 16:04 - 2015-01-05 13:56 - 00022080 _____ () C:\Windows\system32\k9native32.exe
2015-03-05 16:03 - 2015-03-05 18:41 - 00000000 ____D () C:\Users\Al Ray\AppData\Roaming\K9-PCFixer
2015-03-05 16:03 - 2015-03-05 16:03 - 00000839 _____ () C:\Users\Public\Desktop\K9-PCFixer.lnk
2015-03-05 16:03 - 2015-03-05 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K9-PCFixer
2015-03-05 16:03 - 2015-03-05 16:03 - 00000000 ____D () C:\Program Files\K9-PCFixer
2011-06-04 12:36 - 2011-08-14 12:38 - 0000018 _____ () C:\Users\Al Ray\AppData\Local\msesbucf.txt
K9 PCFixer (HKLM\...\K9 PCFixer_is1) (Version: 1.8 - K9 Tools)
K9-PC Protector (HKLM\...\9E2253C2-A799-47B0-9864-90CF612BCC61_K9Tools_K9-~6898A8B4_is1) (Version: 1.0.0.14750 - k9tools.com)
Task: {5B57C56E-5D10-4DFF-AA30-6C79E891A07F} - System32\Tasks\K9-PCFixer => C:\Program Files\K9-PCFixer\K9-PCFixer.exe [2015-03-04] (K9Tools)
Task: {98F572D5-BE9F-48D1-ACF7-9EAC6C51ED7C} - System32\Tasks\K9-PC Protector_startup => C:\Program Files\K9-PC Protector\k9pcp.exe [2015-01-05] (K9Tools)
Task: {E1801A95-F30D-4E6E-8153-7A30FA6344B6} - System32\Tasks\K9-PCFixer_UPDATES => C:\Program Files\K9-PCFixer\K9-PCFixer.exe [2015-03-04] (K9Tools)
Task: C:\Windows\Tasks\K9-PCFixer_DEFAULT.job => C:\Program Files\K9-PCFixer\K9-PCFixer.exe
Task: C:\Windows\Tasks\K9-PCFixer_UPDATES.job => C:\Program Files\K9-PCFixer\K9-PCFixer.exe
2015-03-05 16:05 - 2015-01-05 13:56 - 00542784 _____ () C:\Program Files\K9-PC Protector\k9amUninstall.exe

EmptyTemp:
*****************

C:\Program Files\K9-PC Protector\k9amUninstall.exe => No running process found
C:\Program Files\K9-PC Protector\k9amUninstall.exe => Moved successfully.

"C:\Program Files\K9-PC Protector" directory move:

Could not move "C:\Program Files\K9-PC Protector" directory. => Scheduled to move on reboot.

"C:\Program Files\K9-PCFixer" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}" => Key deleted successfully.
HKCR\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => Key not found.
HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
C:\Users\Al Ray\AppData\Roaming\K9AMW => Moved successfully.
C:\Users\Public\Desktop\K9-PC Protector.lnk => Moved successfully.
C:\Users\Al Ray\AppData\Roaming\K9Tools => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K9-PC Protector => Moved successfully.

"C:\Program Files\K9-PC Protector" directory move:

Could not move "C:\Program Files\K9-PC Protector" directory. => Scheduled to move on reboot.

