Jump to content

dr_glove

Members
 View Profile  See their activity

  • Posts

    15

  • Joined

  • Last visited

 Content Type 

Everything posted by dr_glove

  1. dr_glove
    If I try to "Save As" or press "Save," it appears to do nothing. And I can't close the document unless I press "Don't Save."
  2. dr_glove
    The most recently edited/opened documents show as 0 KB.
  3. dr_glove
    Ah, sorry about that; I did mean Microsoft Word. And that is true, I could use other art programs that are significantly better than MS Paint. I've just been using it often since my friend has been poking around with it. The version of MS Office is from the year of 2010. I use Windows 7, 32-bit system. Please let me know if I'm missing anything or you need more information.
  4. dr_glove
    I'm sorry if I should ask for help elsewhere for specific Windows programs, but I find that this community does an effective job in helping with PC related things like this. So, essentially, some of my Windows programs are kind of screwed up. Paint won't save my pictures as anything but a .bmp, Word Document allows me to open files only on my computer, but when trying to send them to someone else, it appears that it's 0 KB. I can edit them just fine, and "save" them, but they still come up as 0 KB. On top of that, I can't open literally any type of pictures on my computer without it telling me that, "I don't have permission to access it." I think I might have a virus that specifically corrupts my programs, but I'm unsure. Still, it's really irking me, as I could work around not having Paint or the older Movie Maker running, but now it's affecting essential programs like Word Doc. Although it's only a small portion, I managed to lose a page of what I was going to turn in today. I don't know if they affect other programs yet like Exel or other programs embedded into the computer, but I'm scared to find out.
  5. dr_glove
    Ah, yes, thank you. Everything seems to be running just fine now. Thank you so much!
  6. dr_glove
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01 Ran by Student (administrator) on K12-5CB21022D2 (02-10-2015 14:37:57) Running from C:\Users\Student\Desktop Loaded Profiles: Student (Available Profiles: Student) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Windows\System32\calc.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [iME14 CHS Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation) HKLM\...\Run: [iME14 CHT Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation) HKLM\...\Run: [iME14 JPN Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation) HKLM\...\Run: [iME14 KOR Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation) HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [333120 2011-06-08] (McAfee, Inc.) HKLM\...\Run: [shStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.) HKLM\...\Run: [1] => C:\K12\Software\run\K12Activation.exe [24064 2014-05-27] () HKLM\...\Run: [2] => C:\K12\Software\run\K12McAfeeTray.exe [10752 2013-05-09] (CDW Corporation) HKLM\...\Run: [3] => C:\K12\Software\run\K12VersionTray.exe [10240 2014-04-24] (CDW Corporation) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2408176 2013-03-09] (Synaptics Incorporated) HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\Run: [steam] => "C:\Users\Student\Documents\Book Club\Assigned\Steam\steam.exe" -silent HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\MountPoints2: {af212536-6372-11e4-9623-009c022083fc} - D:\LG_PC_Programs.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.255.255.33 10.255.255.32 Tcpip\..\Interfaces\{7C7CA79F-F37E-474B-B859-E68B3A12A7A6}: [DhcpNameServer] 10.255.255.33 10.255.255.32 Tcpip\..\Interfaces\{F1E57062-B78F-4E6B-9874-19E4B01944A0}: [DhcpNameServer] 172.21.0.55 172.21.0.60 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2071005352-1963743713-3197600615-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation) BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140516195256.dll [2014-05-16] (McAfee, Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103 FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0Dzy0EyB0C0Fzz0DyCtAyEtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0E0AtAzytBtB0CtGyDtA0FtCtGzztCtB0AtGyEzyyEtBtGyE0AtAyBzy0CtB0A0BtC0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDzy0A0E0CtCyBtG0CzztAzztGyEtD0B0CtGzzyEyC0BtGtA0A0DyB0E0FtD0EyEyEtA0C2QtN0A0LzuyE%26cr%3D420873958%26a%3Dwny_ir_15_15%26os%3DWindows 7 Professional FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-25] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-02-12] (Nexon) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore [2014-05-16] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-gb CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR Profile: C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-01] CHR Extension: (Google Docs) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-01] CHR Extension: (Google Drive) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-01] CHR Extension: (YouTube) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01] CHR Extension: (Adblock Plus) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-10-01] CHR Extension: (Google Search) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-01] CHR Extension: (Bing) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-10-01] CHR Extension: (Google Sheets) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-01] CHR Extension: (Google Docs Offline) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-01] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-01] CHR Extension: (Skype Click to Call) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-01] CHR Extension: (Chrome Web Store Payments) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-01] CHR Extension: (Gmail) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-01] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] CHR HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) S2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [59760 2010-10-20] (Microsoft Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [132416 2011-06-08] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [167344 2014-05-16] (McAfee, Inc.) R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [159640 2014-05-16] (McAfee, Inc.) S2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-16] (Absolute Software Corp.) S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282709 2011-05-11] (IDT, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [66688 2011-04-15] (Advanced Micro Devices) R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [28800 2011-04-15] (Advanced Micro Devices) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2015-02-16] (LogMeIn, Inc.) S3 johci; C:\Windows\system32\drivers\johci.sys [23640 2011-02-09] (JMicron Technology Corp.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-10-01] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2014-05-16] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [215024 2014-05-16] (McAfee, Inc.) R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59616 2014-05-16] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [477584 2014-05-16] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87816 2014-05-16] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [180720 2014-05-16] (McAfee, Inc.) R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [251496 2011-02-15] (Realtek Semiconductor Corp.) R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [982632 2011-06-15] (Realtek Semiconductor Corporation ) U3 mfeavfk01; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-01 17:34 - 2015-10-01 18:48 - 00000000 ____D C:\Users\Student\Documents\BABE 2015-10-01 17:30 - 2015-10-01 17:30 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (35).collab 2015-10-01 16:40 - 2015-10-01 16:40 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (34).collab 2015-10-01 15:40 - 2015-10-01 15:40 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback.collab 2015-10-01 15:13 - 2015-10-01 15:15 - 46468712 _____ (Microsoft Corporation) C:\Users\Student\Desktop\Windows-KB890830-V5.28.exe 2015-10-01 15:05 - 2015-10-01 15:05 - 00001325 _____ C:\Users\Student\Desktop\JRT.txt 2015-10-01 14:54 - 2015-10-01 14:55 - 01801288 _____ (Malwarebytes) C:\Users\Student\Desktop\JRT.exe 2015-10-01 14:42 - 2015-10-01 14:49 - 00000000 ____D C:\AdwCleaner 2015-10-01 14:41 - 2015-10-01 14:41 - 01670656 _____ C:\Users\Student\Downloads\AdwCleaner.exe 2015-10-01 14:37 - 2015-10-01 14:37 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-10-01 14:37 - 2015-10-01 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-10-01 14:34 - 2015-10-01 14:34 - 00929872 _____ (Google Inc.) C:\Users\Student\Downloads\ChromeSetup.exe 2015-10-01 14:27 - 2015-10-01 14:27 - 00067518 _____ C:\Users\Student\Desktop\bookmarks_mobile.html 2015-10-01 14:26 - 2015-10-01 14:26 - 00067518 _____ C:\Users\Student\Desktop\bookmarks_other.html 2015-10-01 14:26 - 2015-10-01 14:26 - 00067518 _____ C:\Users\Student\Desktop\bookmarks_10_1_15.html 2015-09-30 16:16 - 2015-09-30 16:16 - 00012518 _____ C:\Users\Student\Desktop\export.txt 2015-09-30 15:36 - 2015-09-30 15:36 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-09-30 15:35 - 2015-09-30 16:23 - 00000000 ____D C:\ProgramData\RogueKiller 2015-09-30 15:32 - 2015-09-30 15:33 - 18801736 _____ C:\Users\Student\Desktop\RogueKiller.exe 2015-09-30 15:21 - 2015-09-30 15:34 - 00055763 _____ C:\Users\Student\Downloads\Addition.txt 2015-09-30 15:17 - 2015-10-02 14:39 - 00016273 _____ C:\Users\Student\Desktop\FRST.txt 2015-09-30 15:17 - 2015-10-02 14:38 - 00000000 ____D C:\FRST 2015-09-30 13:00 - 2015-09-30 13:27 - 00000000 ____D C:\Users\Student\Documents\My Stuff 2015-09-29 18:36 - 2015-09-29 18:37 - 01696256 _____ (Farbar) C:\Users\Student\Desktop\FRST.exe 2015-09-29 16:08 - 2015-09-29 16:08 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-09-29 14:54 - 2015-09-29 14:54 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (33).collab 2015-09-29 14:42 - 2015-09-29 14:42 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (32).collab 2015-09-29 14:23 - 2015-09-29 14:23 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (31).collab 2015-09-28 18:30 - 2015-09-28 18:33 - 75869701 _____ C:\Users\Student\Downloads\TGM REALLY NOW.mp4 2015-09-28 16:47 - 2015-09-28 16:51 - 70863870 _____ C:\Users\Student\Downloads\[HD] GOT7 Laugh Laugh Laugh MV.mp4 2015-09-28 14:20 - 2015-09-28 14:23 - 76902798 _____ C:\Users\Student\Downloads\GOT7 '니가 하면(If You Do)' M-V.mp4 2015-09-28 14:08 - 2015-09-28 14:08 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback.jnlp 2015-09-26 17:43 - 2015-09-26 17:44 - 64669683 _____ C:\Users\Student\Downloads\WAVEYA NICKI MINAJ (ft.BEYONCE)- FEELING MYSELF cover dance.mp4 2015-09-26 17:36 - 2015-09-26 17:40 - 236151504 _____ C:\Users\Student\Downloads\TO BE SASAENG OR BE STALKED BY SASAENG - #ASKJRE.mp4 2015-09-26 17:10 - 2015-09-26 17:17 - 725267511 _____ C:\Users\Student\Downloads\videoplayback (2).mp4 2015-09-26 16:51 - 2015-09-26 16:55 - 245860207 _____ C:\Users\Student\Downloads\After School Club - BTS(방탄소년단) - Full Episode (2).mp4 2015-09-26 16:35 - 2015-09-26 16:50 - 933674071 _____ C:\Users\Student\Downloads\After School Club - BTS(방탄소년단) - Full Episode (1).mp4 2015-09-26 16:22 - 2015-09-26 16:34 - 815891165 _____ C:\Users\Student\Downloads\After School Club - BTS(방탄소년단) - Full Episode.mp4 2015-09-26 15:56 - 2015-09-26 16:08 - 1135629737 _____ C:\Users\Student\Downloads\After School Club(Ep.159) - Bangtan Boys(방탄소년단) BTS - Full Episode.mp4 2015-09-25 20:18 - 2015-09-25 20:22 - 09957947 _____ ( ) C:\Users\Student\Downloads\ffmpeg-win-2.2.2 (1).exe 2015-09-25 17:13 - 2015-09-25 17:19 - 104129901 _____ C:\Users\Student\Downloads\Korean guys react to Nicki minaj Anaconda (ENG sub).mp4 2015-09-24 15:23 - 2015-09-24 15:25 - 60186432 _____ C:\Users\Student\Downloads\Waveya_ 제시 쎈언니 Jessi SSENUNNI cover dance.mp4 2015-09-23 14:21 - 2015-09-23 14:24 - 66580362 _____ C:\Users\Student\Downloads\Because I'm the Best-Roll Deep - HyunA ft. Ilhoon (BtoB) [Han,Rom,Eng] Lyrics.mp4 2015-09-23 14:12 - 2015-09-23 14:16 - 80249543 _____ C:\Users\Student\Downloads\HYUNA(현아) - '잘나가서 그래 (Feat. 정일훈 Of BTOB)' (Roll Deep) M-V.mp4 2015-09-23 13:52 - 2015-09-23 13:55 - 63819615 _____ C:\Users\Student\Downloads\방탄소년단 'I NEED U' Dance Practice.mp4 2015-09-23 13:46 - 2015-09-23 13:47 - 32139706 _____ C:\Users\Student\Downloads\WAVEYA BTS (방탄소년단) I Need U - dance practice.mp4 2015-09-23 13:09 - 2015-09-23 13:09 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (30).collab 2015-09-23 13:07 - 2015-09-23 13:07 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (29).collab 2015-09-23 12:57 - 2015-09-23 12:57 - 00010762 _____ C:\Users\Student\Downloads\meeting (10).collab 2015-09-22 17:36 - 2015-09-22 17:39 - 52870382 _____ C:\Users\Student\Downloads\SGKPOPCON 2015 AUDITION A-Team.mp4 2015-09-22 17:34 - 2015-09-22 17:36 - 30780479 _____ C:\Users\Student\Downloads\Blady- Blood Type B Girl Dance Cover (Requested).mp4 2015-09-22 17:19 - 2015-09-22 17:34 - 72694811 _____ C:\Users\Student\Downloads\Blady - Blood Type B Girl, 블레이디 - B형 여자, Music Core 20140125.mp4 2015-09-22 17:15 - 2015-09-22 17:18 - 65741314 _____ C:\Users\Student\Downloads\[MV] Blady (블레이디) - B형여자 (Blood Type B Girl).mp4 2015-09-22 16:02 - 2015-09-22 16:06 - 96645355 _____ C:\Users\Student\Downloads\Nicki Minaj, Cassie - The Boys (Clean).mp4 2015-09-22 15:02 - 2015-09-22 15:07 - 98316217 _____ C:\Users\Student\Downloads\Nicki Minaj, Cassie - The Boys (Explicit).mp4 2015-09-22 12:32 - 2015-09-22 12:32 - 00010762 _____ C:\Users\Student\Downloads\meeting (9).collab 2015-09-21 15:55 - 2015-09-21 15:55 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (28).collab 2015-09-21 15:55 - 2015-09-21 15:55 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (27).collab 2015-09-21 14:48 - 2015-09-21 14:48 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (26).collab 2015-09-21 14:25 - 2015-09-21 14:25 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (25).collab 2015-09-21 12:52 - 2015-09-21 13:05 - 00000000 ____D C:\Users\Student\AppData\Local\RelicHuntersZero 2015-09-19 23:18 - 2015-09-19 23:25 - 100558058 _____ C:\Users\Student\Downloads\Let's Dance- GOT7(갓세븐) _ Girls Girls Girls(걸스걸스걸스) [ENG-JPN-CHN SUB].mp4 2015-09-19 23:11 - 2015-09-19 23:16 - 94917502 _____ C:\Users\Student\Downloads\Let's Dance- BTS(방탄소년단) _ Boy In Luv(상남자) [ENG-JPN-CHN SUB].mp4 2015-09-19 23:04 - 2015-09-19 23:10 - 75453866 _____ C:\Users\Student\Downloads\Waveya Girl's Generation 소녀시대 Mr.Mr. 미스터미스터 cover dance 웨이브야.mp4 2015-09-19 22:59 - 2015-09-19 23:04 - 43636310 _____ C:\Users\Student\Downloads\Waveya GOT7 - GIRLS GIRLS GIRLS 갓세븐 cover dance 웨이브야.mp4 2015-09-19 22:54 - 2015-09-19 22:58 - 49046166 _____ C:\Users\Student\Downloads\Waveya_Red Velvet 레드벨벳_Dumb Dumb cover dance.mp4 2015-09-19 17:51 - 2015-09-19 17:51 - 04717019 _____ C:\Users\Student\Downloads\[ENG] 131218 U-KISS ELI's 'Komanechi' [2-9].mp4 2015-09-19 17:46 - 2015-09-19 17:47 - 14006354 _____ C:\Users\Student\Downloads\[ENG] 131218 U-KISS Introduction and Greeting [1-9].mp4 2015-09-18 15:11 - 2015-09-18 15:14 - 81851007 _____ C:\Users\Student\Downloads\방탄소년단 '쩔어' Dance performance practice.mp4 2015-09-17 17:22 - 2015-09-17 17:25 - 13841258 _____ C:\Users\Student\Downloads\[ETC] ORANGE CARAMEL(오렌지캬라멜) '아빙아빙(Abing abing)'_Dance Only.mp4 2015-09-17 17:14 - 2015-09-17 17:17 - 55147682 _____ C:\Users\Student\Downloads\[ETC] ORANGE CARAMEL(오렌지캬라멜) _나처럼해봐요(My Copycat)_ Dance Only..mp4 2015-09-17 17:11 - 2015-09-17 17:14 - 38821716 _____ C:\Users\Student\Downloads\[ETC] ORANGE CARAMEL(오렌지캬라멜) _ 까탈레나(Catallena) _ Dance Only..mp4 2015-09-17 17:07 - 2015-09-17 17:10 - 59832375 _____ C:\Users\Student\Downloads\Apink 에이핑크 'Mr.Chu' 안무 연습 영상 (Choreography Practice Video).mp4 2015-09-17 17:03 - 2015-09-17 17:07 - 69712043 _____ C:\Users\Student\Downloads\EXO-K_HISTORY_Only Dance (Korean ver.).mp4 2015-09-17 16:57 - 2015-09-17 17:03 - 77908867 _____ C:\Users\Student\Downloads\U-Kiss Standing Still (dance version).mp4 2015-09-17 16:55 - 2015-09-17 16:55 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (24).collab 2015-09-17 16:13 - 2015-09-17 16:13 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (23).collab 2015-09-17 16:09 - 2015-09-17 16:09 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (22).collab 2015-09-17 14:59 - 2015-09-17 15:04 - 79296108 _____ C:\Users\Student\Downloads\U-KISS 'Stop Girl' 안무영상 (Intro+Stop Girl ver).mp4 2015-09-17 14:55 - 2015-09-17 14:59 - 19396427 _____ C:\Users\Student\Downloads\U-KISS(유키스) NEVERLAND Dance Full ver..mp4 2015-09-17 14:07 - 2015-09-17 14:07 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (21).collab 2015-09-16 17:58 - 2015-09-16 18:01 - 73381029 _____ C:\Users\Student\Downloads\Follow me on a Date in Seoul.mp4 2015-09-16 17:45 - 2015-09-16 17:55 - 162684718 _____ C:\Users\Student\Downloads\DIP 소개팅 Blind date Korea ep Special 4 guys you vote who you like best!.mp4 2015-09-16 17:23 - 2015-09-16 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-09-16 17:22 - 2015-09-16 17:22 - 00000000 ____D C:\Program Files\Common Files\Skype 2015-09-16 17:18 - 2015-09-16 17:30 - 236649006 _____ C:\Users\Student\Downloads\DIP 소개팅 Blind Date Korea ep.7.mp4 2015-09-16 16:57 - 2015-09-16 17:08 - 195328904 _____ C:\Users\Student\Downloads\DIP 소개팅 Blind Date Korea ep.6.mp4 2015-09-16 16:26 - 2015-09-16 16:37 - 208100493 _____ C:\Users\Student\Downloads\Dip 소개팅 Blind date Korea ep 5.mp4 2015-09-16 14:41 - 2015-09-16 14:53 - 228488505 _____ C:\Users\Student\Downloads\DIP 소개팅 ep4 AMOS KONGLISH.mp4 2015-09-16 14:39 - 2015-09-16 14:39 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (20).collab 2015-09-16 14:02 - 2015-09-16 14:02 - 00010762 _____ C:\Users\Student\Downloads\meeting (8).collab 2015-09-16 14:01 - 2015-09-16 14:11 - 225733841 _____ C:\Users\Student\Downloads\DIP 소개팅 Blind Date Korea ep.3.mp4 2015-09-16 13:58 - 2015-09-16 14:00 - 34671011 _____ C:\Users\Student\Downloads\131126 U-KISS - MTV The Show- The Show Talk.mp4 2015-09-16 13:51 - 2015-09-16 13:51 - 04096515 _____ C:\Users\Student\Downloads\131107 U-KISS Meet & Greet - Kiseop reading messages.mp4 2015-09-16 13:47 - 2015-09-16 13:49 - 24569410 _____ C:\Users\Student\Downloads\131126 U-KISS - MTV The Show- Behind The Show.mp4 2015-09-16 13:46 - 2015-09-16 13:47 - 25003009 _____ C:\Users\Student\Downloads\110424 U-KISS Soohyun rap.mp4 2015-09-16 13:28 - 2015-09-16 13:32 - 79347254 _____ C:\Users\Student\Downloads\[sorta subbed] 131107 U-KISS Wide Open Studio (2-2).mp4 2015-09-16 13:24 - 2015-09-16 13:26 - 31274402 _____ C:\Users\Student\Downloads\131107 U-KISS Wide Open Studio (1-2).mp4 2015-09-15 17:03 - 2015-09-15 17:03 - 13120252 _____ C:\Users\Student\Downloads\Pretty Boy ( Kim Jaeseop AJ ).mp4 2015-09-15 13:38 - 2015-09-15 13:39 - 00003749 _____ C:\Users\Student\AppData\Roaming\My Profile.xml 2015-09-15 13:12 - 2015-09-15 13:12 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (19).collab 2015-09-15 13:02 - 2015-09-15 13:02 - 00010762 _____ C:\Users\Student\Downloads\meeting (7).collab 2015-09-15 12:59 - 2015-09-15 12:59 - 00010762 _____ C:\Users\Student\Downloads\meeting (6).collab 2015-09-15 12:52 - 2015-09-15 12:52 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (18).collab 2015-09-14 17:32 - 2015-09-14 17:32 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (17).collab 2015-09-14 15:20 - 2015-09-14 15:23 - 53570005 _____ C:\Users\Student\Downloads\Red Velvet 레드벨벳_Dumb Dumb_Music Video.mp4 2015-09-11 15:25 - 2015-09-11 15:28 - 70711840 _____ C:\Users\Student\Downloads\#WhiteGirlProblems.mp4 2015-09-11 14:57 - 2015-09-11 14:59 - 19427691 _____ C:\Users\Student\Downloads\Sht Black Moms Say.mp4 2015-09-11 13:20 - 2015-09-11 14:57 - 2073384750 _____ C:\Users\Student\Downloads\ep 8 ahl.mp4 2015-09-11 12:44 - 2015-09-11 12:47 - 65598470 _____ C:\Users\Student\Downloads\U-KISS - STANDING STILL [sINGING PARODY] (M-V VER.).mp4 2015-09-11 12:34 - 2015-09-11 12:39 - 91862227 _____ C:\Users\Student\Downloads\BTS - Boy In Luv [sINGING PARODY].mp4 2015-09-11 12:28 - 2015-09-11 12:28 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (16).collab 2015-09-10 17:31 - 2015-09-10 18:02 - 695536043 _____ C:\Users\Student\Downloads\videoplayback (1).mp4 2015-09-10 13:12 - 2015-09-10 13:17 - 87553914 _____ C:\Users\Student\Downloads\방탄소년단 '상남자(Boy In Luv)' dance practice.mp4 2015-09-10 13:06 - 2015-09-10 13:09 - 75882944 _____ C:\Users\Student\Downloads\방탄소년단 상남자(Boy In Luv) MV.mp4 2015-09-09 18:37 - 2015-09-09 18:47 - 177570644 _____ C:\Users\Student\Downloads\Game Theory- Why FNAF Will Never End.mp4 2015-09-09 18:29 - 2015-09-09 18:32 - 59965191 _____ C:\Users\Student\Downloads\U-kiss - Neverland [Parody] [M-V].mp4 2015-09-09 16:25 - 2015-09-09 18:20 - 2074289090 _____ C:\Users\Student\Downloads\ep 7 ahl.mp4 2015-09-09 15:44 - 2015-09-09 16:23 - 766436891 _____ C:\Users\Student\Downloads\ep 6 ahl.mp4 2015-09-09 13:57 - 2015-09-09 15:40 - 2068695199 _____ C:\Users\Student\Downloads\ep 5 ahl (1).mp4 2015-09-09 13:47 - 2015-09-09 13:49 - 40829353 _____ C:\Users\Student\Downloads\U-Kiss 'Playground' Parody.mp4 2015-09-09 13:28 - 2015-09-09 13:45 - 141601800 _____ C:\Users\Student\Downloads\ep 5 ahl.mp4 2015-09-09 13:13 - 2015-09-09 13:13 - 00010764 _____ C:\Users\Student\Downloads\meeting (5).collab 2015-09-09 13:10 - 2015-09-09 13:10 - 00010762 _____ C:\Users\Student\Downloads\meeting (4).collab 2015-09-08 16:58 - 2015-09-08 18:38 - 2129103339 _____ C:\Users\Student\Downloads\ep 4 ahl.mp4 2015-09-08 16:20 - 2015-09-08 16:55 - 772084125 _____ C:\Users\Student\Downloads\ep 3 ahl.mp4 2015-09-08 15:41 - 2015-09-08 16:16 - 747082942 _____ C:\Users\Student\Downloads\ep 2 ahl.mp4 2015-09-08 15:10 - 2015-09-08 15:27 - 360232878 _____ C:\Users\Student\Downloads\ep 1 ahl.mp4 2015-09-08 15:03 - 2015-09-08 15:04 - 21491489 _____ C:\Users\Student\Downloads\BTS - Boy In love (LA Version).mp4 2015-09-08 13:08 - 2015-09-08 13:08 - 00010762 _____ C:\Users\Student\Downloads\meeting (3).collab 2015-09-08 13:04 - 2015-09-08 13:04 - 00010738 _____ C:\Users\Student\Downloads\meeting (2).collab 2015-09-05 17:01 - 2015-09-05 17:04 - 70747107 _____ C:\Users\Student\Downloads\[bANGTAN BOMB] Let's speak English!.mp4 2015-09-05 16:55 - 2015-09-05 17:00 - 106348707 _____ C:\Users\Student\Downloads\[bANGTAN BOMB] War of hormone in Halloween.mp4 2015-09-05 16:50 - 2015-09-05 16:55 - 105420995 _____ C:\Users\Student\Downloads\BTS - War of Hormone - 방탄소년단 - 호르몬 전쟁 [Music Bank HOT Stage - 2014.10.24].mp4 2015-09-05 16:44 - 2015-09-05 16:50 - 104951809 _____ C:\Users\Student\Downloads\방탄소년단 '호르몬전쟁' Dance practice.mp4 2015-09-04 13:33 - 2015-09-04 13:33 - 05886879 _____ C:\Users\Student\Downloads\Untitled (2).wma 2015-09-04 13:31 - 2015-09-04 13:32 - 11409579 _____ C:\Users\Student\Downloads\Untitled (28).wma 2015-09-04 13:05 - 2015-09-04 13:05 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (15).collab 2015-09-04 13:02 - 2015-09-04 13:04 - 38935471 _____ C:\Users\Student\Downloads\Playback ft. Eric Nam - Isn't There (없을까) MV [English subs + Romanization + Hangul] HD.mp4 2015-09-04 12:48 - 2015-09-04 12:48 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (14).collab 2015-09-03 18:24 - 2015-09-03 18:44 - 102248392 _____ C:\Users\Student\Downloads\Rihanna - Bitch Better Have My Money (Explicit).mp4 2015-09-03 18:00 - 2015-09-03 18:03 - 51808277 _____ C:\Users\Student\Downloads\GOT7 - CRACK #4.mp4 2015-09-03 17:57 - 2015-09-03 18:00 - 38395430 _____ C:\Users\Student\Downloads\GOT7 - CRACK #3.mp4 2015-09-03 17:55 - 2015-09-03 17:56 - 38176767 _____ C:\Users\Student\Downloads\GOT7 - CRACK #2.mp4 2015-09-03 17:49 - 2015-09-03 17:53 - 54280529 _____ C:\Users\Student\Downloads\GOT7 - CRACK - JUST RIGHT EDITION!.mp4 2015-09-03 17:44 - 2015-09-03 17:48 - 50639318 _____ C:\Users\Student\Downloads\GOT7 - CRACK.mp4 2015-09-03 17:37 - 2015-09-03 17:43 - 107654343 _____ C:\Users\Student\Downloads\방탄소년단-BTS- '호르몬전쟁' dance performance (Real WAR ver.).mp4 2015-09-03 17:31 - 2015-09-03 17:37 - 105334061 _____ C:\Users\Student\Downloads\[MV] BTS(방탄소년단) _ War of Hormone(호르몬 전쟁).mp4 2015-09-03 16:23 - 2015-09-03 16:27 - 71798507 _____ C:\Users\Student\Downloads\Bangtan Boys (방탄소년단) - 쩔어 'Dope' (English Cover).mp4 2015-09-03 16:18 - 2015-09-03 16:21 - 49716855 _____ C:\Users\Student\Downloads\WAVEYA BTS 방탄소년단-DOPE 쩔어 cover dance.mp4 2015-09-03 16:15 - 2015-09-03 16:17 - 41801916 _____ C:\Users\Student\Downloads\WAVEYA _ GOT7 딱 좋아 Just Right cover dance.mp4 2015-09-03 14:00 - 2015-09-03 14:00 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (13).collab 2015-09-03 13:52 - 2015-09-03 13:52 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (12).collab 2015-09-03 12:26 - 2015-09-03 12:26 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (11).collab 2015-09-02 17:06 - 2015-09-02 17:06 - 03970530 _____ C:\Users\Student\Downloads\ スヒョン 落とし物をするー。.mp4 2015-09-02 17:03 - 2015-09-02 17:06 - 66564490 _____ C:\Users\Student\Downloads\Full HD 110623 U KISS유키스 아티스트 소개.mp4 2015-09-02 17:01 - 2015-09-02 17:02 - 34447443 _____ C:\Users\Student\Downloads\111213 U-KISS Cut [中字].mp4 2015-09-02 17:00 - 2015-09-02 17:01 - 15812880 _____ C:\Users\Student\Downloads\U-Kiss in program of children.mp4 2015-09-02 16:54 - 2015-09-02 16:59 - 104066122 _____ C:\Users\Student\Downloads\videoplayback.mp4 2015-09-02 16:25 - 2015-09-02 16:27 - 52935137 _____ C:\Users\Student\Downloads\K-Pop Group U-KISS Gives Valentines' Tips! - ISAtv ARTIST FEATURE.mp4 2015-09-02 16:19 - 2015-09-02 16:20 - 16326314 _____ C:\Users\Student\Downloads\유비트&헬로비너스&15&_싸이-Gentleman (GENTLEMAN by uBEAT & HELLOVENUS &15&@Mcountdown 2013.5.2).mp4 2015-09-02 16:09 - 2015-09-02 16:12 - 65626918 _____ C:\Users\Student\Downloads\The 5 Most Uncomfortable Sex Scenes in Video Games.mp4 2015-09-02 14:58 - 2015-09-02 14:58 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (10).collab 2015-09-02 14:50 - 2015-09-25 20:28 - 00000000 ____D C:\Program Files\FFmpeg for Audacity 2015-09-02 14:49 - 2015-09-02 14:50 - 09957947 _____ ( ) C:\Users\Student\Downloads\ffmpeg-win-2.2.2.exe 2015-09-02 14:44 - 2015-09-25 20:41 - 00000000 ____D C:\Users\Student\AppData\Roaming\Audacity 2015-09-02 14:42 - 2015-09-02 14:44 - 00000000 ____D C:\Program Files\Audacity 2015-09-02 14:42 - 2015-09-02 14:42 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2015-09-02 14:42 - 2015-09-02 14:42 - 00000969 _____ C:\Users\Public\Desktop\Audacity.lnk 2015-09-02 14:36 - 2015-09-02 14:37 - 25186399 _____ (Audacity Team ) C:\Users\Student\Downloads\audacity-win-2.1.1.exe 2015-09-02 14:23 - 2015-09-02 14:27 - 20019676 _____ C:\Users\Student\Downloads\U-KISS(ユーキス) - Tick Tack MV (Full ver.) [HD 1080p].mp4 2015-09-02 14:13 - 2015-09-02 14:13 - 00001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2015-09-02 14:13 - 2015-09-02 14:13 - 00001251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2015-09-02 14:12 - 2015-09-02 14:12 - 00000020 _____ C:\Windows\¸ù„ 2015-09-02 14:10 - 2015-09-02 14:12 - 00000000 ____D C:\Program Files\Windows Live 2015-09-02 14:04 - 2015-09-02 14:04 - 15989883 _____ C:\Users\Student\Downloads\GOT7 - Just Right MV (Fangirl Version).mp4 2015-09-02 14:02 - 2015-09-02 14:02 - 00010762 _____ C:\Users\Student\Downloads\meeting (1).collab 2015-09-02 14:00 - 2015-09-02 14:01 - 21719799 _____ C:\Users\Student\Downloads\BTS - War of hormone (Fangirl version).mp4 2015-09-02 14:00 - 2015-09-02 14:00 - 00010762 _____ C:\Users\Student\Downloads\meeting.collab 2015-09-02 13:55 - 2015-09-25 19:51 - 00000000 ____D C:\Users\Student\AppData\Local\Windows Live 2015-09-02 13:55 - 2015-09-02 13:55 - 01239752 _____ (Microsoft Corporation) C:\Users\Student\Downloads\wlsetup-web.exe 2015-09-02 13:55 - 2015-09-02 13:55 - 00000000 ____D C:\Program Files\Common Files\Windows Live 2015-09-02 13:15 - 2015-09-02 13:15 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (9).collab ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-02 14:36 - 2015-08-20 13:58 - 00003967 _____ C:\Windows\setupact.log 2015-10-02 14:34 - 2015-03-12 14:31 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-10-02 14:34 - 2015-03-12 14:31 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-10-02 14:34 - 2014-09-18 11:00 - 01817585 _____ C:\Windows\WindowsUpdate.log 2015-10-01 17:12 - 2015-03-20 15:42 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-10-01 16:12 - 2009-07-13 21:34 - 00036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-01 16:12 - 2009-07-13 21:34 - 00036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-01 14:59 - 2013-04-10 18:59 - 00000000 ____D C:\Users\Student 2015-10-01 14:51 - 2014-04-09 10:28 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll 2015-10-01 14:51 - 2014-04-09 10:20 - 00017920 _____ C:\Windows\system32\rpcnetp.exe 2015-10-01 14:51 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-01 14:37 - 2013-04-15 19:46 - 00000000 ____D C:\Users\Student\AppData\Local\Google 2015-10-01 14:17 - 2015-03-20 16:30 - 00020302 _____ C:\Windows\PFRO.log 2015-09-30 14:53 - 2014-04-09 10:30 - 00000154 __RSH C:\ProgramData\3002.xml 2015-09-30 13:01 - 2014-10-24 12:43 - 00000000 ____D C:\Users\Student\Documents\Book Club 2015-09-29 16:08 - 2015-03-20 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-09-29 16:08 - 2015-03-20 15:38 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-09-29 15:58 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Help 2015-09-28 21:51 - 2015-02-04 19:52 - 00000000 ____D C:\Users\Student\AppData\Roaming\Skype 2015-09-28 14:16 - 2015-02-04 19:51 - 00000000 ____D C:\ProgramData\Skype 2015-09-25 15:46 - 2013-04-16 14:55 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-09-25 15:46 - 2013-04-16 14:55 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-09-21 14:44 - 2014-09-19 09:06 - 00000000 ____D C:\Users\Student\Documents\Online Learning 2015-09-16 17:22 - 2015-02-04 19:51 - 00000000 ___RD C:\Program Files\Skype 2015-09-09 13:34 - 2014-09-19 08:55 - 00000000 ____D C:\Users\Student\Documents\Chemistry 2015-09-09 13:25 - 2014-04-09 10:30 - 00031328 __RSH C:\ProgramData\3002.abs 2015-09-04 22:42 - 2015-02-02 15:10 - 00000000 ____D C:\Program Files\Common Files\Steam 2015-09-03 19:11 - 2015-08-31 17:52 - 00000000 ____D C:\Program Files\Lightworks 2015-09-02 14:12 - 2013-04-10 19:17 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition 2015-09-02 14:10 - 2009-07-13 19:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared ==================== Files in the root of some directories ======= 2015-09-15 13:38 - 2015-09-15 13:39 - 0003749 _____ () C:\Users\Student\AppData\Roaming\My Profile.xml 2015-05-19 14:41 - 2015-05-19 14:42 - 0000000 _____ () C:\Users\Student\AppData\Local\{70D3E001-AD8E-4A72-B1B1-4236BB28EC5F} 2014-04-09 10:30 - 2015-09-09 13:25 - 0031328 __RSH () C:\ProgramData\3002.abs 2014-04-09 10:30 - 2015-09-30 14:53 - 0000154 __RSH () C:\ProgramData\3002.xml 2015-05-02 15:02 - 2015-05-02 15:02 - 0015568 __RSH () C:\ProgramData\3029.abs Some files in TEMP: ==================== C:\Users\Student\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-13 13:26 ==================== End of FRST.txt ============================ Addition.txt
  7. dr_glove
    The logs are posted in order: Fix result of Farbar Recovery Scan Tool (x86) Version:27-09-2015 01 Ran by Student (2015-10-01 14:13:06) Run:1 Running from C:\Users\Student\Desktop Loaded Profiles: Student (Available Profiles: Student) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: S3 cpuz134; \??\C:\Users\Student\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] U3 mfeavfk01; no ImagePath Task: {3F05A401-7F24-4615-8FE4-EEEB0A279B26} - \Special IC Runner -> No File <==== ATTENTION Task: {AE7E2DBD-1BD3-42E8-950A-8BF11A8D7B3F} - \Microsoft\Windows\Maintenance\Advanced IC Updating -> No File <==== ATTENTION Emptytemp: End ***************** Restore point was successfully created. cpuz134 => service removed successfully. EagleXNt => service removed successfully. IntcAzAudAddService => service removed successfully. mfeavfk01 => service removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F05A401-7F24-4615-8FE4-EEEB0A279B26}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F05A401-7F24-4615-8FE4-EEEB0A279B26}" => key removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Special IC Runner => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE7E2DBD-1BD3-42E8-950A-8BF11A8D7B3F}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE7E2DBD-1BD3-42E8-950A-8BF11A8D7B3F}" => key removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Advanced IC Updating" => key removed successfully. EmptyTemp: => 589.9 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 14:15:11 ==== ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd ***** [ Files ] ***** [-] File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml [-] File Deleted : C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103\user.js ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : Adobe Flash Player Updater ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine [-] Key Deleted : HKLM\SOFTWARE\28AAD45F-F322-324C-80AD-37E9A78C1978 [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} [-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [-] Key Deleted : HKCU\Software\ParetoLogic [-] Key Deleted : HKCU\Software\Reimage [-] Key Deleted : HKCU\Software\Avg Secure Update [-] Key Deleted : HKCU\Software\WEBAPP [-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} [-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} [-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9} [-] Key Deleted : HKLM\SOFTWARE\ParetoLogic [-] Key Deleted : HKLM\SOFTWARE\Reimage [-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81} [-] Key Deleted : HKLM\SOFTWARE\WebBar ***** [ Web browsers ] ***** [-] [C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd ************************* :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2873 bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.6.4 (09.28.2015:1) OS: Windows 7 Professional x86 Ran by Student on Thu 10/01/2015 at 14:56:19.31 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(default) ~~~ FireFox Emptied folder: C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\w122xmxl.default-1420839641103\minidumps [2 files] ~~~ Chrome [C:\Users\Student\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Student\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Student\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Student\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 10/01/2015 at 15:05:10.59 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0) Started On Thu Oct 01 15:16:01 2015 Engine: 1.1.12002.0 Signatures: 1.205.646.0 Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 01 15:29:06 2015 Return code: 0 (0x0) I'd like to know if I can sign back into Chrome? I don't want to sign in yet until you have confirmed that it should be safe to do so.
