Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Posting a FRST log -- Possible protected malware


  • This topic is locked This topic is locked
56 replies to this topic

#1 Charlie123

Charlie123

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 06 June 2015 - 06:41 PM

Boopme suggested I create a log and post here.
 
Here is the original post http://www.bleepingcomputer.com/forums/t/576244/some-kind-of-junkware-is-mangling-my-computer/
 
--- General sluggishness, can't open MBAM, can't run ESET, Chrome often hangs with a "not responding".
 
Here are the logs:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2015
Ran by JamesTrevor (administrator) on TREVOR on 07-06-2015 07:25:10
Running from C:\Users\JamesTrevor\Desktop\Computer fix
Loaded Profiles: UpdatusUser & JamesTrevor (Available Profiles: UpdatusUser & JamesTrevor)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Flexera Software, Inc.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Copernic, a division of N. Harris Computer Systems) C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft) C:\Program Files (x86)\Evernote Sticky Notes\StickyNotes.Wpf.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dropbox, Inc.) C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
( Beijing WatchData System Co., Ltd.) C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDCertM_CCB.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
( Beijing WatchData System Co., Ltd.) C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(PureVPN) C:\Program Files (x86)\PureVPN\purevpn.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-08-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-08-01] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-09-29] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [OmniPage Preload] => C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe [2987880 2011-07-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [{0D5AF2B5-F3AE-4fb4-A7F9-0DC68E21E8B4}] => "C:\Users\JamesTrevor\AppData\Local\770bc6656ddf6c8f26bf2a92e4b368e3\770bc6656ddf6c8f26bf2a92e4b368e3.exe" startupby sysstart
HKLM-x32\...\Run: [wdcertm_ccb] => C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDCertM_CCB.exe [72232 2014-04-23] ( Beijing WatchData System Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1127797416-4057108860-4142931385-1001\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-12-29] ()
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\Run: [OpAgent] => "OpAgent.exe" /agent
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-21] (SUPERAntiSpyware)
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\Run: [uTorrent] => C:\Users\JamesTrevor\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-31] (BitTorrent Inc.)
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\Run: [OneDrive] => C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-22] (Microsoft Corporation)
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\Run: [Copernic.Utils] => C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe [1096976 2015-03-26] (Copernic, a division of N. Harris Computer Systems)
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\Run: [EDO-Soft Sticky Notes] => C:\Program Files (x86)\Evernote Sticky Notes\StickyNotes.Wpf.exe [373760 2014-02-23] (Microsoft)
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\Run: [GoogleChromeAutoLaunch_C8A0F9A04EE362D44F8817B4AFF21A65] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-23] (Google Inc.)
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\RunOnce: [Uninstall C:\Users\JamesTrevor\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JamesTrevor\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\RunOnce: [Uninstall C:\Users\JamesTrevor\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JamesTrevor\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\RunOnce: [Uninstall C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\RunOnce: [Uninstall C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64"
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\RunOnce: [Uninstall C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64"
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [203112 2012-10-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-09-15]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\Users\JamesTrevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-11-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\JamesTrevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-03-22]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\JamesTrevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk [2015-06-03]
ShortcutTarget: PureVPN.lnk -> C:\Program Files (x86)\PureVPN\purevpn.exe (PureVPN)