"C:\Windows\Tasks\K9-PCFixer_UPDATES.job" => File/Directory not found.
"C:\Windows\Tasks\K9-PCFixer_DEFAULT.job" => File/Directory not found.
C:\ProgramData\K9Tools => Moved successfully.
C:\Windows\system32\k9native32.exe => Moved successfully.
"C:\Users\Al Ray\AppData\Roaming\K9-PCFixer" => File/Directory not found.
"C:\Users\Public\Desktop\K9-PCFixer.lnk" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K9-PCFixer" => File/Directory not found.
"C:\Program Files\K9-PCFixer" => File/Directory not found.
C:\Users\Al Ray\AppData\Local\msesbucf.txt => Moved successfully.
K9 PCFixer (HKLM\...\K9 PCFixer_is1) (Version: 1.8 - K9 Tools) => Error: No automatic fix found for this entry.
K9-PC Protector (HKLM\...\9E2253C2-A799-47B0-9864-90CF612BCC61_K9Tools_K9-~6898A8B4_is1) (Version: 1.0.0.14750 - k9tools.com) => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B57C56E-5D10-4DFF-AA30-6C79E891A07F} => Key not found.
C:\Windows\System32\Tasks\K9-PCFixer not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\K9-PCFixer => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98F572D5-BE9F-48D1-ACF7-9EAC6C51ED7C} => Key not found.
C:\Windows\System32\Tasks\K9-PC Protector_startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\K9-PC Protector_startup" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1801A95-F30D-4E6E-8153-7A30FA6344B6} => Key not found.
C:\Windows\System32\Tasks\K9-PCFixer_UPDATES not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\K9-PCFixer_UPDATES => Key not found.
C:\Windows\Tasks\K9-PCFixer_DEFAULT.job not found.
C:\Windows\Tasks\K9-PCFixer_UPDATES.job not found.
"C:\Program Files\K9-PC Protector\k9amUninstall.exe" => File/Directory not found.
EmptyTemp: => Removed 420.1 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-11 16:51:51)<=

C:\Program Files\K9-PC Protector => Moved successfully.
C:\Program Files\K9-PC Protector => Is moved successfully.

==== End of Fixlog 16:52:33 ====
24
Download attached fixlist.txt file and save it to your desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
25
Hi Derek thank you for all your help. I got AVG up and running and got rid of symantic endpoint. I still cannot delete the K9 PC protector. Can u help me get rid of the program? It doesnt work anyway.
26
It looks like you have got Symantec endpoint protection installed, enabled and running and that will very likely be blocking the uninstall of the K9 software
first uninstall Symantec & then you should be able to cleanly remove K9
if it won't remove after that, then tell us & we will produce a script for removal of K9

