Jump to content

Recommended Posts

Hello,

 

I'm not sure exactly if I'm infected or not, but my computer has been running extremely slow lately. Programs have been unexpectedly "unresponding" and there is a massive lag even as I type this. I believe even my music player is corrupted. But I'm not sure if I'm infected or just have too many files and such on this computer...

 

Please guide me as how I may be able to fix this problem.

 

Thank you very much. 

Link to post
Share on other sites

Hello and welcome to Malwarebytes.org

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Settings.JPG
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.



Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!



Let me see those logs in your reply....

Thank you,

Kevin...
 

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/30/2015
Scan Time: 2:13 PM
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.30.08
Rootkit Database: v2015.09.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Student
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322773
Time Elapsed: 57 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01
Ran by Student (administrator) on K12-5CB21022D2 (30-09-2015 15:17:54)
Running from C:\Users\Student\Downloads
Loaded Profiles: Student (Available Profiles: Student)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEDICTUPDATE.EXE
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(CDW Corporation) C:\K12\Software\run\K12McAfeeTray.exe
(CDW Corporation) C:\K12\Software\run\K12VersionTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Users\Student\Documents\My Stuff\Steam\Steam.exe
(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Valve Corporation) C:\Users\Student\Documents\Book Club\Assigned\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamresearch.exe
(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Google Inc.) C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [iME14 CHS Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [iME14 CHT Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [iME14 JPN Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [iME14 KOR Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [333120 2011-06-08] (McAfee, Inc.)
HKLM\...\Run: [shStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM\...\Run: [1] => C:\K12\Software\run\K12Activation.exe [24064 2014-05-27] ()
HKLM\...\Run: [2] => C:\K12\Software\run\K12McAfeeTray.exe [10752 2013-05-09] (CDW Corporation)
HKLM\...\Run: [3] => C:\K12\Software\run\K12VersionTray.exe [10240 2014-04-24] (CDW Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2408176 2013-03-09] (Synaptics Incorporated)
HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\Run: [steam] => "C:\Users\Student\Documents\Book Club\Assigned\Steam\steam.exe" -silent
HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\Run: [Google Update] => C:\Users\Student\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\Run: [GoogleChromeAutoLaunch_86ACF41A1CCE93D4F9FB7D1A99F82FF8] => C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe [815944 2015-09-23] (Google Inc.)
HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\MountPoints2: {af212536-6372-11e4-9623-009c022083fc} - D:\LG_PC_Programs.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.255.255.33 10.255.255.32
Tcpip\..\Interfaces\{7C7CA79F-F37E-474B-B859-E68B3A12A7A6}: [DhcpNameServer] 10.255.255.33 10.255.255.32
Tcpip\..\Interfaces\{F1E57062-B78F-4E6B-9874-19E4B01944A0}: [DhcpNameServer] 172.21.0.55 172.21.0.60
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2071005352-1963743713-3197600615-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2071005352-1963743713-3197600615-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140516195256.dll [2014-05-16] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103
FF DefaultSearchEngine.US: Search Provided by Yahoo
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0Dzy0EyB0C0Fzz0DyCtAyEtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0E0AtAzytBtB0CtGyDtA0FtCtGzztCtB0AtGyEzyyEtBtGyE0AtAyBzy0CtB0A0BtC0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDzy0A0E0CtCyBtG0CzztAzztGyEtD0B0CtGzzyEyC0BtGtA0A0DyB0E0FtD0EyEyEtA0C2QtN0A0LzuyE%26cr%3D420873958%26a%3Dwny_ir_15_15%26os%3DWindows 7 Professional
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-25] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-02-12] (Nexon)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2071005352-1963743713-3197600615-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Student\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2071005352-1963743713-3197600615-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Student\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF user.js: detected! => C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103\user.js [2015-04-09]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore [2014-05-16]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_15&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0Dzy0EyB0C0Fzz0DyCtAyEtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0E0AtAzytBtB0CtGyDtA0FtCtGzztCtB0AtGyEzyyEtBtGyE0AtAyBzy0CtB0A0BtC0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDzy0A0E0CtCyBtG0CzztAzztGyEtD0B0CtGzzyEyC0BtGtA0A0DyB0E0FtD0EyEyEtA0C2QtN0A0LzuyE%26cr%3D420873958%26a%3Dwny_ir_15_15%26os%3DWindows 7 Professional"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-24]
CHR Extension: (Google Docs) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-24]
CHR Extension: (Google Drive) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-24]
CHR Extension: (YouTube) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-24]
CHR Extension: (APK Downloader) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2015-07-10]
CHR Extension: (Google Search) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-24]
CHR Extension: (Google Sheets) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-24]
CHR Extension: (XKit) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2015-04-09]
CHR Extension: (Google Docs Offline) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-24]
CHR Extension: (Skype Click to Call) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-24]
CHR Extension: (Gmail) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-24]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.7C75HJRIIEE6ZH27USYGWOPPXE - C:\Users\Student\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [59760 2010-10-20] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [132416 2011-06-08] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [167344 2014-05-16] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [159640 2014-05-16] (McAfee, Inc.)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-16] (Absolute Software Corp.)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282709 2011-05-11] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [66688 2011-04-15] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [28800 2011-04-15] (Advanced Micro Devices)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2015-02-16] (LogMeIn, Inc.)
S3 johci; C:\Windows\system32\drivers\johci.sys [23640 2011-02-09] (JMicron Technology Corp.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2014-05-16] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [215024 2014-05-16] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59616 2014-05-16] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [477584 2014-05-16] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87816 2014-05-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [180720 2014-05-16] (McAfee, Inc.)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [251496 2011-02-15] (Realtek Semiconductor Corp.)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [982632 2011-06-15] (Realtek Semiconductor Corporation                           )
S3 cpuz134; \??\C:\Users\Student\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
U3 mfeavfk01; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-30 15:17 - 2015-09-30 15:18 - 00019850 _____ C:\Users\Student\Downloads\FRST.txt
2015-09-30 15:17 - 2015-09-30 15:18 - 00000000 ____D C:\FRST
2015-09-30 13:00 - 2015-09-30 13:27 - 00000000 ____D C:\Users\Student\Documents\My Stuff
2015-09-29 18:36 - 2015-09-29 18:37 - 01696256 _____ (Farbar) C:\Users\Student\Downloads\FRST.exe
2015-09-29 16:08 - 2015-09-29 16:08 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-29 14:54 - 2015-09-29 14:54 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (33).collab
2015-09-29 14:42 - 2015-09-29 14:42 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (32).collab
2015-09-29 14:23 - 2015-09-29 14:23 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (31).collab
2015-09-28 18:30 - 2015-09-28 18:33 - 75869701 _____ C:\Users\Student\Downloads\TGM REALLY NOW.mp4
2015-09-28 16:47 - 2015-09-28 16:51 - 70863870 _____ C:\Users\Student\Downloads\[HD] GOT7 Laugh Laugh Laugh MV.mp4
2015-09-28 14:20 - 2015-09-28 14:23 - 76902798 _____ C:\Users\Student\Downloads\GOT7 '니가 하면(If You Do)' M-V.mp4
2015-09-28 14:08 - 2015-09-28 14:08 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback.jnlp
2015-09-26 17:43 - 2015-09-26 17:44 - 64669683 _____ C:\Users\Student\Downloads\WAVEYA NICKI MINAJ (ft.BEYONCE)- FEELING MYSELF cover dance.mp4
2015-09-26 17:36 - 2015-09-26 17:40 - 236151504 _____ C:\Users\Student\Downloads\TO BE SASAENG OR BE STALKED BY SASAENG - #ASKJRE.mp4
2015-09-26 17:10 - 2015-09-26 17:17 - 725267511 _____ C:\Users\Student\Downloads\videoplayback (2).mp4
2015-09-26 16:51 - 2015-09-26 16:55 - 245860207 _____ C:\Users\Student\Downloads\After School Club - BTS(방탄소년단) - Full Episode (2).mp4
2015-09-26 16:35 - 2015-09-26 16:50 - 933674071 _____ C:\Users\Student\Downloads\After School Club - BTS(방탄소년단) - Full Episode (1).mp4
2015-09-26 16:22 - 2015-09-26 16:34 - 815891165 _____ C:\Users\Student\Downloads\After School Club - BTS(방탄소년단) - Full Episode.mp4
2015-09-26 15:56 - 2015-09-26 16:08 - 1135629737 _____ C:\Users\Student\Downloads\After School Club(Ep.159) - Bangtan Boys(방탄소년단) BTS - Full Episode.mp4
2015-09-25 20:18 - 2015-09-25 20:22 - 09957947 _____ ( ) C:\Users\Student\Downloads\ffmpeg-win-2.2.2 (1).exe
2015-09-25 17:13 - 2015-09-25 17:19 - 104129901 _____ C:\Users\Student\Downloads\Korean guys react to Nicki minaj Anaconda (ENG sub).mp4
2015-09-24 15:23 - 2015-09-24 15:25 - 60186432 _____ C:\Users\Student\Downloads\Waveya_ 제시 쎈언니 Jessi SSENUNNI cover dance.mp4
2015-09-23 14:21 - 2015-09-23 14:24 - 66580362 _____ C:\Users\Student\Downloads\Because I'm the Best-Roll Deep - HyunA ft. Ilhoon (BtoB) [Han,Rom,Eng] Lyrics.mp4
2015-09-23 14:12 - 2015-09-23 14:16 - 80249543 _____ C:\Users\Student\Downloads\HYUNA(현아) - '잘나가서 그래 (Feat. 정일훈 Of BTOB)' (Roll Deep) M-V.mp4