  8. dr_glove
    Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/30/2015 Scan Time: 2:13 PM Logfile: Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.09.30.08 Rootkit Database: v2015.09.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Student Scan Type: Threat Scan Result: Completed Objects Scanned: 322773 Time Elapsed: 57 min, 17 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01 Ran by Student (administrator) on K12-5CB21022D2 (30-09-2015 15:17:54) Running from C:\Users\Student\Downloads Loaded Profiles: Student (Available Profiles: Student) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEDICTUPDATE.EXE (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Absolute Software Corp.) C:\Windows\System32\rpcnet.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe (CDW Corporation) C:\K12\Software\run\K12McAfeeTray.exe (CDW Corporation) C:\K12\Software\run\K12VersionTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Valve Corporation) C:\Users\Student\Documents\My Stuff\Steam\Steam.exe (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Valve Corporation) C:\Users\Student\Documents\Book Club\Assigned\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamresearch.exe (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [iME14 CHS Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation) HKLM\...\Run: [iME14 CHT Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation) HKLM\...\Run: [iME14 JPN Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation) HKLM\...\Run: [iME14 KOR Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation) HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [333120 2011-06-08] (McAfee, Inc.) HKLM\...\Run: [shStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.) HKLM\...\Run: [1] => C:\K12\Software\run\K12Activation.exe [24064 2014-05-27] () HKLM\...\Run: [2] => C:\K12\Software\run\K12McAfeeTray.exe [10752 2013-05-09] (CDW Corporation) HKLM\...\Run: [3] => C:\K12\Software\run\K12VersionTray.exe [10240 2014-04-24] (CDW Corporation) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2408176 2013-03-09] (Synaptics Incorporated) HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\Run: [steam] => "C:\Users\Student\Documents\Book Club\Assigned\Steam\steam.exe" -silent HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\Run: [Google Update] => C:\Users\Student\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.) HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\Run: [GoogleChromeAutoLaunch_86ACF41A1CCE93D4F9FB7D1A99F82FF8] => C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe [815944 2015-09-23] (Google Inc.) HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\MountPoints2: {af212536-6372-11e4-9623-009c022083fc} - D:\LG_PC_Programs.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.255.255.33 10.255.255.32 Tcpip\..\Interfaces\{7C7CA79F-F37E-474B-B859-E68B3A12A7A6}: [DhcpNameServer] 10.255.255.33 10.255.255.32 Tcpip\..\Interfaces\{F1E57062-B78F-4E6B-9874-19E4B01944A0}: [DhcpNameServer] 172.21.0.55 172.21.0.60 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2071005352-1963743713-3197600615-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2071005352-1963743713-3197600615-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation) BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140516195256.dll [2014-05-16] (McAfee, Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103 FF DefaultSearchEngine.US: Search Provided by Yahoo FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0Dzy0EyB0C0Fzz0DyCtAyEtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0E0AtAzytBtB0CtGyDtA0FtCtGzztCtB0AtGyEzyyEtBtGyE0AtAyBzy0CtB0A0BtC0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDzy0A0E0CtCyBtG0CzztAzztGyEtD0B0CtGzzyEyC0BtGtA0A0DyB0E0FtD0EyEyEtA0C2QtN0A0LzuyE%26cr%3D420873958%26a%3Dwny_ir_15_15%26os%3DWindows 7 Professional FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-25] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-02-12] (Nexon) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2071005352-1963743713-3197600615-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Student\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.) FF Plugin HKU\S-1-5-21-2071005352-1963743713-3197600615-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Student\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.) FF user.js: detected! => C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103\user.js [2015-04-09] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore [2014-05-16] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_15&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0Dzy0EyB0C0Fzz0DyCtAyEtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0E0AtAzytBtB0CtGyDtA0FtCtGzztCtB0AtGyEzyyEtBtGyE0AtAyBzy0CtB0A0BtC0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDzy0A0E0CtCyBtG0CzztAzztGyEtD0B0CtGzzyEyC0BtGtA0A0DyB0E0FtD0EyEyEtA0C2QtN0A0LzuyE%26cr%3D420873958%26a%3Dwny_ir_15_15%26os%3DWindows 7 Professional" CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR Profile: C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-24] CHR Extension: (Google Docs) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-24] CHR Extension: (Google Drive) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-24] CHR Extension: (YouTube) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-24] CHR Extension: (APK Downloader) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2015-07-10] CHR Extension: (Google Search) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-24] CHR Extension: (Google Sheets) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-24] CHR Extension: (XKit) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2015-04-09] CHR Extension: (Google Docs Offline) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-14] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-24] CHR Extension: (Skype Click to Call) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-24] CHR Extension: (Gmail) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-24] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] CHR HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome.7C75HJRIIEE6ZH27USYGWOPPXE - C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [59760 2010-10-20] (Microsoft Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [132416 2011-06-08] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [167344 2014-05-16] (McAfee, Inc.) R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [159640 2014-05-16] (McAfee, Inc.) R2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-16] (Absolute Software Corp.) S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282709 2011-05-11] (IDT, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [66688 2011-04-15] (Advanced Micro Devices) R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [28800 2011-04-15] (Advanced Micro Devices) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2015-02-16] (LogMeIn, Inc.) S3 johci; C:\Windows\system32\drivers\johci.sys [23640 2011-02-09] (JMicron Technology Corp.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-29] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2014-05-16] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [215024 2014-05-16] (McAfee, Inc.) R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59616 2014-05-16] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [477584 2014-05-16] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87816 2014-05-16] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [180720 2014-05-16] (McAfee, Inc.) R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [251496 2011-02-15] (Realtek Semiconductor Corp.) R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [982632 2011-06-15] (Realtek Semiconductor Corporation ) S3 cpuz134; \??\C:\Users\Student\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] U3 mfeavfk01; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-30 15:17 - 2015-09-30 15:18 - 00019850 _____ C:\Users\Student\Downloads\FRST.txt 2015-09-30 15:17 - 2015-09-30 15:18 - 00000000 ____D C:\FRST 2015-09-30 13:00 - 2015-09-30 13:27 - 00000000 ____D C:\Users\Student\Documents\My Stuff 2015-09-29 18:36 - 2015-09-29 18:37 - 01696256 _____ (Farbar) C:\Users\Student\Downloads\FRST.exe 2015-09-29 16:08 - 2015-09-29 16:08 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-09-29 14:54 - 2015-09-29 14:54 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (33).collab 2015-09-29 14:42 - 2015-09-29 14:42 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (32).collab 2015-09-29 14:23 - 2015-09-29 14:23 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (31).collab 2015-09-28 18:30 - 2015-09-28 18:33 - 75869701 _____ C:\Users\Student\Downloads\TGM REALLY NOW.mp4 2015-09-28 16:47 - 2015-09-28 16:51 - 70863870 _____ C:\Users\Student\Downloads\[HD] GOT7 Laugh Laugh Laugh MV.mp4 2015-09-28 14:20 - 2015-09-28 14:23 - 76902798 _____ C:\Users\Student\Downloads\GOT7 '니가 하면(If You Do)' M-V.mp4 2015-09-28 14:08 - 2015-09-28 14:08 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback.jnlp 2015-09-26 17:43 - 2015-09-26 17:44 - 64669683 _____ C:\Users\Student\Downloads\WAVEYA NICKI MINAJ (ft.BEYONCE)- FEELING MYSELF cover dance.mp4 2015-09-26 17:36 - 2015-09-26 17:40 - 236151504 _____ C:\Users\Student\Downloads\TO BE SASAENG OR BE STALKED BY SASAENG - #ASKJRE.mp4 2015-09-26 17:10 - 2015-09-26 17:17 - 725267511 _____ C:\Users\Student\Downloads\videoplayback (2).mp4 2015-09-26 16:51 - 2015-09-26 16:55 - 245860207 _____ C:\Users\Student\Downloads\After School Club - BTS(방탄소년단) - Full Episode (2).mp4 2015-09-26 16:35 - 2015-09-26 16:50 - 933674071 _____ C:\Users\Student\Downloads\After School Club - BTS(방탄소년단) - Full Episode (1).mp4 2015-09-26 16:22 - 2015-09-26 16:34 - 815891165 _____ C:\Users\Student\Downloads\After School Club - BTS(방탄소년단) - Full Episode.mp4 2015-09-26 15:56 - 2015-09-26 16:08 - 1135629737 _____ C:\Users\Student\Downloads\After School Club(Ep.159) - Bangtan Boys(방탄소년단) BTS - Full Episode.mp4 2015-09-25 20:18 - 2015-09-25 20:22 - 09957947 _____ ( ) C:\Users\Student\Downloads\ffmpeg-win-2.2.2 (1).exe 2015-09-25 17:13 - 2015-09-25 17:19 - 104129901 _____ C:\Users\Student\Downloads\Korean guys react to Nicki minaj Anaconda (ENG sub).mp4 2015-09-24 15:23 - 2015-09-24 15:25 - 60186432 _____ C:\Users\Student\Downloads\Waveya_ 제시 쎈언니 Jessi SSENUNNI cover dance.mp4 2015-09-23 14:21 - 2015-09-23 14:24 - 66580362 _____ C:\Users\Student\Downloads\Because I'm the Best-Roll Deep - HyunA ft. Ilhoon (BtoB) [Han,Rom,Eng] Lyrics.mp4 2015-09-23 14:12 - 2015-09-23 14:16 - 80249543 _____ C:\Users\Student\Downloads\HYUNA(현아) - '잘나가서 그래 (Feat. 정일훈 Of BTOB)' (Roll Deep) M-V.mp4 2015-09-23 13:52 - 2015-09-23 13:55 - 63819615 _____ C:\Users\Student\Downloads\방탄소년단 'I NEED U' Dance Practice.mp4 2015-09-23 13:46 - 2015-09-23 13:47 - 32139706 _____ C:\Users\Student\Downloads\WAVEYA BTS (방탄소년단) I Need U - dance practice.mp4 2015-09-23 13:09 - 2015-09-23 13:09 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (30).collab 2015-09-23 13:07 - 2015-09-23 13:07 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (29).collab 2015-09-23 12:57 - 2015-09-23 12:57 - 00010762 _____ C:\Users\Student\Downloads\meeting (10).collab 2015-09-22 17:36 - 2015-09-22 17:39 - 52870382 _____ C:\Users\Student\Downloads\SGKPOPCON 2015 AUDITION A-Team.mp4 2015-09-22 17:34 - 2015-09-22 17:36 - 30780479 _____ C:\Users\Student\Downloads\Blady- Blood Type B Girl Dance Cover (Requested).mp4 2015-09-22 17:19 - 2015-09-22 17:34 - 72694811 _____ C:\Users\Student\Downloads\Blady - Blood Type B Girl, 블레이디 - B형 여자, Music Core 20140125.mp4 2015-09-22 17:15 - 2015-09-22 17:18 - 65741314 _____ C:\Users\Student\Downloads\[MV] Blady (블레이디) - B형여자 (Blood Type B Girl).mp4 2015-09-22 16:02 - 2015-09-22 16:06 - 96645355 _____ C:\Users\Student\Downloads\Nicki Minaj, Cassie - The Boys (Clean).mp4 2015-09-22 15:02 - 2015-09-22 15:07 - 98316217 _____ C:\Users\Student\Downloads\Nicki Minaj, Cassie - The Boys (Explicit).mp4 2015-09-22 12:32 - 2015-09-22 12:32 - 00010762 _____ C:\Users\Student\Downloads\meeting (9).collab 2015-09-21 15:55 - 2015-09-21 15:55 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (28).collab 2015-09-21 15:55 - 2015-09-21 15:55 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (27).collab 2015-09-21 14:48 - 2015-09-21 14:48 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (26).collab 2015-09-21 14:25 - 2015-09-21 14:25 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (25).collab 2015-09-21 12:52 - 2015-09-21 13:05 - 00000000 ____D C:\Users\Student\AppData\Local\RelicHuntersZero 2015-09-19 23:18 - 2015-09-19 23:25 - 100558058 _____ C:\Users\Student\Downloads\Let's Dance- GOT7(갓세븐) _ Girls Girls Girls(걸스걸스걸스) [ENG-JPN-CHN SUB].mp4 2015-09-19 23:11 - 2015-09-19 23:16 - 94917502 _____ C:\Users\Student\Downloads\Let's Dance- BTS(방탄소년단) _ Boy In Luv(상남자) [ENG-JPN-CHN SUB].mp4 2015-09-19 23:04 - 2015-09-19 23:10 - 75453866 _____ C:\Users\Student\Downloads\Waveya Girl's Generation 소녀시대 Mr.Mr. 미스터미스터 cover dance 웨이브야.mp4 2015-09-19 22:59 - 2015-09-19 23:04 - 43636310 _____ C:\Users\Student\Downloads\Waveya GOT7 - GIRLS GIRLS GIRLS 갓세븐 cover dance 웨이브야.mp4 2015-09-19 22:54 - 2015-09-19 22:58 - 49046166 _____ C:\Users\Student\Downloads\Waveya_Red Velvet 레드벨벳_Dumb Dumb cover dance.mp4 2015-09-19 17:51 - 2015-09-19 17:51 - 04717019 _____ C:\Users\Student\Downloads\[ENG] 131218 U-KISS ELI's 'Komanechi' [2-9].mp4 2015-09-19 17:46 - 2015-09-19 17:47 - 14006354 _____ C:\Users\Student\Downloads\[ENG] 131218 U-KISS Introduction and Greeting [1-9].mp4 2015-09-18 15:11 - 2015-09-18 15:14 - 81851007 _____ C:\Users\Student\Downloads\방탄소년단 '쩔어' Dance performance practice.mp4 2015-09-17 17:22 - 2015-09-17 17:25 - 13841258 _____ C:\Users\Student\Downloads\[ETC] ORANGE CARAMEL(오렌지캬라멜) '아빙아빙(Abing abing)'_Dance Only.mp4 2015-09-17 17:14 - 2015-09-17 17:17 - 55147682 _____ C:\Users\Student\Downloads\[ETC] ORANGE CARAMEL(오렌지캬라멜) _나처럼해봐요(My Copycat)_ Dance Only..mp4 2015-09-17 17:11 - 2015-09-17 17:14 - 38821716 _____ C:\Users\Student\Downloads\[ETC] ORANGE CARAMEL(오렌지캬라멜) _ 까탈레나(Catallena) _ Dance Only..mp4 2015-09-17 17:07 - 2015-09-17 17:10 - 59832375 _____ C:\Users\Student\Downloads\Apink 에이핑크 'Mr.Chu' 안무 연습 영상 (Choreography Practice Video).mp4 2015-09-17 17:03 - 2015-09-17 17:07 - 69712043 _____ C:\Users\Student\Downloads\EXO-K_HISTORY_Only Dance (Korean ver.).mp4 2015-09-17 16:57 - 2015-09-17 17:03 - 77908867 _____ C:\Users\Student\Downloads\U-Kiss Standing Still (dance version).mp4 2015-09-17 16:55 - 2015-09-17 16:55 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (24).collab 2015-09-17 16:13 - 2015-09-17 16:13 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (23).collab 2015-09-17 16:09 - 2015-09-17 16:09 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (22).collab 2015-09-17 14:59 - 2015-09-17 15:04 - 79296108 _____ C:\Users\Student\Downloads\U-KISS 'Stop Girl' 안무영상 (Intro+Stop Girl ver).mp4 2015-09-17 14:55 - 2015-09-17 14:59 - 19396427 _____ C:\Users\Student\Downloads\U-KISS(유키스) NEVERLAND Dance Full ver..mp4 2015-09-17 14:07 - 2015-09-17 14:07 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (21).collab 2015-09-16 17:58 - 2015-09-16 18:01 - 73381029 _____ C:\Users\Student\Downloads\Follow me on a Date in Seoul.mp4 2015-09-16 17:45 - 2015-09-16 17:55 - 162684718 _____ C:\Users\Student\Downloads\DIP 소개팅 Blind date Korea ep Special 4 guys you vote who you like best!.mp4 2015-09-16 17:23 - 2015-09-16 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-09-16 17:22 - 2015-09-16 17:22 - 00000000 ____D C:\Program Files\Common Files\Skype 2015-09-16 17:18 - 2015-09-16 17:30 - 236649006 _____ C:\Users\Student\Downloads\DIP 소개팅 Blind Date Korea ep.7.mp4 2015-09-16 16:57 - 2015-09-16 17:08 - 195328904 _____ C:\Users\Student\Downloads\DIP 소개팅 Blind Date Korea ep.6.mp4 2015-09-16 16:26 - 2015-09-16 16:37 - 208100493 _____ C:\Users\Student\Downloads\Dip 소개팅 Blind date Korea ep 5.mp4 2015-09-16 14:41 - 2015-09-16 14:53 - 228488505 _____ C:\Users\Student\Downloads\DIP 소개팅 ep4 AMOS KONGLISH.mp4 2015-09-16 14:39 - 2015-09-16 14:39 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (20).collab 2015-09-16 14:02 - 2015-09-16 14:02 - 00010762 _____ C:\Users\Student\Downloads\meeting (8).collab 2015-09-16 14:01 - 2015-09-16 14:11 - 225733841 _____ C:\Users\Student\Downloads\DIP 소개팅 Blind Date Korea ep.3.mp4 2015-09-16 13:58 - 2015-09-16 14:00 - 34671011 _____ C:\Users\Student\Downloads\131126 U-KISS - MTV The Show- The Show Talk.mp4 2015-09-16 13:51 - 2015-09-16 13:51 - 04096515 _____ C:\Users\Student\Downloads\131107 U-KISS Meet & Greet - Kiseop reading messages.mp4 2015-09-16 13:47 - 2015-09-16 13:49 - 24569410 _____ C:\Users\Student\Downloads\131126 U-KISS - MTV The Show- Behind The Show.mp4 2015-09-16 13:46 - 2015-09-16 13:47 - 25003009 _____ C:\Users\Student\Downloads\110424 U-KISS Soohyun rap.mp4 2015-09-16 13:28 - 2015-09-16 13:32 - 79347254 _____ C:\Users\Student\Downloads\[sorta subbed] 131107 U-KISS Wide Open Studio (2-2).mp4 2015-09-16 13:24 - 2015-09-16 13:26 - 31274402 _____ C:\Users\Student\Downloads\131107 U-KISS Wide Open Studio (1-2).mp4 2015-09-15 17:03 - 2015-09-15 17:03 - 13120252 _____ C:\Users\Student\Downloads\Pretty Boy ( Kim Jaeseop AJ ).mp4 2015-09-15 13:38 - 2015-09-15 13:39 - 00003749 _____ C:\Users\Student\AppData\Roaming\My Profile.xml 2015-09-15 13:12 - 2015-09-15 13:12 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (19).collab 2015-09-15 13:02 - 2015-09-15 13:02 - 00010762 _____ C:\Users\Student\Downloads\meeting (7).collab 2015-09-15 12:59 - 2015-09-15 12:59 - 00010762 _____ C:\Users\Student\Downloads\meeting (6).collab 2015-09-15 12:52 - 2015-09-15 12:52 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (18).collab 2015-09-14 17:32 - 2015-09-14 17:32 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (17).collab 2015-09-14 15:20 - 2015-09-14 15:23 - 53570005 _____ C:\Users\Student\Downloads\Red Velvet 레드벨벳_Dumb Dumb_Music Video.mp4 2015-09-11 15:25 - 2015-09-11 15:28 - 70711840 _____ C:\Users\Student\Downloads\#WhiteGirlProblems.mp4 2015-09-11 14:57 - 2015-09-11 14:59 - 19427691 _____ C:\Users\Student\Downloads\Sht Black Moms Say.mp4 2015-09-11 13:20 - 2015-09-11 14:57 - 2073384750 _____ C:\Users\Student\Downloads\ep 8 ahl.mp4 2015-09-11 12:44 - 2015-09-11 12:47 - 65598470 _____ C:\Users\Student\Downloads\U-KISS - STANDING STILL [sINGING PARODY] (M-V VER.).mp4 2015-09-11 12:34 - 2015-09-11 12:39 - 91862227 _____ C:\Users\Student\Downloads\BTS - Boy In Luv [sINGING PARODY].mp4 2015-09-11 12:28 - 2015-09-11 12:28 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (16).collab 2015-09-10 17:31 - 2015-09-10 18:02 - 695536043 _____ C:\Users\Student\Downloads\videoplayback (1).mp4 2015-09-10 13:12 - 2015-09-10 13:17 - 87553914 _____ C:\Users\Student\Downloads\방탄소년단 '상남자(Boy In Luv)' dance practice.mp4 2015-09-10 13:06 - 2015-09-10 13:09 - 75882944 _____ C:\Users\Student\Downloads\방탄소년단 상남자(Boy In Luv) MV.mp4 2015-09-09 18:37 - 2015-09-09 18:47 - 177570644 _____ C:\Users\Student\Downloads\Game Theory- Why FNAF Will Never End.mp4 2015-09-09 18:29 - 2015-09-09 18:32 - 59965191 _____ C:\Users\Student\Downloads\U-kiss - Neverland [Parody] [M-V].mp4 2015-09-09 16:25 - 2015-09-09 18:20 - 2074289090 _____ C:\Users\Student\Downloads\ep 7 ahl.mp4 2015-09-09 15:44 - 2015-09-09 16:23 - 766436891 _____ C:\Users\Student\Downloads\ep 6 ahl.mp4 2015-09-09 13:57 - 2015-09-09 15:40 - 2068695199 _____ C:\Users\Student\Downloads\ep 5 ahl (1).mp4 2015-09-09 13:47 - 2015-09-09 13:49 - 40829353 _____ C:\Users\Student\Downloads\U-Kiss 'Playground' Parody.mp4 2015-09-09 13:28 - 2015-09-09 13:45 - 141601800 _____ C:\Users\Student\Downloads\ep 5 ahl.mp4 2015-09-09 13:13 - 2015-09-09 13:13 - 00010764 _____ C:\Users\Student\Downloads\meeting (5).collab 2015-09-09 13:10 - 2015-09-09 13:10 - 00010762 _____ C:\Users\Student\Downloads\meeting (4).collab 2015-09-08 16:58 - 2015-09-08 18:38 - 2129103339 _____ C:\Users\Student\Downloads\ep 4 ahl.mp4 2015-09-08 16:20 - 2015-09-08 16:55 - 772084125 _____ C:\Users\Student\Downloads\ep 3 ahl.mp4 2015-09-08 15:41 - 2015-09-08 16:16 - 747082942 _____ C:\Users\Student\Downloads\ep 2 ahl.mp4 2015-09-08 15:10 - 2015-09-08 15:27 - 360232878 _____ C:\Users\Student\Downloads\ep 1 ahl.mp4 2015-09-08 15:03 - 2015-09-08 15:04 - 21491489 _____ C:\Users\Student\Downloads\BTS - Boy In love (LA Version).mp4 2015-09-08 13:08 - 2015-09-08 13:08 - 00010762 _____ C:\Users\Student\Downloads\meeting (3).collab 2015-09-08 13:04 - 2015-09-08 13:04 - 00010738 _____ C:\Users\Student\Downloads\meeting (2).collab 2015-09-05 17:01 - 2015-09-05 17:04 - 70747107 _____ C:\Users\Student\Downloads\[bANGTAN BOMB] Let's speak English!.mp4 2015-09-05 16:55 - 2015-09-05 17:00 - 106348707 _____ C:\Users\Student\Downloads\[bANGTAN BOMB] War of hormone in Halloween.mp4 2015-09-05 16:50 - 2015-09-05 16:55 - 105420995 _____ C:\Users\Student\Downloads\BTS - War of Hormone - 방탄소년단 - 호르몬 전쟁 [Music Bank HOT Stage - 2014.10.24].mp4 2015-09-05 16:44 - 2015-09-05 16:50 - 104951809 _____ C:\Users\Student\Downloads\방탄소년단 '호르몬전쟁' Dance practice.mp4 2015-09-04 13:33 - 2015-09-04 13:33 - 05886879 _____ C:\Users\Student\Downloads\Untitled (2).wma 2015-09-04 13:31 - 2015-09-04 13:32 - 11409579 _____ C:\Users\Student\Downloads\Untitled (28).wma 2015-09-04 13:05 - 2015-09-04 13:05 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (15).collab 2015-09-04 13:02 - 2015-09-04 13:04 - 38935471 _____ C:\Users\Student\Downloads\Playback ft. Eric Nam - Isn't There (없을까) MV [English subs + Romanization + Hangul] HD.mp4 2015-09-04 12:48 - 2015-09-04 12:48 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (14).collab 2015-09-03 18:24 - 2015-09-03 18:44 - 102248392 _____ C:\Users\Student\Downloads\Rihanna - Bitch Better Have My Money (Explicit).mp4 2015-09-03 18:00 - 2015-09-03 18:03 - 51808277 _____ C:\Users\Student\Downloads\GOT7 - CRACK #4.mp4 2015-09-03 17:57 - 2015-09-03 18:00 - 38395430 _____ C:\Users\Student\Downloads\GOT7 - CRACK #3.mp4 2015-09-03 17:55 - 2015-09-03 17:56 - 38176767 _____ C:\Users\Student\Downloads\GOT7 - CRACK #2.mp4 2015-09-03 17:49 - 2015-09-03 17:53 - 54280529 _____ C:\Users\Student\Downloads\GOT7 - CRACK - JUST RIGHT EDITION!.mp4 2015-09-03 17:44 - 2015-09-03 17:48 - 50639318 _____ C:\Users\Student\Downloads\GOT7 - CRACK.mp4 2015-09-03 17:37 - 2015-09-03 17:43 - 107654343 _____ C:\Users\Student\Downloads\방탄소년단-BTS- '호르몬전쟁' dance performance (Real WAR ver.).mp4 2015-09-03 17:31 - 2015-09-03 17:37 - 105334061 _____ C:\Users\Student\Downloads\[MV] BTS(방탄소년단) _ War of Hormone(호르몬 전쟁).mp4 2015-09-03 16:23 - 2015-09-03 16:27 - 71798507 _____ C:\Users\Student\Downloads\Bangtan Boys (방탄소년단) - 쩔어 'Dope' (English Cover).mp4 2015-09-03 16:18 - 2015-09-03 16:21 - 49716855 _____ C:\Users\Student\Downloads\WAVEYA BTS 방탄소년단-DOPE 쩔어 cover dance.mp4 2015-09-03 16:15 - 2015-09-03 16:17 - 41801916 _____ C:\Users\Student\Downloads\WAVEYA _ GOT7 딱 좋아 Just Right cover dance.mp4 2015-09-03 14:00 - 2015-09-03 14:00 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (13).collab 2015-09-03 13:52 - 2015-09-03 13:52 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (12).collab 2015-09-03 12:26 - 2015-09-03 12:26 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (11).collab 2015-09-02 17:06 - 2015-09-02 17:06 - 03970530 _____ C:\Users\Student\Downloads\ スヒョン 落とし物をするー。.mp4 2015-09-02 17:03 - 2015-09-02 17:06 - 66564490 _____ C:\Users\Student\Downloads\Full HD 110623 U KISS유키스 아티스트 소개.mp4 2015-09-02 17:01 - 2015-09-02 17:02 - 34447443 _____ C:\Users\Student\Downloads\111213 U-KISS Cut [中字].mp4 2015-09-02 17:00 - 2015-09-02 17:01 - 15812880 _____ C:\Users\Student\Downloads\U-Kiss in program of children.mp4 2015-09-02 16:54 - 2015-09-02 16:59 - 104066122 _____ C:\Users\Student\Downloads\videoplayback.mp4 2015-09-02 16:25 - 2015-09-02 16:27 - 52935137 _____ C:\Users\Student\Downloads\K-Pop Group U-KISS Gives Valentines' Tips! - ISAtv ARTIST FEATURE.mp4 2015-09-02 16:19 - 2015-09-02 16:20 - 16326314 _____ C:\Users\Student\Downloads\유비트&헬로비너스&15&_싸이-Gentleman (GENTLEMAN by uBEAT & HELLOVENUS &15&@Mcountdown 2013.5.2).mp4 2015-09-02 16:09 - 2015-09-02 16:12 - 65626918 _____ C:\Users\Student\Downloads\The 5 Most Uncomfortable Sex Scenes in Video Games.mp4 2015-09-02 14:58 - 2015-09-02 14:58 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (10).collab 2015-09-02 14:50 - 2015-09-25 20:28 - 00000000 ____D C:\Program Files\FFmpeg for Audacity 2015-09-02 14:49 - 2015-09-02 14:50 - 09957947 _____ ( ) C:\Users\Student\Downloads\ffmpeg-win-2.2.2.exe 2015-09-02 14:44 - 2015-09-25 20:41 - 00000000 ____D C:\Users\Student\AppData\Roaming\Audacity 2015-09-02 14:42 - 2015-09-02 14:44 - 00000000 ____D C:\Program Files\Audacity 2015-09-02 14:42 - 2015-09-02 14:42 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2015-09-02 14:42 - 2015-09-02 14:42 - 00000969 _____ C:\Users\Public\Desktop\Audacity.lnk 2015-09-02 14:36 - 2015-09-02 14:37 - 25186399 _____ (Audacity Team ) C:\Users\Student\Downloads\audacity-win-2.1.1.exe 2015-09-02 14:23 - 2015-09-02 14:27 - 20019676 _____ C:\Users\Student\Downloads\U-KISS(ユーキス) - Tick Tack MV (Full ver.) [HD 1080p].mp4 2015-09-02 14:13 - 2015-09-02 14:13 - 00001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2015-09-02 14:13 - 2015-09-02 14:13 - 00001251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2015-09-02 14:12 - 2015-09-02 14:12 - 00000020 _____ C:\Windows\¸ù„ 2015-09-02 14:10 - 2015-09-02 14:12 - 00000000 ____D C:\Program Files\Windows Live 2015-09-02 14:04 - 2015-09-02 14:04 - 15989883 _____ C:\Users\Student\Downloads\GOT7 - Just Right MV (Fangirl Version).mp4 2015-09-02 14:02 - 