27
Malware removal and help / Farbar Recovery Scan
« Last post by nick80 on March 06, 2015, 14:06:56 »
Also I just wanted to let you know I did not click on the fix option on the farbar recovery scan. You did not instruct me to do so. Thank you for your help.
28
Malware removal and help / Farbar Scan Results
« Last post by nick80 on March 06, 2015, 13:08:56 »
Heres the farbar results. Thanks for your help.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Al Ray (administrator) on ALRAY-PC on 06-03-2015 07:56:19
Running from C:\Users\Al Ray\Desktop
Loaded Profiles: Al Ray (Available profiles: Al Ray)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\K9-PC Protector\k9amUninstall.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [865840 2007-04-26] (Synaptics, Inc.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-15] (Google)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2008-02-01] (Symantec Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [UseDefaultTile] 0
HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-14] (Google Inc.)
HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2008-01-20] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-15] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6731
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6731
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=4seKMaFs0Pv95h-YgKzNBfBYfIU?q={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: StumbleUpon Launcher -> {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} -> C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> c:\windows\system32\BAE.dll (Gateway Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2460531259-3135208941-2218397709-1000: @movenetworks.com/Quantum Media Player -> C:\Users\Al Ray\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-21]
FF HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Al Ray\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Al Ray\AppData\Roaming\Move Networks [2009-10-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2008-02-01] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2008-02-01] (Symantec Corporation)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577008 2015-02-14] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
S3 GameConsoleService; C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe [181800 2007-08-29] (WildTangent, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-15] (Google)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093872 2007-08-11] (Symantec Corporation)
R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2479488 2008-05-09] (Symantec Corporation)
S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [288136 2008-05-11] (Symantec Corporation)
R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [90112 2007-01-30] (SigmaTel, Inc.) [File not signed]
S3 StumbleUponUpdateService; C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe [103336 2011-04-13] (stumbleupon.com)
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2240944 2008-05-09] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [9464 2009-05-13] (Sonic Solutions)
S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-20] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-17] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20141127.033\NAVENG.SYS [95704 2014-11-17] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20141127.033\NAVEX15.SYS [1636696 2014-11-17] (Symantec Corporation)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [350720 2010-03-31] (Realtek Semiconductor Corporation                           )
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [420400 2008-01-17] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2008-03-21] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2008-03-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2008-03-21] (Symantec Corporation)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [650240 2007-01-30] (SigmaTel, Inc.)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [123952 2008-11-01] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [27696 2007-10-30] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [191536 2007-10-30] (Symantec Corporation)
R1 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [91520 2008-05-09] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [49536 2008-03-12] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [40832 2008-05-09] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-09-30] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 07:54 - 2015-03-06 07:56 - 00017929 _____ () C:\Users\Al Ray\Desktop\FRST.txt
2015-03-06 07:54 - 2015-03-06 07:56 - 00000000 ____D () C:\FRST
2015-03-06 07:52 - 2015-03-06 07:52 - 01132544 _____ (Farbar) C:\Users\Al Ray\Desktop\FRST.exe
2015-03-05 21:03 - 2015-03-05 21:01 - 00011508 _____ () C:\Users\Al Ray\Desktop\ComboFix.txt
2015-03-05 21:01 - 2015-03-05 21:01 - 00011508 _____ () C:\ComboFix.txt
2015-03-05 20:16 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-05 20:16 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-05 20:16 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-05 20:16 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-05 20:16 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-05 20:16 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-05 20:16 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-05 20:16 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-05 20:15 - 2015-03-05 21:01 - 00000000 ____D () C:\Qoobox
2015-03-05 20:14 - 2015-03-05 20:55 - 00000000 ____D () C:\Windows\erdnt