2015-09-23 13:52 - 2015-09-23 13:55 - 63819615 _____ C:\Users\Student\Downloads\방탄소년단 'I NEED U' Dance Practice.mp4
2015-09-23 13:46 - 2015-09-23 13:47 - 32139706 _____ C:\Users\Student\Downloads\WAVEYA BTS (방탄소년단) I Need U - dance practice.mp4
2015-09-23 13:09 - 2015-09-23 13:09 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (30).collab
2015-09-23 13:07 - 2015-09-23 13:07 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (29).collab
2015-09-23 12:57 - 2015-09-23 12:57 - 00010762 _____ C:\Users\Student\Downloads\meeting (10).collab
2015-09-22 17:36 - 2015-09-22 17:39 - 52870382 _____ C:\Users\Student\Downloads\SGKPOPCON 2015 AUDITION  A-Team.mp4
2015-09-22 17:34 - 2015-09-22 17:36 - 30780479 _____ C:\Users\Student\Downloads\Blady- Blood Type B Girl Dance Cover (Requested).mp4
2015-09-22 17:19 - 2015-09-22 17:34 - 72694811 _____ C:\Users\Student\Downloads\Blady - Blood Type B Girl, 블레이디 - B형 여자, Music Core 20140125.mp4
2015-09-22 17:15 - 2015-09-22 17:18 - 65741314 _____ C:\Users\Student\Downloads\[MV] Blady (블레이디) - B형여자 (Blood Type B Girl).mp4
2015-09-22 16:02 - 2015-09-22 16:06 - 96645355 _____ C:\Users\Student\Downloads\Nicki Minaj, Cassie - The Boys (Clean).mp4
2015-09-22 15:02 - 2015-09-22 15:07 - 98316217 _____ C:\Users\Student\Downloads\Nicki Minaj, Cassie - The Boys (Explicit).mp4
2015-09-22 12:32 - 2015-09-22 12:32 - 00010762 _____ C:\Users\Student\Downloads\meeting (9).collab
2015-09-21 15:55 - 2015-09-21 15:55 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (28).collab
2015-09-21 15:55 - 2015-09-21 15:55 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (27).collab
2015-09-21 14:48 - 2015-09-21 14:48 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (26).collab
2015-09-21 14:25 - 2015-09-21 14:25 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (25).collab
2015-09-21 12:52 - 2015-09-21 13:05 - 00000000 ____D C:\Users\Student\AppData\Local\RelicHuntersZero
2015-09-19 23:18 - 2015-09-19 23:25 - 100558058 _____ C:\Users\Student\Downloads\Let's Dance- GOT7(갓세븐) _ Girls Girls Girls(걸스걸스걸스) [ENG-JPN-CHN SUB].mp4
2015-09-19 23:11 - 2015-09-19 23:16 - 94917502 _____ C:\Users\Student\Downloads\Let's Dance- BTS(방탄소년단) _ Boy In Luv(상남자) [ENG-JPN-CHN SUB].mp4
2015-09-19 23:04 - 2015-09-19 23:10 - 75453866 _____ C:\Users\Student\Downloads\Waveya Girl's Generation 소녀시대 Mr.Mr. 미스터미스터 cover dance 웨이브야.mp4
2015-09-19 22:59 - 2015-09-19 23:04 - 43636310 _____ C:\Users\Student\Downloads\Waveya GOT7 - GIRLS GIRLS GIRLS 갓세븐 cover dance 웨이브야.mp4
2015-09-19 22:54 - 2015-09-19 22:58 - 49046166 _____ C:\Users\Student\Downloads\Waveya_Red Velvet 레드벨벳_Dumb Dumb cover dance.mp4
2015-09-19 17:51 - 2015-09-19 17:51 - 04717019 _____ C:\Users\Student\Downloads\[ENG] 131218 U-KISS ELI's 'Komanechi' [2-9].mp4
2015-09-19 17:46 - 2015-09-19 17:47 - 14006354 _____ C:\Users\Student\Downloads\[ENG] 131218 U-KISS Introduction and Greeting [1-9].mp4
2015-09-18 15:11 - 2015-09-18 15:14 - 81851007 _____ C:\Users\Student\Downloads\방탄소년단 '쩔어' Dance performance practice.mp4
2015-09-17 17:22 - 2015-09-17 17:25 - 13841258 _____ C:\Users\Student\Downloads\[ETC] ORANGE CARAMEL(오렌지캬라멜) '아빙아빙(Abing abing)'_Dance Only.mp4
2015-09-17 17:14 - 2015-09-17 17:17 - 55147682 _____ C:\Users\Student\Downloads\[ETC] ORANGE CARAMEL(오렌지캬라멜) _나처럼해봐요(My Copycat)_ Dance Only..mp4
2015-09-17 17:11 - 2015-09-17 17:14 - 38821716 _____ C:\Users\Student\Downloads\[ETC] ORANGE CARAMEL(오렌지캬라멜) _ 까탈레나(Catallena) _ Dance Only..mp4
2015-09-17 17:07 - 2015-09-17 17:10 - 59832375 _____ C:\Users\Student\Downloads\Apink 에이핑크 'Mr.Chu' 안무 연습 영상 (Choreography Practice Video).mp4
2015-09-17 17:03 - 2015-09-17 17:07 - 69712043 _____ C:\Users\Student\Downloads\EXO-K_HISTORY_Only Dance (Korean ver.).mp4
2015-09-17 16:57 - 2015-09-17 17:03 - 77908867 _____ C:\Users\Student\Downloads\U-Kiss Standing Still (dance version).mp4
2015-09-17 16:55 - 2015-09-17 16:55 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (24).collab
2015-09-17 16:13 - 2015-09-17 16:13 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (23).collab
2015-09-17 16:09 - 2015-09-17 16:09 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (22).collab
2015-09-17 14:59 - 2015-09-17 15:04 - 79296108 _____ C:\Users\Student\Downloads\U-KISS 'Stop Girl' 안무영상 (Intro+Stop Girl ver).mp4
2015-09-17 14:55 - 2015-09-17 14:59 - 19396427 _____ C:\Users\Student\Downloads\U-KISS(유키스) NEVERLAND Dance Full ver..mp4
2015-09-17 14:07 - 2015-09-17 14:07 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (21).collab
2015-09-16 17:58 - 2015-09-16 18:01 - 73381029 _____ C:\Users\Student\Downloads\Follow me on a Date in Seoul.mp4
2015-09-16 17:45 - 2015-09-16 17:55 - 162684718 _____ C:\Users\Student\Downloads\DIP 소개팅 Blind date Korea ep Special 4 guys you vote who you like best!.mp4
2015-09-16 17:23 - 2015-09-16 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-16 17:22 - 2015-09-16 17:22 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-16 17:18 - 2015-09-16 17:30 - 236649006 _____ C:\Users\Student\Downloads\DIP 소개팅 Blind Date Korea ep.7.mp4
2015-09-16 16:57 - 2015-09-16 17:08 - 195328904 _____ C:\Users\Student\Downloads\DIP 소개팅 Blind Date Korea ep.6.mp4
2015-09-16 16:26 - 2015-09-16 16:37 - 208100493 _____ C:\Users\Student\Downloads\Dip 소개팅 Blind date Korea ep 5.mp4
2015-09-16 14:41 - 2015-09-16 14:53 - 228488505 _____ C:\Users\Student\Downloads\DIP 소개팅 ep4 AMOS KONGLISH.mp4
2015-09-16 14:39 - 2015-09-16 14:39 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (20).collab
2015-09-16 14:02 - 2015-09-16 14:02 - 00010762 _____ C:\Users\Student\Downloads\meeting (8).collab
2015-09-16 14:01 - 2015-09-16 14:11 - 225733841 _____ C:\Users\Student\Downloads\DIP 소개팅 Blind Date Korea ep.3.mp4
2015-09-16 13:58 - 2015-09-16 14:00 - 34671011 _____ C:\Users\Student\Downloads\131126 U-KISS - MTV The Show- The Show Talk.mp4
2015-09-16 13:51 - 2015-09-16 13:51 - 04096515 _____ C:\Users\Student\Downloads\131107 U-KISS Meet & Greet - Kiseop reading messages.mp4
2015-09-16 13:47 - 2015-09-16 13:49 - 24569410 _____ C:\Users\Student\Downloads\131126 U-KISS - MTV The Show- Behind The Show.mp4
2015-09-16 13:46 - 2015-09-16 13:47 - 25003009 _____ C:\Users\Student\Downloads\110424 U-KISS Soohyun rap.mp4
2015-09-16 13:28 - 2015-09-16 13:32 - 79347254 _____ C:\Users\Student\Downloads\[sorta subbed] 131107 U-KISS Wide Open Studio (2-2).mp4
2015-09-16 13:24 - 2015-09-16 13:26 - 31274402 _____ C:\Users\Student\Downloads\131107 U-KISS Wide Open Studio (1-2).mp4
2015-09-15 17:03 - 2015-09-15 17:03 - 13120252 _____ C:\Users\Student\Downloads\Pretty Boy ( Kim Jaeseop AJ ).mp4
2015-09-15 13:38 - 2015-09-15 13:39 - 00003749 _____ C:\Users\Student\AppData\Roaming\My Profile.xml
2015-09-15 13:12 - 2015-09-15 13:12 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (19).collab
2015-09-15 13:02 - 2015-09-15 13:02 - 00010762 _____ C:\Users\Student\Downloads\meeting (7).collab
2015-09-15 12:59 - 2015-09-15 12:59 - 00010762 _____ C:\Users\Student\Downloads\meeting (6).collab
2015-09-15 12:52 - 2015-09-15 12:52 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (18).collab
2015-09-14 17:32 - 2015-09-14 17:32 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (17).collab
2015-09-14 15:20 - 2015-09-14 15:23 - 53570005 _____ C:\Users\Student\Downloads\Red Velvet 레드벨벳_Dumb Dumb_Music Video.mp4
2015-09-11 15:25 - 2015-09-11 15:28 - 70711840 _____ C:\Users\Student\Downloads\#WhiteGirlProblems.mp4
2015-09-11 14:57 - 2015-09-11 14:59 - 19427691 _____ C:\Users\Student\Downloads\Sht Black Moms Say.mp4
2015-09-11 13:20 - 2015-09-11 14:57 - 2073384750 _____ C:\Users\Student\Downloads\ep 8 ahl.mp4
2015-09-11 12:44 - 2015-09-11 12:47 - 65598470 _____ C:\Users\Student\Downloads\U-KISS - STANDING STILL [sINGING PARODY] (M-V VER.).mp4
2015-09-11 12:34 - 2015-09-11 12:39 - 91862227 _____ C:\Users\Student\Downloads\BTS - Boy In Luv [sINGING PARODY].mp4
2015-09-11 12:28 - 2015-09-11 12:28 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (16).collab
2015-09-10 17:31 - 2015-09-10 18:02 - 695536043 _____ C:\Users\Student\Downloads\videoplayback (1).mp4
2015-09-10 13:12 - 2015-09-10 13:17 - 87553914 _____ C:\Users\Student\Downloads\방탄소년단 '상남자(Boy In Luv)' dance practice.mp4
2015-09-10 13:06 - 2015-09-10 13:09 - 75882944 _____ C:\Users\Student\Downloads\방탄소년단 상남자(Boy In Luv) MV.mp4
2015-09-09 18:37 - 2015-09-09 18:47 - 177570644 _____ C:\Users\Student\Downloads\Game Theory- Why FNAF Will Never End.mp4
2015-09-09 18:29 - 2015-09-09 18:32 - 59965191 _____ C:\Users\Student\Downloads\U-kiss - Neverland [Parody] [M-V].mp4
2015-09-09 16:25 - 2015-09-09 18:20 - 2074289090 _____ C:\Users\Student\Downloads\ep 7 ahl.mp4
2015-09-09 15:44 - 2015-09-09 16:23 - 766436891 _____ C:\Users\Student\Downloads\ep 6 ahl.mp4
2015-09-09 13:57 - 2015-09-09 15:40 - 2068695199 _____ C:\Users\Student\Downloads\ep 5 ahl (1).mp4
2015-09-09 13:47 - 2015-09-09 13:49 - 40829353 _____ C:\Users\Student\Downloads\U-Kiss 'Playground' Parody.mp4
2015-09-09 13:28 - 2015-09-09 13:45 - 141601800 _____ C:\Users\Student\Downloads\ep 5 ahl.mp4
2015-09-09 13:13 - 2015-09-09 13:13 - 00010764 _____ C:\Users\Student\Downloads\meeting (5).collab
2015-09-09 13:10 - 2015-09-09 13:10 - 00010762 _____ C:\Users\Student\Downloads\meeting (4).collab
2015-09-08 16:58 - 2015-09-08 18:38 - 2129103339 _____ C:\Users\Student\Downloads\ep 4 ahl.mp4
2015-09-08 16:20 - 2015-09-08 16:55 - 772084125 _____ C:\Users\Student\Downloads\ep 3 ahl.mp4
2015-09-08 15:41 - 2015-09-08 16:16 - 747082942 _____ C:\Users\Student\Downloads\ep 2 ahl.mp4
2015-09-08 15:10 - 2015-09-08 15:27 - 360232878 _____ C:\Users\Student\Downloads\ep 1 ahl.mp4
2015-09-08 15:03 - 2015-09-08 15:04 - 21491489 _____ C:\Users\Student\Downloads\BTS - Boy In love (LA Version).mp4
2015-09-08 13:08 - 2015-09-08 13:08 - 00010762 _____ C:\Users\Student\Downloads\meeting (3).collab
2015-09-08 13:04 - 2015-09-08 13:04 - 00010738 _____ C:\Users\Student\Downloads\meeting (2).collab
2015-09-05 17:01 - 2015-09-05 17:04 - 70747107 _____ C:\Users\Student\Downloads\[bANGTAN BOMB] Let's speak English!.mp4
2015-09-05 16:55 - 2015-09-05 17:00 - 106348707 _____ C:\Users\Student\Downloads\[bANGTAN BOMB] War of hormone  in Halloween.mp4
2015-09-05 16:50 - 2015-09-05 16:55 - 105420995 _____ C:\Users\Student\Downloads\BTS - War of Hormone - 방탄소년단 - 호르몬 전쟁 [Music Bank HOT Stage - 2014.10.24].mp4
2015-09-05 16:44 - 2015-09-05 16:50 - 104951809 _____ C:\Users\Student\Downloads\방탄소년단 '호르몬전쟁' Dance practice.mp4
2015-09-04 13:33 - 2015-09-04 13:33 - 05886879 _____ C:\Users\Student\Downloads\Untitled (2).wma
2015-09-04 13:31 - 2015-09-04 13:32 - 11409579 _____ C:\Users\Student\Downloads\Untitled (28).wma
2015-09-04 13:05 - 2015-09-04 13:05 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (15).collab
2015-09-04 13:02 - 2015-09-04 13:04 - 38935471 _____ C:\Users\Student\Downloads\Playback ft. Eric Nam - Isn't There (없을까) MV [English subs + Romanization + Hangul] HD.mp4
