Buy Malwarebytes antimalware











This site is hosted at Hostgator.com




Sponsored Adverts

Sponsored Ads

These adverts come direct from Google adsense



Recent Posts

Pages: 1 2 [3] 4 5 6 7 8 ... 10
21
Malware removal and help / Farbar Recovery Scan
« Last post by nick80 on March 06, 2015, 14:06:56 »
Also I just wanted to let you know I did not click on the fix option on the farbar recovery scan. You did not instruct me to do so. Thank you for your help.
22
Malware removal and help / Farbar Scan Results
« Last post by nick80 on March 06, 2015, 13:08:56 »
Heres the farbar results. Thanks for your help.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Al Ray (administrator) on ALRAY-PC on 06-03-2015 07:56:19
Running from C:\Users\Al Ray\Desktop
Loaded Profiles: Al Ray (Available profiles: Al Ray)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\K9-PC Protector\k9amUninstall.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [865840 2007-04-26] (Synaptics, Inc.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-15] (Google)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2008-02-01] (Symantec Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [UseDefaultTile] 0
HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-14] (Google Inc.)
HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2008-01-20] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-15] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6731
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6731
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=4seKMaFs0Pv95h-YgKzNBfBYfIU?q={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: StumbleUpon Launcher -> {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} -> C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> c:\windows\system32\BAE.dll (Gateway Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2460531259-3135208941-2218397709-1000: @movenetworks.com/Quantum Media Player -> C:\Users\Al Ray\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-21]
FF HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Al Ray\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Al Ray\AppData\Roaming\Move Networks [2009-10-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2008-02-01] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2008-02-01] (Symantec Corporation)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577008 2015-02-14] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
S3 GameConsoleService; C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe [181800 2007-08-29] (WildTangent, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-15] (Google)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093872 2007-08-11] (Symantec Corporation)
R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2479488 2008-05-09] (Symantec Corporation)
S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [288136 2008-05-11] (Symantec Corporation)
R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [90112 2007-01-30] (SigmaTel, Inc.) [File not signed]
S3 StumbleUponUpdateService; C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe [103336 2011-04-13] (stumbleupon.com)
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2240944 2008-05-09] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [9464 2009-05-13] (Sonic Solutions)
S3 COH_Mon; C:\Windows\system32\Drivers\COH_Mon.sys [23888 2008-07-30] (Symantec Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-20] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-11-17] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20141127.033\NAVENG.SYS [95704 2014-11-17] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20141127.033\NAVEX15.SYS [1636696 2014-11-17] (Symantec Corporation)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [350720 2010-03-31] (Realtek Semiconductor Corporation                           )
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [420400 2008-01-17] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2008-03-21] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2008-03-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2008-03-21] (Symantec Corporation)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [650240 2007-01-30] (SigmaTel, Inc.)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [123952 2008-11-01] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [27696 2007-10-30] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [191536 2007-10-30] (Symantec Corporation)
R1 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [91520 2008-05-09] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [49536 2008-03-12] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [40832 2008-05-09] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-09-30] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 07:54 - 2015-03-06 07:56 - 00017929 _____ () C:\Users\Al Ray\Desktop\FRST.txt
2015-03-06 07:54 - 2015-03-06 07:56 - 00000000 ____D () C:\FRST
2015-03-06 07:52 - 2015-03-06 07:52 - 01132544 _____ (Farbar) C:\Users\Al Ray\Desktop\FRST.exe
2015-03-05 21:03 - 2015-03-05 21:01 - 00011508 _____ () C:\Users\Al Ray\Desktop\ComboFix.txt
2015-03-05 21:01 - 2015-03-05 21:01 - 00011508 _____ () C:\ComboFix.txt
2015-03-05 20:16 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-05 20:16 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-05 20:16 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-05 20:16 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-05 20:16 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-05 20:16 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-05 20:16 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-05 20:16 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-05 20:15 - 2015-03-05 21:01 - 00000000 ____D () C:\Qoobox