2015-03-05 20:03 - 2015-03-05 20:03 - 05612482 ____R (Swearware) C:\Users\Al Ray\Desktop\ComboFix.exe
2015-03-05 18:13 - 2015-03-05 18:13 - 00011342 _____ () C:\Users\Al Ray\Desktop\hijackthis.log
2015-03-05 17:59 - 2015-03-05 17:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\Al Ray\Desktop\HijackThis.exe
2015-03-05 16:50 - 2015-03-05 16:50 - 00000767 ____H () C:\IPH.PH
2015-03-05 16:50 - 2015-03-05 16:50 - 00000299 ____H () C:\T4Metrics.log
2015-03-05 16:50 - 2015-03-05 16:50 - 00000000 ____D () C:\TEMP
2015-03-05 16:37 - 2015-03-05 16:37 - 06137635 _____ () C:\Users\Al Ray\Desktop\AVGInstLog.cab
2015-03-05 16:16 - 2015-03-05 16:55 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-05 16:16 - 2015-03-05 16:16 - 00000000 ____D () C:\Users\Al Ray\AppData\Local\MFAData
2015-03-05 16:14 - 2015-03-05 16:15 - 04800928 _____ (AVG Technologies) C:\Users\Al Ray\Desktop\avg_isc_stb_all_2015_ltst_206.exe
2015-03-05 16:05 - 2015-03-05 16:06 - 00000000 ____D () C:\Users\Al Ray\AppData\Roaming\K9AMW
2015-03-05 16:05 - 2015-03-05 16:05 - 00000845 _____ () C:\Users\Public\Desktop\K9-PC Protector.lnk
2015-03-05 16:05 - 2015-03-05 16:05 - 00000000 ____D () C:\Users\Al Ray\AppData\Roaming\K9Tools
2015-03-05 16:05 - 2015-03-05 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K9-PC Protector
2015-03-05 16:04 - 2015-03-05 17:22 - 00000000 ____D () C:\Program Files\K9-PC Protector
2015-03-05 16:04 - 2015-03-05 16:46 - 00000268 _____ () C:\Windows\Tasks\K9-PCFixer_UPDATES.job
2015-03-05 16:04 - 2015-03-05 16:46 - 00000260 _____ () C:\Windows\Tasks\K9-PCFixer_DEFAULT.job
2015-03-05 16:04 - 2015-03-05 16:05 - 00000000 ____D () C:\ProgramData\K9Tools
2015-03-05 16:04 - 2015-01-05 13:56 - 00022080 _____ () C:\Windows\system32\k9native32.exe
2015-03-05 16:03 - 2015-03-05 18:41 - 00000000 ____D () C:\Users\Al Ray\AppData\Roaming\K9-PCFixer
2015-03-05 16:03 - 2015-03-05 16:03 - 00000839 _____ () C:\Users\Public\Desktop\K9-PCFixer.lnk
2015-03-05 16:03 - 2015-03-05 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K9-PCFixer
2015-03-05 16:03 - 2015-03-05 16:03 - 00000000 ____D () C:\Program Files\K9-PCFixer
2015-03-05 15:15 - 2015-03-05 15:15 - 00000000 _____ () C:\Windows\EEventManager.INI
2015-03-05 15:13 - 2015-03-05 15:13 - 00001737 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-03-05 15:13 - 2015-03-05 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-03-05 15:12 - 2015-03-05 15:14 - 00000000 ____D () C:\Program Files\QuickTime
2015-03-05 15:03 - 2015-03-05 15:04 - 42096984 _____ (Apple Inc.) C:\Users\Al Ray\Desktop\QuickTimeInstaller.exe
2015-02-14 13:25 - 2015-02-14 13:25 - 00001963 _____ () C:\Users\Al Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-02-14 13:25 - 2015-02-14 13:25 - 00001908 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-02-14 13:25 - 2015-02-14 13:25 - 00001908 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-02-14 13:25 - 2015-02-14 13:25 - 00000000 ___RD () C:\Users\Al Ray\OneDrive
2015-02-14 13:25 - 2015-02-14 13:25 - 00000000 ____D () C:\Program Files\Microsoft OneDrive
2015-02-14 13:24 - 2015-02-14 13:24 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 07:57 - 2012-07-15 15:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-06 07:29 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-06 07:29 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-06 07:27 - 2010-10-21 12:24 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-06 02:10 - 2008-04-23 15:13 - 02095429 _____ () C:\Windows\WindowsUpdate.log
2015-03-05 21:29 - 2010-10-21 12:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-05 21:29 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 21:07 - 2006-11-02 08:01 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-05 21:01 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2015-03-05 21:01 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2015-03-05 20:54 - 2006-11-02 05:33 - 00759994 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-05 20:48 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2015-03-05 20:44 - 2008-01-20 21:47 - 00126450 _____ () C:\Windows\PFRO.log
2015-03-05 17:29 - 2006-11-02 07:47 - 00381240 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-05 17:03 - 2008-07-24 16:45 - 00000000 ____D () C:\Users\Al Ray
2015-03-05 16:31 - 2008-07-24 20:46 - 00026112 _____ () C:\Users\Al Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-05 14:42 - 2008-04-23 15:36 - 00000000 ____D () C:\Program Files\Google
2015-03-05 14:18 - 2013-04-03 22:39 - 00000000 ____D () C:\Program Files\Opera
2015-02-14 16:57 - 2008-04-23 15:24 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-14 16:56 - 2009-12-02 12:19 - 00000000 ____D () C:\Program Files\Quick Hit
2015-02-14 16:53 - 2012-12-08 08:40 - 00000000 ____D () C:\Users\Al Ray\AppData\Roaming\Amazon
2015-02-14 16:53 - 2012-12-08 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2015-02-14 16:53 - 2012-12-08 08:39 - 00000000 ____D () C:\Program Files\Amazon
2015-02-14 16:11 - 2013-02-08 11:22 - 00001590 _____ () C:\Windows\setupact.log
2015-02-14 14:57 - 2012-07-15 15:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-14 14:57 - 2011-05-25 11:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2012-09-17 18:35 - 2012-09-17 18:35 - 4096000 _____ () C:\Program Files\GUT8111.tmp
2011-03-24 12:08 - 2011-03-24 12:08 - 0000680 _____ () C:\Users\Al Ray\AppData\Local\d3d9caps.dat
2008-07-24 20:46 - 2015-03-05 16:31 - 0026112 _____ () C:\Users\Al Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-04 12:36 - 2011-08-14 12:38 - 0000018 _____ () C:\Users\Al Ray\AppData\Local\msesbucf.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 21:35

