I have my bosses son's laptop that has had its browsers hijacked by something called K9 Web Protection. It is blocking just about everything I try to go to and I cannot get it off the computer. I have run Malwarebytes to no avail. I have posted the OTL log below. Any assistance in removing this is greatly appreciated.
OTL Log
OTL logfile created on: 8/20/2014 3:20:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 73.13% Memory free
7.92 Gb Paging File | 6.84 Gb Available in Paging File | 86.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 417.09 Gb Free Space | 89.57% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 4.20 Gb Free Space | 95.80% Space Free | Partition Type: UDF
Drive E: | 465.71 Gb Total Space | 459.82 Gb Free Space | 98.74% Space Free | Partition Type: NTFS
Computer Name: ANTHONY-LAPTOP | User Name: Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - D:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
========== Modules (No Company Name) ==========
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_ssl.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._windows_.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._gdi_.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_hashlib.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\PyWinTypes27.dll ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._html2.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_multiprocessing.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32pdh.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32pipe.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\hashobjs_ext.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._core_.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._controls_.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._misc_.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\unicodedata.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\windows._lib_cacheinvalidation.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\pythoncom27.dll ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32com.shell.shell.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32gui.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_elementtree.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\pyexpat.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._wizard.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32file.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32security.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32api.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_ctypes.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._animate.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_socket.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32inet.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32process.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32ts.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32event.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32profile.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32crypt.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\select.pyd ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (bckwfs) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (bckd) -- C:\Windows\SysNative\drivers\bckd.sys (Blue Coat Systems, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 46 DA 07 2D A5 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "SafeSearch"
FF - prefs.js..browser.search.order.1: "SafeSearch"
FF - prefs.js..browser.search.selectedEngine: "SafeSearch"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Anthony\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{635abd67-4fe9-1b23-4f01-e679fa7484c1}: 0\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{jid1-eFRcA0eiPxecTQ@jetpack}: 0\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{jid1-vS7biDmom8YxhA@jetpack}: 0\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2014/06/08 21:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Extensions
[2014/07/17 11:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\82oqbtgp.default\extensions
[2014/07/30 17:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/30 17:28:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Security Toolbar = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\
CHR - Extension: Google Wallet = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.6 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{012BFFAF-26AF-4FEC-BCDA-E33F1A3D09EE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51333B06-1CFD-4878-A229-3E01DF87E1D0}: DhcpNameServer = 10.1.1.6 208.67.222.222 208.67.220.220
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/08/07 18:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/08/07 18:31:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2014/08/07 18:31:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1404000.028
[2014/08/07 18:30:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/08/07 18:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec.cloud
[2014/08/07 18:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec.cloud
[2014/08/07 18:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/08/07 18:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/08/07 17:54:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/07 10:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/07 10:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/05 22:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Like
[2014/08/04 20:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Simple
[2014/08/04 20:25:45 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\Search Protect
[2014/07/30 17:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/07/23 18:02:10 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Desktop\Budget
[2014/07/23 16:17:01 | 000,000,000 | R--D | C] -- C:\Users\Anthony\Documents\Scanned Documents
[2014/07/23 16:16:59 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Documents\Fax
[2 C:\Users\Anthony\AppData\Local\*.tmp files -> C:\Users\Anthony\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/08/20 15:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/20 15:20:00 | 000,000,574 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-237507803-3030485795-2539643212-1003.job
[2014/08/20 15:09:48 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/20 14:57:24 | 000,032,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/20 14:57:24 | 000,032,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/20 14:54:44 | 000,781,782 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/20 14:54:44 | 000,662,308 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/20 14:54:44 | 000,122,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/20 14:50:49 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/08/20 14:50:48 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2014/08/20 14:50:42 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2014/08/20 14:49:58 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/20 14:49:34 | 000,416,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/20 14:49:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/20 14:48:30 | 3191,623,680 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/20 14:47:58 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2014/08/07 16:02:31 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/05 22:51:44 | 000,000,258 | RHS- | M] () -- C:\Users\Anthony\ntuser.pol
[2014/07/30 23:21:41 | 000,001,981 | ---- | M] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2 C:\Users\Anthony\AppData\Local\*.tmp files -> C:\Users\Anthony\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/08/20 14:47:58 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2014/08/07 14:59:02 | 000,000,574 | ---- | C] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-237507803-3030485795-2539643212-1003.job
[2014/05/27 20:00:46 | 000,102,248 | ---- | C] () -- C:\Users\Anthony\GoToAssistDownloadHelper.exe
[2014/05/07 23:46:45 | 000,000,258 | RHS- | C] () -- C:\Users\Anthony\ntuser.pol
[2014/05/01 03:26:06 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2014/01/27 05:14:43 | 000,774,028 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/07/11 08:15:20 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Oracle
========== Purity Check ==========
< End of report >