2015-03-05 20:14 - 2015-03-05 20:55 - 00000000 ____D () C:\Windows\erdnt
2015-03-05 20:03 - 2015-03-05 20:03 - 05612482 ____R (Swearware) C:\Users\Al Ray\Desktop\ComboFix.exe
2015-03-05 18:13 - 2015-03-05 18:13 - 00011342 _____ () C:\Users\Al Ray\Desktop\hijackthis.log
2015-03-05 17:59 - 2015-03-05 17:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\Al Ray\Desktop\HijackThis.exe
2015-03-05 16:50 - 2015-03-05 16:50 - 00000767 ____H () C:\IPH.PH
2015-03-05 16:50 - 2015-03-05 16:50 - 00000299 ____H () C:\T4Metrics.log
2015-03-05 16:50 - 2015-03-05 16:50 - 00000000 ____D () C:\TEMP
2015-03-05 16:37 - 2015-03-05 16:37 - 06137635 _____ () C:\Users\Al Ray\Desktop\AVGInstLog.cab
2015-03-05 16:16 - 2015-03-05 16:55 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-05 16:16 - 2015-03-05 16:16 - 00000000 ____D () C:\Users\Al Ray\AppData\Local\MFAData
2015-03-05 16:14 - 2015-03-05 16:15 - 04800928 _____ (AVG Technologies) C:\Users\Al Ray\Desktop\avg_isc_stb_all_2015_ltst_206.exe
2015-03-05 16:05 - 2015-03-05 16:06 - 00000000 ____D () C:\Users\Al Ray\AppData\Roaming\K9AMW
2015-03-05 16:05 - 2015-03-05 16:05 - 00000845 _____ () C:\Users\Public\Desktop\K9-PC Protector.lnk
2015-03-05 16:05 - 2015-03-05 16:05 - 00000000 ____D () C:\Users\Al Ray\AppData\Roaming\K9Tools
2015-03-05 16:05 - 2015-03-05 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K9-PC Protector
2015-03-05 16:04 - 2015-03-05 17:22 - 00000000 ____D () C:\Program Files\K9-PC Protector
2015-03-05 16:04 - 2015-03-05 16:46 - 00000268 _____ () C:\Windows\Tasks\K9-PCFixer_UPDATES.job
2015-03-05 16:04 - 2015-03-05 16:46 - 00000260 _____ () C:\Windows\Tasks\K9-PCFixer_DEFAULT.job
2015-03-05 16:04 - 2015-03-05 16:05 - 00000000 ____D () C:\ProgramData\K9Tools
2015-03-05 16:04 - 2015-01-05 13:56 - 00022080 _____ () C:\Windows\system32\k9native32.exe
2015-03-05 16:03 - 2015-03-05 18:41 - 00000000 ____D () C:\Users\Al Ray\AppData\Roaming\K9-PCFixer
2015-03-05 16:03 - 2015-03-05 16:03 - 00000839 _____ () C:\Users\Public\Desktop\K9-PCFixer.lnk
2015-03-05 16:03 - 2015-03-05 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K9-PCFixer
2015-03-05 16:03 - 2015-03-05 16:03 - 00000000 ____D () C:\Program Files\K9-PCFixer
2015-03-05 15:15 - 2015-03-05 15:15 - 00000000 _____ () C:\Windows\EEventManager.INI
2015-03-05 15:13 - 2015-03-05 15:13 - 00001737 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-03-05 15:13 - 2015-03-05 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-03-05 15:12 - 2015-03-05 15:14 - 00000000 ____D () C:\Program Files\QuickTime
2015-03-05 15:03 - 2015-03-05 15:04 - 42096984 _____ (Apple Inc.) C:\Users\Al Ray\Desktop\QuickTimeInstaller.exe
2015-02-14 13:25 - 2015-02-14 13:25 - 00001963 _____ () C:\Users\Al Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-02-14 13:25 - 2015-02-14 13:25 - 00001908 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-02-14 13:25 - 2015-02-14 13:25 - 00001908 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-02-14 13:25 - 2015-02-14 13:25 - 00000000 ___RD () C:\Users\Al Ray\OneDrive
2015-02-14 13:25 - 2015-02-14 13:25 - 00000000 ____D () C:\Program Files\Microsoft OneDrive
2015-02-14 13:24 - 2015-02-14 13:24 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 07:57 - 2012-07-15 15:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-06 07:29 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-06 07:29 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-06 07:27 - 2010-10-21 12:24 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-06 02:10 - 2008-04-23 15:13 - 02095429 _____ () C:\Windows\WindowsUpdate.log
2015-03-05 21:29 - 2010-10-21 12:24 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-05 21:29 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 21:07 - 2006-11-02 08:01 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-05 21:01 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
2015-03-05 21:01 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2015-03-05 20:54 - 2006-11-02 05:33 - 00759994 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-05 20:48 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
2015-03-05 20:44 - 2008-01-20 21:47 - 00126450 _____ () C:\Windows\PFRO.log
2015-03-05 17:29 - 2006-11-02 07:47 - 00381240 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-05 17:03 - 2008-07-24 16:45 - 00000000 ____D () C:\Users\Al Ray
2015-03-05 16:31 - 2008-07-24 20:46 - 00026112 _____ () C:\Users\Al Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-05 14:42 - 2008-04-23 15:36 - 00000000 ____D () C:\Program Files\Google
2015-03-05 14:18 - 2013-04-03 22:39 - 00000000 ____D () C:\Program Files\Opera
2015-02-14 16:57 - 2008-04-23 15:24 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-14 16:56 - 2009-12-02 12:19 - 00000000 ____D () C:\Program Files\Quick Hit
2015-02-14 16:53 - 2012-12-08 08:40 - 00000000 ____D () C:\Users\Al Ray\AppData\Roaming\Amazon
2015-02-14 16:53 - 2012-12-08 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2015-02-14 16:53 - 2012-12-08 08:39 - 00000000 ____D () C:\Program Files\Amazon
2015-02-14 16:11 - 2013-02-08 11:22 - 00001590 _____ () C:\Windows\setupact.log
2015-02-14 14:57 - 2012-07-15 15:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-14 14:57 - 2011-05-25 11:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2012-09-17 18:35 - 2012-09-17 18:35 - 4096000 _____ () C:\Program Files\GUT8111.tmp
2011-03-24 12:08 - 2011-03-24 12:08 - 0000680 _____ () C:\Users\Al Ray\AppData\Local\d3d9caps.dat
2008-07-24 20:46 - 2015-03-05 16:31 - 0026112 _____ () C:\Users\Al Ray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-04 12:36 - 2011-08-14 12:38 - 0000018 _____ () C:\Users\Al Ray\AppData\Local\msesbucf.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 21:35