==================== End Of Log ============================


-----------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by Al Ray at 2015-03-06 07:57:32
Running from C:\Users\Al Ray\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2040 (HKLM\...\{6BAE6EDB-6B06-479C-B1AB-014A69D63E21}) (Version: 1.00 - Brother)
Browser Address Error Redirector (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.2.10104.2 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.2 - DivX, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-200 Series Printer Uninstall (HKLM\...\EPSON XP-200 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Gateway Connect (HKLM\...\{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}) (Version: 1.1.0 - Acceller)
Gateway Games (HKLM\...\WildTangent gateway Master Uninstall) (Version: GTWY0802 - WildTangent)
Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.044 - Gateway)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition v1.0 Multi (HKLM\...\{8BF806C4-2D77-4F67-8435-D4BDCEB665A8}_is1) (Version:  - My Company, Inc.)
H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K9 PCFixer (HKLM\...\K9 PCFixer_is1) (Version: 1.8 - K9 Tools)
K9-PC Protector (HKLM\...\9E2253C2-A799-47B0-9864-90CF612BCC61_K9Tools_K9-~6898A8B4_is1) (Version: 1.0.0.14750 - k9tools.com)
LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.61 - Symantec Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Money Essentials (HKLM\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Communicator 2007 (HKLM\...\{E5BA0430-919F-46DD-B656-0796F8A5ADFF}) (Version: 2.0.6362.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
Move Media Player (HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\...\Move Media Player) (Version:  - Move Networks)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
REALTEK USB Wireless LAN Driver (HKLM\...\{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}) (Version: 1.00.0000 - Realtek)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Software Updater (HKLM\...\{7B3A525D-9D3D-4618-AE52-A31DE98C8AC3}) (Version: 4.1.4 - SEIKO EPSON CORPORATION)
StumbleUpon IE Toolbar (HKLM\...\StumbleUponIEToolbar) (Version: 3.95 - StumbleUpon)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{2E2966EA-2169-4E42-8A8A-CC1749D80088}) (Version: 11.0.2010.25 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.2.3.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}) (Version: 17.0.10381 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Al Ray\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Al Ray\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Users\Al Ray\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Users\Al Ray\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Users\Al Ray\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Users\Al Ray\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

