Unable to Remove CloudScout

[dr_glove]

Hello, 

 

I am unable to remove CloudScout from my computer, and I've run a few anti-virus scans on it - McAfee, and various other ones that I downloaded when I looked up how to remove this virus (as well as MalwareBytes). (Please forgive me if downloads form the other temporary anti-virus scans might interfere with the data, as I didn't know that could be a problem until now.) Still, though I've run the scans, I am unable to remove it, or the virus might be temporarily removed, and then comes back right after I restart my computer. It's frustrating, as I've spent an entire week on trying to get this pesky program removed from my computer, but I believe the longer I worked on it, the more it binded itself to my computer. It's becoming more and more difficult to find help, since the silly ads keep popping up and opening random tabs every time I click something. I don't have the money to buy the full version of Malware Bytes, so is there anything else I could do? 

 

Please reply at your earliest convenience. 

 

Thank you,

 

Mylene 

[kevinf80]

Hello and welcome to Malwarebytes,

 

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Follow the instructions in the following link to show hidden files:

 

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

 

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

In most cases, a restart will be required.

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

 

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

• 
   
  

Double-click to run it. When the tool opens click Yes to disclaimer.
 
Press Scan button.
 
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
 
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 

 

Let me see those logs in your reply...

 

Thank you,

 

Kevin..

[dr_glove]

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 3/23/2015

Scan Time: 12:16:10 PM

Logfile:

Administrator: Yes

Version: 2.01.4.1018

Malware Database: v2015.03.23.06

Rootkit Database: v2015.02.25.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x86

File System: NTFS

User: Student

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 317541

Time Elapsed: 39 min, 2 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015

Ran by Student (administrator) on K12-5CB21022D2 on 23-03-2015 13:12:42

Running from C:\Users\Student\Downloads

Loaded Profiles: Student (Available profiles: Student)

Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 10 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgfws.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEDICTUPDATE.EXE

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe

(CDW Corporation) C:\K12\Software\run\K12McAfeeTray.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(CDW Corporation) C:\K12\Software\run\K12VersionTray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(LogMeIn Inc.) C:\hamachi-2-ui.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe

(LogMeIn, Inc.) C:\LMIGuardianSvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(CDW Corporation) C:\K12\Software\K12TimeZone.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(LogMeIn Inc.) C:\hamachi-2.exe

(LogMeIn, Inc.) C:\LMIGuardianSvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Student\Downloads\FRST (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM\...\Run: [iME14 CHS Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)

HKLM\...\Run: [iME14 CHT Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)

HKLM\...\Run: [iME14 JPN Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)

HKLM\...\Run: [iME14 KOR Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)

HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [333120 2011-06-08] (McAfee, Inc.)

HKLM\...\Run: [shStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)

HKLM\...\Run: [1] => C:\K12\Software\run\K12Activation.exe [24064 2014-05-27] ()

HKLM\...\Run: [2] => C:\K12\Software\run\K12McAfeeTray.exe [10752 2013-05-09] (CDW Corporation)

HKLM\...\Run: [3] => C:\K12\Software\run\K12VersionTray.exe [10240 2014-04-24] (CDW Corporation)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2408176 2013-03-09] (Synaptics Incorporated)

HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3723728 2015-03-06] (AVG Technologies CZ, s.r.o.)

HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\Run: [steam] => C:\Users\Student\Documents\Book Club\Assigned\Steam\steam.exe [2874048 2015-02-18] (Valve Corporation)

HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\MountPoints2: {af212536-6372-11e4-9623-009c022083fc} - F:\LG_PC_Programs.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)

BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140516195256.dll [2014-05-16] (McAfee, Inc.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)

DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 10.255.255.33 10.255.255.32

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:

========

FF ProfilePath: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103

FF NewTab:

FF Homepage: login-learn.k12.com/accessui/login.do?__actionName=view

FF Keyword.URL:

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-04] ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-02-12] (Nexon)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2071005352-1963743713-3197600615-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Student\AppData\Local\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)

FF Plugin HKU\S-1-5-21-2071005352-1963743713-3197600615-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Student\AppData\Local\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)

FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore

FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore [2014-05-16]

Chrome:

=======

CHR dev: Chrome dev build detected! "https://login-learn.k12.com/accessui/login.do?__actionName=view"

CHR Profile: C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]

CHR Extension: (Skype Click to Call) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-10]

CHR Extension: (Google Wallet) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-16]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx

StartMenuInternet: Google Chrome.7C75HJRIIEE6ZH27USYGWOPPXE - C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files\AVG\AVG2015\avgfws.exe [1516968 2015-03-06] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-06] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-06] (AVG Technologies CZ, s.r.o.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [236840 2015-02-26] (EasyAntiCheat Ltd)

R2 Hamachi2Svc; C:\hamachi-2.exe [1848680 2015-02-17] (LogMeIn Inc.)

R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [59760 2010-10-20] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [132416 2011-06-08] (McAfee, Inc.)

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [167344 2014-05-16] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [159640 2014-05-16] (McAfee, Inc.)

R2 rpcnet; C:\Windows\system32\rpcnet.exe [69792 2014-04-09] (Absolute Software Corp.)

S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282709 2011-05-11] (IDT, Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [66688 2011-04-15] (Advanced Micro Devices)

R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [28800 2011-04-15] (Advanced Micro Devices)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [48920 2014-12-03] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [224736 2015-02-24] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-02-05] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210912 2015-02-25] (AVG Technologies CZ, s.r.o.)

R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2015-02-16] (LogMeIn, Inc.)

S3 johci; C:\Windows\system32\drivers\johci.sys [23640 2011-02-09] (JMicron Technology Corp.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-23] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2014-05-16] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [215024 2014-05-16] (McAfee, Inc.)

R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59616 2014-05-16] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [477584 2014-05-16] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87816 2014-05-16] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [180720 2014-05-16] (McAfee, Inc.)

R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [251496 2011-02-15] (Realtek Semiconductor Corp.)

R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [982632 2011-06-15] (Realtek Semiconductor Corporation )

S3 cpuz134; \??\C:\Users\Student\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]

S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]

U3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-23 13:12 - 2015-03-23 13:17 - 00017433 _____ () C:\Users\Student\Downloads\FRST.txt

2015-03-23 13:10 - 2015-03-23 13:13 - 00000000 ____D () C:\FRST

2015-03-23 13:08 - 2015-03-23 13:09 - 01135104 _____ (Farbar) C:\Users\Student\Downloads\FRST (1).exe

2015-03-23 13:04 - 2015-03-23 13:05 - 02095616 _____ (Farbar) C:\Users\Student\Downloads\FRST64.exe

2015-03-23 13:01 - 2015-03-23 13:02 - 00914735 _____ () C:\Users\Student\Downloads\FRST.exe

2015-03-23 12:08 - 2015-03-23 12:08 - 00010686 _____ () C:\Users\Student\Downloads\meeting (31).collab

2015-03-23 11:22 - 2015-03-23 11:22 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (90).collab

2015-03-20 16:30 - 2015-03-23 10:06 - 00000448 _____ () C:\Windows\setupact.log

2015-03-20 16:30 - 2015-03-21 13:50 - 00004314 _____ () C:\Windows\PFRO.log

2015-03-20 16:30 - 2015-03-20 16:30 - 00000000 _____ () C:\Windows\setuperr.log

2015-03-20 15:42 - 2015-03-23 12:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-20 15:39 - 2015-03-20 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-20 15:38 - 2015-03-20 15:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-03-20 15:38 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-20 15:38 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-20 15:38 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-20 15:34 - 2015-03-20 15:36 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Student\Downloads\mbam-setup-2.1.4.1018.exe

2015-03-20 15:12 - 2015-03-20 15:12 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Student\Downloads\SpyHunter-Installer.exe