2015-09-02 14:02 - 00010762 _____ C:\Users\Student\Downloads\meeting (1).collab 2015-09-02 14:00 - 2015-09-02 14:01 - 21719799 _____ C:\Users\Student\Downloads\BTS - War of hormone (Fangirl version).mp4 2015-09-02 14:00 - 2015-09-02 14:00 - 00010762 _____ C:\Users\Student\Downloads\meeting.collab 2015-09-02 13:55 - 2015-09-25 19:51 - 00000000 ____D C:\Users\Student\AppData\Local\Windows Live 2015-09-02 13:55 - 2015-09-02 13:55 - 01239752 _____ (Microsoft Corporation) C:\Users\Student\Downloads\wlsetup-web.exe 2015-09-02 13:55 - 2015-09-02 13:55 - 00000000 ____D C:\Program Files\Common Files\Windows Live 2015-09-02 13:15 - 2015-09-02 13:15 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (9).collab 2015-09-01 14:50 - 2015-09-01 14:50 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (8).collab 2015-09-01 14:43 - 2015-09-01 14:44 - 02089450 _____ C:\Users\Student\Downloads\A11Y_Course_Intro_AlgebraII.pptx 2015-09-01 14:34 - 2015-09-01 14:34 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (7).collab 2015-09-01 13:47 - 2015-09-01 13:48 - 04675086 _____ C:\Users\Student\Downloads\A11Y_World_History_Course_Intro.pptx 2015-09-01 13:28 - 2015-09-01 13:28 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (6).collab 2015-09-01 13:16 - 2015-09-01 13:16 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (5).collab 2015-09-01 12:53 - 2015-09-01 12:53 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (4).collab 2015-09-01 12:35 - 2015-09-01 12:35 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (3).collab 2015-09-01 12:34 - 2015-09-01 12:34 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (2).collab 2015-09-01 12:32 - 2015-09-01 12:32 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (1).collab 2015-09-01 12:31 - 2015-09-01 12:34 - 42807296 _____ C:\Users\Student\Downloads\BlackboardCollaborateLauncher-Win (1).msi 2015-09-01 12:31 - 2015-09-01 12:31 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback.collab 2015-08-31 20:41 - 2015-08-31 20:41 - 00000000 ____D C:\Users\Student\.MCTranscodingSDK 2015-08-31 17:55 - 2015-08-31 22:05 - 00000000 ____D C:\Users\Public\Documents\Lightworks 2015-08-31 17:55 - 2015-08-31 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks 2015-08-31 17:55 - 2015-08-31 17:55 - 00000000 ____D C:\ProgramData\Geevs 2015-08-31 17:52 - 2015-09-03 19:11 - 00000000 ____D C:\Program Files\Lightworks 2015-08-31 17:44 - 2015-08-31 17:49 - 76663632 _____ (Lightworks) C:\Users\Student\Downloads\lightworks_v12.0.2_full_32bit_setup.exe 2015-08-31 17:39 - 2015-08-31 17:43 - 89753344 _____ C:\Users\Student\Downloads\HD 130717 BTS We Are Bulletproof Live @ Show Champion.mp4 2015-08-31 17:15 - 2015-08-31 17:15 - 00000000 ____D C:\Users\Student\Documents\Lightworks 2015-08-31 17:13 - 2015-08-31 17:14 - 16200588 _____ C:\Users\Student\Downloads\[MV] U-Kiss - Not Young.mp4 2015-08-31 16:42 - 2015-08-31 16:42 - 00000000 ____D C:\Program Files\Common Files\Java 2015-08-31 16:40 - 2015-08-31 16:40 - 00000000 ____D C:\Users\Student\AppData\Roaming\Sun 2015-08-31 16:40 - 2015-08-31 16:40 - 00000000 ____D C:\Users\Student\.oracle_jre_usage 2015-08-31 14:25 - 2015-08-31 14:31 - 139533106 _____ C:\Users\Student\Downloads\HOTDOG ENDING - Facade.mp4 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-30 15:09 - 2014-09-18 13:20 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2071005352-1963743713-3197600615-1000UA.job 2015-09-30 14:53 - 2014-04-09 10:30 - 00000154 __RSH C:\ProgramData\3002.xml 2015-09-30 14:47 - 2015-03-04 13:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-30 14:40 - 2014-09-18 11:00 - 01753521 _____ C:\Windows\WindowsUpdate.log 2015-09-30 14:30 - 2015-03-12 14:31 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-30 14:30 - 2015-03-12 14:31 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-30 13:05 - 2009-07-13 21:34 - 00036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-30 13:05 - 2009-07-13 21:34 - 00036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-30 13:01 - 2014-10-24 12:43 - 00000000 ____D C:\Users\Student\Documents\Book Club 2015-09-30 12:29 - 2014-09-18 13:20 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2071005352-1963743713-3197600615-1000Core.job 2015-09-30 12:22 - 2015-08-20 13:58 - 00003239 _____ C:\Windows\setupact.log 2015-09-30 12:21 - 2014-04-09 10:20 - 00017920 _____ C:\Windows\system32\rpcnetp.exe 2015-09-29 16:08 - 2015-03-20 15:42 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-29 16:08 - 2015-03-20 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-09-29 16:08 - 2015-03-20 15:38 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-09-29 15:58 - 2015-03-20 16:30 - 00019948 _____ C:\Windows\PFRO.log 2015-09-29 15:58 - 2014-04-09 10:28 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll 2015-09-29 15:58 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-29 15:58 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Help 2015-09-28 21:51 - 2015-02-04 19:52 - 00000000 ____D C:\Users\Student\AppData\Roaming\Skype 2015-09-28 14:16 - 2015-02-04 19:51 - 00000000 ____D C:\ProgramData\Skype 2015-09-25 15:46 - 2013-04-16 14:55 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-09-25 15:46 - 2013-04-16 14:55 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-09-21 14:44 - 2014-09-19 09:06 - 00000000 ____D C:\Users\Student\Documents\Online Learning 2015-09-16 17:22 - 2015-02-04 19:51 - 00000000 ___RD C:\Program Files\Skype 2015-09-11 12:37 - 2013-04-15 19:46 - 00000000 ____D C:\Users\Student\AppData\Local\Google 2015-09-09 13:34 - 2014-09-19 08:55 - 00000000 ____D C:\Users\Student\Documents\Chemistry 2015-09-09 13:25 - 2014-04-09 10:30 - 00031328 __RSH C:\ProgramData\3002.abs 2015-09-04 22:42 - 2015-02-02 15:10 - 00000000 ____D C:\Program Files\Common Files\Steam 2015-09-03 14:05 - 2013-04-10 18:59 - 00000000 ____D C:\Users\Student 2015-09-02 14:12 - 2013-04-10 19:17 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition 2015-09-02 14:10 - 2009-07-13 19:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-09-01 15:08 - 2015-02-04 18:41 - 00000000 ____D C:\Users\Student\Documents\SavedGames 2015-09-01 15:08 - 2014-09-19 08:55 - 00000000 ____D C:\Users\Student\Documents\Algebra 2 2015-09-01 15:07 - 2014-09-19 08:56 - 00000000 ____D C:\Users\Student\Documents\Physical Education 2015-09-01 15:06 - 2014-09-19 08:55 - 00000000 ____D C:\Users\Student\Documents\Lit. and Analysis 2015-09-01 15:05 - 2014-09-19 08:55 - 00000000 ____D C:\Users\Student\Documents\Forensic Science 2015-08-31 16:52 - 2015-03-24 17:22 - 00000000 ____D C:\ProgramData\Oracle 2015-08-31 16:45 - 2015-03-24 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-08-31 16:45 - 2013-07-01 20:50 - 00000000 ____D C:\Program Files\Java 2015-08-31 16:38 - 2015-03-24 17:24 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll ==================== Files in the root of some directories ======= 2015-09-15 13:38 - 2015-09-15 13:39 - 0003749 _____ () C:\Users\Student\AppData\Roaming\My Profile.xml 2015-05-19 14:41 - 2015-05-19 14:42 - 0000000 _____ () C:\Users\Student\AppData\Local\{70D3E001-AD8E-4A72-B1B1-4236BB28EC5F} 2014-04-09 10:30 - 2015-09-09 13:25 - 0031328 __RSH () C:\ProgramData\3002.abs 2014-04-09 10:30 - 2015-09-30 14:53 - 0000154 __RSH () C:\ProgramData\3002.xml 2015-05-02 15:02 - 2015-05-02 15:02 - 0015568 __RSH () C:\ProgramData\3029.abs ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-13 13:26 ==================== End of FRST.txt ============================ RogueKiller V10.10.7.0 [sep 28 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Student [Administrator] Started from : C:\Users\Student\Desktop\RogueKiller.exe Mode : Scan -- Date : 09/30/2015 16:15:58 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 15 ¤¤¤ [PUM.SearchPage] HKEY_USERS\S-1-5-21-2071005352-1963743713-3197600615-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.255.255.33 10.255.255.32 ([(Private Address) (XX)][(Private Address) (XX)]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.255.255.33 10.255.255.32 ([(Private Address) (XX)][(Private Address) (XX)]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.255.255.33 10.255.255.32 ([(Private Address) (XX)][(Private Address) (XX)]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7C7CA79F-F37E-474B-B859-E68B3A12A7A6} | DhcpNameServer : 10.255.255.33 10.255.255.32 ([(Private Address) (XX)][(Private Address) (XX)]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F1E57062-B78F-4E6B-9874-19E4B01944A0} | DhcpNameServer : 172.21.0.55 172.21.0.60 ([(Private Address) (XX)][(Private Address) (XX)]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7C7CA79F-F37E-474B-B859-E68B3A12A7A6} | DhcpNameServer : 10.255.255.33 10.255.255.32 ([(Private Address) (XX)][(Private Address) (XX)]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F1E57062-B78F-4E6B-9874-19E4B01944A0} | DhcpNameServer : 172.21.0.55 172.21.0.60 ([(Private Address) (XX)][(Private Address) (XX)]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7C7CA79F-F37E-474B-B859-E68B3A12A7A6} | DhcpNameServer : 10.255.255.33 10.255.255.32 ([(Private Address) (XX)][(Private Address) (XX)]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F1E57062-B78F-4E6B-9874-19E4B01944A0} | DhcpNameServer : 172.21.0.55 172.21.0.60 ([(Private Address) (XX)][(Private Address) (XX)]) -> Found [PUM.StartMenu] HKEY_USERS\S-1-5-21-2071005352-1963743713-3197600615-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] HKEY_USERS\S-1-5-21-2071005352-1963743713-3197600615-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found [PUM.StartMenu] HKEY_USERS\S-1-5-21-2071005352-1963743713-3197600615-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Found [PUM.StartMenu] HKEY_USERS\S-1-5-21-2071005352-1963743713-3197600615-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> Found [PUM.StartMenu] HKEY_USERS\S-1-5-21-2071005352-1963743713-3197600615-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 12 (Driver: Loaded) ¤¤¤ [iAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - RegOpenKeyW : Unknown @ 0xe0fd4 (jmp 0x893debfb) [iAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - CreateFileW : Unknown @ 0x10fd4 (jmp 0x8923267f) [iAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - LoadLibraryW : Unknown @ 0x10f8d (jmp 0x89231f9b) [iAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - LoadLibraryA : Unknown @ 0x10fa8 (jmp 0x89233293) [iAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x40fd4 (jmp 0x887ab07c) [iAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x40fef (jmp 0x887ab9e7) [iAT:Inl(Hook.IEAT)] (explorer.exe @ USP10.dll) kernel32.dll - CreateFileA : Unknown @ 0x10fef (jmp 0x892324de) [iAT:Inl(Hook.IEAT)] (explorer.exe @ MSACM32.dll) ADVAPI32.dll - RegCreateKeyA : Unknown @ 0xe0faf (jmp 0x893e430e) [iAT:Inl(Hook.IEAT)] (explorer.exe @ MSACM32.dll) ADVAPI32.dll - RegOpenKeyA : Unknown @ 0xe0fe5 (jmp 0x893e4430) [iAT:Inl(Hook.IEAT)] (explorer.exe @ urlmon.dll) WININET.dll - InternetOpenW : Unknown @ 0x3a20fca (jmp 0x8c3d1b7a) [iAT:Inl(Hook.IEAT)] (explorer.exe @ mf.dll) ADVAPI32.dll - RegCreateKeyExA : Unknown @ 0xe0f94 (jmp 0x893dfbab) [iAT:Inl(Hook.IEAT)] (explorer.exe @ RstrtMgr.DLL) kernel32.dll - CreateNamedPipeW : Unknown @ 0x10fb9 (jmp 0x8924e152) ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] w122xmxl.default-1420839641103 : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0Dzy0EyB0C0Fzz0DyCtAyEtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0E0AtAzytBtB0CtGyDtA0FtCtGzztCtB0AtGyEzyyEtBtGyE0AtAyBzy0CtB0A0BtC0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDzy0A0E0CtCyBtG0CzztAzztGyEtD0B0CtGzzyEyC0BtGtA0A0DyB0E0FtD0EyEyEtA0C2QtN0A0LzuyE%26cr%3D420873958%26a%3Dwny_ir_15_15%26os%3DWindows7 Professional"); -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD32 00BPVT-60JJ5T0 SATA Disk Device +++++ --- User --- [MBR] 3c336853b586b58465abb82105e76739 [bSP] b09593dde8733f9a012eded474ad978a : Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 3697 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 7573504 | Size: 261529 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 543184896 | Size: 20017 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 3 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 584179712 | Size: 20000 MB User = LL1 ... OK User = LL2 ... OK Addition.txt
  9. dr_glove
    Hello, I'm not sure exactly if I'm infected or not, but my computer has been running extremely slow lately. Programs have been unexpectedly "unresponding" and there is a massive lag even as I type this. I believe even my music player is corrupted. But I'm not sure if I'm infected or just have too many files and such on this computer... Please guide me as how I may be able to fix this problem. Thank you very much.
  10. dr_glove
    Yes, we are, thank you! And those tips are really helpful, thanks again!