==================== End Of Log ============================


-----------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by Al Ray at 2015-03-06 07:57:32
Running from C:\Users\Al Ray\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAC Decoder (HKLM\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2040 (HKLM\...\{6BAE6EDB-6B06-479C-B1AB-014A69D63E21}) (Version: 1.00 - Brother)
Browser Address Error Redirector (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.2.10104.2 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.5 - DivX, Inc.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.2 - DivX, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-200 Series Printer Uninstall (HKLM\...\EPSON XP-200 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Gateway Connect (HKLM\...\{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}) (Version: 1.1.0 - Acceller)
Gateway Games (HKLM\...\WildTangent gateway Master Uninstall) (Version: GTWY0802 - WildTangent)
Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.044 - Gateway)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition v1.0 Multi (HKLM\...\{8BF806C4-2D77-4F67-8435-D4BDCEB665A8}_is1) (Version:  - My Company, Inc.)
H.264 Decoder (HKLM\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K9 PCFixer (HKLM\...\K9 PCFixer_is1) (Version: 1.8 - K9 Tools)
K9-PC Protector (HKLM\...\9E2253C2-A799-47B0-9864-90CF612BCC61_K9Tools_K9-~6898A8B4_is1) (Version: 1.0.0.14750 - k9tools.com)
LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.61 - Symantec Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Money Essentials (HKLM\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Communicator 2007 (HKLM\...\{E5BA0430-919F-46DD-B656-0796F8A5ADFF}) (Version: 2.0.6362.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MKV Splitter (HKLM\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
Move Media Player (HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\...\Move Media Player) (Version:  - Move Networks)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
REALTEK USB Wireless LAN Driver (HKLM\...\{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}) (Version: 1.00.0000 - Realtek)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Software Updater (HKLM\...\{7B3A525D-9D3D-4618-AE52-A31DE98C8AC3}) (Version: 4.1.4 - SEIKO EPSON CORPORATION)
StumbleUpon IE Toolbar (HKLM\...\StumbleUponIEToolbar) (Version: 3.95 - StumbleUpon)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{2E2966EA-2169-4E42-8A8A-CC1749D80088}) (Version: 11.0.2010.25 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.2.3.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}) (Version: 17.0.10381 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Al Ray\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Al Ray\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Users\Al Ray\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Users\Al Ray\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Users\Al Ray\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2460531259-3135208941-2218397709-1000_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Users\Al Ray\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