2015-03-20 11:57 - 2015-03-20 11:57 - 00000000 ____D () C:\Users\Student\AppData\Roaming\ParetoLogic

2015-03-20 11:08 - 2015-03-20 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft

2015-03-19 17:45 - 2015-03-20 12:12 - 00035840 ___SH () C:\Users\Student\Thumbs.db

2015-03-18 09:57 - 2015-03-22 17:21 - 00000000 ____D () C:\Users\Student\Documents\New Writings

2015-03-17 18:59 - 2015-03-17 18:59 - 00000000 ____D () C:\Users\Student\AppData\Roaming\AVG

2015-03-17 18:57 - 2015-03-17 18:57 - 00000000 ____D () C:\Users\Student\AppData\Local\Avg

2015-03-17 18:56 - 2015-03-17 19:01 - 00000000 ____D () C:\ProgramData\AVG

2015-03-17 18:11 - 2015-03-17 18:11 - 00000000 ____D () C:\Users\Student\AppData\Roaming\AVG2015

2015-03-17 18:06 - 2015-03-17 18:06 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2015.lnk

2015-03-17 18:06 - 2015-03-17 18:06 - 00000000 ____D () C:\Users\Student\AppData\Roaming\TuneUp Software

2015-03-17 18:06 - 2015-03-17 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2015-03-17 17:59 - 2015-03-17 18:08 - 00000000 ____D () C:\ProgramData\AVG2015

2015-03-17 17:59 - 2015-03-17 17:59 - 00000000 ___HD () C:\$AVG

2015-03-17 17:55 - 2015-03-17 18:59 - 00000000 ____D () C:\Program Files\AVG

2015-03-17 17:19 - 2015-03-23 13:15 - 00000000 ____D () C:\ProgramData\MFAData

2015-03-17 17:19 - 2015-03-18 12:06 - 00000000 ____D () C:\Users\Student\AppData\Local\Avg2015

2015-03-17 17:19 - 2015-03-17 17:19 - 00000000 ____D () C:\Users\Student\AppData\Local\MFAData

2015-03-17 17:01 - 2015-03-17 17:02 - 04816784 _____ (AVG Technologies) C:\Users\Student\Documents\avg_free_stb_all_5856p1_177.exe

2015-03-16 16:40 - 2015-03-16 16:40 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (89).collab

2015-03-16 16:02 - 2015-03-16 16:02 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (88).collab

2015-03-16 12:23 - 2015-03-16 12:23 - 00010686 _____ () C:\Users\Student\Downloads\meeting (30).collab

2015-03-16 12:11 - 2015-03-16 12:11 - 00010686 _____ () C:\Users\Student\Downloads\meeting (29).collab

2015-03-16 11:37 - 2015-03-16 11:37 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (87).collab

2015-03-13 15:00 - 2015-03-13 15:00 - 00000000 _____ () C:\Users\Student\Downloads\hs_err_pid6656.log

2015-03-13 14:59 - 2015-03-13 14:59 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (86).collab

2015-03-12 14:31 - 2015-03-23 12:36 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-12 14:31 - 2015-03-23 10:06 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-12 14:30 - 2015-03-12 14:31 - 00000000 ____D () C:\Program Files\GUM752F.tmp

2015-03-11 13:33 - 2015-03-11 13:33 - 00000000 ____D () C:\Program Files\system app

2015-03-11 13:31 - 2015-03-17 18:24 - 00000000 ____D () C:\Users\Student\AppData\Local\28AAD45F-F322-324C-80AD-37E9A78C1978

2015-03-11 13:25 - 2015-03-12 18:10 - 00000000 ____D () C:\Users\Student\AppData\Roaming\OAS

2015-03-11 13:12 - 2015-03-11 13:12 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (85).collab

2015-03-10 15:19 - 2015-03-10 15:19 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (84).collab

2015-03-10 15:19 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-10 15:19 - 2015-01-30 20:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-03-10 15:19 - 2015-01-30 20:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2015-03-10 15:19 - 2015-01-30 17:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-03-10 15:16 - 2015-02-20 22:31 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-03-10 15:16 - 2015-02-20 22:31 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-03-10 15:16 - 2015-02-20 22:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-03-10 15:16 - 2015-02-20 22:31 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-03-10 15:16 - 2015-02-20 22:30 - 14380544 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-03-10 15:16 - 2015-02-20 22:30 - 13768704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-03-10 15:16 - 2015-02-20 22:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-03-10 15:16 - 2015-02-20 22:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-03-10 15:16 - 2015-02-20 22:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-03-10 15:16 - 2015-02-20 22:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-03-10 15:16 - 2015-02-20 22:30 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-03-10 15:16 - 2015-02-20 22:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-03-10 15:16 - 2015-02-20 22:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-03-10 15:16 - 2015-02-20 22:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2015-03-10 15:16 - 2015-02-20 22:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-03-10 15:16 - 2015-02-20 22:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-03-10 15:16 - 2015-02-20 22:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-03-10 15:16 - 2015-02-20 22:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-03-10 15:16 - 2015-02-20 22:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-03-10 15:16 - 2015-02-20 22:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-03-10 15:16 - 2015-02-20 22:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-03-10 15:16 - 2015-02-20 22:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-03-10 15:16 - 2015-02-20 21:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-03-10 15:16 - 2015-02-20 21:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2015-03-10 15:14 - 2015-02-25 20:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-10 15:14 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-10 15:14 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-10 15:12 - 2015-03-05 22:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-03-10 15:12 - 2015-03-05 22:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-03-10 15:12 - 2015-03-05 22:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-03-10 15:12 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-03-10 15:12 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-03-10 15:12 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-03-10 15:12 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-03-10 15:12 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-03-10 15:12 - 2015-03-05 22:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-03-10 15:12 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-03-10 15:12 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-03-10 15:12 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-03-10 15:12 - 2015-03-05 22:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-03-10 15:12 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-03-10 15:12 - 2015-03-05 22:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-03-10 15:12 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-03-10 15:12 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-03-10 15:12 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-03-10 15:12 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2015-03-10 15:11 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-03-10 15:11 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-10 15:11 - 2015-02-19 21:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-03-10 15:11 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-03-10 15:11 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-10 15:11 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-10 15:11 - 2015-02-02 20:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-03-10 15:11 - 2015-02-02 20:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-03-10 15:11 - 2015-02-02 20:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2015-03-10 15:11 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-03-10 15:11 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2015-03-10 15:11 - 2015-02-02 20:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-03-10 15:11 - 2015-02-02 20:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2015-03-10 15:11 - 2015-01-30 16:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-03-10 15:11 - 2014-10-31 15:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2015-03-10 15:11 - 2014-06-27 17:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2015-03-10 15:11 - 2014-06-27 17:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2015-03-10 15:10 - 2015-02-02 20:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-03-10 15:10 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-03-10 15:10 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-03-10 15:10 - 2015-02-02 20:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-03-10 15:10 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2015-03-10 15:10 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-03-10 15:10 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-03-10 15:10 - 2015-02-02 20:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-03-10 15:10 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-03-10 15:10 - 2015-02-02 20:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-03-10 15:10 - 2015-02-02 20:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-03-10 15:10 - 2015-02-02 20:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-03-10 15:10 - 2015-02-02 20:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll

2015-03-10 15:10 - 2015-02-02 20:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-03-10 15:10 - 2015-02-02 20:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-03-10 15:10 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-03-10 15:10 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-03-10 15:10 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-03-10 15:10 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-03-10 15:10 - 2015-02-02 20:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-03-10 15:10 - 2015-02-02 20:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-03-10 15:10 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-03-10 15:10 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-03-10 15:10 - 2015-02-02 20:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-03-10 15:10 - 2015-02-02 20:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe

2015-03-10 15:10 - 2015-02-02 20:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe

2015-03-10 15:10 - 2015-02-02 20:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll

2015-03-10 15:10 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-03-10 15:10 - 2015-02-02 20:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-03-10 15:10 - 2015-02-02 19:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-03-09 10:28 - 2015-03-09 10:28 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (83).collab

2015-03-09 10:25 - 2015-03-09 10:25 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (82).collab

2015-03-06 14:48 - 2015-03-06 14:48 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (81).collab

2015-03-05 09:36 - 2015-03-12 18:06 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2015-03-05 09:36 - 2015-02-26 18:29 - 00236840 _____ (EasyAntiCheat Ltd) C:\Windows\system32\EasyAntiCheat.exe

2015-03-04 13:25 - 2015-03-04 13:25 - 00010688 _____ () C:\Users\Student\Downloads\meeting (28).collab

2015-03-04 13:22 - 2015-03-23 12:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-04 13:09 - 2015-03-04 13:09 - 00010688 _____ () C:\Users\Student\Downloads\meeting (27).collab

2015-03-04 13:00 - 2015-03-04 13:00 - 00010686 _____ () C:\Users\Student\Downloads\meeting (26).collab

2015-03-04 10:43 - 2015-03-04 10:43 - 00000000 ____D () C:\Users\Student\AppData\Roaming\com.fbkc.hdydi

2015-03-03 15:34 - 2015-03-03 15:34 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (80).collab

2015-03-03 14:15 - 2015-03-03 14:15 - 00032534 _____ () C:\Users\Student\Downloads\hs_err_pid1824.log

2015-03-03 14:15 - 2015-03-03 14:15 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (79).collab

2015-03-03 14:09 - 2015-03-03 14:09 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (78).collab

2015-03-02 18:22 - 2015-03-02 18:22 - 00000000 ____D () C:\Users\Student\AppData\Roaming\Nifflas

2015-03-02 18:22 - 2015-03-02 18:22 - 00000000 ____D () C:\ProgramData\Nifflas

2015-03-02 14:50 - 2015-03-02 14:50 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (77).collab

2015-03-02 13:10 - 2015-03-02 13:10 - 00010688 _____ () C:\Users\Student\Downloads\meeting (25).collab

2015-03-02 13:01 - 2015-03-02 13:01 - 00010686 _____ () C:\Users\Student\Downloads\meeting (24).collab

2015-03-01 14:53 - 2015-03-01 14:53 - 00000000 ____D () C:\Users\Student\AppData\Local\SCE

2015-02-28 14:42 - 2015-02-16 17:20 - 00026176 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

2015-02-27 15:39 - 2015-02-27 15:39 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (76).collab

2015-02-27 14:54 - 2015-02-27 14:54 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (75).collab

2015-02-27 14:50 - 2015-02-27 14:50 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (74).collab

2015-02-26 16:27 - 2015-02-26 16:27 - 00000000 ____D () C:\Users\Student\AppData\Local\LogMeIn

2015-02-26 16:27 - 2015-02-26 16:27 - 00000000 ____D () C:\ProgramData\LogMeIn

2015-02-25 17:28 - 2015-02-25 17:28 - 00210912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys

2015-02-25 13:07 - 2015-02-25 13:23 - 00000000 ____D () C:\Users\Student\AppData\Local\BoringManGame

2015-02-25 12:09 - 2015-02-25 12:09 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (73).collab

2015-02-24 19:02 - 2015-03-23 10:12 - 00000000 ____D () C:\Users\Student\AppData\Local\LogMeIn Hamachi

2015-02-24 19:01 - 2015-02-24 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2015-02-24 16:46 - 2015-02-24 16:46 - 00224736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys

2015-02-24 16:38 - 2015-02-24 16:38 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (72).collab

2015-02-23 17:14 - 2015-02-23 17:14 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (71).collab

2015-02-23 16:56 - 2015-02-23 16:56 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (70).collab

2015-02-23 15:12 - 2015-02-23 15:12 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (69).collab

2015-02-23 13:27 - 2015-02-23 13:27 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (68).collab

2015-02-22 20:29 - 2015-02-22 20:29 - 00000000 ____D () C:\Users\Student\AppData\Roaming\TheBannerSagaFactions

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-23 12:35 - 2014-09-18 13:20 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2071005352-1963743713-3197600615-1000UA.job

2015-03-23 10:19 - 2014-04-09 10:30 - 00000157 __RSH () C:\ProgramData\3002.xml

2015-03-23 10:14 - 2009-07-13 21:34 - 00036336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-23 10:14 - 2009-07-13 21:34 - 00036336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-23 10:07 - 2014-04-09 10:28 - 00069792 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll

2015-03-23 10:07 - 2014-04-09 10:20 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe

2015-03-23 10:06 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-22 17:24 - 2014-09-18 11:00 - 01558724 _____ () C:\Windows\WindowsUpdate.log

2015-03-22 15:23 - 2014-09-18 13:20 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2071005352-1963743713-3197600615-1000Core.job

2015-03-22 11:37 - 2015-02-04 19:52 - 00000000 ____D () C:\Users\Student\AppData\Roaming\Skype

2015-03-20 15:38 - 2013-04-16 15:02 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-03-20 14:33 - 2013-04-10 18:59 - 00000000 ____D () C:\Users\Student

2015-03-20 12:56 - 2014-12-16 14:18 - 00000000 ____D () C:\Quarantine

2015-03-20 11:21 - 2015-01-26 13:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2015-03-18 13:15 - 2014-12-16 14:16 - 00000000 ____D () C:\ProgramData\diffpmcfhkkpcfpnpglgimpdkjdehjgg

2015-03-18 13:06 - 2015-02-02 17:16 - 00000000 ____D () C:\Users\Student\Documents\Do u even Starbomb

2015-03-18 11:32 - 2013-04-10 19:53 - 00000000 ____D () C:\Windows\Panther

2015-03-18 09:58 - 2014-09-19 09:06 - 00000000 ____D () C:\Users\Student\Documents\Online Learning

2015-03-17 09:00 - 2015-02-14 13:19 - 00000000 ____D () C:\Users\Student\Documents\My Games

2015-03-16 10:56 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF

2015-03-13 10:20 - 2014-10-24 12:43 - 00000000 ____D () C:\Users\Student\Documents\Book Club

2015-03-12 18:19 - 2010-11-20 14:01 - 00781782 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-12 18:13 - 2014-04-09 10:21 - 00017920 _____ () C:\Windows\system32\rpcnetp.dll

2015-03-12 18:12 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp

2015-03-12 18:09 - 2015-02-14 13:05 - 00000000 ____D () C:\Program Files\AGEIA Technologies

2015-03-12 18:09 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration

2015-03-12 18:09 - 2009-07-13 19:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2015-03-12 18:07 - 2013-04-12 20:09 - 00000000 ____D () C:\ProgramData\Package Cache

2015-03-11 16:03 - 2009-07-13 21:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-03-11 13:47 - 2009-07-13 21:33 - 00551080 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-05 18:35 - 2014-09-19 08:56 - 00000000 ____D () C:\Users\Student\Documents\Physical Education

2015-03-05 09:59 - 2015-02-06 17:58 - 00000000 ____D () C:\Users\Student\AppData\Roaming\RenPy

2015-03-04 13:50 - 2013-04-16 14:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-03-04 13:50 - 2013-04-16 14:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-03-02 13:03 - 2014-01-30 04:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2015-03-01 15:12 - 2015-02-12 12:07 - 00000000 ____D () C:\Users\Student\AppData\Local\Airscape

2015-02-28 14:31 - 2015-02-12 18:02 - 00000000 ____D () C:\Users\Student\Documents\Mabinogi

2015-02-27 14:59 - 2013-04-12 19:54 - 00136848 _____ () C:\Users\Student\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2015-03-20 11:57 - 2015-03-20 13:43 - 0000115 _____ () C:\Users\Student\AppData\Roaming\LogFile.txt

2015-02-04 18:41 - 2015-02-05 17:24 - 0001769 _____ () C:\Users\Student\AppData\Roaming\SpeedRunnersLog.txt

2014-04-09 10:30 - 2014-11-07 11:28 - 0026784 __RSH () C:\ProgramData\3002.abs

2014-04-09 10:30 - 2015-03-23 10:19 - 0000157 __RSH () C:\ProgramData\3002.xml

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-02 09:12

==================== End Of Log ============================

[kevinf80]

Can you also post the FRST secondary log Addition.txt...

