Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

K9 Web Protection [Solved]

K9 Malware

  • This topic is locked This topic is locked

#1
Valeria

Valeria

    Member

  • Member
  • PipPip
  • 39 posts

I have my bosses son's laptop that has had its browsers hijacked by something called K9 Web Protection.  It is blocking just about everything I try to go to and I cannot get it off the computer.  I have run Malwarebytes to no avail.  I have posted the OTL log below.  Any assistance in removing this is greatly appreciated.

 

OTL Log

 

OTL logfile created on: 8/20/2014 3:20:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.96 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 73.13% Memory free
7.92 Gb Paging File | 6.84 Gb Available in Paging File | 86.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 417.09 Gb Free Space | 89.57% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 4.20 Gb Free Space | 95.80% Space Free | Partition Type: UDF
Drive E: | 465.71 Gb Total Space | 459.82 Gb Free Space | 98.74% Space Free | Partition Type: NTFS
 
Computer Name: ANTHONY-LAPTOP | User Name: Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_ssl.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._windows_.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._gdi_.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_hashlib.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\PyWinTypes27.dll ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._html2.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_multiprocessing.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32pdh.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32pipe.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\hashobjs_ext.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._core_.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._controls_.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._misc_.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\unicodedata.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\windows._lib_cacheinvalidation.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\pythoncom27.dll ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32com.shell.shell.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32gui.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_elementtree.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\pyexpat.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._wizard.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32file.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32security.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32api.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_ctypes.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\wx._animate.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\_socket.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32inet.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32process.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32ts.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32event.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32profile.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\win32crypt.pyd ()
MOD - C:\Users\Anthony\AppData\Local\Temp\_MEI18922\select.pyd ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (bckwfs) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (bckd) -- C:\Windows\SysNative\drivers\bckd.sys (Blue Coat Systems, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.safesear....q={searchTerms}
IE - HKLM\..\SearchScopes\{51F90305-72D5-4CF5-8976-E2D614628827}: "URL" = http://www.safesear....q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 46 DA 07 2D A5 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.safesear....q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7NDKB_enUS600
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SafeSearch"
FF - prefs.js..browser.search.order.1: "SafeSearch"
FF - prefs.js..browser.search.selectedEngine: "SafeSearch"
FF - prefs.js..browser.startup.homepage: "http://www.safesear....20140804-wv-ff"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Anthony\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{635abd67-4fe9-1b23-4f01-e679fa7484c1}: 0\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{[email protected]}: 0\extensions\{[email protected]}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{[email protected]}: 0\extensions\{[email protected]}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/06/08 21:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Extensions
[2014/07/17 11:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\82oqbtgp.default\extensions
[2014/07/30 17:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/30 17:28:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Security Toolbar = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\
CHR - Extension: Google Wallet = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.6 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{012BFFAF-26AF-4FEC-BCDA-E33F1A3D09EE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51333B06-1CFD-4878-A229-3E01DF87E1D0}: DhcpNameServer = 10.1.1.6 208.67.222.222 208.67.220.220
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/07 18:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/08/07 18:31:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2014/08/07 18:31:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1404000.028
[2014/08/07 18:30:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/08/07 18:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec.cloud
[2014/08/07 18:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec.cloud
[2014/08/07 18:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/08/07 18:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/08/07 17:54:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/07 10:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/07 10:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/05 22:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Like
[2014/08/04 20:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Simple
[2014/08/04 20:25:45 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\Search Protect
[2014/07/30 17:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/07/23 18:02:10 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Desktop\Budget
[2014/07/23 16:17:01 | 000,000,000 | R--D | C] -- C:\Users\Anthony\Documents\Scanned Documents
[2014/07/23 16:16:59 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Documents\Fax
[2 C:\Users\Anthony\AppData\Local\*.tmp files -> C:\Users\Anthony\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/20 15:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/20 15:20:00 | 000,000,574 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-237507803-3030485795-2539643212-1003.job
[2014/08/20 15:09:48 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/20 14:57:24 | 000,032,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/20 14:57:24 | 000,032,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/20 14:54:44 | 000,781,782 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/20 14:54:44 | 000,662,308 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/20 14:54:44 | 000,122,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/20 14:50:49 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/08/20 14:50:48 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2014/08/20 14:50:42 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2014/08/20 14:49:58 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/20 14:49:34 | 000,416,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/20 14:49:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/20 14:48:30 | 3191,623,680 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/20 14:47:58 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2014/08/07 16:02:31 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/05 22:51:44 | 000,000,258 | RHS- | M] () -- C:\Users\Anthony\ntuser.pol
[2014/07/30 23:21:41 | 000,001,981 | ---- | M] () -- C:\Users\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2 C:\Users\Anthony\AppData\Local\*.tmp files -> C:\Users\Anthony\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/20 14:47:58 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2014/08/07 14:59:02 | 000,000,574 | ---- | C] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-237507803-3030485795-2539643212-1003.job
[2014/05/27 20:00:46 | 000,102,248 | ---- | C] () -- C:\Users\Anthony\GoToAssistDownloadHelper.exe
[2014/05/07 23:46:45 | 000,000,258 | RHS- | C] () -- C:\Users\Anthony\ntuser.pol
[2014/05/01 03:26:06 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2014/01/27 05:14:43 | 000,774,028 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/07/11 08:15:20 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Oracle
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

K9 Web Protection is a valid piece of software that is traditionally used by parents who want to protect their children from the "bad" places on the internet. It blocks and filters traffic. Unfortunately, per our Terms of Use that you agreed to when signing up for an account at Geeks to Go....

 

3r - We cannot help you get around any administrative restrictions imposed on a school, work or other network not owned and operated by yourself. These restrictions can include (but are not limited to): website blocking/filtering, software installation, email retention, software configuration, network/internet usage, network configuration, forum or chat room restrictions, game server restrictions, or any other actions that are deemed "unauthorized" by the owners/administrators of the network in question.

 

You should check with your boss first to ensure that this wasn't intentional as he likely has the password that would be needed to uninstall the software.

 


  • 0

#3
Valeria

Valeria

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

I realized that after speaking with him about it this morning.  I also wasn't asking anyone to subvert administrative privileges.  I just didn't know what it was at the time.


  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: K9, Malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP