K9 Web Protection [Solved]

I have my bosses son's laptop that has had its browsers hijacked by something called K9 Web Protection. It is blocking just about everything I try to go to and I cannot get it off the computer. I have run Malwarebytes to no avail. I have posted the OTL log below. Any assistance in removing this is greatly appreciated.

OTL Log

OTL logfile created on: 8/20/2014 3:20:34 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = D:\

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17239)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 73.13% Memory free

7.92 Gb Paging File | 6.84 Gb Available in Paging File | 86.37% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 417.09 Gb Free Space | 89.57% Space Free | Partition Type: NTFS

Drive D: | 4.38 Gb Total Space | 4.20 Gb Free Space | 95.80% Space Free | Partition Type: UDF

Drive E: | 465.71 Gb Total Space | 459.82 Gb Free Space | 98.74% Space Free | Partition Type: NTFS

Computer Name: ANTHONY-LAPTOP | User Name: Anthony | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

========== Modules (No Company Name) ==========

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_ssl.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._windows_.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._gdi_.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_hashlib.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\PyWinTypes27.dll ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._html2.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_multiprocessing.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32pdh.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32pipe.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\hashobjs_ext.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._core_.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._controls_.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._misc_.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\unicodedata.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\pysqlite2._sqlite.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\windows._lib_cacheinvalidation.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\pythoncom27.dll ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32com.shell.shell.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32gui.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_elementtree.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\pyexpat.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._wizard.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32file.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32security.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32api.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_ctypes.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._animate.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_socket.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32inet.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32process.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32ts.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32event.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32profile.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32crypt.pyd ()

MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\select.pyd ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)

SRV:64bit: - (bckwfs) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)

DRV:64bit: - (bckd) -- C:\Windows\SysNative\drivers\bckd.sys (Blue Coat Systems, Inc.)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.safesear....q={searchTerms}

IE - HKLM\..\SearchScopes\{51F90305-72D5-4CF5-8976-E2D614628827}: "URL" = http://www.safesear....q={searchTerms}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 46 DA 07 2D A5 CF 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.safesear....q={searchTerms}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7NDKB_enUS600

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SafeSearch"

FF - prefs.js..browser.search.order.1: "SafeSearch"

FF - prefs.js..browser.search.selectedEngine: "SafeSearch"

FF - prefs.js..browser.startup.homepage: "http://www.safesear....20140804-wv-ff"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Anthony\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{635abd67-4fe9-1b23-4f01-e679fa7484c1}: 0\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{jid1-eFRcA0eiPxecTQ@jetpack}: 0\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{jid1-vS7biDmom8YxhA@jetpack}: 0\extensions\{jid1-vS7biDmom8YxhA@jetpack}

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/06/08 21:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Extensions

[2014/07/17 11:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\82oqbtgp.default\extensions

[2014/07/30 17:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2014/07/30 17:28:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - plugin: Error reading preferences file

CHR - Extension: Google Docs = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\

CHR - Extension: Google Drive = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\

CHR - Extension: YouTube = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Norton Security Toolbar = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\

CHR - Extension: Google Wallet = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Gmail = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.6 208.67.222.222 208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{012BFFAF-26AF-4FEC-BCDA-E33F1A3D09EE}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51333B06-1CFD-4878-A229-3E01DF87E1D0}: DhcpNameServer = 10.1.1.6 208.67.222.222 208.67.220.220

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/08/07 18:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2014/08/07 18:31:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64

[2014/08/07 18:31:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1404000.028

[2014/08/07 18:30:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller

[2014/08/07 18:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec.cloud

[2014/08/07 18:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec.cloud

[2014/08/07 18:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2014/08/07 18:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2014/08/07 17:54:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/08/07 10:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2014/08/07 10:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

[2014/08/05 22:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Like

[2014/08/04 20:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Simple

[2014/08/04 20:25:45 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\Search Protect

[2014/07/30 17:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2014/07/23 18:02:10 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Desktop\Budget

[2014/07/23 16:17:01 | 000,000,000 | R--D | C] -- C:\Users\Anthony\Documents\Scanned Documents

[2014/07/23 16:16:59 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Documents\Fax

[2 C:\Users\Anthony\AppData\Local\*.tmp files -> C:\Users\Anthony\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/08/20 15:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/08/20 15:20:00 | 000,000,574 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-237507803-3030485795-2539643212-1003.job

[2014/08/20 15:09:48 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/08/20 14:57:24 | 000,032,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/08/20 14:57:24 | 000,032,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/08/20 14:54:44 | 000,781,782 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/08/20 14:54:44 | 000,662,308 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/08/20 14:54:44 | 000,122,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/08/20 14:50:49 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job

[2014/08/20 14:50:48 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job

[2014/08/20 14:50:42 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe

[2014/08/20 14:49:58 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/08/20 14:49:34 | 000,416,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/08/20 14:49:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/08/20 14:48:30 | 3191,623,680 | -HS- | M] () -- C:\hiberfil.sys

[2014/08/20 14:47:58 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat

[2014/08/07 16:02:31 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/08/05 22:51:44 | 000,000,258 | RHS- | M] () -- C:\Users\Anthony\ntuser.pol

[2014/07/30 23:21:41 | 000,001,981 | ---- | M] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2 C:\Users\Anthony\AppData\Local\*.tmp files -> C:\Users\Anthony\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/08/20 14:47:58 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat

[2014/08/07 14:59:02 | 000,000,574 | ---- | C] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-237507803-3030485795-2539643212-1003.job

[2014/05/27 20:00:46 | 000,102,248 | ---- | C] () -- C:\Users\Anthony\GoToAssistDownloadHelper.exe

[2014/05/07 23:46:45 | 000,000,258 | RHS- | C] () -- C:\Users\Anthony\ntuser.pol

[2014/05/01 03:26:06 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe

[2014/01/27 05:14:43 | 000,774,028 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/07/11 08:15:20 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Oracle

========== Purity Check ==========

< End of report >

Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,693 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,757 views	DR M 16 Apr 2023
Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,862 views	JcTcom 18 Aug 2022
Security → Virus, Spyware, Malware Removal → Getting a warning over & over but not getting it clean [Solved] Started by Phlegmbot , 28 Mar 2022 malware, spyware, redirect 1 2	Hot 21 replies 6,753 views	DR M 10 Apr 2022
Security → Virus, Spyware, Malware Removal → PC keeps hanging and restarting on its own [Closed] Started by lolx21341 , 29 Jan 2022 Hanging, Restarting, Virus and 2 more...	3 replies 3,596 views	DR M 03 Feb 2022

#1
Valeria

Posted 20 August 2014 - 01:29 PM

Advertisements

#2
BrianDrab

Posted 21 August 2014 - 03:21 AM

#3
Valeria

Posted 21 August 2014 - 08:58 AM

#4
Dakeyras

Posted 21 August 2014 - 09:53 AM

Similar Topics

Also tagged with one or more of these keywords: K9, Malware

Possible Malware infection - help request [Solved]

Help getting started checking laptop for malware [Solved]

Checkmate Ransomware detection / removal?

Getting a warning over & over but not getting it clean [Solved]

PC keeps hanging and restarting on its own [Closed]

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

K9 Web Protection [Solved]

#1 Valeria Posted 20 August 2014 - 01:29 PM