[dr_glove]

Addition.txt

 

I guess I didn't click 'add to post' - sorry!

[kevinf80]

There are two security programs installed and running on your system McAfee and AVG, that is counterproductive and one of those should be removed ASAP. Obviously it is your own choice on that issue...

 

AVG removal tool - http://www.avg.com/us-en/utilities

 

McAfee removal tool - https://service.mcafee.com/FAQDocument.aspx?id=TS101331

 

Next,

 

Scan with ZOEK

 

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

 

• 
  

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:

 

services_list;standardsearch;autoclean;emptyclsid;emptyfolderscheck;deleteiedefaults;firefoxlook;chromelook;FFdefaults;CHRdefaults;

 

 

• 
  

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

 

Please include its content in your next reply. Don't forget to re-enable security software!

 

Post log from Zoek, also give an update on any remaining issues or concerns...

 

Thanks,

 

Kevin.

[dr_glove]

 

Zoek.exe v5.0.0.0 Updated 23-March-2015

Tool run by Student on Mon 03/23/2015 at 17:03:54.14.

Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Student\Downloads\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

3/23/2015 5:08:10 PM Zoek.exe System Restore Point Created Successfully.

 

==== Empty Folders Check ======================

 

C:\Program Files\GUM752F.tmp deleted successfully

C:\Program Files\system app deleted successfully

C:\Program Files\VideoLAN deleted successfully

C:\Users\Student\AppData\Local\VirtualStore deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Running Processes ======================

 

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\aestsrv.exe

C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE

C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\K12\Software\run\K12McAfeeTray.exe

C:\K12\Software\run\K12VersionTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\hamachi-2-ui.exe

C:\LMIGuardianSvc.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\rpcnet.exe

C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

C:\Windows\system32\conhost.exe

C:\hamachi-2.exe

C:\LMIGuardianSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Student\Downloads\zoek.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

 

==== Deleting Services ======================

 

 

==== FireFox Fix ======================

 

Deleted from C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103\prefs.js:

user_pref("browser.startup.homepage", "login-learn.k12.com/accessui/login.do?__actionName=view");

user_pref("browser.newtab.url", "");

user_pref("keyword.URL", "");

 

Added to C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

 

Deleted from C:\Users\Student\AppData\Roaming\Nvu\Profiles\x6g5vjkc.default\prefs.js:

 

Added to C:\Users\Student\AppData\Roaming\Nvu\Profiles\x6g5vjkc.default\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

 

==== Deleting Files \ Folders ======================

 

C:\Program Files\GUM752F.tmp not found

C:\Program Files\system app not found

C:\Program Files\VideoLAN not found

C:\Program Files\YoutubbeAdBlockE deleted

C:\Program Files\BuuyNsuave deleted

C:\Program Files\Design my eMail deleted

C:\PROGRA~2\diffpmcfhkkpcfpnpglgimpdkjdehjgg deleted

C:\PROGRA~2\224125319150758730 deleted

C:\PROGRA~2\31c40ca5126eb4a deleted

C:\Users\Student\AppData\Roaming\LogFile.txt deleted

C:\Users\Student\AppData\Roaming\SpeedRunnersLog.txt deleted

C:\Users\Student\AppData\Roaming\Open Download Manager deleted

C:\Users\Student\AppData\Roaming\ParetoLogic deleted

C:\PROGRA~2\Package Cache deleted

C:\Users\Student\AppData\Local\28AAD45F-F322-324C-80AD-37E9A78C1978 deleted

C:\Windows\system32\GroupPolicy\Adm deleted

C:\Windows\system32\GroupPolicy\Machine deleted

C:\Windows\system32\GroupPolicy\User deleted

C:\Windows\system32\GroupPolicy\gpt.ini deleted

C:\Windows\System32\AI_RecycleBin deleted

"C:\Windows\Installer\82b65b.msi" deleted

"C:\hamachi-2-ui.exe" deleted

"C:\hamachi-2.exe" deleted

"C:\LMIGuardianSvc.exe" deleted

 

==== System Specs ======================

 

Operating System: Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 32-bit

Manufacturer: Hewlett-Packard - Model: HP 635 Notebook PC              

Install Date: 9/18/2014 10:58:57 AM

Last Boot: 3/24/2015 8:40:37 AM

Processor: AMD E-300 APU with Radeon HD Graphics

Number of Processors: 2

Work Station

Bootmode: Normal boot

Total RAM: 3578 MB (free 2151 MB - 60)

Computername: K12-5CB21022D2

Domain: WORKGROUP

User: Student (Administrator account)

Local Disk:        C:\ - NTFS - 255 GB (free 57 GB)

CD \ DVD Drive:    E:\ 

Local Disk:        K:\ - NTFS - 19 GB (free 19 GB)

Bootdevice: \Device\HarddiskVolume1

Windows update: 2015-03-11 18:36:52

Country: United States 

Language: ENU 

 

==== System Specs (Software) ======================

 

Anti-Virus: McAfee VirusScan Enterprise On-access scanning disabled (Outdated)

Anti-Spyware: McAfee VirusScan Enterprise Antispyware Module disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Internet Explorer Version: 10.0.9200.17267 

Mozilla Firefox version: 35.0.1 (x86 en-US)

Google Chrome version: 41.0.2272.101

Adobe Reader version: 11.0.10.32

Sun Java version: 1.7.0_51 (32-bit) 

Flash Player version: 16.0.0.305

Shockwave Player version: 12.0.2r122

 

==== Files Recently Created / Modified ======================

 

====== C:\Windows ====

====== C:\Users\Student\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\system32 =====

2015-03-10 22:19:21 5F3628DCF926C4499BE1DC74431DFBC8 1230848 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2015-03-10 22:19:18 6BF8843C99352B8A600794DE740C2566 2744320 ----a-w- C:\Windows\System32\rdpcorets.dll

2015-03-10 22:19:17 1B430766C544BEF1D8BE2305FF7F8D9C 221184 ----a-w- C:\Windows\System32\rdpudd.dll

2015-03-10 22:19:17 06E6DEABDA3A27DDA054BE46207420E4 13824 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll

2015-03-10 22:16:36 836E4983088DD3723F0B3D9BABA63E97 14380544 ----a-w- C:\Windows\System32\mshtml.dll

2015-03-10 22:16:32 E7AFA1051FBD3069F26B5049F146EBB2 13768704 ----a-w- C:\Windows\System32\ieframe.dll

2015-03-10 22:16:31 7FBC8607D89C3EA54A764C6331C99D6D 1763328 ----a-w- C:\Windows\System32\wininet.dll

2015-03-10 22:16:30 D5E47A6DAAAEFDF998D7680ED2EA86DF 2055680 ----a-w- C:\Windows\System32\iertutil.dll

2015-03-10 22:16:30 990E995A16A9C2BA88CA0E60E7894AA9 1181696 ----a-w- C:\Windows\System32\urlmon.dll

2015-03-10 22:16:29 A83DD99122386F1368D93D7A733E3302 523776 ----a-w- C:\Windows\System32\vbscript.dll

2015-03-10 22:16:27 1EB6F9DBD04FFDFCF5B93909901560AC 493056 ----a-w- C:\Windows\System32\msfeeds.dll