Startup: C:\Users\JamesTrevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-06-26]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {05EF7E59-667B-4929-98DB-FDF2F882FCF0} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1127797416-4057108860-4142931385-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002 -> {05EF7E59-667B-4929-98DB-FDF2F882FCF0} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-29] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-17] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-17] (Oracle Corporation)
DPF: HKLM {6CE20149-ABE3-462E-A1B4-5B549971AA38}
DPF: HKLM-x32 {B33FEBDC-FF38-4D0F-9C76-58C4733947AD} http://download.signgate.com/download/certmgt/3.0.0.28/AxSignGATE.cab
DPF: HKLM-x32 {C1143E84-B2B1-473B-9F20-E62DD754FCAF}
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 166.111.8.28 166.111.8.29
Tcpip\..\Interfaces\{22802237-47EE-473A-BB2D-00ECD604302F}: [NameServer] 8.8.8.8,208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\JamesTrevor\AppData\Roaming\Mozilla\Firefox\Profiles\dh7ux7zn.default
FF Homepage: hxxp://www.kvraudio.com/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll [2013-09-19] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll [2013-09-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @ccb.com.cn/CCBEnckey,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npCCBEnckey.dll [2014-04-23] ( )
FF Plugin-x32: @ccb.com.cn/CCBInfoScan,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npCCBInfoScan.dll [2014-04-23] ( )
FF Plugin-x32: @ccb.com.cn/CCBNetSignCom,version=1.0.0.1 -> C:\Program Files (x86)\CCBComponents\Plugins\npCCBNetSignCom.dll [2014-04-23] ( )
FF Plugin-x32: @ccb.com.cn/WDImportCertCtrl,version=1.0.0.2 -> C:\Program Files (x86)\CCBComponents\Plugins\npWDImportCertCtrl.dll [2014-04-23] (Watchdata (Beijing))
FF Plugin-x32: @ccb.com.cn/wdkctrl,version=1.0.0.2 -> C:\Program Files (x86)\CCBComponents\Plugins\npwdkctrl.dll [2014-04-23] (Watchdata (Beijing))
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @interezen.co.kr/npi3gmanager -> C:\Program Files (x86)\Interezen\Plugins\NPI3GManager.dll [2014-07-23] (Interezen © Interezen.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-08-18] (Microsoft Corporation)
FF Plugin-x32: @softforum.com/npKeyPro -> C:\Windows\system32\npKeyPro.dll No File
FF Plugin-x32: @softforum.com/npXecureMacuxNPPlugin -> C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll [2013-03-28] (Softforum, Inc.)
FF Plugin-x32: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2014-10-01] (SoftForum Co., Ltd.)
FF Plugin-x32: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2014-10-01] (SoftForum Co., Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: @wizvera.com/npverain -> C:\Program Files (x86)\Wizvera\Verain\npverain.dll [2010-04-12] ( )
FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [2013-02-28] ()
FF Plugin-x32: @www.ubikey.co.kr/application/npvinetransfer-plugin -> C:\Program Files (x86)\INFovine\npVineTransfer.dll [2013-12-18] (INFOVINE)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1127797416-4057108860-4142931385-1001: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2014-10-01] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-1127797416-4057108860-4142931385-1002: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2014-10-01] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-1127797416-4057108860-4142931385-1002: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2014-10-01] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-1127797416-4057108860-4142931385-1002: @www.ubikey.co.kr/application/npvinetransfer-plugin -> C:\Program Files (x86)\INFovine\npVineTransfer.dll [2013-12-18] (INFOVINE)
FF Plugin HKU\S-1-5-21-1127797416-4057108860-4142931385-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\JamesTrevor\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2015-04-03] (Zoom Video Communications, Inc.)
FF Extension: Avira Browser Safety - C:\Users\JamesTrevor\AppData\Roaming\Mozilla\Firefox\Profiles\dh7ux7zn.default\Extensions\abs@avira.com [2015-06-07]
FF Extension: Evernote Web Clipper - C:\Users\JamesTrevor\AppData\Roaming\Mozilla\Firefox\Profiles\dh7ux7zn.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2015-04-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-01-17]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-01-17]
FF HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\Firefox\Extensions: [{b9aa91db-385d-4c69-8a2f-96790aa9405b}] - c:\program files (x86)\copernic\desktopsearch4\firefoxconnector
FF Extension: Copernic Desktop Search - Search Firefox content - c:\program files (x86)\copernic\desktopsearch4\firefoxconnector [2015-05-11]