==================== Restore Points  =========================

12-04-2014 14:47:25 Scheduled Checkpoint
14-04-2014 07:24:18 Scheduled Checkpoint
06-05-2014 22:28:00 Scheduled Checkpoint
08-05-2014 21:06:43 Scheduled Checkpoint
28-06-2014 14:31:52 Scheduled Checkpoint
14-02-2015 16:55:03 Removed Quick Hit - Football
05-03-2015 14:39:57 Removed Google Earth.
05-03-2015 15:09:52 Installed QuickTime 7
05-03-2015 16:18:53 Installed AVG 2015
05-03-2015 16:21:03 Installed AVG 2015
05-03-2015 16:34:06 Removed AVG 2015
05-03-2015 16:41:12 Installed AVG 2015
05-03-2015 16:56:37 Installed AVG 2015
05-03-2015 17:06:40 Removed AVG 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2015-03-05 20:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FD2B7CB-F58F-4068-8535-93298358363E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {108F2B29-79A4-4FCB-8402-AB5D99D95C85} - System32\Tasks\{E78E3A4A-6AA2-460F-8C5F-1E0DC577C4EF} => pcalua.exe -a "C:\Users\Al Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A2QOMDAF\Exam4-dickinson-Vista-Installer[2].exe" -d C:\Windows\system32
Task: {3B39061D-6D00-47EE-971F-DE532233CE4C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {4A5F2E67-1D66-4541-9CD0-585FE585D391} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-14] (Adobe Systems Incorporated)
Task: {5B57C56E-5D10-4DFF-AA30-6C79E891A07F} - System32\Tasks\K9-PCFixer => C:\Program Files\K9-PCFixer\K9-PCFixer.exe [2015-03-04] (K9Tools)
Task: {5DE8012B-14F6-46D3-AEBC-90C524206ADA} - System32\Tasks\{EA1E6A03-B90E-4940-850D-4E599BFC5089} => pcalua.exe -a "C:\Users\Al Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N1JJB9R\Exam4-dickinson-Vista-Installer[1].exe" -d "C:\Users\Al Ray\Desktop"
Task: {744D429A-2951-48C5-9B18-8990D2D3DE20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-29] (Google Inc.)
Task: {827A1D17-2D98-4533-8C31-302F74B03246} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {840CDC9E-39BD-4C87-B86D-B7EB53CFCCAC} - System32\Tasks\K9-PCFixer_DEFAULT => C:\Program Files\K9-PCFixer\K9-PCFixer.exe [2015-03-04] (K9Tools)
Task: {97C0ABD7-C38D-4B07-8C3A-FFC8297EF87D} - System32\Tasks\{D8C54C38-1862-4C2B-B2DC-73C22016FC70} => pcalua.exe -a "C:\Users\Al Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L3A7M7HM\Exam4-dickinson-Vista-Installer[1].exe" -d C:\Windows\system32
Task: {98F572D5-BE9F-48D1-ACF7-9EAC6C51ED7C} - System32\Tasks\K9-PC Protector_startup => C:\Program Files\K9-PC Protector\k9pcp.exe [2015-01-05] (K9Tools)
Task: {AB8517F1-7F17-4BFC-82E5-0120E5651C0C} - System32\Tasks\{F6E2AFD0-F3D5-494E-BFBE-620BA0B8C346} => pcalua.exe -a "C:\Users\Al Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NPYSOB0T\Exam4-dickinson-Vista-Installer[1].exe" -d "C:\Users\Al Ray\Desktop"
Task: {D9A77E57-2AD2-4CDA-9D39-2D4823A3CCBC} - System32\Tasks\{21AFCDFA-18DD-4FDE-8676-E8FD7244D8D7} => pcalua.exe -a "C:\Users\Al Ray\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V1NSQSA\Exam4-dickinson-Vista-Installer[1].exe" -d "C:\Users\Al Ray\Desktop"
Task: {E1801A95-F30D-4E6E-8153-7A30FA6344B6} - System32\Tasks\K9-PCFixer_UPDATES => C:\Program Files\K9-PCFixer\K9-PCFixer.exe [2015-03-04] (K9Tools)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\K9-PCFixer_DEFAULT.job => C:\Program Files\K9-PCFixer\K9-PCFixer.exe
Task: C:\Windows\Tasks\K9-PCFixer_UPDATES.job => C:\Program Files\K9-PCFixer\K9-PCFixer.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-14 13:24 - 2015-02-14 13:24 - 00081056 _____ () C:\Users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2011-07-22 17:59 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-14 14:57 - 2015-02-14 14:57 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
2015-03-05 16:05 - 2015-01-05 13:56 - 00542784 _____ () C:\Program Files\K9-PC Protector\k9amUninstall.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:A18D1A5B

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2460531259-3135208941-2218397709-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Al Ray\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2460531259-3135208941-2218397709-500 - Administrator - Disabled)
Al Ray (S-1-5-21-2460531259-3135208941-2218397709-1000 - Administrator - Enabled) => C:\Users\Al Ray
Guest (S-1-5-21-2460531259-3135208941-2218397709-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/06/2015 07:55:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 4.3.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1468
Start Time: 01d0580ca2463fd6
Termination Time: 0

Error: (03/05/2015 09:44:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program _iu14D2N.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1700
Start Time: 01d057b700621186
Termination Time: 0

Error: (03/05/2015 09:30:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2015 08:46:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2015 08:17:16 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: )
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
Event Info:  Terminate Process
Action Taken:  Logged
Actor Process:  C:\ComboFix\PV.3XE (PID 1692)
Time:  Thursday, March 05, 2015  8:17:16 PM

Error: (03/05/2015 07:52:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2015 06:43:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program K9-PCFixer.exe version 1.8.144.207 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 884
Start Time: 01d0579d30733d8c
Termination Time: 16

Error: (03/05/2015 06:36:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2015 05:31:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2015 05:21:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/05/2015 09:30:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/05/2015 09:30:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (03/05/2015 08:47:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/05/2015 08:46:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (03/05/2015 08:43:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (03/05/2015 08:43:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Computer Browser%%1060

Error: (03/05/2015 08:31:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (03/05/2015 08:21:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (03/05/2015 07:53:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/05/2015 07:52:43 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: IPsec Policy AgentBFE


Microsoft Office Sessions:
=========================
Error: (11/09/2010 04:56:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 177197 seconds with 18780 seconds of active time.  This session ended with a crash.

Error: (10/19/2010 08:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 638390 seconds with 32460 seconds of active time.  This session ended with a crash.

Error: (09/14/2010 09:04:05 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8216 seconds with 3540 seconds of active time.  This session ended with a crash.

Error: (03/10/2010 06:01:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 79245 seconds with 6300 seconds of active time.  This session ended with a crash.

Error: (12/15/2009 00:31:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 253712 seconds with 77760 seconds of active time.  This session ended with a crash.

Error: (11/26/2009 01:07:11 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1102228 seconds with 132960 seconds of active time.  This session ended with a crash.

Error: (10/30/2009 08:38:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 52642 seconds with 6960 seconds of active time.  This session ended with a crash.

Error: (09/22/2009 09:41:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2033 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (09/17/2009 00:51:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47673 seconds with 19140 seconds of active time.  This session ended with a crash.

Error: (08/28/2009 00:54:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 81617 seconds with 1740 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-03-05 21:29:02.668
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 20:45:46.379
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 19:51:32.882
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 18:35:57.973
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 17:30:02.875
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 16:45:52.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 15:57:54.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 15:17:37.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 15:05:57.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-05 15:02:50.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz
Percentage of memory in use: 64%
Total physical RAM: 2037.68 MB
Available physical RAM: 724.12 MB
Total Pagefile: 4324.64 MB
Available Pagefile: 2965.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.41 MB

==================== Drives ================================

Drive c: (Partition_1) (Fixed) (Total:138.19 GB) (Free:54.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:10.85 GB) (Free:10.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 4C4ADFA7)
Partition 1: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=138.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
23
for some reason that is not showing what it should be
please do this

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to download and run the 32 bit version

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
24
Hi Derek heres the log you requested from combofix. I tried to uninstal the K9-PC pro Protector program and there is still hesitation and the uninstall process is unsuccessful. To end the process we used task manager.