2015-03-10 22:16:26 A4FBF52C79893152D57C7F6A2AAC0C83 1441280 ----a-w- C:\Windows\System32\inetcpl.cpl

2015-03-10 22:16:25 000D418931B930BE6769712F86CC6B60 109056 ----a-w- C:\Windows\System32\iesysprep.dll

2015-03-10 22:16:24 E8A033B53086430DA6B48F28B6EC63A2 226816 ----a-w- C:\Windows\System32\iedkcs32.dll

2015-03-10 22:16:24 B8E5AA21DEDCBB962DF5F04C6D134DA6 391168 ----a-w- C:\Windows\System32\ieui.dll

2015-03-10 22:16:24 423DFEDEE363F06C05AC593B6205F4A3 2864640 ----a-w- C:\Windows\System32\jscript9.dll

2015-03-10 22:16:23 8D0494E8410852943FF43A368217FF66 690688 ----a-w- C:\Windows\System32\jscript.dll

2015-03-10 22:16:22 DDF5BC96A7BC55971952CCEB5F92A736 357888 ----a-w- C:\Windows\System32\dxtmsft.dll

2015-03-10 22:16:22 7919BAA17333FCC2621481489CEB612B 42496 ----a-w- C:\Windows\System32\ie4uinit.exe

2015-03-10 22:16:22 4ABDF4F6DF951160F95D5A45D7355C34 226816 ----a-w- C:\Windows\System32\dxtrans.dll

2015-03-10 22:16:22 23A43E791BB4B8D702DE37E718B515A8 163840 ----a-w- C:\Windows\System32\msrating.dll

2015-03-10 22:16:21 F63F71027A4A57A69DFEE2E9F920747B 80384 ----a-w- C:\Windows\System32\mshtmled.dll

2015-03-10 22:16:21 7492246CF5E309E7B9B1EA3354819C0E 33280 ----a-w- C:\Windows\System32\iernonce.dll

2015-03-10 22:16:20 EBE016639BF5BDB2E7226483B700E7EE 61440 ----a-w- C:\Windows\System32\iesetup.dll

2015-03-10 22:16:20 96563FAC4ABF52A16BF6668B7399D6B7 361984 ----a-w- C:\Windows\System32\html.iec

2015-03-10 22:16:20 0ED74EEC57380E673FF9F2604DFC00B0 39936 ----a-w- C:\Windows\System32\jsproxy.dll

2015-03-10 22:16:19 E1F65EEE4C839DDAF133392E14B0AF72 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2015-03-10 22:16:19 CD38AFE2191248AAFAEECCE0A8E1B58E 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2015-03-10 22:14:30 84B460BB65567ED42DD605FA044DB370 828928 ----a-w- C:\Windows\System32\msctf.dll

2015-03-10 22:14:28 340EECB781E6C06A6171B3068DA208AD 12875264 ----a-w- C:\Windows\System32\shell32.dll

2015-03-10 22:14:24 BA3CB7D5C1DCF17E6FFFB28DB950841A 2381312 ----a-w- C:\Windows\System32\win32k.sys

2015-03-10 22:12:53 B804EAA9E037580F96C22537C2ECB62A 171520 ----a-w- C:\Windows\System32\ubpm.dll

2015-03-10 22:12:42 D9FAD47AFADE210921EF0991307DAD6D 1061376 ----a-w- C:\Windows\System32\lsasrv.dll

2015-03-10 22:12:42 D5063B86DC3F85B93D02AF68099F4C9A 248832 ----a-w- C:\Windows\System32\schannel.dll

2015-03-10 22:12:41 69925A266D265DAD96C6FCBB861FA5CD 550912 ----a-w- C:\Windows\System32\kerberos.dll

2015-03-10 22:12:40 C7D334A01C66BF07B92D04CD7A981B7F 259584 ----a-w- C:\Windows\System32\msv1_0.dll

2015-03-10 22:12:40 B06A4105DD22E91A1D922D7310803140 65536 ----a-w- C:\Windows\System32\TSpkg.dll

2015-03-10 22:12:40 7A71DA6D6F75AB73475128F787DD8EAD 221184 ----a-w- C:\Windows\System32\ncrypt.dll

2015-03-10 22:12:40 4E15E2D20AE755FDEACD96F359F732DB 172032 ----a-w- C:\Windows\System32\wdigest.dll

2015-03-10 22:12:39 5E76C26CAE2810EA71C161ED9A2CF0D1 50176 ----a-w- C:\Windows\System32\auditpol.exe

2015-03-10 22:12:38 F65F365AC0D1657917EFDB52445C848B 22528 ----a-w- C:\Windows\System32\lsass.exe

2015-03-10 22:12:38 887C8C0BF3FF4C74E76714375AE9B1D8 15872 ----a-w- C:\Windows\System32\sspisrv.dll

2015-03-10 22:12:38 84974782ED5D108DA2EFAF3C6534A760 22016 ----a-w- C:\Windows\System32\secur32.dll

2015-03-10 22:12:38 49144A633AB640E34A0FFDE26CB31EB5 100352 ----a-w- C:\Windows\System32\sspicli.dll

2015-03-10 22:12:38 30F5B3E28636009A0B194057AAE4392A 17408 ----a-w- C:\Windows\System32\credssp.dll

2015-03-10 22:12:37 ACD0CA819E279E1C17BE5C8A077EF448 146432 ----a-w- C:\Windows\System32\msaudite.dll

2015-03-10 22:12:37 0485899A035E02C53014C0545D912405 686080 ----a-w- C:\Windows\System32\adtschema.dll

2015-03-10 22:12:36 7407DDA27838C393DE67A0BDCDD044D0 60416 ----a-w- C:\Windows\System32\msobjs.dll

2015-03-10 22:11:52 DD16C06B79DA2FBD422E87923C6C0C9D 26624 ----a-w- C:\Windows\System32\lpk.dll

2015-03-10 22:11:52 965D6A2B30A95A9F7EF13653988D3D9F 299008 ----a-w- C:\Windows\System32\atmfd.dll

2015-03-10 22:11:52 55273844B66D77A2F1A2213C17A9EA4A 34304 ----a-w- C:\Windows\System32\atmlib.dll

2015-03-10 22:11:51 ABB358777FDF4AF51B2FE26137D2B8D4 70656 ----a-w- C:\Windows\System32\fontsub.dll

2015-03-10 22:11:51 274F0540FD4C88FC845C94CA1569688A 10240 ----a-w- C:\Windows\System32\dciman32.dll

2015-03-10 22:11:48 9566C8BBD2271A7962D4432A624762AD 417792 ----a-w- C:\Windows\System32\WMPhoto.dll

2015-03-10 22:11:20 003C51B9FE38287BA4E0E58D3AE080BD 744960 ----a-w- C:\Windows\System32\blackbox.dll

2015-03-10 22:11:19 DCC148408770F2D55B201F8FC26438A1 988160 ----a-w- C:\Windows\System32\drmv2clt.dll

2015-03-10 22:11:18 833FCABCB5D95B1911BA6E62FC82AC04 617984 ----a-w- C:\Windows\System32\wmdrmsdk.dll

2015-03-10 22:11:17 B378B6A865C28CE5C1E23C35760A1199 11411968 ----a-w- C:\Windows\System32\wmp.dll

2015-03-10 22:11:17 5B0C6247027FCF5A2E2F150E298D2FFA 3209728 ----a-w- C:\Windows\System32\mf.dll

2015-03-10 22:11:14 BB73C907D1BD437B6C30F2C23BB089FC 406016 ----a-w- C:\Windows\System32\drmmgrtn.dll

2015-03-10 22:11:14 74264B7F57A16D25CB581C07964D324A 1174528 ----a-w- C:\Windows\System32\crypt32.dll