Chrome:
=======
CHR Profile: C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (My Diary) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\adolnkbfnlkkefhlhnjogliicljjfnip [2014-12-20]
CHR Extension: (OpenOffice Writer on rollApp) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aefnmlhnadcihhnfplfbmcmodoiannan [2015-03-27]
CHR Extension: (Google Docs) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-17]
CHR Extension: (Google Drive) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-17]
CHR Extension: (Learn Chinese Free - ChineseClass101.com) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcmieabeoipdopbmkjihegojojbnenhi [2014-09-18]
CHR Extension: (Todoist for Chromebook) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjohebimpjdhhocbknplfelpmdhifhd [2015-03-13]
CHR Extension: (YouTube) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-17]
CHR Extension: (Multiplayer Piano) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbadoggeokhliehfonkefnfcbgocojid [2014-09-19]
CHR Extension: (Strict Workflow) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd [2014-09-18]
CHR Extension: (TypingWeb Typing Tutor) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\clcgempicojkfhpnepfecmklndooebjk [2013-08-17]
CHR Extension: (Copernic Desktop Search Connector) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnnbdaahphjgdgfhliignpepgnbnfomp [2015-05-12]
CHR Extension: (Google Search) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-17]
CHR Extension: (Timout - Time Management) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dekpabfaimofbinkbjlgdkkecodejmbf [2014-09-18]
CHR Extension: (Fast Track Chinese) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnnhomljflhmmbbjbnpkdonimimlgoa [2014-09-18]
CHR Extension: (Timer) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2014-09-18]
CHR Extension: (Chinese Tutor Flashcards) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\egbbefchlgcnhjoncjebmkffamidfhae [2014-09-18]
CHR Extension: (Block site) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2014-02-22]
CHR Extension: (Google Calendar) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-09-18]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2014-09-18]
CHR Extension: (NetBank) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnpedghacgigoamalnfnikaagobdbjp [2013-08-17]
CHR Extension: (Chinese Tutor Extension) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfieiijcebhmabioenbhbeegmakmabil [2014-09-18]
CHR Extension: (Bookmark Manager) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-23]
CHR Extension: (Yast - The World's Easiest Time Tracker) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gokleigpmoameleoajncmkmajedgfgbk [2014-09-18]
CHR Extension: (Timer) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepmlgghomccjinhcnkkikjpgkjibglj [2014-09-18]
CHR Extension: (Chess!) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhajejfkogjnnkenablkhgkdmmenbjgh [2014-09-18]
CHR Extension: (Google Keep - notes and lists) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-03-07]
CHR Extension: (Learn Chinese) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\iejkaamcgcfdijjlendhfafhhaopfnbb [2014-09-18]
CHR Extension: (My Diary) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\igfnkanfehhehlajnhpajibfcfgkaikl [2014-12-20]
CHR Extension: (Dropbox) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-09-18]
CHR Extension: (Clearly) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-03-07]
CHR Extension: (Spreed - speed read the web) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2015-04-06]
CHR Extension: (Google Tasks Offline (Unofficial)) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekhpicinnaamcmadbipjejafgkjdokh [2014-09-18]
CHR Extension: (Zoho Writer) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeidloagadfcohacebhbkkapgpiddj [2014-04-07]
CHR Extension: (Typing Test - KeyHero) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2014-07-30]
CHR Extension: (Go Learn Chinese Vocabulary Trainer) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbkfhomilgglkeobhbkkgogekijnanb [2014-09-18]
CHR Extension: (MomoNote) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\keopbahlldeedfhgiajhndlkjdiekfpl [2013-10-12]
CHR Extension: (Zhongwen: A Chinese-English Popup Dictionary) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde [2015-05-16]
CHR Extension: (Google Play) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-09-18]
CHR Extension: (Evernote Web) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-06-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Skype Click to Call) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-08]
CHR Extension: (Mindomo - Mind Mapping Made Easy) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lomfkamlboaefcpcnnklebogoelalnjm [2015-04-25]
CHR Extension: (Quick Note) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2013-09-10]
CHR Extension: (My Time Organizer) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbgjpoemniodpkigbjkleiaoifclhfdm [2014-12-12]
CHR Extension: (To Do List) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncecfaonfegfhpgknfcepbfjlnojigde [2014-09-18]
CHR Extension: (MindMapr) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkigggmlihigheckmmebgogbgdmllpo [2014-09-19]
CHR Extension: (Google Wallet) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-18]
CHR Extension: (Wunderlist for Chrome) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2015-02-17]
CHR Extension: (WorkFlowy Bookmark) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknfkolnjpnnnnmafomkfieledeepfdo [2014-05-03]
CHR Extension: (Pomodoro) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\opodpodbjdmaealpookfkofenoboahfe [2014-09-18]
CHR Extension: (SiteBlock) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2013-08-17]
CHR Extension: (The Outliner of Giants) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgooeakhpabfakhgeffedillidofnbcf [2014-07-19]
CHR Extension: (Evernote Web Clipper) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-08-17]
CHR Extension: (Gmail) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-17]
CHR Extension: (Connected Mind) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmkffmgahaepmhkhkblhopnpleeikokc [2014-05-03]
CHR HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cnnbdaahphjgdgfhliignpepgnbnfomp] - c:\program files (x86)\copernic\desktopsearch4\ChromeConnector\ChromeConnector.crx [2015-03-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-01-21] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2013-04-12] (CrypKey (Canada) Ltd.) [File not signed]
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-09-05] (Acer Incorporated)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-01-13] (Ellora Assets Corp.) [File not signed]
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-02-16] (Hi-Rez Studios) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MSSQL$QSRNVIVO10; c:\Program Files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [32568 2015-01-28] (The OpenVPN Project)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-12-29] (Dritek System INC.)
S4 SQLAgent$QSRNVIVO10; c:\Program Files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 WDMonitorCCB; C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe [141704 2014-05-09] ( Beijing WatchData System Co., Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-09-27] (Atheros) [File not signed]
S3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-07] (ASIX Electronics Corp.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-29] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [20384 2014-07-23] (RaonSecure Co., Ltd.)
S3 kcrtx64; C:\Windows\system32\kcrtx64.sys [141848 2014-11-21] (Kings Information & Network)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\System32\ckldrv.sys [31416 2013-04-12] ()
R3 NIWinCDEmu; C:\Windows\System32\drivers\NIWinCDEmu.sys [112408 2014-12-23] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-12-29] (Dritek System Inc.)