We did not try to install the AVG. If u can offer advice involving these processes it would be greatly appreciated.

 Thank you for your help.



ComboFix 15-03-01.01 - Al Ray 03/05/2015  20:21:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2038.1053 [GMT -5:00]
Running from: c:\users\Al Ray\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\AE16.tmp
c:\users\Al Ray\AppData\Local\assembly\tmp
c:\users\Al Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Shield.lnk
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-06 to 2015-03-06  )))))))))))))))))))))))))))))))
.
.
2015-03-06 01:42 . 2015-03-06 01:42   --------   d-----w-   c:\users\Default\AppData\Local\temp
2015-03-05 21:50 . 2015-03-05 21:50   --------   d-----w-   C:\TEMP
2015-03-05 21:16 . 2015-03-05 21:55   --------   d-----w-   c:\programdata\MFAData
2015-03-05 21:16 . 2015-03-05 21:16   --------   d-----w-   c:\users\Al Ray\AppData\Local\MFAData
2015-03-05 21:05 . 2015-03-05 21:06   --------   d-----w-   c:\users\Al Ray\AppData\Roaming\K9AMW
2015-03-05 21:05 . 2015-03-05 21:05   --------   d-----w-   c:\users\Al Ray\AppData\Roaming\K9Tools
2015-03-05 21:04 . 2015-03-05 21:05   --------   d-----w-   c:\programdata\K9Tools
2015-03-05 21:04 . 2015-03-05 22:22   --------   d-----w-   c:\program files\K9-PC Protector
2015-03-05 21:04 . 2015-01-05 18:56   22080   ----a-w-   c:\windows\system32\k9native32.exe
2015-03-05 21:03 . 2015-03-05 21:03   --------   d-----w-   c:\program files\K9-PCFixer
2015-03-05 21:03 . 2015-03-05 23:41   --------   d-----w-   c:\users\Al Ray\AppData\Roaming\K9-PCFixer
2015-03-05 20:14 . 2015-03-05 20:14   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-03-05 20:14 . 2015-03-05 20:14   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-03-05 20:14 . 2015-03-05 20:14   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-03-05 20:14 . 2015-03-05 20:14   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-03-05 20:14 . 2015-03-05 20:14   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-03-05 20:12 . 2015-03-05 20:14   --------   d-----w-   c:\program files\QuickTime
2015-03-05 19:42 . 2015-03-06 01:40   --------   d-----w-   c:\users\Al Ray\AppData\Local\assembly
2015-02-14 18:25 . 2015-02-14 18:25   --------   d-----w-   c:\program files\Microsoft OneDrive
2015-02-14 18:25 . 2015-02-14 18:25   --------   d-----r-   c:\users\Al Ray\OneDrive
2015-02-14 18:24 . 2015-02-14 18:24   --------   d-----w-   c:\programdata\Microsoft OneDrive
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-04 23:19 . 2010-06-24 15:33   23256   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-02-14 19:57 . 2012-07-15 20:10   701616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2015-02-14 19:57 . 2011-05-25 16:09   71344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-17 23:35 . 2012-09-17 23:35   4096000   ----a-w-   c:\program files\GUT8111.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-02-14 18:25   239272   ----a-w-   c:\users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-02-14 18:25   239272   ----a-w-   c:\users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-02-14 18:25   239272   ----a-w-   c:\users\Al Ray\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-15 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2013-1-29 685936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 19:57]
.
2015-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 00:23]
.
2015-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-21 00:23]
.
2015-03-05 c:\windows\Tasks\K9-PCFixer_DEFAULT.job
- c:\program files\K9-PCFixer\K9-PCFixer.exe [2015-03-05 21:22]
.
2015-03-05 c:\windows\Tasks\K9-PCFixer_UPDATES.job
- c:\program files\K9-PCFixer\K9-PCFixer.exe [2015-03-05 21:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6731
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-Symantec Antvirus
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-05 20:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\K9-PC Protector\k9pcp.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\EscSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\SigmaTel\C-Major Audio\WDM\STacSV.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2015-03-05  21:01:22 - machine was rebooted
ComboFix-quarantined-files.txt  2015-03-06 02:00
.
Pre-Run: 51,632,840,704 bytes free
Post-Run: 58,561,396,736 bytes free
.
- - End Of File - - FD77DDECF04B17485DE219D795CB3FC5
5C616939100B85E558DA92B899A0FC36
25
Delete any existing version of ComboFix you might already have sitting on your desktop or in downloads folder
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop or your downloads folder.