2015-03-10 22:11:13 6C2D4DC5D2E271F4AE4016FD4587B0B2 3973048 ----a-w- C:\Windows\System32\ntkrnlpa.exe

2015-03-10 22:11:13 49474B3E37969AF4B5C076F42B623AFF 143872 ----a-w- C:\Windows\System32\cryptsvc.dll

2015-03-10 22:11:12 D5EC42139D6A6158CF188975C50B6A60 179200 ----a-w- C:\Windows\System32\wintrust.dll

2015-03-10 22:11:12 2CFE69A0A8AFDA8DB9A773D728000BB7 3917760 ----a-w- C:\Windows\System32\ntoskrnl.exe

2015-03-10 22:11:11 2D4814D567E5A85C473228BA772A7AFB 489984 ----a-w- C:\Windows\System32\evr.dll

2015-03-10 22:11:10 96DB6A923DEDB58FC7CBBF5CFF73314D 1329664 ----a-w- C:\Windows\System32\quartz.dll

2015-03-10 22:11:09 98C1191C862B44567FCF3C18BAEE859E 519680 ----a-w- C:\Windows\System32\qdvd.dll

2015-03-10 22:11:08 B7D2BB84C590F0AE9DA51DBB065A780E 1005056 ----a-w- C:\Windows\System32\cryptui.dll

2015-03-10 22:11:08 52954BE460EC6C54C0ACB2B3B126FFC6 157184 ----a-w- C:\Windows\System32\pcasvc.dll

2015-03-10 22:11:07 C5667EE72D7364BE81516C0707FEF724 354816 ----a-w- C:\Windows\System32\mfplat.dll

2015-03-10 22:11:06 B54FD1991E659FD61EF1D34EC27AAECD 81408 ----a-w- C:\Windows\System32\cryptsp.dll

2015-03-10 22:11:06 18F1BBB37F1BC76332B5C1B5FA5ED310 455752 ----a-w- C:\Windows\System32\winresume.exe

2015-03-10 22:11:04 FFCFCDFD8D17DC62F168B50E92143EFA 400896 ----a-w- C:\Windows\System32\srcore.dll

2015-03-10 22:11:04 D31FB78F37F075FA9605D7ED9B2070D2 409272 ----a-w- C:\Windows\System32\ci.dll

2015-03-10 22:11:03 7DD3B3971D45197FA059C7CF55387BE8 521384 ----a-w- C:\Windows\System32\winload.exe

2015-03-10 22:11:02 055C6BD2B4216C69302807A44A2C2B46 262656 ----a-w- C:\Windows\System32\rstrui.exe

2015-03-10 22:11:00 3BAA4BAE71460C5CEB40D5E9339A61BC 103936 ----a-w- C:\Windows\System32\cryptnet.dll

2015-03-10 22:11:00 320A8699369C43CF53B2DB4538D17C52 504320 ----a-w- C:\Windows\System32\msscp.dll

2015-03-10 22:10:58 CFE8B425822E478B530A590896ECF091 100864 ----a-w- C:\Windows\System32\audiodg.exe

2015-03-10 22:10:58 70E96EBE87A38857619671FCB9C8EC7B 265216 ----a-w- C:\Windows\System32\msnetobj.dll

2015-03-10 22:10:57 C1619A13B10CAC5038BF7129F57D8DE3 475136 ----a-w- C:\Windows\System32\audiosrv.dll

2015-03-10 22:10:57 08FF727297A97907AADED4BA86CF44E9 50176 ----a-w- C:\Windows\System32\rrinstaller.exe

2015-03-10 22:10:56 F5090F8FA6757C58E17BAEAA86093636 27648 ----a-w- C:\Windows\System32\appidsvc.dll

2015-03-10 22:10:56 AF47EAA4ADDA9AA221FB7647EE22BF53 103424 ----a-w- C:\Windows\System32\mfps.dll

2015-03-10 22:10:56 3245B3D9A1F36C8A80900003B22F9FA4 96768 ----a-w- C:\Windows\System32\appidpolicyconverter.exe

2015-03-10 22:10:55 C45E651DD6C0D7C1D92B338CE9331EF3 28160 ----a-w- C:\Windows\System32\pcadm.dll

2015-03-10 22:10:55 2D21189858856316D55EAD55DF4964C2 374784 ----a-w- C:\Windows\System32\AudioEng.dll

2015-03-10 22:10:54 A56F4029FDCF4F817E78953CDA953E28 442880 ----a-w- C:\Windows\System32\AUDIOKSE.dll

2015-03-10 22:10:54 49F4EE8DF752CFA159B99046CD1FDD2B 23040 ----a-w- C:\Windows\System32\mfpmp.exe

2015-03-10 22:10:54 01C6C743FE49D0FB3F0A1391FEF1DEB3 69632 ----a-w- C:\Windows\System32\smss.exe

2015-03-10 22:10:52 E0AB9CA912398BE1AAD14FF7AD75C397 50688 ----a-w- C:\Windows\System32\appidapi.dll

2015-03-10 22:10:51 50B8937A81360D16A5C772302BD32CFE 195584 ----a-w- C:\Windows\System32\AudioSes.dll

2015-03-10 22:10:50 A4A2EFB40015B76467F09E6DC388BC26 43008 ----a-w- C:\Windows\System32\srclient.dll

2015-03-10 22:10:50 10495B2681F3E271CB93608D853A0CF0 9728 ----a-w- C:\Windows\System32\pcawrk.exe

2015-03-10 22:10:49 7847865A78B7FB9221D9DFB35A7B8ECD 38912 ----a-w- C:\Windows\System32\csrsrv.dll

2015-03-10 22:10:49 6C620B9DDB9EB0F0D92E9607D76B3D3D 50176 ----a-w- C:\Windows\System32\setbcdlocale.dll

2015-03-10 22:10:48 A6AEADE370FFE3F37554D8AAA3E4B873 8192 ----a-w- C:\Windows\System32\pcalua.exe

2015-03-10 22:10:48 6EBC44F464A00EF4E4F0DBBB6BD3FF14 275968 ----a-w- C:\Windows\System32\EncDump.dll

2015-03-10 22:10:48 6B1EB62B8DD3F439F972BE14D7A34FC8 10752 ----a-w- C:\Windows\System32\msmmsp.dll

2015-03-10 22:10:47 69B4CE000298A9253EB206C3AC1360F5 16896 ----a-w- C:\Windows\System32\appidcertstorecheck.exe

2015-03-10 22:10:44 F0C8038C9336EE6C3244CF431AB362BE 8704 ----a-w- C:\Windows\System32\pcaevts.dll

2015-03-10 22:10:44 D3916F83AC8F2314262387A2E16C6578 4096 ----a-w- C:\Windows\System32\msdxm.ocx

2015-03-10 22:10:44 D3916F83AC8F2314262387A2E16C6578 4096 ----a-w- C:\Windows\System32\dxmasf.dll

2015-03-10 22:10:44 8B07DBA0D77346545C6359AC67DCB980 8192 ----a-w- C:\Windows\System32\spwmp.dll

2015-03-10 22:10:44 2F3CE58D8C276570EEB69C99CFBAFD58 2048 ----a-w- C:\Windows\System32\mferror.dll

2015-03-10 22:10:43 FCD5137A10C8943B34C9BE891C50159F 6656 ----a-w- C:\Windows\System32\apisetschema.dll

2015-03-10 22:10:42 7C1CADCA0E674212412559B0EAD0919A 12625408 ----a-w- C:\Windows\System32\wmploc.DLL

====== C:\Windows\system32\drivers =====

2015-03-20 22:42:02 04B309A1A653177994630C2773E659F1 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2015-03-20 22:38:40 C2730E796F3A84DE3D4FCFF899028838 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2015-03-20 22:38:40 2A1B51A1FE8DC4DC0D52EC700CB02CEF 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys

2015-03-20 22:38:39 AB73A39A5E45F465B02C11C500BB0278 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys

2015-03-10 22:12:42 9EED5E0B7BF784C491C2289A09920BDA 137656 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2015-03-10 22:12:41 4DAC97CF81FAE4B2988AEF0DF40D04AE 67512 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2015-03-10 22:11:13 AEBC369F7DC72AB3F5B9BDF34FA0D43F 593920 ----a-w- C:\Windows\System32\drivers\PEAuth.sys

2015-03-10 22:11:10 3051724F223EA48968B19567DE2A81F4 370488 ----a-w- C:\Windows\System32\drivers\cng.sys

2015-03-10 22:11:06 644905A19D0F37F2233DFCE53BC4BC19 78784 ----a-w- C:\Windows\System32\drivers\mountmgr.sys

2015-03-10 22:10:55 81F97D8F8B3FB94A451CC6F7CF8B2965 50176 ----a-w- C:\Windows\System32\drivers\appid.sys

====== C:\Windows\Tasks ======

2015-03-18 18:33:32 6D3C5A28ECA991C4F4C553E9F03ADC84 3858 ----a-w- C:\Windows\system32\Tasks\Google Update

2015-03-12 21:31:26 5E3AFFCF07686075997FE67F924A5CE7 3884 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA

2015-03-12 21:31:26 578EDAD99D370BC3F15076E015AB59C3 3632 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore

2015-03-12 21:31:26 15ACA5819207144C159AF46C988C77F8 888 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-12 21:31:22 3C440B0138E6472144249762473CE228 884 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-11 20:43:22 F608933F94C0B578D8D569E1F08307B3 3184 ----a-w- C:\Windows\system32\Tasks\{E51BD445-58C5-4BF7-B8F2-B29EF0134AFD}

2015-03-04 20:22:44 EB35BD5932BB3FB3C5A4B9AC07D75D69 3768 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater

2015-03-04 20:22:43 25A72B07FC6804845EEA4DBDF2717218 830 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job

====== C:\Windows\Temp ======

======= C:\Program Files =====

2015-03-18 00:55:35 -------- d-----w- C:\Program Files\AVG

2015-03-05 16:36:02 -------- d-----w- C:\Program Files\NVIDIA Corporation

======= C: =====

====== C:\Users\Student\AppData\Roaming ======

2015-03-19 02:58:48 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG

2015-03-18 01:59:56 -------- d-----w- C:\Users\Student\AppData\Roaming\AVG

2015-03-18 01:59:51 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Avg

2015-03-18 01:57:38 -------- d-----w- C:\Users\Student\AppData\Local\Avg

2015-03-18 01:06:47 -------- d-----w- C:\Users\Student\AppData\Roaming\TuneUp Software

2015-03-11 20:25:04 -------- d-----w- C:\Users\Student\AppData\Roaming\OAS

2015-03-05 02:33:52 -------- d-----w- C:\Users\Student\AppData\Local\AGKApps

2015-03-04 17:43:02 -------- d-----w- C:\Users\Student\AppData\Roaming\com.fbkc.hdydi

2015-03-03 01:22:07 -------- d-----w- C:\Users\Student\AppData\Roaming\Nifflas

2015-03-01 21:53:50 -------- d-----w- C:\Users\Student\AppData\Locallow\Sony Online Entertainment

2015-03-01 21:53:50 -------- d-----w- C:\Users\Student\AppData\Local\SCE

2015-02-26 23:27:56 -------- d-----w- C:\Users\Student\AppData\Local\LogMeIn

2015-02-25 20:07:04 -------- d-----w- C:\Users\Student\AppData\Local\BoringManGame

2015-02-25 02:02:46 -------- d-----w- C:\Users\Student\AppData\Local\LogMeIn Hamachi

2015-02-25 02:01:51 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\LogMeIn Hamachi

2015-02-23 03:29:08 -------- d-----w- C:\Users\Student\AppData\Roaming\TheBannerSagaFactions

====== C:\Users\Student ======

2015-03-23 20:08:09 67D890E8DA0A5DB2846B6366172D15A0 1135104 ----a-w- C:\Users\Student\Downloads\FRST (1).exe

2015-03-23 20:04:24 F58676DE827DD9A5F3A44A698E8B4663 2095616 ----a-w- C:\Users\Student\Downloads\FRST64.exe

2015-03-23 20:01:54 2CBD226403B372BE4C38A938B86BC6E3 914735 ----a-w- C:\Users\Student\Downloads\FRST.exe

2015-03-20 22:34:25 31D2409237481996E00505054E68BA3E 21540440 ----a-w- C:\Users\Student\Downloads\mbam-setup-2.1.4.1018.exe

2015-03-20 18:08:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft

2015-03-20 00:45:18 F4732C0A05A0874EE504D9C65622DBD2 35840 --sha-w- C:\Users\Student\Thumbs.db

2015-03-18 01:56:05 -------- d-----w- C:\ProgramData\AVG

2015-03-18 00:19:11 -------- d--h--w- C:\ProgramData\Common Files

2015-03-03 01:22:07 -------- d-----w- C:\ProgramData\Nifflas

2015-02-26 23:27:56 -------- d-----w- C:\ProgramData\LogMeIn

2015-02-25 02:01:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

 

====== C: exe-files ==

2069-01-15 20:24:24 0E2F2BC05929C9244FC217D3C2D45A53 32881 ----a-w- C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe

2069-01-15 20:24:24 0D56F811AC2C42B2C0A1C0BCCD36CC5C 241777 ----a-w- C:\Program Files\Java\j2re1.4.2_07\bin\jucheck.exe

2015-03-23 23:51:46 BFFF47126551A3F9850F9DBEAB917E4C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2071005352-1963743713-3197600615-1000\$I2MH0CK.exe

2015-03-23 19:14:13 201909180DAD45F828096F2852864431 44544 ----a-w- C:\Users\Student\AppData\Local\Blackboard\Blackboard Collaborate Launcher\Temp\eLiveAS0.tmp\eLiveASBroker64.exe

2015-03-23 19:14:12 2A4616BB168052A4D2E4A370CA8D7D41 41984 ----a-w- C:\Users\Student\AppData\Local\Blackboard\Blackboard Collaborate Launcher\Temp\eLiveAS0.tmp\eLiveASBroker32.exe

2015-03-23 19:14:10 B8D08F0446C7D590043C49302A5DB625 135168 ----a-w- C:\Users\Student\AppData\Local\Blackboard\Blackboard Collaborate Launcher\Temp\eLiveBrowser0.tmp\eLiveBrowser.exe

2015-03-20 22:38:02 A38E9C48F13C11CAB641A0C91F8F12A1 885840 ----a-w- C:\Users\Student\AppData\Local\Google\Update\Install\{50A4C34C-065E-4B3F-BEA5-1F990BE178CF}\41.0.2272.101_41.0.2272.89_chrome_updater.exe

2015-03-20 22:38:01 A38E9C48F13C11CAB641A0C91F8F12A1 885840 ----a-w- C:\Users\Student\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\41.0.2272.101\41.0.2272.101_41.0.2272.89_chrome_updater.exe

2015-03-20 22:12:20 B9FF555660A02DC4D3EAFF58357BE02A 3109248 ----a-w- C:\$Recycle.Bin\S-1-5-21-2071005352-1963743713-3197600615-1000\$R2MH0CK.exe

=== C: other files ==

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

 

[HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

 

[HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

 

[HKEY_USERS\S-1-5-21-2071005352-1963743713-3197600615-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Steam"="C:\Users\Student\Documents\Book Club\Assigned\Steam\steam.exe -silent"

 

[HKEY_USERS\S-1-5-21-2071005352-1963743713-3197600615-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run]