  11. dr_glove
    Results of screen317's Security Check version 0.99.99 Windows 7 Service Pack 1 x86 (UAC is disabled!) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee VirusScan Enterprise Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 51 Java 2 Runtime Environment, SE v1.4.2_07 Java version 32-bit out of Date! Adobe Flash Player 16.0.0.305 Flash Player out of Date! Adobe Reader XI Mozilla Firefox 35.0.1 Firefox out of Date! Google Chrome 27.0.1453.116 Google Chrome out of date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe McAfee VirusScan Enterprise VsTskMgr.exe McAfee VirusScan Enterprise mfeann.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  12. dr_glove
    Zoek.exe v5.0.0.0 Updated 23-March-2015 Tool run by Student on Mon 03/23/2015 at 17:03:54.14. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Student\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 3/23/2015 5:08:10 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\GUM752F.tmp deleted successfully C:\Program Files\system app deleted successfully C:\Program Files\VideoLAN deleted successfully C:\Users\Student\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\Hpservice.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\aestsrv.exe C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\K12\Software\run\K12McAfeeTray.exe C:\K12\Software\run\K12VersionTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\hamachi-2-ui.exe C:\LMIGuardianSvc.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Windows\system32\mfevtps.exe C:\Windows\system32\rpcnet.exe C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe C:\Windows\system32\conhost.exe C:\hamachi-2.exe C:\LMIGuardianSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Users\Student\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103\prefs.js: user_pref("browser.startup.homepage", "login-learn.k12.com/accessui/login.do?__actionName=view"); user_pref("browser.newtab.url", ""); user_pref("keyword.URL", ""); Added to C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); Deleted from C:\Users\Student\AppData\Roaming\Nvu\Profiles\x6g5vjkc.default\prefs.js: Added to C:\Users\Student\AppData\Roaming\Nvu\Profiles\x6g5vjkc.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Deleting Files \ Folders ====================== C:\Program Files\GUM752F.tmp not found C:\Program Files\system app not found C:\Program Files\VideoLAN not found C:\Program Files\YoutubbeAdBlockE deleted C:\Program Files\BuuyNsuave deleted C:\Program Files\Design my eMail deleted C:\PROGRA~2\diffpmcfhkkpcfpnpglgimpdkjdehjgg deleted C:\PROGRA~2\224125319150758730 deleted C:\PROGRA~2\31c40ca5126eb4a deleted C:\Users\Student\AppData\Roaming\LogFile.txt deleted C:\Users\Student\AppData\Roaming\SpeedRunnersLog.txt deleted C:\Users\Student\AppData\Roaming\Open Download Manager deleted C:\Users\Student\AppData\Roaming\ParetoLogic deleted C:\PROGRA~2\Package Cache deleted C:\Users\Student\AppData\Local\28AAD45F-F322-324C-80AD-37E9A78C1978 deleted C:\Windows\system32\GroupPolicy\Adm deleted C:\Windows\system32\GroupPolicy\Machine deleted C:\Windows\system32\GroupPolicy\User deleted C:\Windows\system32\GroupPolicy\gpt.ini deleted C:\Windows\System32\AI_RecycleBin deleted "C:\Windows\Installer\82b65b.msi" deleted "C:\hamachi-2-ui.exe" deleted "C:\hamachi-2.exe" deleted "C:\LMIGuardianSvc.exe" deleted ==== System Specs ====================== Operating System: Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 32-bit Manufacturer: Hewlett-Packard - Model: HP 635 Notebook PC Install Date: 9/18/2014 10:58:57 AM Last Boot: 3/24/2015 8:40:37 AM Processor: AMD E-300 APU with Radeon HD Graphics Number of Processors: 2 Work Station Bootmode: Normal boot Total RAM: 3578 MB (free 2151 MB - 60) Computername: K12-5CB21022D2 Domain: WORKGROUP User: Student (Administrator account) Local Disk: C:\ - NTFS - 255 GB (free 57 GB) CD \ DVD Drive: E:\ Local Disk: K:\ - NTFS - 19 GB (free 19 GB) Bootdevice: \Device\HarddiskVolume1 Windows update: 2015-03-11 18:36:52 Country: United States Language: ENU ==== System Specs (Software) ====================== Anti-Virus: McAfee VirusScan Enterprise On-access scanning disabled (Outdated) Anti-Spyware: McAfee VirusScan Enterprise Antispyware Module disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Internet Explorer Version: 10.0.9200.17267 Mozilla Firefox version: 35.0.1 (x86 en-US) Google Chrome version: 41.0.2272.101 Adobe Reader version: 11.0.10.32 Sun Java version: 1.7.0_51 (32-bit) Flash Player version: 16.0.0.305 Shockwave Player version: 12.0.2r122 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Student\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-03-10 22:19:21 5F3628DCF926C4499BE1DC74431DFBC8 1230848 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2015-03-10 22:19:18 6BF8843C99352B8A600794DE740C2566 2744320 ----a-w- C:\Windows\System32\rdpcorets.dll 2015-03-10 22:19:17 1B430766C544BEF1D8BE2305FF7F8D9C 221184 ----a-w- C:\Windows\System32\rdpudd.dll 2015-03-10 22:19:17 06E6DEABDA3A27DDA054BE46207420E4 13824 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll 2015-03-10 22:16:36 836E4983088DD3723F0B3D9BABA63E97 14380544 ----a-w- C:\Windows\System32\mshtml.dll 2015-03-10 22:16:32 E7AFA1051FBD3069F26B5049F146EBB2 13768704 ----a-w- C:\Windows\System32\ieframe.dll 2015-03-10 22:16:31 7FBC8607D89C3EA54A764C6331C99D6D 1763328 ----a-w- C:\Windows\System32\wininet.dll 2015-03-10 22:16:30 D5E47A6DAAAEFDF998D7680ED2EA86DF 2055680 ----a-w- C:\Windows\System32\iertutil.dll 2015-03-10 22:16:30 990E995A16A9C2BA88CA0E60E7894AA9 1181696 ----a-w- C:\Windows\System32\urlmon.dll 2015-03-10 22:16:29 A83DD99122386F1368D93D7A733E3302 523776 ----a-w- C:\Windows\System32\vbscript.dll 2015-03-10 22:16:27 1EB6F9DBD04FFDFCF5B93909901560AC 493056 ----a-w- C:\Windows\System32\msfeeds.dll 2015-03-10 22:16:26 A4FBF52C79893152D57C7F6A2AAC0C83 1441280 ----a-w- C:\Windows\System32\inetcpl.cpl 2015-03-10 22:16:25 000D418931B930BE6769712F86CC6B60 109056 ----a-w- C:\Windows\System32\iesysprep.dll 2015-03-10 22:16:24 E8A033B53086430DA6B48F28B6EC63A2 226816 ----a-w- C:\Windows\System32\iedkcs32.dll 2015-03-10 22:16:24 B8E5AA21DEDCBB962DF5F04C6D134DA6 391168 ----a-w- C:\Windows\System32\ieui.dll 2015-03-10 22:16:24 423DFEDEE363F06C05AC593B6205F4A3 2864640 ----a-w- C:\Windows\System32\jscript9.dll 2015-03-10 22:16:23 8D0494E8410852943FF43A368217FF66 690688 ----a-w- C:\Windows\System32\jscript.dll 2015-03-10 22:16:22 DDF5BC96A7BC55971952CCEB5F92A736 357888 ----a-w- C:\Windows\System32\dxtmsft.dll 2015-03-10 22:16:22 7919BAA17333FCC2621481489CEB612B 42496 ----a-w- C:\Windows\System32\ie4uinit.exe 2015-03-10 22:16:22 4ABDF4F6DF951160F95D5A45D7355C34 226816 ----a-w- C:\Windows\System32\dxtrans.dll 2015-03-10 22:16:22 23A43E791BB4B8D702DE37E718B515A8 163840 ----a-w- C:\Windows\System32\msrating.dll 2015-03-10 22:16:21 F63F71027A4A57A69DFEE2E9F920747B 80384 ----a-w- C:\Windows\System32\mshtmled.dll 2015-03-10 22:16:21 7492246CF5E309E7B9B1EA3354819C0E 33280 ----a-w- C:\Windows\System32\iernonce.dll 2015-03-10 22:16:20 EBE016639BF5BDB2E7226483B700E7EE 61440 ----a-w- C:\Windows\System32\iesetup.dll 2015-03-10 22:16:20 96563FAC4ABF52A16BF6668B7399D6B7 361984 ----a-w- C:\Windows\System32\html.iec 2015-03-10 22:16:20 0ED74EEC57380E673FF9F2604DFC00B0 39936 ----a-w- C:\Windows\System32\jsproxy.dll 2015-03-10 22:16:19 E1F65EEE4C839DDAF133392E14B0AF72 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2015-03-10 22:16:19 CD38AFE2191248AAFAEECCE0A8E1B58E 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2015-03-10 22:14:30 84B460BB65567ED42DD605FA044DB370 828928 ----a-w- C:\Windows\System32\msctf.dll 2015-03-10 22:14:28 340EECB781E6C06A6171B3068DA208AD 12875264 ----a-w- C:\Windows\System32\shell32.dll 2015-03-10 22:14:24 BA3CB7D5C1DCF17E6FFFB28DB950841A 2381312 ----a-w- C:\Windows\System32\win32k.sys 2015-03-10 22:12:53 B804EAA9E037580F96C22537C2ECB62A 171520 ----a-w- C:\Windows\System32\ubpm.dll 2015-03-10 22:12:42 D9FAD47AFADE210921EF0991307DAD6D 1061376 ----a-w- C:\Windows\System32\lsasrv.dll 2015-03-10 22:12:42 D5063B86DC3F85B93D02AF68099F4C9A 248832 ----a-w- C:\Windows\System32\schannel.dll 2015-03-10 22:12:41 69925A266D265DAD96C6FCBB861FA5CD 550912 ----a-w- C:\Windows\System32\kerberos.dll 2015-03-10 22:12:40 C7D334A01C66BF07B92D04CD7A981B7F 259584 ----a-w- C:\Windows\System32\msv1_0.dll 2015-03-10 22:12:40 B06A4105DD22E91A1D922D7310803140 65536 ----a-w- C:\Windows\System32\TSpkg.dll 2015-03-10 22:12:40 7A71DA6D6F75AB73475128F787DD8EAD 221184 ----a-w- C:\Windows\System32\ncrypt.dll 2015-03-10 22:12:40 4E15E2D20AE755FDEACD96F359F732DB 172032 ----a-w- C:\Windows\System32\wdigest.dll 2015-03-10 22:12:39 5E76C26CAE2810EA71C161ED9A2CF0D1 50176 ----a-w- C:\Windows\System32\auditpol.exe 2015-03-10 22:12:38 F65F365AC0D1657917EFDB52445C848B 22528 ----a-w- C:\Windows\System32\lsass.exe 2015-03-10 22:12:38 887C8C0BF3FF4C74E76714375AE9B1D8 15872 ----a-w- C:\Windows\System32\sspisrv.dll 2015-03-10 22:12:38 84974782ED5D108DA2EFAF3C6534A760 22016 ----a-w- C:\Windows\System32\secur32.dll 2015-03-10 22:12:38 49144A633AB640E34A0FFDE26CB31EB5 100352 ----a-w- C:\Windows\System32\sspicli.dll 2015-03-10 22:12:38 30F5B3E28636009A0B194057AAE4392A 17408 ----a-w- C:\Windows\System32\credssp.dll 2015-03-10 22:12:37 ACD0CA819E279E1C17BE5C8A077EF448 146432 ----a-w- C:\Windows\System32\msaudite.dll 2015-03-10 22:12:37 0485899A035E02C53014C0545D912405 686080 ----a-w- C:\Windows\System32\adtschema.dll 2015-03-10 22:12:36 7407DDA27838C393DE67A0BDCDD044D0 60416 ----a-w- C:\Windows\System32\msobjs.dll 2015-03-10 22:11:52 DD16C06B79DA2FBD422E87923C6C0C9D 26624 ----a-w- C:\Windows\System32\lpk.dll 2015-03-10 22:11:52 965D6A2B30A95A9F7EF13653988D3D9F 299008 ----a-w- C:\Windows\System32\atmfd.dll 2015-03-10 22:11:52 55273844B66D77A2F1A2213C17A9EA4A 34304 ----a-w- C:\Windows\System32\atmlib.dll 2015-03-10 22:11:51 ABB358777FDF4AF51B2FE26137D2B8D4 70656 ----a-w- C:\Windows\System32\fontsub.dll 2015-03-10 22:11:51 274F0540FD4C88FC845C94CA1569688A 10240 ----a-w- C:\Windows\System32\dciman32.dll 2015-03-10 22:11:48 9566C8BBD2271A7962D4432A624762AD 417792 ----a-w- C:\Windows\System32\WMPhoto.dll 2015-03-10 22:11:20 003C51B9FE38287BA4E0E58D3AE080BD 744960 ----a-w- C:\Windows\System32\blackbox.dll 2015-03-10 22:11:19 DCC148408770F2D55B201F8FC26438A1 988160 ----a-w- C:\Windows\System32\drmv2clt.dll 2015-03-10 22:11:18 833FCABCB5D95B1911BA6E62FC82AC04 617984 ----a-w- C:\Windows\System32\wmdrmsdk.dll 2015-03-10 22:11:17 B378B6A865C28CE5C1E23C35760A1199 11411968 ----a-w- C:\Windows\System32\wmp.dll 2015-03-10 22:11:17 5B0C6247027FCF5A2E2F150E298D2FFA 3209728 ----a-w- C:\Windows\System32\mf.dll 2015-03-10 22:11:14 BB73C907D1BD437B6C30F2C23BB089FC 406016 ----a-w- C:\Windows\System32\drmmgrtn.dll 2015-03-10 22:11:14 74264B7F57A16D25CB581C07964D324A 1174528 ----a-w- C:\Windows\System32\crypt32.dll 2015-03-10 22:11:13 6C2D4DC5D2E271F4AE4016FD4587B0B2 3973048 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2015-03-10 22:11:13 49474B3E37969AF4B5C076F42B623AFF 143872 ----a-w- C:\Windows\System32\cryptsvc.dll 2015-03-10 22:11:12 D5EC42139D6A6158CF188975C50B6A60 179200 ----a-w- C:\Windows\System32\wintrust.dll 2015-03-10 22:11:12 2CFE69A0A8AFDA8DB9A773D728000BB7 3917760 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-03-10 22:11:11 2D4814D567E5A85C473228BA772A7AFB 489984 ----a-w- C:\Windows\System32\evr.dll 2015-03-10 22:11:10 96DB6A923DEDB58FC7CBBF5CFF73314D 1329664 ----a-w- C:\Windows\System32\quartz.dll 2015-03-10 22:11:09 98C1191C862B44567FCF3C18BAEE859E 519680 ----a-w- C:\Windows\System32\qdvd.dll 2015-03-10 22:11:08 B7D2BB84C590F0AE9DA51DBB065A780E 1005056 ----a-w- C:\Windows\System32\cryptui.dll 2015-03-10 22:11:08 52954BE460EC6C54C0ACB2B3B126FFC6 157184 ----a-w- C:\Windows\System32\pcasvc.dll 2015-03-10 22:11:07 C5667EE72D7364BE81516C0707FEF724 354816 ----a-w- C:\Windows\System32\mfplat.dll 2015-03-10 22:11:06 B54FD1991E659FD61EF1D34EC27AAECD 81408 ----a-w- C:\Windows\System32\cryptsp.dll 2015-03-10 22:11:06 18F1BBB37F1BC76332B5C1B5FA5ED310 455752 ----a-w- C:\Windows\System32\winresume.exe 2015-03-10 22:11:04 FFCFCDFD8D17DC62F168B50E92143EFA 400896 ----a-w- C:\Windows\System32\srcore.dll 2015-03-10 22:11:04 D31FB78F37F075FA9605D7ED9B2070D2 409272 ----a-w- C:\Windows\System32\ci.dll 2015-03-10 22:11:03 7DD3B3971D45197FA059C7CF55387BE8 521384 ----a-w- C:\Windows\System32\winload.exe 2015-03-10 22:11:02 055C6BD2B4216C69302807A44A2C2B46 262656 ----a-w- C:\Windows\System32\rstrui.exe 2015-03-10 22:11:00 3BAA4BAE71460C5CEB40D5E9339A61BC 103936 ----a-w- C:\Windows\System32\cryptnet.dll 2015-03-10 22:11:00 320A8699369C43CF53B2DB4538D17C52 504320 ----a-w- C:\Windows\System32\msscp.dll 2015-03-10 22:10:58 CFE8B425822E478B530A590896ECF091 100864 ----a-w- C:\Windows\System32\audiodg.exe 2015-03-10 22:10:58 70E96EBE87A38857619671FCB9C8EC7B 265216 ----a-w- C:\Windows\System32\msnetobj.dll 2015-03-10 22:10:57 C1619A13B10CAC5038BF7129F57D8DE3 475136 ----a-w- C:\Windows\System32\audiosrv.dll 2015-03-10 22:10:57 08FF727297A97907AADED4BA86CF44E9 50176 ----a-w- C:\Windows\System32\rrinstaller.exe 2015-03-10 22:10:56 F5090F8FA6757C58E17BAEAA86093636 27648 ----a-w- C:\Windows\System32\appidsvc.dll 2015-03-10 22:10:56 AF47EAA4ADDA9AA221FB7647EE22BF53 103424 ----a-w- C:\Windows\System32\mfps.dll 2015-03-10 22:10:56 3245B3D9A1F36C8A80900003B22F9FA4 96768 ----a-w- C:\Windows\System32\appidpolicyconverter.exe 2015-03-10 22:10:55 C45E651DD6C0D7C1D92B338CE9331EF3 28160 ----a-w- C:\Windows\System32\pcadm.dll 2015-03-10 22:10:55 2D21189858856316D55EAD55DF4964C2 374784 ----a-w- C:\Windows\System32\AudioEng.dll 2015-03-10 22:10:54 A56F4029FDCF4F817E78953CDA953E28 442880 ----a-w- C:\Windows\System32\AUDIOKSE.dll 2015-03-10 22:10:54 49F4EE8DF752CFA159B99046CD1FDD2B 23040 ----a-w- C:\Windows\System32\mfpmp.exe 2015-03-10 22:10:54 01C6C743FE49D0FB3F0A1391FEF1DEB3 69632 ----a-w- C:\Windows\System32\smss.exe 2015-03-10 22:10:52 E0AB9CA912398BE1AAD14FF7AD75C397 50688 ----a-w- C:\Windows\System32\appidapi.dll 2015-03-10 22:10:51 50B8937A81360D16A5C772302BD32CFE 195584 ----a-w- C:\Windows\System32\AudioSes.dll 2015-03-10 22:10:50 A4A2EFB40015B76467F09E6DC388BC26 43008 ----a-w- C:\Windows\System32\srclient.dll 2015-03-10 22:10:50 10495B2681F3E271CB93608D853A0CF0 9728 ----a-w- C:\Windows\System32\pcawrk.exe 2015-03-10 22:10:49 7847865A78B7FB9221D9DFB35A7B8ECD 38912 ----a-w- C:\Windows\System32\csrsrv.dll 2015-03-10 22:10:49 6C620B9DDB9EB0F0D92E9607D76B3D3D 50176 ----a-w- C:\Windows\System32\setbcdlocale.dll 2015-03-10 22:10:48 A6AEADE370FFE3F37554D8AAA3E4B873 