**Note:  It is important that it is saved directly to your desktop or downloads folder and run from either the desktop or the downloads folder and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus and  anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. 
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. 

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
       
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)
Post the log in next reply please...
26
Hello!
Below is the HJT file to examine. Vista system sucks but AVG will not install correctly. There may be a malware concern.

Internet runs ok with no delay or concern.
There are no signs of anything wrong ... just system will not work correctly. Vista maybe the reason ....
....

also the k9 protector and fixer will not uninstall promptly ...


All help is GREATLY appreciated!!

Thank You,
Nick


------------------------------------
HJT log:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:13:41 PM, on 3/5/2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)


Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\Opera\opera.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\K9-PC Protector\unins000.exe
C:\Users\ALRAY~1\AppData\Local\Temp\_iu14D2N.tmp
C:\Program Files\K9-PC Protector\k9amUninstall.exe
C:\Users\Al Ray\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6731
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6731
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6731
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6731
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Mozilla] rundll32.exe "C:\Users\Al Ray\AppData\Local\Symantec\Mozilla\qkoyhusj.dll",DllRegisterServer
O4 - HKCU\..\Run: [sp] C:\Windows\system32\rundll32.exe "C:\Users\Al Ray\AppData\Roaming\Adobe\sp.DLL",ServiceMain
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Seiko Epson Corporation - C:\Windows\system32\EscSvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 11340 bytes




28
Malware removal and help / Re: Trojan.gen.2
« Last post by Derek on February 15, 2015, 07:03:32 »
turning off the nic, probably stopped the Norton updates that triggered the constant scanning
http://www.symantec.com/connect/forums/apq-tmp
29
Malware removal and help / Re: Trojan.gen.2
« Last post by dissonant on February 14, 2015, 22:27:03 »
Thank you, I hope this is the case.  Strange the Symantec articles only mentions dwh*.tmp files and not the apq*.tmp files.   Norton has stopped the detection of those tmp files after I turned off the NIC last night, so I'll try and clear the quarantine folder and temp folders as you suggested.  Unsure why turning off the NIC would stop this tho, since the description in Symantec's article was for re-scanning of previously quarantined files after a definition update.  I was originally thinking that by turning off the NIC I cut the connection to a particular malware program that might have been controlled thru the internet.
30
Malware removal and help / Re: Trojan.gen.2
« Last post by Derek on February 14, 2015, 22:01:53 »
I can't see anything wrong there
it looks like a well known problem with Norton that detects files in Quarantine and rescans them, then the temp files it creates get scanned and detected and quarantined and it continually loops
http://www.symantec.com/business/support/index?page=content&id=TECH92399

This explains it better
http://www.symantec.com/business/support/index?page=content&id=TECH102953

You need to update to latest Symantec Endpoint Protection  version
also clear temp folders

Download Temp File Cleaner to your desktop
Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

If you are using Vista or Windows 7 then right click the TFC.exe & select run as Admin to allow it to work.
Pages: 1 2 [3] 4 5 6 7 8 ... 10

Donations

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware has become so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you. In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

The reason I run this site is to raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the paypal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running

To donate via paypal when the button doesn't appear or the link doesn't work: just go to www.paypal.com or your country's paypal log in page and chose send money and use help@thehedgehog.co.uk as recipient email address and select other service as the option. then follow prompts


Useful Advice and Programs

Stop killing hedgehogs with strimmers
Welcome, Guest. Please login or register.
Did you miss your activation email?
April 21, 2015, 12:36:06

Login with username, password and session length

secunia Software inspector


RoboForm: Learn more...

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware is so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you.
In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

I run this site to help raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the PayPal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running