"Steam"="C:\Users\Student\Documents\Book Club\Assigned\Steam\steam.exe -silent"

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

 

[HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

 

[HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"IME14 CHS Setup"="C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHS /Log"

"IME14 CHT Setup"="C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log"

"IME14 JPN Setup"="C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log"

"IME14 KOR Setup"="C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /KOR /Log"

"HP Quick Launch"="C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"

"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\udaterui.exe /StartedFromRunKey"

"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE /STANDALONE"

"1"="C:\K12\Software\run\K12Activation.exe"

"2"="C:\K12\Software\run\K12McAfeeTray.exe"

"3"="C:\K12\Software\run\K12VersionTray.exe"

"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe"

"LogMeIn Hamachi Ui"="C:\hamachi-2-ui.exe --auto-start"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Steam"="C:\Users\Student\Documents\Book Club\Assigned\Steam\steam.exe -silent"

 

==== Startup Registry Disabled ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QuickTime Task"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SysTrayApp]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SysTrayApp"

"hkey"="HKLM"

"command"="C:\\Program Files\\IDT\\WDM\\sttray.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="TkBellExe"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Real\\RealPlayer\\Update\\realsched.exe\" -osboot"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RealNetworks Downloader Resolver Service]

 

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]

"Google Update"="\"C:\\Users\\Student\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

"ninja VOD"="C:\\Users\\Student\\AppData\\Local\\ninjaVOD\\ninja VOD\\1.3.17.3\\ninjavod.exe"

 

 

==== Task Scheduler Jobs ======================

 

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [03/04/2015 01:50 PM]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/16/2013 03:12 PM]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/16/2013 03:12 PM]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2071005352-1963743713-3197600615-1000Core.job --a------ C:\Users\Student\AppData\Local\Google\Update\GoogleUpdate.exe [09/18/2014 01:20 PM]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2071005352-1963743713-3197600615-1000UA.job --a------ C:\Users\Student\AppData\Local\Google\Update\GoogleUpdate.exe [09/18/2014 01:20 PM]

 

==== Other Scheduled Tasks ======================

 

"C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\system32\tasks\cleanup" [C:\Windows\System32\sysprep\clean.vbs]

"C:\Windows\system32\tasks\Google Update" [C:\Users\Student\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2071005352-1963743713-3197600615-1000Core" [C:\Users\Student\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2071005352-1963743713-3197600615-1000UA" [C:\Users\Student\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\timezone" [c:\k12\software\k12timezone.exe]

"C:\Windows\system32\tasks\User_Feed_Synchronization-{09A2FAD0-F1CE-4B12-94E3-6DCD7438DD63}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

 

==== Firefox Start and Search pages ======================

 

ProfilePath: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

 

ProfilePath: C:\Users\Student\AppData\Roaming\Nvu\Profiles\x6g5vjkc.default

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{D19CA586-DD6C-4a0a-96F8-14644F340D60}"="C:\Program Files\Common Files\McAfee\SystemCore" [03/24/2015 09:33 AM]

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\Student\AppData\Roaming\Nvu\Profiles\x6g5vjkc.default

- Undetermined - %ProfilePath%\extensions\installed-extensions.txt

- Nvu default - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103

886C8C9F4779D6BFB4724FDBC32C3404 - C:\Program Files\Google\Update\1.3.26.7\npGoogleUpdate3.dll - Google Update

886C8C9F4779D6BFB4724FDBC32C3404 - C:\Users\Student\AppData\Local\Google\Update\1.3.26.7\npGoogleUpdate3.dll - Google Update

C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash

6D657ABADF217DBB17CF0A0AF44A7E29 - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll - Nexon Game Controller

0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat

9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In

A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U51

26F7A6A55F76EE478C1484FDFB01B658 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3

751C8C238F4BD764E5A047E385B657E7 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3

16112E74A62381C69456566D35F9E51E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3

BB28A86CDFFFBB041C72AD9EFEAA00D0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3

2DA7883A884BE60F9EB2810F67E0E361 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3

DE5507DBA44CC5B6869205871B64A587 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3

419680FCE774976FD752EB425D91AEDF - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3

66640A55AEFF3819C94E0A8D40D7E0AD - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director

C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa

28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight

 

 

==== Fake Chromium Profiles Check ======================

 

Fake profile C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome deleted

 

==== Chromium Look ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[07/14/2014 07:22 PM]

 

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

fcfenmboojpjinhpgggodefccipikbpd - No path found[]

 

Chrome Hotword Shared Module - Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

Skype Click to Call - Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

Google Wallet - Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

 

==== Chromium Startpages ======================

 

C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Preferences

"homepage": "

 

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

 

==== Reset Google Chrome ======================

 

C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully

C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe deleted successfully

 

==== HijackThis Entries ======================

 

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140516195256.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [iME14 CHS Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHS /Log

O4 - HKLM\..\Run: [iME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log

O4 - HKLM\..\Run: [iME14 JPN Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log

O4 - HKLM\..\Run: [iME14 KOR Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /KOR /Log

O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [1] C:\K12\Software\run\K12Activation.exe

O4 - HKLM\..\Run: [2] C:\K12\Software\run\K12McAfeeTray.exe

O4 - HKLM\..\Run: [3] C:\K12\Software\run\K12VersionTray.exe

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\hamachi-2-ui.exe" --auto-start

O4 - HKCU\..\Run: [steam] "C:\Users\Student\Documents\Book Club\Assigned\Steam\steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://support.blackboardcollaborate.com

O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\hamachi-2.exe (file missing)

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

==== Empty IE Cache ======================

 

C:\Users\Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

C:\Users\Student\AppData\Local\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103\Cache emptied successfully

C:\Users\Student\AppData\Local\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103\cache2 emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=131 folders=50 167997097 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Student\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\Student\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\hamachi-2.exesearch"  not found

"C:\LMIGuardianSvc.exesearch"  not found

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

 

==== EOF on Tue 03/24/2015 at 11:11:36.20 ======================

 

 

It appears that the virus has been removed...there are no more popups or adds anymore! I'll keep you posted after a few more hours, but I think it's worked. Thank you so much!

[kevinf80]

One final scan:

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...
 

Thanks,

 

Kevin...

[dr_glove]

 Results of screen317's Security Check version 0.99.99  

 Windows 7 Service Pack 1 x86 (UAC is disabled!)  

 Internet Explorer 10 Out of date! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

McAfee VirusScan Enterprise   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 51  

 Java 2 Runtime Environment, SE v1.4.2_07 

 Java version 32-bit out of Date! 

  Adobe Flash Player 16.0.0.305 Flash Player out of Date!  

 Adobe Reader XI  

 Mozilla Firefox 35.0.1 Firefox out of Date!  

 Google Chrome 27.0.1453.116 Google Chrome out of date!  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 McAfee VirusScan Enterprise VsTskMgr.exe  

 McAfee VirusScan Enterprise mfeann.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 

 

[kevinf80]

Thanks for the log, continue as follows:

 

Go here http://www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.

There maybe an offer of Google Chrome etc, untick those options if offered...

 

Next,

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

 

Next,

 

Update Google Chrome - https://support.google.com/chrome/answer/95414?hl=en-GB

 

Update Mozilla Firefox - https://support.mozilla.org/en-US/kb/update-firefox-latest-version

 

Update Internet Explorer - http://windows.microsoft.com/en-us/internet-explorer/download-ie

 

Next,

 

If no remaining issues or concerns run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 

• 
  

    Activate UAC
    Remove disinfection tools
    Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if those steps complete ok. Also are we ok to close out?

 

Thanks,

 

Kevin...

[dr_glove]

Yes, we are, thank you! And those tips are really helpful, thanks again!

[kevinf80]

Thanks for the update, it was a pleasure to work with you....

 

Take care and surf safe,

 

Kevin.....

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!