==================== Restore Points  =========================

12-04-2014 14:47:25 Scheduled Checkpoint
14-04-2014 07:24:18 Scheduled Checkpoint
06-05-2014 22:28:00 Scheduled Checkpoint
08-05-2014 21:06:43 Scheduled Checkpoint
28-06-2014 14:31:52 Scheduled Checkpoint
14-02-2015 16:55:03 Removed Quick Hit - Football
05-03-2015 14:39:57 Removed Google Earth.
05-03-2015 15:09:52 Installed QuickTime 7
05-03-2015 16:18:53 Installed AVG 2015
05-03-2015 16:21:03 Installed AVG 2015
05-03-2015 16:34:06 Removed AVG 2015
05-03-2015 16:41:12 Installed AVG 2015
05-03-2015 16:56:37 Installed AVG 2015
05-03-2015 17:06:40 Removed AVG 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2015-03-05 20:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FD2B7CB-F58F-4068-8535-93298358363E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {108F2B29-79A4-4FCB-8402-AB5D99D95C85} - System32\Tasks\{E78E3A4A-6AA2-460F-8C5F-1E0DC577C4EF} => pcalua.exe -a "C:\Users\Al Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A2QOMDAF\Exam4-dickinson-Vista-Installer[2].exe" -d C:\Windows\system32
Task: {3B39061D-6D00-47EE-971F-DE532233CE4C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {4A5F2E67-1D66-4541-9CD0-585FE585D391} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-14] (Adobe Systems Incorporated)
Task: {5B57C56E-5D10-4DFF-AA30-6C79E891A07F} - System32\Tasks\K9-PCFixer => C:\Program Files\K9-PCFixer\K9-PCFixer.exe [2015-03-04] (K9Tools)
Task: {5DE8012B-14F6-46D3-AEBC-90C524206ADA} - System32\Tasks\{EA1E6A03-B90E-4940-850D-4E599BFC5089} => pcalua.exe -a "C:\Users\Al Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N1JJB9R\Exam4-dickinson-Vista-Installer[1].exe" -d "C:\Users\Al Ray\Desktop"
Task: {744D429A-2951-48C5-9B18-8990D2D3DE20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {827A1D17-2D98-4533-8C31-302F74B03246} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {840CDC9E-39BD-4C87-B86D-B7EB53CFCCAC} - System32\Tasks\K9-PCFixer_DEFAULT => C:\Program Files\K9-PCFixer\K9-PCFixer.exe [2015-03-04] (K9Tools)
Task: {97C0ABD7-C38D-4B07-8C3A-FFC8297EF87D} - System32\Tasks\{D8C54C38-1862-4C2B-B2DC-73C22016FC70} => pcalua.exe -a "C:\Users\Al Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L3A7M7HM\Exam4-dickinson-Vista-Installer[1].exe" -d C:\Windows\system32
Task: {98F572D5-BE9F-48D1-ACF7-9EAC6C51ED7C} - System32\Tasks\K9-PC Protector_startup => C:\Program Files\K9-PC Protector\k9pcp.exe [2015-01-05] (K9Tools)
Task: {AB8517F1-7F17-4BFC-82E5-0120E5651C0C} - System32\Tasks\{F6E2AFD0-F3D5-494E-BFBE-620BA0B8C346} => pcalua.exe -a "C:\Users\Al Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NPYSOB0T\Exam4-dickinson-Vista-Installer[1].exe" -d "C:\Users\Al Ray\Desktop"
Task: {D9A77E57-2AD2-4CDA-9D39-2D4823A3CCBC} - System32\Tasks\{21AFCDFA-18DD-4FDE-8676-E8FD7244D8D7} => pcalua.exe -a "C:\Users\Al Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V1NSQSA\Exam4-dickinson-Vista-Installer[1].exe" -d "C:\Users\Al Ray\Desktop"
Task: {E1801A95-F30D-4E6E-8153-7A30FA6344B6} - System32\Tasks\K9-PCFixer_UPDATES => C:\Program Files\K9-PCFixer\K9-PCFixer.exe [2015-03-04] (K9Tools)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\K9-PCFixer_DEFAULT.job => C:\Program Files\K9-PCFixer\K9-PCFixer.exe
Task: C:\Windows\Tasks\K9-PCFixer_UPDATES.job => C:\Program Files\K9-PCFixer\K9-PCFixer.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-14 13:24 - 2015-02-14 13:24 - 00081056 _____ () C:\Users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2011-07-22 17:59 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-14 14:57 - 2015-02-14 14:57 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
2015-03-05 16:05 - 2015-01-05 13:56 - 00542784 _____ () C:\Program Files\K9-PC Protector\k9amUninstall.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:A18D1A5B

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Al Ray\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2460531259-3135208941-2218397709-500 - Administrator - Disabled)
Al Ray (S-1-5-21-2460531259-3135208941-2218397709-1000 - Administrator - Enabled) => C:\Users\Al Ray
Guest (S-1-5-21-2460531259-3135208941-2218397709-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/06/2015 07:55:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 4.3.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1468
Start Time: 01d0580ca2463fd6
Termination Time: 0

Error: (03/05/2015 09:44:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program _iu14D2N.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1700
Start Time: 01d057b700621186
Termination Time: 0