8192 ----a-w- C:\Windows\System32\pcalua.exe 2015-03-10 22:10:48 6EBC44F464A00EF4E4F0DBBB6BD3FF14 275968 ----a-w- C:\Windows\System32\EncDump.dll 2015-03-10 22:10:48 6B1EB62B8DD3F439F972BE14D7A34FC8 10752 ----a-w- C:\Windows\System32\msmmsp.dll 2015-03-10 22:10:47 69B4CE000298A9253EB206C3AC1360F5 16896 ----a-w- C:\Windows\System32\appidcertstorecheck.exe 2015-03-10 22:10:44 F0C8038C9336EE6C3244CF431AB362BE 8704 ----a-w- C:\Windows\System32\pcaevts.dll 2015-03-10 22:10:44 D3916F83AC8F2314262387A2E16C6578 4096 ----a-w- C:\Windows\System32\msdxm.ocx 2015-03-10 22:10:44 D3916F83AC8F2314262387A2E16C6578 4096 ----a-w- C:\Windows\System32\dxmasf.dll 2015-03-10 22:10:44 8B07DBA0D77346545C6359AC67DCB980 8192 ----a-w- C:\Windows\System32\spwmp.dll 2015-03-10 22:10:44 2F3CE58D8C276570EEB69C99CFBAFD58 2048 ----a-w- C:\Windows\System32\mferror.dll 2015-03-10 22:10:43 FCD5137A10C8943B34C9BE891C50159F 6656 ----a-w- C:\Windows\System32\apisetschema.dll 2015-03-10 22:10:42 7C1CADCA0E674212412559B0EAD0919A 12625408 ----a-w- C:\Windows\System32\wmploc.DLL ====== C:\Windows\system32\drivers ===== 2015-03-20 22:42:02 04B309A1A653177994630C2773E659F1 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-03-20 22:38:40 C2730E796F3A84DE3D4FCFF899028838 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-03-20 22:38:40 2A1B51A1FE8DC4DC0D52EC700CB02CEF 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-03-20 22:38:39 AB73A39A5E45F465B02C11C500BB0278 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2015-03-10 22:12:42 9EED5E0B7BF784C491C2289A09920BDA 137656 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-03-10 22:12:41 4DAC97CF81FAE4B2988AEF0DF40D04AE 67512 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-03-10 22:11:13 AEBC369F7DC72AB3F5B9BDF34FA0D43F 593920 ----a-w- C:\Windows\System32\drivers\PEAuth.sys 2015-03-10 22:11:10 3051724F223EA48968B19567DE2A81F4 370488 ----a-w- C:\Windows\System32\drivers\cng.sys 2015-03-10 22:11:06 644905A19D0F37F2233DFCE53BC4BC19 78784 ----a-w- C:\Windows\System32\drivers\mountmgr.sys 2015-03-10 22:10:55 81F97D8F8B3FB94A451CC6F7CF8B2965 50176 ----a-w- C:\Windows\System32\drivers\appid.sys ====== C:\Windows\Tasks ====== 2015-03-18 18:33:32 6D3C5A28ECA991C4F4C553E9F03ADC84 3858 ----a-w- C:\Windows\system32\Tasks\Google Update 2015-03-12 21:31:26 5E3AFFCF07686075997FE67F924A5CE7 3884 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2015-03-12 21:31:26 578EDAD99D370BC3F15076E015AB59C3 3632 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2015-03-12 21:31:26 15ACA5819207144C159AF46C988C77F8 888 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-12 21:31:22 3C440B0138E6472144249762473CE228 884 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-11 20:43:22 F608933F94C0B578D8D569E1F08307B3 3184 ----a-w- C:\Windows\system32\Tasks\{E51BD445-58C5-4BF7-B8F2-B29EF0134AFD} 2015-03-04 20:22:44 EB35BD5932BB3FB3C5A4B9AC07D75D69 3768 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater 2015-03-04 20:22:43 25A72B07FC6804845EEA4DBDF2717218 830 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-03-18 00:55:35 -------- d-----w- C:\Program Files\AVG 2015-03-05 16:36:02 -------- d-----w- C:\Program Files\NVIDIA Corporation ======= C: ===== ====== C:\Users\Student\AppData\Roaming ====== 2015-03-19 02:58:48 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG 2015-03-18 01:59:56 -------- d-----w- C:\Users\Student\AppData\Roaming\AVG 2015-03-18 01:59:51 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Avg 2015-03-18 01:57:38 -------- d-----w- C:\Users\Student\AppData\Local\Avg 2015-03-18 01:06:47 -------- d-----w- C:\Users\Student\AppData\Roaming\TuneUp Software 2015-03-11 20:25:04 -------- d-----w- C:\Users\Student\AppData\Roaming\OAS 2015-03-05 02:33:52 -------- d-----w- C:\Users\Student\AppData\Local\AGKApps 2015-03-04 17:43:02 -------- d-----w- C:\Users\Student\AppData\Roaming\com.fbkc.hdydi 2015-03-03 01:22:07 -------- d-----w- C:\Users\Student\AppData\Roaming\Nifflas 2015-03-01 21:53:50 -------- d-----w- C:\Users\Student\AppData\Locallow\Sony Online Entertainment 2015-03-01 21:53:50 -------- d-----w- C:\Users\Student\AppData\Local\SCE 2015-02-26 23:27:56 -------- d-----w- C:\Users\Student\AppData\Local\LogMeIn 2015-02-25 20:07:04 -------- d-----w- C:\Users\Student\AppData\Local\BoringManGame 2015-02-25 02:02:46 -------- d-----w- C:\Users\Student\AppData\Local\LogMeIn Hamachi 2015-02-25 02:01:51 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\LogMeIn Hamachi 2015-02-23 03:29:08 -------- d-----w- C:\Users\Student\AppData\Roaming\TheBannerSagaFactions ====== C:\Users\Student ====== 2015-03-23 20:08:09 67D890E8DA0A5DB2846B6366172D15A0 1135104 ----a-w- C:\Users\Student\Downloads\FRST (1).exe 2015-03-23 20:04:24 F58676DE827DD9A5F3A44A698E8B4663 2095616 ----a-w- C:\Users\Student\Downloads\FRST64.exe 2015-03-23 20:01:54 2CBD226403B372BE4C38A938B86BC6E3 914735 ----a-w- C:\Users\Student\Downloads\FRST.exe 2015-03-20 22:34:25 31D2409237481996E00505054E68BA3E 21540440 ----a-w- C:\Users\Student\Downloads\mbam-setup-2.1.4.1018.exe 2015-03-20 18:08:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft 2015-03-20 00:45:18 F4732C0A05A0874EE504D9C65622DBD2 35840 --sha-w- C:\Users\Student\Thumbs.db 2015-03-18 01:56:05 -------- d-----w- C:\ProgramData\AVG 2015-03-18 00:19:11 -------- d--h--w- C:\ProgramData\Common Files 2015-03-03 01:22:07 -------- d-----w- C:\ProgramData\Nifflas 2015-02-26 23:27:56 -------- d-----w- C:\ProgramData\LogMeIn 2015-02-25 02:01:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi ====== C: exe-files == 2069-01-15 20:24:24 0E2F2BC05929C9244FC217D3C2D45A53 32881 ----a-w- C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe 2069-01-15 20:24:24 0D56F811AC2C42B2C0A1C0BCCD36CC5C 241777 ----a-w- C:\Program Files\Java\j2re1.4.2_07\bin\jucheck.exe 2015-03-23 23:51:46 BFFF47126551A3F9850F9DBEAB917E4C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2071005352-1963743713-3197600615-1000\$I2MH0CK.exe 2015-03-23 19:14:13 201909180DAD45F828096F2852864431 44544 ----a-w- C:\Users\Student\AppData\Local\Blackboard\Blackboard Collaborate Launcher\Temp\eLiveAS0.tmp\eLiveASBroker64.exe 2015-03-23 19:14:12 2A4616BB168052A4D2E4A370CA8D7D41 41984 ----a-w- C:\Users\Student\AppData\Local\Blackboard\Blackboard Collaborate Launcher\Temp\eLiveAS0.tmp\eLiveASBroker32.exe 2015-03-23 19:14:10 B8D08F0446C7D590043C49302A5DB625 135168 ----a-w- C:\Users\Student\AppData\Local\Blackboard\Blackboard Collaborate Launcher\Temp\eLiveBrowser0.tmp\eLiveBrowser.exe 2015-03-20 22:38:02 A38E9C48F13C11CAB641A0C91F8F12A1 885840 ----a-w- C:\Users\Student\AppData\Local\Google\Update\Install\{50A4C34C-065E-4B3F-BEA5-1F990BE178CF}\41.0.2272.101_41.0.2272.89_chrome_updater.exe 2015-03-20 22:38:01 A38E9C48F13C11CAB641A0C91F8F12A1 885840 ----a-w- C:\Users\Student\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\41.0.2272.101\41.0.2272.101_41.0.2272.89_chrome_updater.exe 2015-03-20 22:12:20 B9FF555660A02DC4D3EAFF58357BE02A 3109248 ----a-w- C:\$Recycle.Bin\S-1-5-21-2071005352-1963743713-3197600615-1000\$R2MH0CK.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2071005352-1963743713-3197600615-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Users\Student\Documents\Book Club\Assigned\Steam\steam.exe -silent" [HKEY_USERS\S-1-5-21-2071005352-1963743713-3197600615-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Users\Student\Documents\Book Club\Assigned\Steam\steam.exe -silent" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "IME14 CHS Setup"="C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHS /Log" "IME14 CHT Setup"="C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log" "IME14 JPN Setup"="C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log" "IME14 KOR Setup"="C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /KOR /Log" "HP Quick Launch"="C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\udaterui.exe /StartedFromRunKey" "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE /STANDALONE" "1"="C:\K12\Software\run\K12Activation.exe" "2"="C:\K12\Software\run\K12McAfeeTray.exe" "3"="C:\K12\Software\run\K12VersionTray.exe" "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" "LogMeIn Hamachi Ui"="C:\hamachi-2-ui.exe --auto-start" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Users\Student\Documents\Book Club\Assigned\Steam\steam.exe -silent" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SysTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SysTrayApp" "hkey"="HKLM" "command"="C:\\Program Files\\IDT\\WDM\\sttray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TkBellExe" "hkey"="HKLM" "command"="\"C:\\Program Files\\Real\\RealPlayer\\Update\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RealNetworks Downloader Resolver Service] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "Google Update"="\"C:\\Users\\Student\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" "ninja VOD"="C:\\Users\\Student\\AppData\\Local\\ninjaVOD\\ninja VOD\\1.3.17.3\\ninjavod.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [03/04/2015 01:50 PM] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/16/2013 03:12 PM] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/16/2013 03:12 PM] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2071005352-1963743713-3197600615-1000Core.job --a------ C:\Users\Student\AppData\Local\Google\Update\GoogleUpdate.exe [09/18/2014 01:20 PM] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2071005352-1963743713-3197600615-1000UA.job --a------ C:\Users\Student\AppData\Local\Google\Update\GoogleUpdate.exe [09/18/2014 01:20 PM] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\cleanup" [C:\Windows\System32\sysprep\clean.vbs] "C:\Windows\system32\tasks\Google Update" [C:\Users\Student\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2071005352-1963743713-3197600615-1000Core" [C:\Users\Student\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2071005352-1963743713-3197600615-1000UA" [C:\Users\Student\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\timezone" [c:\k12\software\k12timezone.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{09A2FAD0-F1CE-4B12-94E3-6DCD7438DD63}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103 user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\Student\AppData\Roaming\Nvu\Profiles\x6g5vjkc.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{D19CA586-DD6C-4a0a-96F8-14644F340D60}"="C:\Program Files\Common Files\McAfee\SystemCore" [03/24/2015 09:33 AM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Student\AppData\Roaming\Nvu\Profiles\x6g5vjkc.default - Undetermined - %ProfilePath%\extensions\installed-extensions.txt - Nvu default - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103 886C8C9F4779D6BFB4724FDBC32C3404 - C:\Program Files\Google\Update\1.3.26.7\npGoogleUpdate3.dll - Google Update 886C8C9F4779D6BFB4724FDBC32C3404 - C:\Users\Student\AppData\Local\Google\Update\1.3.26.7\npGoogleUpdate3.dll - Google Update C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash 6D657ABADF217DBB17CF0A0AF44A7E29 - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll - Nexon Game Controller 0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U51 26F7A6A55F76EE478C1484FDFB01B658 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3 751C8C238F4BD764E5A047E385B657E7 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3 16112E74A62381C69456566D35F9E51E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3 BB28A86CDFFFBB041C72AD9EFEAA00D0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3 2DA7883A884BE60F9EB2810F67E0E361 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3 DE5507DBA44CC5B6869205871B64A587 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3 419680FCE774976FD752EB425D91AEDF - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3 66640A55AEFF3819C94E0A8D40D7E0AD - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa 28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight ==== Fake Chromium Profiles Check ====================== Fake profile C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[07/14/2014 07:22 PM] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions fcfenmboojpjinhpgggodefccipikbpd - No path found[] Chrome Hotword Shared Module - Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Skype Click to Call - Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Startpages ====================== C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": " ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" ==== Reset Google Chrome ====================== C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140516195256.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [iME14 CHS Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHS /Log O4 - HKLM\..\Run: [iME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log O4 - HKLM\..\Run: [iME14 JPN Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log O4 - HKLM\..\Run: [iME14 KOR Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /KOR /Log O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [1] C:\K12\Software\run\K12Activation.exe O4 - HKLM\..\Run: [2] C:\K12\Software\run\K12McAfeeTray.exe O4 - HKLM\..\Run: [3] C:\K12\Software\run\K12VersionTray.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\hamachi-2-ui.exe" --auto-start O4 - HKCU\..\Run: [steam] "C:\Users\Student\Documents\Book Club\Assigned\Steam\steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://support.blackboardcollaborate.com O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\hamachi-2.exe (file missing) O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe ==== Empty IE Cache ====================== C:\Users\Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Student\AppData\Local\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103\Cache emptied successfully C:\Users\Student\AppData\Local\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=131 folders=50 167997097 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Student\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Student\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\hamachi-2.exesearch" not found "C:\LMIGuardianSvc.exesearch" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on Tue 03/24/2015 at 11:11:36.20 ====================== It appears that the virus has been removed...there are no more popups or adds anymore! I'll keep you posted after a few more hours, but I think it's worked. Thank you so much!
  13. dr_glove
    Addition.txt I guess I didn't click 'add to post' - sorry!