2015-09-04 12:48 - 2015-09-04 12:48 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (14).collab
2015-09-03 18:24 - 2015-09-03 18:44 - 102248392 _____ C:\Users\Student\Downloads\Rihanna - Bitch Better Have My Money (Explicit).mp4
2015-09-03 18:00 - 2015-09-03 18:03 - 51808277 _____ C:\Users\Student\Downloads\GOT7 - CRACK #4.mp4
2015-09-03 17:57 - 2015-09-03 18:00 - 38395430 _____ C:\Users\Student\Downloads\GOT7 - CRACK #3.mp4
2015-09-03 17:55 - 2015-09-03 17:56 - 38176767 _____ C:\Users\Student\Downloads\GOT7 - CRACK #2.mp4
2015-09-03 17:49 - 2015-09-03 17:53 - 54280529 _____ C:\Users\Student\Downloads\GOT7 - CRACK - JUST RIGHT EDITION!.mp4
2015-09-03 17:44 - 2015-09-03 17:48 - 50639318 _____ C:\Users\Student\Downloads\GOT7 - CRACK.mp4
2015-09-03 17:37 - 2015-09-03 17:43 - 107654343 _____ C:\Users\Student\Downloads\방탄소년단-BTS- '호르몬전쟁' dance performance (Real WAR ver.).mp4
2015-09-03 17:31 - 2015-09-03 17:37 - 105334061 _____ C:\Users\Student\Downloads\[MV] BTS(방탄소년단) _ War of Hormone(호르몬 전쟁).mp4
2015-09-03 16:23 - 2015-09-03 16:27 - 71798507 _____ C:\Users\Student\Downloads\Bangtan Boys (방탄소년단) -  쩔어 'Dope' (English Cover).mp4
2015-09-03 16:18 - 2015-09-03 16:21 - 49716855 _____ C:\Users\Student\Downloads\WAVEYA BTS 방탄소년단-DOPE 쩔어 cover dance.mp4
2015-09-03 16:15 - 2015-09-03 16:17 - 41801916 _____ C:\Users\Student\Downloads\WAVEYA _ GOT7 딱 좋아 Just Right cover dance.mp4
2015-09-03 14:00 - 2015-09-03 14:00 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (13).collab
2015-09-03 13:52 - 2015-09-03 13:52 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (12).collab
2015-09-03 12:26 - 2015-09-03 12:26 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (11).collab
2015-09-02 17:06 - 2015-09-02 17:06 - 03970530 _____ C:\Users\Student\Downloads\ スヒョン 落とし物をするー。.mp4
2015-09-02 17:03 - 2015-09-02 17:06 - 66564490 _____ C:\Users\Student\Downloads\Full HD 110623 U KISS유키스 아티스트 소개.mp4
2015-09-02 17:01 - 2015-09-02 17:02 - 34447443 _____ C:\Users\Student\Downloads\111213 U-KISS Cut [中字].mp4
2015-09-02 17:00 - 2015-09-02 17:01 - 15812880 _____ C:\Users\Student\Downloads\U-Kiss in program of children.mp4
2015-09-02 16:54 - 2015-09-02 16:59 - 104066122 _____ C:\Users\Student\Downloads\videoplayback.mp4
2015-09-02 16:25 - 2015-09-02 16:27 - 52935137 _____ C:\Users\Student\Downloads\K-Pop Group U-KISS Gives Valentines' Tips! - ISAtv ARTIST FEATURE.mp4
2015-09-02 16:19 - 2015-09-02 16:20 - 16326314 _____ C:\Users\Student\Downloads\유비트&헬로비너스&15&_싸이-Gentleman (GENTLEMAN by uBEAT & HELLOVENUS &15&@Mcountdown 2013.5.2).mp4
2015-09-02 16:09 - 2015-09-02 16:12 - 65626918 _____ C:\Users\Student\Downloads\The 5 Most Uncomfortable Sex Scenes in Video Games.mp4
2015-09-02 14:58 - 2015-09-02 14:58 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (10).collab
2015-09-02 14:50 - 2015-09-25 20:28 - 00000000 ____D C:\Program Files\FFmpeg for Audacity
2015-09-02 14:49 - 2015-09-02 14:50 - 09957947 _____ ( ) C:\Users\Student\Downloads\ffmpeg-win-2.2.2.exe
2015-09-02 14:44 - 2015-09-25 20:41 - 00000000 ____D C:\Users\Student\AppData\Roaming\Audacity
2015-09-02 14:42 - 2015-09-02 14:44 - 00000000 ____D C:\Program Files\Audacity
2015-09-02 14:42 - 2015-09-02 14:42 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-09-02 14:42 - 2015-09-02 14:42 - 00000969 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-09-02 14:36 - 2015-09-02 14:37 - 25186399 _____ (Audacity Team ) C:\Users\Student\Downloads\audacity-win-2.1.1.exe
2015-09-02 14:23 - 2015-09-02 14:27 - 20019676 _____ C:\Users\Student\Downloads\U-KISS(ユーキス) - Tick Tack MV (Full ver.) [HD 1080p].mp4
2015-09-02 14:13 - 2015-09-02 14:13 - 00001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-09-02 14:13 - 2015-09-02 14:13 - 00001251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-09-02 14:12 - 2015-09-02 14:12 - 00000020 _____ C:\Windows\¸ù„
2015-09-02 14:10 - 2015-09-02 14:12 - 00000000 ____D C:\Program Files\Windows Live
2015-09-02 14:04 - 2015-09-02 14:04 - 15989883 _____ C:\Users\Student\Downloads\GOT7 - Just Right MV (Fangirl Version).mp4
2015-09-02 14:02 - 2015-09-02 14:02 - 00010762 _____ C:\Users\Student\Downloads\meeting (1).collab
2015-09-02 14:00 - 2015-09-02 14:01 - 21719799 _____ C:\Users\Student\Downloads\BTS - War of hormone (Fangirl version).mp4
2015-09-02 14:00 - 2015-09-02 14:00 - 00010762 _____ C:\Users\Student\Downloads\meeting.collab
2015-09-02 13:55 - 2015-09-25 19:51 - 00000000 ____D C:\Users\Student\AppData\Local\Windows Live
2015-09-02 13:55 - 2015-09-02 13:55 - 01239752 _____ (Microsoft Corporation) C:\Users\Student\Downloads\wlsetup-web.exe
2015-09-02 13:55 - 2015-09-02 13:55 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2015-09-02 13:15 - 2015-09-02 13:15 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (9).collab
2015-09-01 14:50 - 2015-09-01 14:50 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (8).collab
2015-09-01 14:43 - 2015-09-01 14:44 - 02089450 _____ C:\Users\Student\Downloads\A11Y_Course_Intro_AlgebraII.pptx
2015-09-01 14:34 - 2015-09-01 14:34 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (7).collab
2015-09-01 13:47 - 2015-09-01 13:48 - 04675086 _____ C:\Users\Student\Downloads\A11Y_World_History_Course_Intro.pptx
2015-09-01 13:28 - 2015-09-01 13:28 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (6).collab
2015-09-01 13:16 - 2015-09-01 13:16 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (5).collab
2015-09-01 12:53 - 2015-09-01 12:53 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (4).collab
2015-09-01 12:35 - 2015-09-01 12:35 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (3).collab
2015-09-01 12:34 - 2015-09-01 12:34 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (2).collab
2015-09-01 12:32 - 2015-09-01 12:32 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (1).collab
2015-09-01 12:31 - 2015-09-01 12:34 - 42807296 _____ C:\Users\Student\Downloads\BlackboardCollaborateLauncher-Win (1).msi
2015-09-01 12:31 - 2015-09-01 12:31 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback.collab
2015-08-31 20:41 - 2015-08-31 20:41 - 00000000 ____D C:\Users\Student\.MCTranscodingSDK
2015-08-31 17:55 - 2015-08-31 22:05 - 00000000 ____D C:\Users\Public\Documents\Lightworks
2015-08-31 17:55 - 2015-08-31 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
2015-08-31 17:55 - 2015-08-31 17:55 - 00000000 ____D C:\ProgramData\Geevs
2015-08-31 17:52 - 2015-09-03 19:11 - 00000000 ____D C:\Program Files\Lightworks
2015-08-31 17:44 - 2015-08-31 17:49 - 76663632 _____ (Lightworks) C:\Users\Student\Downloads\lightworks_v12.0.2_full_32bit_setup.exe
2015-08-31 17:39 - 2015-08-31 17:43 - 89753344 _____ C:\Users\Student\Downloads\HD 130717 BTS We Are Bulletproof Live @ Show Champion.mp4
2015-08-31 17:15 - 2015-08-31 17:15 - 00000000 ____D C:\Users\Student\Documents\Lightworks
2015-08-31 17:13 - 2015-08-31 17:14 - 16200588 _____ C:\Users\Student\Downloads\[MV] U-Kiss - Not Young.mp4
2015-08-31 16:42 - 2015-08-31 16:42 - 00000000 ____D C:\Program Files\Common Files\Java
2015-08-31 16:40 - 2015-08-31 16:40 - 00000000 ____D C:\Users\Student\AppData\Roaming\Sun
2015-08-31 16:40 - 2015-08-31 16:40 - 00000000 ____D C:\Users\Student\.oracle_jre_usage
2015-08-31 14:25 - 2015-08-31 14:31 - 139533106 _____ C:\Users\Student\Downloads\HOTDOG ENDING - Facade.mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-30 15:09 - 2014-09-18 13:20 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2071005352-1963743713-3197600615-1000UA.job
2015-09-30 14:53 - 2014-04-09 10:30 - 00000154 __RSH C:\ProgramData\3002.xml
2015-09-30 14:47 - 2015-03-04 13:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-30 14:40 - 2014-09-18 11:00 - 01753521 _____ C:\Windows\WindowsUpdate.log
2015-09-30 14:30 - 2015-03-12 14:31 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-30 14:30 - 2015-03-12 14:31 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-30 13:05 - 2009-07-13 21:34 - 00036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-30 13:05 - 2009-07-13 21:34 - 00036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-30 13:01 - 2014-10-24 12:43 - 00000000 ____D C:\Users\Student\Documents\Book Club
2015-09-30 12:29 - 2014-09-18 13:20 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2071005352-1963743713-3197600615-1000Core.job
2015-09-30 12:22 - 2015-08-20 13:58 - 00003239 _____ C:\Windows\setupact.log
2015-09-30 12:21 - 2014-04-09 10:20 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2015-09-29 16:08 - 2015-03-20 15:42 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-29 16:08 - 2015-03-20 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-29 16:08 - 2015-03-20 15:38 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-29 15:58 - 2015-03-20 16:30 - 00019948 _____ C:\Windows\PFRO.log
2015-09-29 15:58 - 2014-04-09 10:28 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-09-29 15:58 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-29 15:58 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Help
2015-09-28 21:51 - 2015-02-04 19:52 - 00000000 ____D C:\Users\Student\AppData\Roaming\Skype
2015-09-28 14:16 - 2015-02-04 19:51 - 00000000 ____D C:\ProgramData\Skype
2015-09-25 15:46 - 2013-04-16 14:55 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-25 15:46 - 2013-04-16 14:55 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-21 14:44 - 2014-09-19 09:06 - 00000000 ____D C:\Users\Student\Documents\Online Learning
2015-09-16 17:22 - 2015-02-04 19:51 - 00000000 ___RD C:\Program Files\Skype
2015-09-11 12:37 - 2013-04-15 19:46 - 00000000 ____D C:\Users\Student\AppData\Local\Google
2015-09-09 13:34 - 2014-09-19 08:55 - 00000000 ____D C:\Users\Student\Documents\Chemistry
2015-09-09 13:25 - 2014-04-09 10:30 - 00031328 __RSH C:\ProgramData\3002.abs
2015-09-04 22:42 - 2015-02-02 15:10 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-09-03 14:05 - 2013-04-10 18:59 - 00000000 ____D C:\Users\Student
2015-09-02 14:12 - 2013-04-10 19:17 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2015-09-02 14:10 - 2009-07-13 19:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-01 15:08 - 2015-02-04 18:41 - 00000000 ____D C:\Users\Student\Documents\SavedGames
2015-09-01 15:08 - 2014-09-19 08:55 - 00000000 ____D C:\Users\Student\Documents\Algebra 2
2015-09-01 15:07 - 2014-09-19 08:56 - 00000000 ____D C:\Users\Student\Documents\Physical Education
2015-09-01 15:06 - 2014-09-19 08:55 - 00000000 ____D C:\Users\Student\Documents\Lit. and Analysis
2015-09-01 15:05 - 2014-09-19 08:55 - 00000000 ____D C:\Users\Student\Documents\Forensic Science
2015-08-31 16:52 - 2015-03-24 17:22 - 00000000 ____D C:\ProgramData\Oracle
2015-08-31 16:45 - 2015-03-24 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-31 16:45 - 2013-07-01 20:50 - 00000000 ____D C:\Program Files\Java
2015-08-31 16:38 - 2015-03-24 17:24 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
 
==================== Files in the root of some directories =======
 
2015-09-15 13:38 - 2015-09-15 13:39 - 0003749 _____ () C:\Users\Student\AppData\Roaming\My Profile.xml
2015-05-19 14:41 - 2015-05-19 14:42 - 0000000 _____ () C:\Users\Student\AppData\Local\{70D3E001-AD8E-4A72-B1B1-4236BB28EC5F}
2014-04-09 10:30 - 2015-09-09 13:25 - 0031328 __RSH () C:\ProgramData\3002.abs
2014-04-09 10:30 - 2015-09-30 14:53 - 0000154 __RSH () C:\ProgramData\3002.xml
2015-05-02 15:02 - 2015-05-02 15:02 - 0015568 __RSH () C:\ProgramData\3029.abs
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-13 13:26
 
==================== End of FRST.txt ============================

 
RogueKiller V10.10.7.0 [sep 28 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Student [Administrator]
Started from : C:\Users\Student\Desktop\RogueKiller.exe
Mode : Scan -- Date : 09/30/2015 16:15:58
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 15 ¤¤¤
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2071005352-1963743713-3197600615-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.255.255.33 10.255.255.32 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.255.255.33 10.255.255.32 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.255.255.33 10.255.255.32 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7C7CA79F-F37E-474B-B859-E68B3A12A7A6} | DhcpNameServer : 10.255.255.33 10.255.255.32 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F1E57062-B78F-4E6B-9874-19E4B01944A0} | DhcpNameServer : 172.21.0.55 172.21.0.60 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7C7CA79F-F37E-474B-B859-E68B3A12A7A6} | DhcpNameServer : 10.255.255.33 10.255.255.32 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F1E57062-B78F-4E6B-9874-19E4B01944A0} | DhcpNameServer : 172.21.0.55 172.21.0.60 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7C7CA79F-F37E-474B-B859-E68B3A12A7A6} | DhcpNameServer : 10.255.255.33 10.255.255.32 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F1E57062-B78F-4E6B-9874-19E4B01944A0} | DhcpNameServer : 172.21.0.55 172.21.0.60 ([(Private Address) (XX)][(Private Address) (XX)])  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2071005352-1963743713-3197600615-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2071005352-1963743713-3197600615-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2071005352-1963743713-3197600615-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2071005352-1963743713-3197600615-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2071005352-1963743713-3197600615-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 12 (Driver: Loaded) ¤¤¤
[iAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - RegOpenKeyW : Unknown @ 0xe0fd4 (jmp 0x893debfb)
[iAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - CreateFileW : Unknown @ 0x10fd4 (jmp 0x8923267f)
[iAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - LoadLibraryW : Unknown @ 0x10f8d (jmp 0x89231f9b)
[iAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - LoadLibraryA : Unknown @ 0x10fa8 (jmp 0x89233293)
[iAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x40fd4 (jmp 0x887ab07c)
[iAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x40fef (jmp 0x887ab9e7)
[iAT:Inl(Hook.IEAT)] (explorer.exe @ USP10.dll) kernel32.dll - CreateFileA : Unknown @ 0x10fef (jmp 0x892324de)
[iAT:Inl(Hook.IEAT)] (explorer.exe @ MSACM32.dll) ADVAPI32.dll - RegCreateKeyA : Unknown @ 0xe0faf (jmp 0x893e430e)
[iAT:Inl(Hook.IEAT)] (explorer.exe @ MSACM32.dll) ADVAPI32.dll - RegOpenKeyA : Unknown @ 0xe0fe5 (jmp 0x893e4430)
[iAT:Inl(Hook.IEAT)] (explorer.exe @ urlmon.dll) WININET.dll - InternetOpenW : Unknown @ 0x3a20fca (jmp 0x8c3d1b7a)
[iAT:Inl(Hook.IEAT)] (explorer.exe @ mf.dll) ADVAPI32.dll - RegCreateKeyExA : Unknown @ 0xe0f94 (jmp 0x893dfbab)
[iAT:Inl(Hook.IEAT)] (explorer.exe @ RstrtMgr.DLL) kernel32.dll - CreateNamedPipeW : Unknown @ 0x10fb9 (jmp 0x8924e152)
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] w122xmxl.default-1420839641103 : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0Dzy0EyB0C0Fzz0DyCtAyEtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0E0AtAzytBtB0CtGyDtA0FtCtGzztCtB0AtGyEzyyEtBtGyE0AtAyBzy0CtB0A0BtC0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDzy0A0E0CtCyBtG0CzztAzztGyEtD0B0CtGzzyEyC0BtGtA0A0DyB0E0FtD0EyEyEtA0C2QtN0A0LzuyE%26cr%3D420873958%26a%3Dwny_ir_15_15%26os%3DWindows7 Professional"); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD32 00BPVT-60JJ5T0 SATA Disk Device +++++
--- User ---
[MBR] 3c336853b586b58465abb82105e76739
[bSP] b09593dde8733f9a012eded474ad978a : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 3697 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 7573504 | Size: 261529 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 543184896 | Size: 20017 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 584179712 | Size: 20000 MB
User = LL1 ... OK
User = LL2 ... OK

Addition.txt

Link to post
Share on other sites

Thanks for the logs, continue as follows please:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

Chrome browser has been exploited, it is essential to make a clean re-install to clear the exploitation....

 

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log
 

Post those logs, also let me know if there are any remaining issues or concerns...

 

Thank you,

 

Kevin...

 

 

Fixlist.txt

Link to post
Share on other sites

The logs are posted in order: 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:27-09-2015 01

Ran by Student (2015-10-01 14:13:06) Run:1

Running from C:\Users\Student\Desktop

Loaded Profiles: Student (Available Profiles: Student)

Boot Mode: Normal

 

==============================================

 

fixlist content:

*****************

Start

CreateRestorePoint:

S3 cpuz134; \??\C:\Users\Student\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]

S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]

S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]

U3 mfeavfk01; no ImagePath

Task: {3F05A401-7F24-4615-8FE4-EEEB0A279B26} - \Special IC Runner -> No File <==== ATTENTION

Task: {AE7E2DBD-1BD3-42E8-950A-8BF11A8D7B3F} - \Microsoft\Windows\Maintenance\Advanced IC Updating -> No File <==== ATTENTION

Emptytemp:

End

*****************

 

Restore point was successfully created.

cpuz134 => service removed successfully.

EagleXNt => service removed successfully.

IntcAzAudAddService => service removed successfully.

mfeavfk01 => service removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F05A401-7F24-4615-8FE4-EEEB0A279B26}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F05A401-7F24-4615-8FE4-EEEB0A279B26}" => key removed successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Special IC Runner => key not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE7E2DBD-1BD3-42E8-950A-8BF11A8D7B3F}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE7E2DBD-1BD3-42E8-950A-8BF11A8D7B3F}" => key removed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Advanced IC Updating" => key removed successfully.

EmptyTemp: => 589.9 MB temporary data Removed.

 

 

The system needed a reboot.

 

==== End of Fixlog 14:15:11 ====

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd

 

***** [ Files ] *****

 

[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml

[-] File Deleted : C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103\user.js

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

[-] Task Deleted : Adobe Flash Player Updater

 

***** [ Registry ] *****

 

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL

[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine

[-] Key Deleted : HKLM\SOFTWARE\28AAD45F-F322-324C-80AD-37E9A78C1978

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update

[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

[-] Key Deleted : HKCU\Software\ParetoLogic

[-] Key Deleted : HKCU\Software\Reimage

[-] Key Deleted : HKCU\Software\Avg Secure Update

[-] Key Deleted : HKCU\Software\WEBAPP

[-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

[-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic

[-] Key Deleted : HKLM\SOFTWARE\Reimage

[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

[-] Key Deleted : HKLM\SOFTWARE\WebBar

 

***** [ Web browsers ] *****

 

[-] [C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd

 

*************************

 

:: Winsock settings cleared

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2873 bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.6.4 (09.28.2015:1)

OS: Windows 7 Professional x86

Ran by Student on Thu 10/01/2015 at 14:56:19.31

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(default)

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\Student\AppData\Roaming\mozilla\firefox\profiles\w122xmxl.default-1420839641103\minidumps [2 files]

 

 

 

~~~ Chrome

 

 

[C:\Users\Student\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

 

[C:\Users\Student\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

 

[C:\Users\Student\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

 

[C:\Users\Student\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 10/01/2015 at 15:05:10.59

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.28, September 2015 (build 5.28.11802.0)

Started On Thu Oct 01 15:16:01 2015

 

Engine: 1.1.12002.0

Signatures: 1.205.646.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 01 15:29:06 2015

 

 

Return code: 0 (0x0)

 

 

I'd like to know if I can sign back into Chrome? I don't want to sign in yet until you have confirmed that it should be safe to do so. 

Link to post
Share on other sites

As long as you complete the re-install as per the instructions it should be ok to use again, before we go any further i`d like fresh logs from FRST as follows:

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....
 

If those logs are clean and you do not have any remaining issues or concerns we can progress and clean up, remove tools etc..

 

Thank you,

 

Kevin.

Link to post
Share on other sites
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01

Ran by Student (administrator) on K12-5CB21022D2 (02-10-2015 14:37:57)

Running from C:\Users\Student\Desktop

Loaded Profiles: Student (Available Profiles: Student)

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

(Microsoft Corporation) C:\Windows\System32\calc.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM\...\Run: [iME14 CHS Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)

HKLM\...\Run: [iME14 CHT Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)

HKLM\...\Run: [iME14 JPN Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)

HKLM\...\Run: [iME14 KOR Setup] => C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)

HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [333120 2011-06-08] (McAfee, Inc.)

HKLM\...\Run: [shStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)

HKLM\...\Run: [1] => C:\K12\Software\run\K12Activation.exe [24064 2014-05-27] ()

HKLM\...\Run: [2] => C:\K12\Software\run\K12McAfeeTray.exe [10752 2013-05-09] (CDW Corporation)

HKLM\...\Run: [3] => C:\K12\Software\run\K12VersionTray.exe [10240 2014-04-24] (CDW Corporation)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2408176 2013-03-09] (Synaptics Incorporated)

HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)

HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\Run: [steam] => "C:\Users\Student\Documents\Book Club\Assigned\Steam\steam.exe" -silent

HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\...\MountPoints2: {af212536-6372-11e4-9623-009c022083fc} - D:\LG_PC_Programs.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 10.255.255.33 10.255.255.32

Tcpip\..\Interfaces\{7C7CA79F-F37E-474B-B859-E68B3A12A7A6}: [DhcpNameServer] 10.255.255.33 10.255.255.32

Tcpip\..\Interfaces\{F1E57062-B78F-4E6B-9874-19E4B01944A0}: [DhcpNameServer] 172.21.0.55 172.21.0.60

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2071005352-1963743713-3197600615-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation)

BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140516195256.dll [2014-05-16] (McAfee, Inc.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

 

FireFox:

========

FF ProfilePath: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\w122xmxl.default-1420839641103

FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByBtD0Dzy0EyB0C0Fzz0DyCtAyEtN0D0Tzu0StCtCzyyEtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyD0E0AtAzytBtB0CtGyDtA0FtCtGzztCtB0AtGyEzyyEtBtGyE0AtAyBzy0CtB0A0BtC0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDzy0A0E0CtCyBtG0CzztAzztGyEtD0B0CtGzzyEyC0BtGtA0A0DyB0E0FtD0EyEyEtA0C2QtN0A0LzuyE%26cr%3D420873958%26a%3Dwny_ir_15_15%26os%3DWindows 7 Professional

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-25] ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-02-12] (Nexon)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]

FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore

FF Extension: IDS_SS_NAME - C:\Program Files\Common Files\McAfee\SystemCore [2014-05-16]

StartMenuInternet: FIREFOX.EXE - firefox.exe

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-gb

CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}

CHR DefaultSearchKeyword: Default -> bing.com

CHR Profile: C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-01]

CHR Extension: (Google Docs) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-01]

CHR Extension: (Google Drive) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-01]

CHR Extension: (YouTube) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]

CHR Extension: (Adblock Plus) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-10-01]

CHR Extension: (Google Search) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-01]

CHR Extension: (Bing) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-10-01]

CHR Extension: (Google Sheets) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-01]

CHR Extension: (Google Docs Offline) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-01]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-01]

CHR Extension: (Skype Click to Call) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-01]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-01]

CHR Extension: (Gmail) - C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-01]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

CHR HKU\S-1-5-21-2071005352-1963743713-3197600615-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)

S2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [59760 2010-10-20] (Microsoft Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [132416 2011-06-08] (McAfee, Inc.)

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [167344 2014-05-16] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [159640 2014-05-16] (McAfee, Inc.)

S2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-16] (Absolute Software Corp.)

S2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282709 2011-05-11] (IDT, Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [66688 2011-04-15] (Advanced Micro Devices)

R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [28800 2011-04-15] (Advanced Micro Devices)

S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2015-02-16] (LogMeIn, Inc.)

S3 johci; C:\Windows\system32\drivers\johci.sys [23640 2011-02-09] (JMicron Technology Corp.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-10-01] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2014-05-16] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [215024 2014-05-16] (McAfee, Inc.)

R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59616 2014-05-16] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [477584 2014-05-16] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87816 2014-05-16] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [180720 2014-05-16] (McAfee, Inc.)

R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [251496 2011-02-15] (Realtek Semiconductor Corp.)

R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [982632 2011-06-15] (Realtek Semiconductor Corporation                           )

U3 mfeavfk01; no ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-01 17:34 - 2015-10-01 18:48 - 00000000 ____D C:\Users\Student\Documents\BABE

2015-10-01 17:30 - 2015-10-01 17:30 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (35).collab

2015-10-01 16:40 - 2015-10-01 16:40 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (34).collab

2015-10-01 15:40 - 2015-10-01 15:40 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback.collab

2015-10-01 15:13 - 2015-10-01 15:15 - 46468712 _____ (Microsoft Corporation) C:\Users\Student\Desktop\Windows-KB890830-V5.28.exe

2015-10-01 15:05 - 2015-10-01 15:05 - 00001325 _____ C:\Users\Student\Desktop\JRT.txt

2015-10-01 14:54 - 2015-10-01 14:55 - 01801288 _____ (Malwarebytes) C:\Users\Student\Desktop\JRT.exe

2015-10-01 14:42 - 2015-10-01 14:49 - 00000000 ____D C:\AdwCleaner

2015-10-01 14:41 - 2015-10-01 14:41 - 01670656 _____ C:\Users\Student\Downloads\AdwCleaner.exe

2015-10-01 14:37 - 2015-10-01 14:37 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-10-01 14:37 - 2015-10-01 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-10-01 14:34 - 2015-10-01 14:34 - 00929872 _____ (Google Inc.) C:\Users\Student\Downloads\ChromeSetup.exe

2015-10-01 14:27 - 2015-10-01 14:27 - 00067518 _____ C:\Users\Student\Desktop\bookmarks_mobile.html

2015-10-01 14:26 - 2015-10-01 14:26 - 00067518 _____ C:\Users\Student\Desktop\bookmarks_other.html

2015-10-01 14:26 - 2015-10-01 14:26 - 00067518 _____ C:\Users\Student\Desktop\bookmarks_10_1_15.html

2015-09-30 16:16 - 2015-09-30 16:16 - 00012518 _____ C:\Users\Student\Desktop\export.txt

2015-09-30 15:36 - 2015-09-30 15:36 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys

2015-09-30 15:35 - 2015-09-30 16:23 - 00000000 ____D C:\ProgramData\RogueKiller

2015-09-30 15:32 - 2015-09-30 15:33 - 18801736 _____ C:\Users\Student\Desktop\RogueKiller.exe

2015-09-30 15:21 - 2015-09-30 15:34 - 00055763 _____ C:\Users\Student\Downloads\Addition.txt

2015-09-30 15:17 - 2015-10-02 14:39 - 00016273 _____ C:\Users\Student\Desktop\FRST.txt

2015-09-30 15:17 - 2015-10-02 14:38 - 00000000 ____D C:\FRST

2015-09-30 13:00 - 2015-09-30 13:27 - 00000000 ____D C:\Users\Student\Documents\My Stuff

2015-09-29 18:36 - 2015-09-29 18:37 - 01696256 _____ (Farbar) C:\Users\Student\Desktop\FRST.exe

2015-09-29 16:08 - 2015-09-29 16:08 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-09-29 14:54 - 2015-09-29 14:54 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (33).collab

2015-09-29 14:42 - 2015-09-29 14:42 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (32).collab

2015-09-29 14:23 - 2015-09-29 14:23 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (31).collab

2015-09-28 18:30 - 2015-09-28 18:33 - 75869701 _____ C:\Users\Student\Downloads\TGM REALLY NOW.mp4

2015-09-28 16:47 - 2015-09-28 16:51 - 70863870 _____ C:\Users\Student\Downloads\[HD] GOT7 Laugh Laugh Laugh MV.mp4

2015-09-28 14:20 - 2015-09-28 14:23 - 76902798 _____ C:\Users\Student\Downloads\GOT7 '니가 하면(If You Do)' M-V.mp4

2015-09-28 14:08 - 2015-09-28 14:08 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback.jnlp