Error: (03/05/2015 09:30:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2015 08:46:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2015 08:17:16 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: )
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
Event Info:  Terminate Process
Action Taken:  Logged
Actor Process:  C:\ComboFix\PV.3XE (PID 1692)
Time:  Thursday, March 05, 2015  8:17:16 PM

Error: (03/05/2015 07:52:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2015 06:43:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program K9-PCFixer.exe version 1.8.144.207 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 884
Start Time: 01d0579d30733d8c
Termination Time: 16

Error: (03/05/2015 06:36:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2015 05:31:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2015 05:21:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/05/2015 09:30:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/05/2015 09:30:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (03/05/2015 08:47:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/05/2015 08:46:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (03/05/2015 08:43:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (03/05/2015 08:43:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Computer Browser%%1060

Error: (03/05/2015 08:31:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (03/05/2015 08:21:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (03/05/2015 07:53:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/05/2015 07:52:43 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: IPsec Policy AgentBFE


Microsoft Office Sessions:
=========================
Error: (11/09/2010 04:56:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 177197 seconds with 18780 seconds of active time.  This session ended with a crash.

Error: (10/19/2010 08:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 638390 seconds with 32460 seconds of active time.  This session ended with a crash.

Error: (09/14/2010 09:04:05 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8216 seconds with 3540 seconds of active time.  This session ended with a crash.

Error: (03/10/2010 06:01:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 79245 seconds with 6300 seconds of active time.  This session ended with a crash.

Error: (12/15/2009 00:31:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 253712 seconds with 77760 seconds of active time.  This session ended with a crash.

Error: (11/26/2009 01:07:11 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1102228 seconds with 132960 seconds of active time.  This session ended with a crash.

Error: (10/30/2009 08:38:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 52642 seconds with 6960 seconds of active time.  This session ended with a crash.

Error: (09/22/2009 09:41:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2033 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (09/17/2009 00:51:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47673 seconds with 19140 seconds of active time.  This session ended with a crash.

Error: (08/28/2009 00:54:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 81617 seconds with 1740 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-03-05 21:29:02.668
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 20:45:46.379
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 19:51:32.882
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 18:35:57.973
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 17:30:02.875
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 16:45:52.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 15:57:54.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 15:17:37.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 15:05:57.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 15:02:50.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
Percentage of memory in use: 64%
Total physical RAM: 2037.68 MB
Available physical RAM: 724.12 MB
Total Pagefile: 4324.64 MB
Available Pagefile: 2965.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.41 MB

==================== Drives ================================

Drive c: (Partition_1) (Fixed) (Total:138.19 GB) (Free:54.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:10.85 GB) (Free:10.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 4C4ADFA7)
Partition 1: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=138.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
29
for some reason that is not showing what it should be
please do this

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to download and run the 32 bit version

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
30
Hi Derek heres the log you requested from combofix. I tried to uninstal the K9-PC pro Protector program and there is still hesitation and the uninstall process is unsuccessful. To end the process we used task manager.

We did not try to install the AVG. If u can offer advice involving these processes it would be greatly appreciated.

 Thank you for your help.