  14. dr_glove
    Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 3/23/2015 Scan Time: 12:16:10 PM Logfile: Administrator: Yes Version: 2.01.4.1018 Malware Database: v2015.03.23.06 Rootkit Database: v2015.02.25.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Student Scan Type: Threat Scan Result: Completed Objects Scanned: 317541 Time Elapsed: 39 min, 2 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Student (administrator) on K12-5CB21022D2 on 23-03-2015 13:12:42 Running from C:\Users\Student\Downloads Loaded Profiles: Student (Available profiles: Student) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 10 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEDICTUPDATE.EXE (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe (CDW Corporation) C:\K12\Software\run\K12McAfeeTray.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (CDW Corporation) C:\K12\Software\run\K12VersionTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (LogMeIn Inc.) C:\hamachi-2-ui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe (LogMeIn, Inc.) C:\LMIGuardianSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CDW Corporation) C:\K12\Software\K12TimeZone.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Absolute Software Corp.) C:\Windows\System32\rpcnet.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (LogMeIn Inc.) C:\hamachi-2.exe (LogMeIn, Inc.) C:\LMIGuardianSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Student\Downloads\FRST (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [iME14 CHS Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation) HKLM\...\Run: [iME14 CHT Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation) HKLM\...\Run: [iME14 JPN Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation) HKLM\...\Run: [iME14 KOR Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation) HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [333120 2011-06-08] (McAfee, Inc.) HKLM\...\Run: [shStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.) HKLM\...\Run: [1] => C:\K12\Software\run\K12Activation.exe [24064 2014-05-27] () HKLM\...\Run: [2] => C:\K12\Software\run\K12McAfeeTray.exe [10752 2013-05-09] (CDW Corporation) HKLM\...\Run: [3] => C:\K12\Software\run\K12VersionTray.exe [10240 2014-04-24] (CDW Corporation) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2408176 2013-03-09] (Synaptics Incorporated) HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3723728 2015-03-06] (AVG Technologies CZ, s.r.o.) HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\Run: [steam] => C:\Users\Student\Documents\Book Club\Assigned\Steam\steam.exe [2874048 2015-02-18] (Valve Corporation) HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\MountPoints2: {af212536-6372-11e4-9623-009c022083fc} - F:\LG_PC_Programs.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation) BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140516195256.dll [2014-05-16] (McAfee, Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation) DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 10.255.255.33 10.255.255.32 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103 FF NewTab: FF Homepage: login-learn.k12.com/accessui/login.do?__actionName=view FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-04] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-02-12] (Nexon) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-03-12] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-03-12] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2071005352-1963743713-3197600615-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Student\AppData\Local\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-03-12] (Google Inc.) FF Plugin HKU\S-1-5-21-2071005352-1963743713-3197600615-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Student\AppData\Local\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-03-12] (Google Inc.) FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore [2014-05-16] Chrome: ======= CHR dev: Chrome dev build detected! "https://login-learn.k12.com/accessui/login.do?__actionName=view" CHR Profile: C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16] CHR Extension: (Skype Click to Call) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-10] CHR Extension: (Google Wallet) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-16] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome.7C75HJRIIEE6ZH27USYGWOPPXE - C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgfws; C:\Program Files\AVG\AVG2015\avgfws.exe [1516968 2015-03-06] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-06] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-06] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [236840 2015-02-26] (EasyAntiCheat Ltd) R2 Hamachi2Svc; C:\hamachi-2.exe [1848680 2015-02-17] (LogMeIn Inc.) R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [59760 2010-10-20] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [132416 2011-06-08] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [167344 2014-05-16] (McAfee, Inc.) R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [159640 2014-05-16] (McAfee, Inc.) R2 rpcnet; C:\Windows\system32\rpcnet.exe [69792 2014-04-09] (Absolute Software Corp.) S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282709 2011-05-11] (IDT, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [66688 2011-04-15] (Advanced Micro Devices) R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [28800 2011-04-15] (Advanced Micro Devices) R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [48920 2014-12-03] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [224736 2015-02-24] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-02-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210912 2015-02-25] (AVG Technologies CZ, s.r.o.) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2015-02-16] (LogMeIn, Inc.) S3 johci; C:\Windows\system32\drivers\johci.sys [23640 2011-02-09] (JMicron Technology Corp.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-23] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2014-05-16] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [215024 2014-05-16] (McAfee, Inc.) R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59616 2014-05-16] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [477584 2014-05-16] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87816 2014-05-16] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [180720 2014-05-16] (McAfee, Inc.) R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [251496 2011-02-15] (Realtek Semiconductor Corp.) R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [982632 2011-06-15] (Realtek Semiconductor Corporation ) S3 cpuz134; \??\C:\Users\Student\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] U3 mfeavfk01; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-23 13:12 - 2015-03-23 13:17 - 00017433 _____ () C:\Users\Student\Downloads\FRST.txt 2015-03-23 13:10 - 2015-03-23 13:13 - 00000000 ____D () C:\FRST 2015-03-23 13:08 - 2015-03-23 13:09 - 01135104 _____ (Farbar) C:\Users\Student\Downloads\FRST (1).exe 2015-03-23 13:04 - 2015-03-23 13:05 - 02095616 _____ (Farbar) C:\Users\Student\Downloads\FRST64.exe 2015-03-23 13:01 - 2015-03-23 13:02 - 00914735 _____ () C:\Users\Student\Downloads\FRST.exe 2015-03-23 12:08 - 2015-03-23 12:08 - 00010686 _____ () C:\Users\Student\Downloads\meeting (31).collab 2015-03-23 11:22 - 2015-03-23 11:22 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (90).collab 2015-03-20 16:30 - 2015-03-23 10:06 - 00000448 _____ () C:\Windows\setupact.log 2015-03-20 16:30 - 2015-03-21 13:50 - 00004314 _____ () C:\Windows\PFRO.log 2015-03-20 16:30 - 2015-03-20 16:30 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-20 15:42 - 2015-03-23 12:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-20 15:39 - 2015-03-20 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-03-20 15:38 - 2015-03-20 15:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2015-03-20 15:38 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-20 15:38 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-20 15:38 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-20 15:34 - 2015-03-20 15:36 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Student\Downloads\mbam-setup-2.1.4.1018.exe 2015-03-20 15:12 - 2015-03-20 15:12 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Student\Downloads\SpyHunter-Installer.exe 2015-03-20 11:57 - 2015-03-20 11:57 - 00000000 ____D () C:\Users\Student\AppData\Roaming\ParetoLogic 2015-03-20 11:08 - 2015-03-20 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft 2015-03-19 17:45 - 2015-03-20 12:12 - 00035840 ___SH () C:\Users\Student\Thumbs.db 2015-03-18 09:57 - 2015-03-22 17:21 - 00000000 ____D () C:\Users\Student\Documents\New Writings 2015-03-17 18:59 - 2015-03-17 18:59 - 00000000 ____D () C:\Users\Student\AppData\Roaming\AVG 2015-03-17 18:57 - 2015-03-17 18:57 - 00000000 ____D () C:\Users\Student\AppData\Local\Avg 2015-03-17 18:56 - 2015-03-17 19:01 - 00000000 ____D () C:\ProgramData\AVG 2015-03-17 18:11 - 2015-03-17 18:11 - 00000000 ____D () C:\Users\Student\AppData\Roaming\AVG2015 2015-03-17 18:06 - 2015-03-17 18:06 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2015.lnk 2015-03-17 18:06 - 2015-03-17 18:06 - 00000000 ____D () C:\Users\Student\AppData\Roaming\TuneUp Software 2015-03-17 18:06 - 2015-03-17 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-03-17 17:59 - 2015-03-17 18:08 - 00000000 ____D () C:\ProgramData\AVG2015 2015-03-17 17:59 - 2015-03-17 17:59 - 00000000 ___HD () C:\$AVG 2015-03-17 17:55 - 2015-03-17 18:59 - 00000000 ____D () C:\Program Files\AVG 2015-03-17 17:19 - 2015-03-23 13:15 - 00000000 ____D () C:\ProgramData\MFAData 2015-03-17 17:19 - 2015-03-18 12:06 - 00000000 ____D () C:\Users\Student\AppData\Local\Avg2015 2015-03-17 17:19 - 2015-03-17 17:19 - 00000000 ____D () C:\Users\Student\AppData\Local\MFAData 2015-03-17 17:01 - 2015-03-17 17:02 - 04816784 _____ (AVG Technologies) C:\Users\Student\Documents\avg_free_stb_all_5856p1_177.exe 2015-03-16 16:40 - 2015-03-16 16:40 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (89).collab 2015-03-16 16:02 - 2015-03-16 16:02 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (88).collab 2015-03-16 12:23 - 2015-03-16 12:23 - 00010686 _____ () C:\Users\Student\Downloads\meeting (30).collab 2015-03-16 12:11 - 2015-03-16 12:11 - 00010686 _____ () C:\Users\Student\Downloads\meeting (29).collab 2015-03-16 11:37 - 2015-03-16 11:37 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (87).collab 2015-03-13 15:00 - 2015-03-13 15:00 - 00000000 _____ () C:\Users\Student\Downloads\hs_err_pid6656.log 2015-03-13 14:59 - 2015-03-13 14:59 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (86).collab 2015-03-12 14:31 - 2015-03-23 12:36 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-12 14:31 - 2015-03-23 10:06 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-12 14:30 - 2015-03-12 14:31 - 00000000 ____D () C:\Program Files\GUM752F.tmp 2015-03-11 13:33 - 2015-03-11 13:33 - 00000000 ____D () C:\Program Files\system app 2015-03-11 13:31 - 2015-03-17 18:24 - 00000000 ____D () C:\Users\Student\AppData\Local\28AAD45F-F322-324C-80AD-37E9A78C1978 2015-03-11 13:25 - 2015-03-12 18:10 - 00000000 ____D () C:\Users\Student\AppData\Roaming\OAS 2015-03-11 13:12 - 2015-03-11 13:12 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (85).collab 2015-03-10 15:19 - 2015-03-10 15:19 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (84).collab 2015-03-10 15:19 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-10 15:19 - 2015-01-30 20:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-10 15:19 - 2015-01-30 20:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-03-10 15:19 - 2015-01-30 17:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-10 15:16 - 2015-02-20 22:31 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-10 15:16 - 2015-02-20 22:31 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-10 15:16 - 2015-02-20 22:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-10 15:16 - 2015-02-20 22:31 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-10 15:16 - 2015-02-20 22:30 - 14380544 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-10 15:16 - 2015-02-20 22:30 - 13768704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-10 15:16 - 2015-02-20 22:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-10 15:16 - 2015-02-20 22:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-10 15:16 - 2015-02-20 22:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-03-10 15:16 - 2015-02-20 22:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-10 15:16 - 2015-02-20 22:30 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-10 15:16 - 2015-02-20 22:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-10 15:16 - 2015-02-20 22:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-10 15:16 - 2015-02-20 22:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-03-10 15:16 - 2015-02-20 22:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-10 15:16 - 2015-02-20 22:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-10 15:16 - 2015-02-20 22:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-10 15:16 - 2015-02-20 22:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-10 15:16 - 2015-02-20 22:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-10 15:16 - 2015-02-20 22:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-10 15:16 - 2015-02-20 22:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-10 15:16 - 2015-02-20 22:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-10 15:16 - 2015-02-20 21:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-03-10 15:16 - 2015-02-20 21:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-03-10 15:14 - 2015-02-25 20:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-10 15:14 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-10 15:14 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-10 15:12 - 2015-03-05 22:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-10 15:12 - 2015-03-05 22:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-10 15:12 - 2015-03-05 22:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-10 15:12 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-10 15:12 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-10 15:12 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-10 15:12 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-10 15:12 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-10 15:12 - 2015-03-05 22:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-10 15:12 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-10 15:12 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-10 15:12 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-10 15:12 - 2015-03-05 22:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-10 15:12 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-10 15:12 - 2015-03-05 22:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-10 15:12 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-10 15:12 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-10 15:12 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-10 15:12 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-10 15:11 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-10 15:11 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-10 15:11 - 2015-02-19 21:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-10 15:11 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-10 15:11 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-10 15:11 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-10 15:11 - 2015-02-02 20:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-10 15:11 - 2015-02-02 20:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-10 15:11 - 2015-02-02 20:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-10 15:11 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-10 15:11 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-10 15:11 - 2015-02-02 20:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-10 15:11 - 2015-02-02 20:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-10 15:11 - 2015-01-30 16:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-10 15:11 - 2014-10-31 15:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-10 15:11 - 2014-06-27 17:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-10 15:11 - 2014-06-27 17:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-10 15:10 - 2015-02-02 20:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-10 15:10 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-10 15:10 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-10 15:10 - 2015-02-02 20:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-10 15:10 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-10 15:10 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-10 15:10 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-10 15:10 - 2015-02-02 20:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-10 15:10 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-10 15:10 - 2015-02-02 20:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-10 15:10 - 2015-02-02 20:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-10 15:10 - 2015-02-02 20:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-10 15:10 - 2015-02-02 20:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-10 15:10 - 2015-02-02 20:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-10 15:10 - 2015-02-02 20:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-10 15:10 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-10 15:10 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-10 15:10 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-10 15:10 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-10 15:10 - 2015-02-02 20:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-10 15:10 - 2015-02-02 20:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-10 15:10 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-10 15:10 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-10 15:10 - 2015-02-02 20:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-10 15:10 - 2015-02-02 20:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-10 15:10 - 2015-02-02 20:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-10 15:10 - 2015-02-02 20:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-10 15:10 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-10 15:10 - 2015-02-02 20:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-10 15:10 - 2015-02-02 19:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-09 10:28 - 2015-03-09 10:28 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (83).collab 2015-03-09 10:25 - 2015-03-09 10:25 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (82).collab 2015-03-06 14:48 - 2015-03-06 14:48 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (81).collab 2015-03-05 09:36 - 2015-03-12 18:06 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-03-05 09:36 - 2015-02-26 18:29 - 00236840 _____ (EasyAntiCheat Ltd) C:\Windows\system32\EasyAntiCheat.exe 2015-03-04 13:25 - 2015-03-04 13:25 - 00010688 _____ () C:\Users\Student\Downloads\meeting (28).collab 2015-03-04 13:22 - 2015-03-23 12:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-04 13:09 - 2015-03-04 13:09 - 00010688 _____ () C:\Users\Student\Downloads\meeting (27).collab 2015-03-04 13:00 - 2015-03-04 13:00 - 00010686 _____ () C:\Users\Student\Downloads\meeting (26).collab 2015-03-04 10:43 - 2015-03-04 10:43 - 00000000 ____D () C:\Users\Student\AppData\Roaming\com.fbkc.hdydi 2015-03-03 15:34 - 2015-03-03 15:34 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (80).collab 2015-03-03 14:15 - 2015-03-03 14:15 - 00032534 _____ () C:\Users\Student\Downloads\hs_err_pid1824.log 2015-03-03 14:15 - 2015-03-03 14:15 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (79).collab 2015-03-03 14:09 - 2015-03-03 14:09 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (78).collab 2015-03-02 18:22 - 2015-03-02 18:22 - 00000000 ____D () C:\Users\Student\AppData\Roaming\Nifflas 2015-03-02 18:22 - 2015-03-02 18:22 - 00000000 ____D () C:\ProgramData\Nifflas 2015-03-02 14:50 - 2015-03-02 14:50 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (77).collab 2015-03-02 13:10 - 2015-03-02 13:10 - 00010688 _____ () C:\Users\Student\Downloads\meeting (25).collab 2015-03-02 13:01 - 2015-03-02 13:01 - 00010686 _____ () C:\Users\Student\Downloads\meeting (24).collab 2015-03-01 14:53 - 2015-03-01 14:53 - 00000000 ____D () C:\Users\Student\AppData\Local\SCE 2015-02-28 14:42 - 2015-02-16 17:20 - 00026176 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-02-27 15:39 - 2015-02-27 15:39 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (76).collab 2015-02-27 14:54 - 2015-02-27 14:54 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (75).collab 2015-02-27 14:50 - 2015-02-27 14:50 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (74).collab 2015-02-26 16:27 - 2015-02-26 16:27 - 00000000 ____D () C:\Users\Student\AppData\Local\LogMeIn 2015-02-26 16:27 - 2015-02-26 16:27 - 00000000 ____D () C:\ProgramData\LogMeIn 2015-02-25 17:28 - 2015-02-25 17:28 - 00210912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys 2015-02-25 13:07 - 2015-02-25 13:23 - 00000000 ____D () C:\Users\Student\AppData\Local\BoringManGame 2015-02-25 12:09 - 2015-02-25 12:09 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (73).collab 2015-02-24 19:02 - 2015-03-23 10:12 - 00000000 ____D () C:\Users\Student\AppData\Local\LogMeIn Hamachi 2015-02-24 19:01 - 2015-02-24 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-02-24 16:46 - 2015-02-24 16:46 - 00224736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys 2015-02-24 16:38 - 2015-02-24 16:38 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (72).collab 2015-02-23 17:14 - 2015-02-23 17:14 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (71).collab 2015-02-23 16:56 - 2015-02-23 16:56 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (70).collab 2015-02-23 15:12 - 2015-02-23 15:12 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (69).collab 2015-02-23 13:27 - 2015-02-23 13:27 - 00010592 _____ () C:\Users\Student\Downloads\nativeplayback (68).collab 2015-02-22 20:29 - 2015-02-22 20:29 - 00000000 ____D () C:\Users\Student\AppData\Roaming\TheBannerSagaFactions ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-23 12:35 - 2014-09-18 13:20 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2071005352-1963743713-3197600615-1000UA.job 2015-03-23 10:19 - 2014-04-09 10:30 - 00000157 __RSH () C:\ProgramData\3002.xml 2015-03-23 10:14 - 2009-07-13 21:34 - 00036336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-23 10:14 - 2009-07-13 21:34 - 00036336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-23 10:07 - 2014-04-09 10:28 - 00069792 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll 2015-03-23 10:07 - 2014-04-09 10:20 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe 2015-03-23 10:06 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-22 17:24 - 2014-09-18 11:00 - 01558724 _____ () C:\Windows\WindowsUpdate.log 2015-03-22 15:23 - 2014-09-18 13:20 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2071005352-1963743713-3197600615-1000Core.job 2015-03-22 11:37 - 2015-02-04 19:52 - 00000000 ____D () C:\Users\Student\AppData\Roaming\Skype 2015-03-20 15:38 - 2013-04-16 15:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-20 14:33 - 2013-04-10 18:59 - 00000000 ____D () C:\Users\Student 2015-03-20 12:56 - 2014-12-16 14:18 - 00000000 ____D () C:\Quarantine 2015-03-20 11:21 - 2015-01-26 13:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-18 13:15 - 2014-12-16 14:16 - 00000000 ____D () C:\ProgramData\diffpmcfhkkpcfpnpglgimpdkjdehjgg 2015-03-18 13:06 - 2015-02-02 17:16 - 00000000 ____D () C:\Users\Student\Documents\Do u even Starbomb 2015-03-18 11:32 - 2013-04-10 19:53 - 00000000 ____D () C:\Windows\Panther 2015-03-18 09:58 - 2014-09-19 09:06 - 00000000 ____D () C:\Users\Student\Documents\Online Learning 2015-03-17 09:00 - 2015-02-14 13:19 - 00000000 ____D () C:\Users\Student\Documents\My Games 2015-03-16 10:56 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-13 10:20 - 2014-10-24 12:43 - 00000000 ____D () C:\Users\Student\Documents\Book Club 2015-03-12 18:19 - 2010-11-20 14:01 - 00781782 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-12 18:13 - 2014-04-09 10:21 - 00017920 _____ () C:\Windows\system32\rpcnetp.dll 2015-03-12 18:12 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-03-12 18:09 - 2015-02-14 13:05 - 00000000 ____D () C:\Program Files\AGEIA Technologies 2015-03-12 18:09 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration 2015-03-12 18:09 - 2009-07-13 19:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-03-12 18:07 - 2013-04-12 20:09 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-11 16:03 - 2009-07-13 21:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-03-11 13:47 - 2009-07-13 21:33 - 00551080 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-05 18:35 - 2014-09-19 08:56 - 00000000 ____D () C:\Users\Student\Documents\Physical Education 2015-03-05 09:59 - 2015-02-06 17:58 - 00000000 ____D () C:\Users\Student\AppData\Roaming\RenPy 2015-03-04 13:50 - 2013-04-16 14:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-03-04 13:50 - 2013-04-16 14:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-03-02 13:03 - 2014-01-30 04:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-03-01 15:12 - 2015-02-12 12:07 - 00000000 ____D () C:\Users\Student\AppData\Local\Airscape 2015-02-28 14:31 - 2015-02-12 18:02 - 00000000 ____D () C:\Users\Student\Documents\Mabinogi 2015-02-27 14:59 - 2013-04-12 19:54 - 00136848 _____ () C:\Users\Student\AppData\Local\GDIPFONTCACHEV1.DAT ==================== Files in the root of some directories ======= 2015-03-20 11:57 - 2015-03-20 13:43 - 0000115 _____ () C:\Users\Student\AppData\Roaming\LogFile.txt 2015-02-04 18:41 - 2015-02-05 17:24 - 0001769 _____ () C:\Users\Student\AppData\Roaming\SpeedRunnersLog.txt 2014-04-09 10:30 - 2014-11-07 11:28 - 0026784 __RSH () C:\ProgramData\3002.abs 2014-04-09 10:30 - 2015-03-23 10:19 - 0000157 __RSH () C:\ProgramData\3002.xml ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-02 09:12 ==================== End Of Log ============================
  15. dr_glove
    Hello, I am unable to remove CloudScout from my computer, and I've run a few anti-virus scans on it - McAfee, and various other ones that I downloaded when I looked up how to remove this virus (as well as MalwareBytes). (Please forgive me if downloads form the other temporary anti-virus scans might interfere with the data, as I didn't know that could be a problem until now.) Still, though I've run the scans, I am unable to remove it, or the virus might be temporarily removed, and then comes back right after I restart my computer. It's frustrating, as I've spent an entire week on trying to get this pesky program removed from my computer, but I believe the longer I worked on it, the more it binded itself to my computer. It's becoming more and more difficult to find help, since the silly ads keep popping up and opening random tabs every time I click something. I don't have the money to buy the full version of Malware Bytes, so is there anything else I could do? Please reply at your earliest convenience. Thank you, Mylene
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.