2015-09-26 17:43 - 2015-09-26 17:44 - 64669683 _____ C:\Users\Student\Downloads\WAVEYA NICKI MINAJ (ft.BEYONCE)- FEELING MYSELF cover dance.mp4

2015-09-26 17:36 - 2015-09-26 17:40 - 236151504 _____ C:\Users\Student\Downloads\TO BE SASAENG OR BE STALKED BY SASAENG - #ASKJRE.mp4

2015-09-26 17:10 - 2015-09-26 17:17 - 725267511 _____ C:\Users\Student\Downloads\videoplayback (2).mp4

2015-09-26 16:51 - 2015-09-26 16:55 - 245860207 _____ C:\Users\Student\Downloads\After School Club - BTS(방탄소년단) - Full Episode (2).mp4

2015-09-26 16:35 - 2015-09-26 16:50 - 933674071 _____ C:\Users\Student\Downloads\After School Club - BTS(방탄소년단) - Full Episode (1).mp4

2015-09-26 16:22 - 2015-09-26 16:34 - 815891165 _____ C:\Users\Student\Downloads\After School Club - BTS(방탄소년단) - Full Episode.mp4

2015-09-26 15:56 - 2015-09-26 16:08 - 1135629737 _____ C:\Users\Student\Downloads\After School Club(Ep.159) - Bangtan Boys(방탄소년단) BTS - Full Episode.mp4

2015-09-25 20:18 - 2015-09-25 20:22 - 09957947 _____ ( ) C:\Users\Student\Downloads\ffmpeg-win-2.2.2 (1).exe

2015-09-25 17:13 - 2015-09-25 17:19 - 104129901 _____ C:\Users\Student\Downloads\Korean guys react to Nicki minaj Anaconda (ENG sub).mp4

2015-09-24 15:23 - 2015-09-24 15:25 - 60186432 _____ C:\Users\Student\Downloads\Waveya_ 제시 쎈언니 Jessi SSENUNNI cover dance.mp4

2015-09-23 14:21 - 2015-09-23 14:24 - 66580362 _____ C:\Users\Student\Downloads\Because I'm the Best-Roll Deep - HyunA ft. Ilhoon (BtoB) [Han,Rom,Eng] Lyrics.mp4

2015-09-23 14:12 - 2015-09-23 14:16 - 80249543 _____ C:\Users\Student\Downloads\HYUNA(현아) - '잘나가서 그래 (Feat. 정일훈 Of BTOB)' (Roll Deep) M-V.mp4

2015-09-23 13:52 - 2015-09-23 13:55 - 63819615 _____ C:\Users\Student\Downloads\방탄소년단 'I NEED U' Dance Practice.mp4

2015-09-23 13:46 - 2015-09-23 13:47 - 32139706 _____ C:\Users\Student\Downloads\WAVEYA BTS (방탄소년단) I Need U - dance practice.mp4

2015-09-23 13:09 - 2015-09-23 13:09 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (30).collab

2015-09-23 13:07 - 2015-09-23 13:07 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (29).collab

2015-09-23 12:57 - 2015-09-23 12:57 - 00010762 _____ C:\Users\Student\Downloads\meeting (10).collab

2015-09-22 17:36 - 2015-09-22 17:39 - 52870382 _____ C:\Users\Student\Downloads\SGKPOPCON 2015 AUDITION  A-Team.mp4

2015-09-22 17:34 - 2015-09-22 17:36 - 30780479 _____ C:\Users\Student\Downloads\Blady- Blood Type B Girl Dance Cover (Requested).mp4

2015-09-22 17:19 - 2015-09-22 17:34 - 72694811 _____ C:\Users\Student\Downloads\Blady - Blood Type B Girl, 블레이디 - B형 여자, Music Core 20140125.mp4

2015-09-22 17:15 - 2015-09-22 17:18 - 65741314 _____ C:\Users\Student\Downloads\[MV] Blady (블레이디) - B형여자 (Blood Type B Girl).mp4

2015-09-22 16:02 - 2015-09-22 16:06 - 96645355 _____ C:\Users\Student\Downloads\Nicki Minaj, Cassie - The Boys (Clean).mp4

2015-09-22 15:02 - 2015-09-22 15:07 - 98316217 _____ C:\Users\Student\Downloads\Nicki Minaj, Cassie - The Boys (Explicit).mp4

2015-09-22 12:32 - 2015-09-22 12:32 - 00010762 _____ C:\Users\Student\Downloads\meeting (9).collab

2015-09-21 15:55 - 2015-09-21 15:55 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (28).collab

2015-09-21 15:55 - 2015-09-21 15:55 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (27).collab

2015-09-21 14:48 - 2015-09-21 14:48 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (26).collab

2015-09-21 14:25 - 2015-09-21 14:25 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (25).collab

2015-09-21 12:52 - 2015-09-21 13:05 - 00000000 ____D C:\Users\Student\AppData\Local\RelicHuntersZero

2015-09-19 23:18 - 2015-09-19 23:25 - 100558058 _____ C:\Users\Student\Downloads\Let's Dance- GOT7(갓세븐) _ Girls Girls Girls(걸스걸스걸스) [ENG-JPN-CHN SUB].mp4

2015-09-19 23:11 - 2015-09-19 23:16 - 94917502 _____ C:\Users\Student\Downloads\Let's Dance- BTS(방탄소년단) _ Boy In Luv(상남자) [ENG-JPN-CHN SUB].mp4

2015-09-19 23:04 - 2015-09-19 23:10 - 75453866 _____ C:\Users\Student\Downloads\Waveya Girl's Generation 소녀시대 Mr.Mr. 미스터미스터 cover dance 웨이브야.mp4

2015-09-19 22:59 - 2015-09-19 23:04 - 43636310 _____ C:\Users\Student\Downloads\Waveya GOT7 - GIRLS GIRLS GIRLS 갓세븐 cover dance 웨이브야.mp4

2015-09-19 22:54 - 2015-09-19 22:58 - 49046166 _____ C:\Users\Student\Downloads\Waveya_Red Velvet 레드벨벳_Dumb Dumb cover dance.mp4

2015-09-19 17:51 - 2015-09-19 17:51 - 04717019 _____ C:\Users\Student\Downloads\[ENG] 131218 U-KISS ELI's 'Komanechi' [2-9].mp4

2015-09-19 17:46 - 2015-09-19 17:47 - 14006354 _____ C:\Users\Student\Downloads\[ENG] 131218 U-KISS Introduction and Greeting [1-9].mp4

2015-09-18 15:11 - 2015-09-18 15:14 - 81851007 _____ C:\Users\Student\Downloads\방탄소년단 '쩔어' Dance performance practice.mp4

2015-09-17 17:22 - 2015-09-17 17:25 - 13841258 _____ C:\Users\Student\Downloads\[ETC] ORANGE CARAMEL(오렌지캬라멜) '아빙아빙(Abing abing)'_Dance Only.mp4

2015-09-17 17:14 - 2015-09-17 17:17 - 55147682 _____ C:\Users\Student\Downloads\[ETC] ORANGE CARAMEL(오렌지캬라멜) _나처럼해봐요(My Copycat)_ Dance Only..mp4

2015-09-17 17:11 - 2015-09-17 17:14 - 38821716 _____ C:\Users\Student\Downloads\[ETC] ORANGE CARAMEL(오렌지캬라멜) _ 까탈레나(Catallena) _ Dance Only..mp4

2015-09-17 17:07 - 2015-09-17 17:10 - 59832375 _____ C:\Users\Student\Downloads\Apink 에이핑크 'Mr.Chu' 안무 연습 영상 (Choreography Practice Video).mp4

2015-09-17 17:03 - 2015-09-17 17:07 - 69712043 _____ C:\Users\Student\Downloads\EXO-K_HISTORY_Only Dance (Korean ver.).mp4

2015-09-17 16:57 - 2015-09-17 17:03 - 77908867 _____ C:\Users\Student\Downloads\U-Kiss Standing Still (dance version).mp4

2015-09-17 16:55 - 2015-09-17 16:55 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (24).collab

2015-09-17 16:13 - 2015-09-17 16:13 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (23).collab

2015-09-17 16:09 - 2015-09-17 16:09 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (22).collab

2015-09-17 14:59 - 2015-09-17 15:04 - 79296108 _____ C:\Users\Student\Downloads\U-KISS 'Stop Girl' 안무영상 (Intro+Stop Girl ver).mp4

2015-09-17 14:55 - 2015-09-17 14:59 - 19396427 _____ C:\Users\Student\Downloads\U-KISS(유키스) NEVERLAND Dance Full ver..mp4

2015-09-17 14:07 - 2015-09-17 14:07 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (21).collab

2015-09-16 17:58 - 2015-09-16 18:01 - 73381029 _____ C:\Users\Student\Downloads\Follow me on a Date in Seoul.mp4

2015-09-16 17:45 - 2015-09-16 17:55 - 162684718 _____ C:\Users\Student\Downloads\DIP 소개팅 Blind date Korea ep Special 4 guys you vote who you like best!.mp4

2015-09-16 17:23 - 2015-09-16 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-09-16 17:22 - 2015-09-16 17:22 - 00000000 ____D C:\Program Files\Common Files\Skype

2015-09-16 17:18 - 2015-09-16 17:30 - 236649006 _____ C:\Users\Student\Downloads\DIP 소개팅 Blind Date Korea ep.7.mp4

2015-09-16 16:57 - 2015-09-16 17:08 - 195328904 _____ C:\Users\Student\Downloads\DIP 소개팅 Blind Date Korea ep.6.mp4

2015-09-16 16:26 - 2015-09-16 16:37 - 208100493 _____ C:\Users\Student\Downloads\Dip 소개팅 Blind date Korea ep 5.mp4

2015-09-16 14:41 - 2015-09-16 14:53 - 228488505 _____ C:\Users\Student\Downloads\DIP 소개팅 ep4 AMOS KONGLISH.mp4

2015-09-16 14:39 - 2015-09-16 14:39 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (20).collab

2015-09-16 14:02 - 2015-09-16 14:02 - 00010762 _____ C:\Users\Student\Downloads\meeting (8).collab

2015-09-16 14:01 - 2015-09-16 14:11 - 225733841 _____ C:\Users\Student\Downloads\DIP 소개팅 Blind Date Korea ep.3.mp4

2015-09-16 13:58 - 2015-09-16 14:00 - 34671011 _____ C:\Users\Student\Downloads\131126 U-KISS - MTV The Show- The Show Talk.mp4

2015-09-16 13:51 - 2015-09-16 13:51 - 04096515 _____ C:\Users\Student\Downloads\131107 U-KISS Meet & Greet - Kiseop reading messages.mp4

2015-09-16 13:47 - 2015-09-16 13:49 - 24569410 _____ C:\Users\Student\Downloads\131126 U-KISS - MTV The Show- Behind The Show.mp4

2015-09-16 13:46 - 2015-09-16 13:47 - 25003009 _____ C:\Users\Student\Downloads\110424 U-KISS Soohyun rap.mp4

2015-09-16 13:28 - 2015-09-16 13:32 - 79347254 _____ C:\Users\Student\Downloads\[sorta subbed] 131107 U-KISS Wide Open Studio (2-2).mp4

2015-09-16 13:24 - 2015-09-16 13:26 - 31274402 _____ C:\Users\Student\Downloads\131107 U-KISS Wide Open Studio (1-2).mp4

2015-09-15 17:03 - 2015-09-15 17:03 - 13120252 _____ C:\Users\Student\Downloads\Pretty Boy ( Kim Jaeseop AJ ).mp4

2015-09-15 13:38 - 2015-09-15 13:39 - 00003749 _____ C:\Users\Student\AppData\Roaming\My Profile.xml

2015-09-15 13:12 - 2015-09-15 13:12 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (19).collab

2015-09-15 13:02 - 2015-09-15 13:02 - 00010762 _____ C:\Users\Student\Downloads\meeting (7).collab

2015-09-15 12:59 - 2015-09-15 12:59 - 00010762 _____ C:\Users\Student\Downloads\meeting (6).collab

2015-09-15 12:52 - 2015-09-15 12:52 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (18).collab

2015-09-14 17:32 - 2015-09-14 17:32 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (17).collab

2015-09-14 15:20 - 2015-09-14 15:23 - 53570005 _____ C:\Users\Student\Downloads\Red Velvet 레드벨벳_Dumb Dumb_Music Video.mp4

2015-09-11 15:25 - 2015-09-11 15:28 - 70711840 _____ C:\Users\Student\Downloads\#WhiteGirlProblems.mp4

2015-09-11 14:57 - 2015-09-11 14:59 - 19427691 _____ C:\Users\Student\Downloads\Sht Black Moms Say.mp4

2015-09-11 13:20 - 2015-09-11 14:57 - 2073384750 _____ C:\Users\Student\Downloads\ep 8 ahl.mp4

2015-09-11 12:44 - 2015-09-11 12:47 - 65598470 _____ C:\Users\Student\Downloads\U-KISS - STANDING STILL [sINGING PARODY] (M-V VER.).mp4

2015-09-11 12:34 - 2015-09-11 12:39 - 91862227 _____ C:\Users\Student\Downloads\BTS - Boy In Luv [sINGING PARODY].mp4

2015-09-11 12:28 - 2015-09-11 12:28 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (16).collab

2015-09-10 17:31 - 2015-09-10 18:02 - 695536043 _____ C:\Users\Student\Downloads\videoplayback (1).mp4

2015-09-10 13:12 - 2015-09-10 13:17 - 87553914 _____ C:\Users\Student\Downloads\방탄소년단 '상남자(Boy In Luv)' dance practice.mp4

2015-09-10 13:06 - 2015-09-10 13:09 - 75882944 _____ C:\Users\Student\Downloads\방탄소년단 상남자(Boy In Luv) MV.mp4

2015-09-09 18:37 - 2015-09-09 18:47 - 177570644 _____ C:\Users\Student\Downloads\Game Theory- Why FNAF Will Never End.mp4

2015-09-09 18:29 - 2015-09-09 18:32 - 59965191 _____ C:\Users\Student\Downloads\U-kiss - Neverland [Parody] [M-V].mp4

2015-09-09 16:25 - 2015-09-09 18:20 - 2074289090 _____ C:\Users\Student\Downloads\ep 7 ahl.mp4

2015-09-09 15:44 - 2015-09-09 16:23 - 766436891 _____ C:\Users\Student\Downloads\ep 6 ahl.mp4

2015-09-09 13:57 - 2015-09-09 15:40 - 2068695199 _____ C:\Users\Student\Downloads\ep 5 ahl (1).mp4

2015-09-09 13:47 - 2015-09-09 13:49 - 40829353 _____ C:\Users\Student\Downloads\U-Kiss 'Playground' Parody.mp4

2015-09-09 13:28 - 2015-09-09 13:45 - 141601800 _____ C:\Users\Student\Downloads\ep 5 ahl.mp4

2015-09-09 13:13 - 2015-09-09 13:13 - 00010764 _____ C:\Users\Student\Downloads\meeting (5).collab

2015-09-09 13:10 - 2015-09-09 13:10 - 00010762 _____ C:\Users\Student\Downloads\meeting (4).collab

2015-09-08 16:58 - 2015-09-08 18:38 - 2129103339 _____ C:\Users\Student\Downloads\ep 4 ahl.mp4

2015-09-08 16:20 - 2015-09-08 16:55 - 772084125 _____ C:\Users\Student\Downloads\ep 3 ahl.mp4

2015-09-08 15:41 - 2015-09-08 16:16 - 747082942 _____ C:\Users\Student\Downloads\ep 2 ahl.mp4

2015-09-08 15:10 - 2015-09-08 15:27 - 360232878 _____ C:\Users\Student\Downloads\ep 1 ahl.mp4

2015-09-08 15:03 - 2015-09-08 15:04 - 21491489 _____ C:\Users\Student\Downloads\BTS - Boy In love (LA Version).mp4

2015-09-08 13:08 - 2015-09-08 13:08 - 00010762 _____ C:\Users\Student\Downloads\meeting (3).collab

2015-09-08 13:04 - 2015-09-08 13:04 - 00010738 _____ C:\Users\Student\Downloads\meeting (2).collab

2015-09-05 17:01 - 2015-09-05 17:04 - 70747107 _____ C:\Users\Student\Downloads\[bANGTAN BOMB] Let's speak English!.mp4

2015-09-05 16:55 - 2015-09-05 17:00 - 106348707 _____ C:\Users\Student\Downloads\[bANGTAN BOMB] War of hormone  in Halloween.mp4

2015-09-05 16:50 - 2015-09-05 16:55 - 105420995 _____ C:\Users\Student\Downloads\BTS - War of Hormone - 방탄소년단 - 호르몬 전쟁 [Music Bank HOT Stage - 2014.10.24].mp4

2015-09-05 16:44 - 2015-09-05 16:50 - 104951809 _____ C:\Users\Student\Downloads\방탄소년단 '호르몬전쟁' Dance practice.mp4

2015-09-04 13:33 - 2015-09-04 13:33 - 05886879 _____ C:\Users\Student\Downloads\Untitled (2).wma

2015-09-04 13:31 - 2015-09-04 13:32 - 11409579 _____ C:\Users\Student\Downloads\Untitled (28).wma

2015-09-04 13:05 - 2015-09-04 13:05 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (15).collab

2015-09-04 13:02 - 2015-09-04 13:04 - 38935471 _____ C:\Users\Student\Downloads\Playback ft. Eric Nam - Isn't There (없을까) MV [English subs + Romanization + Hangul] HD.mp4

2015-09-04 12:48 - 2015-09-04 12:48 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (14).collab

2015-09-03 18:24 - 2015-09-03 18:44 - 102248392 _____ C:\Users\Student\Downloads\Rihanna - Bitch Better Have My Money (Explicit).mp4

2015-09-03 18:00 - 2015-09-03 18:03 - 51808277 _____ C:\Users\Student\Downloads\GOT7 - CRACK #4.mp4

2015-09-03 17:57 - 2015-09-03 18:00 - 38395430 _____ C:\Users\Student\Downloads\GOT7 - CRACK #3.mp4

2015-09-03 17:55 - 2015-09-03 17:56 - 38176767 _____ C:\Users\Student\Downloads\GOT7 - CRACK #2.mp4

2015-09-03 17:49 - 2015-09-03 17:53 - 54280529 _____ C:\Users\Student\Downloads\GOT7 - CRACK - JUST RIGHT EDITION!.mp4

2015-09-03 17:44 - 2015-09-03 17:48 - 50639318 _____ C:\Users\Student\Downloads\GOT7 - CRACK.mp4

2015-09-03 17:37 - 2015-09-03 17:43 - 107654343 _____ C:\Users\Student\Downloads\방탄소년단-BTS- '호르몬전쟁' dance performance (Real WAR ver.).mp4

2015-09-03 17:31 - 2015-09-03 17:37 - 105334061 _____ C:\Users\Student\Downloads\[MV] BTS(방탄소년단) _ War of Hormone(호르몬 전쟁).mp4

2015-09-03 16:23 - 2015-09-03 16:27 - 71798507 _____ C:\Users\Student\Downloads\Bangtan Boys (방탄소년단) -  쩔어 'Dope' (English Cover).mp4

2015-09-03 16:18 - 2015-09-03 16:21 - 49716855 _____ C:\Users\Student\Downloads\WAVEYA BTS 방탄소년단-DOPE 쩔어 cover dance.mp4

2015-09-03 16:15 - 2015-09-03 16:17 - 41801916 _____ C:\Users\Student\Downloads\WAVEYA _ GOT7 딱 좋아 Just Right cover dance.mp4

2015-09-03 14:00 - 2015-09-03 14:00 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (13).collab

2015-09-03 13:52 - 2015-09-03 13:52 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (12).collab

2015-09-03 12:26 - 2015-09-03 12:26 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (11).collab

2015-09-02 17:06 - 2015-09-02 17:06 - 03970530 _____ C:\Users\Student\Downloads\ スヒョン 落とし物をするー。.mp4

2015-09-02 17:03 - 2015-09-02 17:06 - 66564490 _____ C:\Users\Student\Downloads\Full HD 110623 U KISS유키스 아티스트 소개.mp4

2015-09-02 17:01 - 2015-09-02 17:02 - 34447443 _____ C:\Users\Student\Downloads\111213 U-KISS Cut [中字].mp4

2015-09-02 17:00 - 2015-09-02 17:01 - 15812880 _____ C:\Users\Student\Downloads\U-Kiss in program of children.mp4

2015-09-02 16:54 - 2015-09-02 16:59 - 104066122 _____ C:\Users\Student\Downloads\videoplayback.mp4

2015-09-02 16:25 - 2015-09-02 16:27 - 52935137 _____ C:\Users\Student\Downloads\K-Pop Group U-KISS Gives Valentines' Tips! - ISAtv ARTIST FEATURE.mp4

2015-09-02 16:19 - 2015-09-02 16:20 - 16326314 _____ C:\Users\Student\Downloads\유비트&헬로비너스&15&_싸이-Gentleman (GENTLEMAN by uBEAT & HELLOVENUS &15&@Mcountdown 2013.5.2).mp4

2015-09-02 16:09 - 2015-09-02 16:12 - 65626918 _____ C:\Users\Student\Downloads\The 5 Most Uncomfortable Sex Scenes in Video Games.mp4

2015-09-02 14:58 - 2015-09-02 14:58 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (10).collab

2015-09-02 14:50 - 2015-09-25 20:28 - 00000000 ____D C:\Program Files\FFmpeg for Audacity

2015-09-02 14:49 - 2015-09-02 14:50 - 09957947 _____ ( ) C:\Users\Student\Downloads\ffmpeg-win-2.2.2.exe

2015-09-02 14:44 - 2015-09-25 20:41 - 00000000 ____D C:\Users\Student\AppData\Roaming\Audacity

2015-09-02 14:42 - 2015-09-02 14:44 - 00000000 ____D C:\Program Files\Audacity

2015-09-02 14:42 - 2015-09-02 14:42 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2015-09-02 14:42 - 2015-09-02 14:42 - 00000969 _____ C:\Users\Public\Desktop\Audacity.lnk

2015-09-02 14:36 - 2015-09-02 14:37 - 25186399 _____ (Audacity Team ) C:\Users\Student\Downloads\audacity-win-2.1.1.exe

2015-09-02 14:23 - 2015-09-02 14:27 - 20019676 _____ C:\Users\Student\Downloads\U-KISS(ユーキス) - Tick Tack MV (Full ver.) [HD 1080p].mp4

2015-09-02 14:13 - 2015-09-02 14:13 - 00001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk

2015-09-02 14:13 - 2015-09-02 14:13 - 00001251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk

2015-09-02 14:12 - 2015-09-02 14:12 - 00000020 _____ C:\Windows\¸ù„

2015-09-02 14:10 - 2015-09-02 14:12 - 00000000 ____D C:\Program Files\Windows Live

2015-09-02 14:04 - 2015-09-02 14:04 - 15989883 _____ C:\Users\Student\Downloads\GOT7 - Just Right MV (Fangirl Version).mp4

2015-09-02 14:02 - 2015-09-02 14:02 - 00010762 _____ C:\Users\Student\Downloads\meeting (1).collab

2015-09-02 14:00 - 2015-09-02 14:01 - 21719799 _____ C:\Users\Student\Downloads\BTS - War of hormone (Fangirl version).mp4

2015-09-02 14:00 - 2015-09-02 14:00 - 00010762 _____ C:\Users\Student\Downloads\meeting.collab

2015-09-02 13:55 - 2015-09-25 19:51 - 00000000 ____D C:\Users\Student\AppData\Local\Windows Live

2015-09-02 13:55 - 2015-09-02 13:55 - 01239752 _____ (Microsoft Corporation) C:\Users\Student\Downloads\wlsetup-web.exe

2015-09-02 13:55 - 2015-09-02 13:55 - 00000000 ____D C:\Program Files\Common Files\Windows Live

2015-09-02 13:15 - 2015-09-02 13:15 - 00010668 _____ C:\Users\Student\Downloads\nativeplayback (9).collab

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-02 14:36 - 2015-08-20 13:58 - 00003967 _____ C:\Windows\setupact.log

2015-10-02 14:34 - 2015-03-12 14:31 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-10-02 14:34 - 2015-03-12 14:31 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-02 14:34 - 2014-09-18 11:00 - 01817585 _____ C:\Windows\WindowsUpdate.log

2015-10-01 17:12 - 2015-03-20 15:42 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-10-01 16:12 - 2009-07-13 21:34 - 00036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-10-01 16:12 - 2009-07-13 21:34 - 00036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-10-01 14:59 - 2013-04-10 18:59 - 00000000 ____D C:\Users\Student

2015-10-01 14:51 - 2014-04-09 10:28 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll

2015-10-01 14:51 - 2014-04-09 10:20 - 00017920 _____ C:\Windows\system32\rpcnetp.exe

2015-10-01 14:51 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-10-01 14:37 - 2013-04-15 19:46 - 00000000 ____D C:\Users\Student\AppData\Local\Google

2015-10-01 14:17 - 2015-03-20 16:30 - 00020302 _____ C:\Windows\PFRO.log

2015-09-30 14:53 - 2014-04-09 10:30 - 00000154 __RSH C:\ProgramData\3002.xml

2015-09-30 13:01 - 2014-10-24 12:43 - 00000000 ____D C:\Users\Student\Documents\Book Club

2015-09-29 16:08 - 2015-03-20 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-09-29 16:08 - 2015-03-20 15:38 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

2015-09-29 15:58 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Help

2015-09-28 21:51 - 2015-02-04 19:52 - 00000000 ____D C:\Users\Student\AppData\Roaming\Skype

2015-09-28 14:16 - 2015-02-04 19:51 - 00000000 ____D C:\ProgramData\Skype

2015-09-25 15:46 - 2013-04-16 14:55 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-09-25 15:46 - 2013-04-16 14:55 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-09-21 14:44 - 2014-09-19 09:06 - 00000000 ____D C:\Users\Student\Documents\Online Learning

2015-09-16 17:22 - 2015-02-04 19:51 - 00000000 ___RD C:\Program Files\Skype

2015-09-09 13:34 - 2014-09-19 08:55 - 00000000 ____D C:\Users\Student\Documents\Chemistry

2015-09-09 13:25 - 2014-04-09 10:30 - 00031328 __RSH C:\ProgramData\3002.abs

2015-09-04 22:42 - 2015-02-02 15:10 - 00000000 ____D C:\Program Files\Common Files\Steam

2015-09-03 19:11 - 2015-08-31 17:52 - 00000000 ____D C:\Program Files\Lightworks

2015-09-02 14:12 - 2013-04-10 19:17 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition

2015-09-02 14:10 - 2009-07-13 19:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

 

==================== Files in the root of some directories =======

 

2015-09-15 13:38 - 2015-09-15 13:39 - 0003749 _____ () C:\Users\Student\AppData\Roaming\My Profile.xml

2015-05-19 14:41 - 2015-05-19 14:42 - 0000000 _____ () C:\Users\Student\AppData\Local\{70D3E001-AD8E-4A72-B1B1-4236BB28EC5F}

2014-04-09 10:30 - 2015-09-09 13:25 - 0031328 __RSH () C:\ProgramData\3002.abs

2014-04-09 10:30 - 2015-09-30 14:53 - 0000154 __RSH () C:\ProgramData\3002.xml

2015-05-02 15:02 - 2015-05-02 15:02 - 0015568 __RSH () C:\ProgramData\3029.abs

 

Some files in TEMP:

====================

C:\Users\Student\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-08-13 13:26

 

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Logs look good, no malware or infection... Run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and bst Practices

Do I need a Registry Cleaner?

Take care and surf safe
 

Kevin... ;)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.