ComboFix 15-03-01.01 - Al Ray 03/05/2015  20:21:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2038.1053 [GMT -5:00]
Running from: c:\users\Al Ray\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\AE16.tmp
c:\users\Al Ray\AppData\Local\assembly\tmp
c:\users\Al Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Shield.lnk
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-06 to 2015-03-06  )))))))))))))))))))))))))))))))
.
.
2015-03-06 01:42 . 2015-03-06 01:42   --------   d-----w-   c:\users\Default\AppData\Local\temp
2015-03-05 21:50 . 2015-03-05 21:50   --------   d-----w-   C:\TEMP
2015-03-05 21:16 . 2015-03-05 21:55   --------   d-----w-   c:\programdata\MFAData
2015-03-05 21:16 . 2015-03-05 21:16   --------   d-----w-   c:\users\Al Ray\AppData\Local\MFAData
2015-03-05 21:05 . 2015-03-05 21:06   --------   d-----w-   c:\users\Al Ray\AppData\Roaming\K9AMW
2015-03-05 21:05 . 2015-03-05 21:05   --------   d-----w-   c:\users\Al Ray\AppData\Roaming\K9Tools
2015-03-05 21:04 . 2015-03-05 21:05   --------   d-----w-   c:\programdata\K9Tools
2015-03-05 21:04 . 2015-03-05 22:22   --------   d-----w-   c:\program files\K9-PC Protector
2015-03-05 21:04 . 2015-01-05 18:56   22080   ----a-w-   c:\windows\system32\k9native32.exe
2015-03-05 21:03 . 2015-03-05 21:03   --------   d-----w-   c:\program files\K9-PCFixer
2015-03-05 21:03 . 2015-03-05 23:41   --------   d-----w-   c:\users\Al Ray\AppData\Roaming\K9-PCFixer
2015-03-05 20:14 . 2015-03-05 20:14   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-03-05 20:14 . 2015-03-05 20:14   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-03-05 20:14 . 2015-03-05 20:14   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-03-05 20:14 . 2015-03-05 20:14   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-03-05 20:14 . 2015-03-05 20:14   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-03-05 20:12 . 2015-03-05 20:14   --------   d-----w-   c:\program files\QuickTime
2015-03-05 19:42 . 2015-03-06 01:40   --------   d-----w-   c:\users\Al Ray\AppData\Local\assembly
2015-02-14 18:25 . 2015-02-14 18:25   --------   d-----w-   c:\program files\Microsoft OneDrive
2015-02-14 18:25 . 2015-02-14 18:25   --------   d-----r-   c:\users\Al Ray\OneDrive
2015-02-14 18:24 . 2015-02-14 18:24   --------   d-----w-   c:\programdata\Microsoft OneDrive
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-04 23:19 . 2010-06-24 15:33   23256   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-02-14 19:57 . 2012-07-15 20:10   701616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2015-02-14 19:57 . 2011-05-25 16:09   71344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-17 23:35 . 2012-09-17 23:35   4096000   ----a-w-   c:\program files\GUT8111.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-02-14 18:25   239272   ----a-w-   c:\users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-02-14 18:25   239272   ----a-w-   c:\users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-02-14 18:25   239272   ----a-w-   c:\users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-15 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2013-1-29 685936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 19:57]
.
2015-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 00:23]
.
2015-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 00:23]
.
2015-03-05 c:\windows\Tasks\K9-PCFixer_DEFAULT.job
- c:\program files\K9-PCFixer\K9-PCFixer.exe [2015-03-05 21:22]
.
2015-03-05 c:\windows\Tasks\K9-PCFixer_UPDATES.job
- c:\program files\K9-PCFixer\K9-PCFixer.exe [2015-03-05 21:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6731
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-Symantec Antvirus
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-05 20:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\K9-PC Protector\k9pcp.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\EscSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\SigmaTel\C-Major Audio\WDM\STacSV.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2015-03-05  21:01:22 - machine was rebooted
ComboFix-quarantined-files.txt  2015-03-06 02:00
.
Pre-Run: 51,632,840,704 bytes free
Post-Run: 58,561,396,736 bytes free
.
- - End Of File - - FD77DDECF04B17485DE219D795CB3FC5
5C616939100B85E558DA92B899A0FC36
Pages: 1 2 [3] 4 5 6 7 8 ... 10

Donations

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware has become so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you. In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

The reason I run this site is to raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the paypal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running

To donate via paypal when the button doesn't appear or the link doesn't work: just go to www.paypal.com or your country's paypal log in page and chose send money and use help@thehedgehog.co.uk as recipient email address and select other service as the option. then follow prompts


Useful Advice and Programs

Stop killing hedgehogs with strimmers
Welcome, Guest. Please login or register.
Did you miss your activation email?
July 06, 2015, 19:01:39

Login with username, password and session length

secunia Software inspector


RoboForm: Learn more...

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware is so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you.
In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

I run this site to help raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the PayPal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running