S3 RDID1100; C:\Windows\system32\Drivers\rdwm1100.sys [158848 2013-08-18] (Roland Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-14] (Synaptics Incorporated)
R1 vrvd5; C:\Windows\system32\DRIVERS\vrvd5.sys [13344 2013-12-02] (Rsupport Corporation)
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssas64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-07 07:22 - 2015-06-07 07:25 - 00000000 ____D C:\FRST
2015-06-06 21:46 - 2015-06-06 21:46 - 00793937 _____ C:\Users\JamesTrevor\Downloads\(Linguae & Litterae) Dorothee Birke, Tilmann Köppe-Author and Narrator_ Transdisciplinary Contributions to a Narratological Debate-De Gruyter (2015) (2).epub
2015-06-06 19:15 - 2015-06-06 21:07 - 00000000 ____D C:\Users\Public\Documents\TEMP
2015-06-06 19:15 - 2015-06-06 19:15 - 00001178 _____ C:\Users\Public\Desktop\CCB E Safety Internet Banking Security detection Tools.lnk
2015-06-06 19:15 - 2014-04-23 20:23 - 00116064 _____ () C:\Windows\SysWOW64\WDCCB.dll
2015-06-06 19:15 - 2014-04-23 20:23 - 00053248 _____ ( Beijing WatchData System Co., Ltd.) C:\Windows\SysWOW64\WDCCBpkcs11.dll
2015-06-06 19:14 - 2015-06-06 19:15 - 00000000 ____D C:\Windows\SysWOW64\WatchData
2015-06-06 19:14 - 2015-06-06 19:14 - 00000000 ____D C:\Users\JamesTrevor\Downloads\Öйú½¨ÉèÒøÐжþ´úÍøÒø¶Ü£Å·»¤º½°²È«×é¼þ£¨ÎÕÆ棩
2015-06-06 19:13 - 2015-06-06 19:13 - 05230501 _____ C:\Users\JamesTrevor\Downloads\Öйú½¨ÉèÒøÐжþ´úÍøÒø¶Ü£Å·»¤º½°²È«×é¼þ£¨ÎÕÆ棩.rar
2015-06-06 08:24 - 2015-06-06 08:24 - 00000000 ___HD C:\OneDriveTemp
2015-06-06 04:12 - 2015-06-06 04:12 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-06 04:12 - 2015-06-06 04:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-06 04:11 - 2015-06-06 04:11 - 00931408 _____ (Google Inc.) C:\Users\JamesTrevor\Downloads\ChromeSetup.exe
2015-06-06 02:34 - 2015-06-06 02:34 - 00000136 _____ C:\Users\JamesTrevor\Downloads\winsockfix (1).bat
2015-06-05 19:54 - 2015-06-07 04:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-05 19:54 - 2015-06-05 19:54 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-05 19:54 - 2015-06-05 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-05 19:54 - 2015-06-05 19:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-05 19:54 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-05 19:54 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-05 19:54 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-05 16:12 - 2015-06-05 16:12 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
2015-06-05 08:58 - 2015-06-05 08:58 - 00000136 _____ C:\Users\JamesTrevor\Downloads\winsockfix.bat
2015-06-05 01:16 - 2015-06-05 01:22 - 00000000 ____D C:\Users\JamesTrevor\Downloads\David Bowie -The Platinum Collection (2006)
2015-06-04 15:59 - 2015-06-04 16:00 - 04455693 _____ C:\Users\JamesTrevor\Downloads\Adam Nicolson-Why Homer Matters-Henry Holt and Co. (2014).epub
2015-06-04 06:31 - 2015-06-04 06:31 - 00002585 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote Sticky Notes.lnk
2015-06-04 06:31 - 2015-06-04 06:31 - 00002573 _____ C:\Users\Public\Desktop\Evernote Sticky Notes.lnk
2015-06-04 06:31 - 2015-06-04 06:31 - 00000000 ____D C:\Program Files (x86)\Evernote Sticky Notes
2015-06-03 01:47 - 2015-06-03 01:47 - 00005605 _____ C:\Users\JamesTrevor\Desktop\!@Purevpn password and username.txt
2015-06-03 01:08 - 2015-06-03 01:13 - 00000000 ____D C:\ProgramData\purevpn
2015-06-03 01:08 - 2015-06-03 01:11 - 00001091 _____ C:\Users\Public\Desktop\PureVPN.lnk
2015-06-03 01:08 - 2015-06-03 01:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureVPN
2015-06-03 01:08 - 2015-06-03 01:11 - 00000000 ____D C:\Program Files (x86)\PureVPN
2015-06-03 00:53 - 2015-06-03 00:54 - 11311448 _____ (PureVPN ) C:\Users\JamesTrevor\Downloads\purevpn_setup.exe
2015-06-03 00:34 - 2015-06-03 00:34 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-03 00:28 - 2015-06-07 07:25 - 00000000 ____D C:\Users\JamesTrevor\Desktop\Computer fix
2015-06-02 01:13 - 2015-06-02 01:13 - 00441560 _____ (PureVPN ) C:\Users\JamesTrevor\Downloads\purevpn_windows (5).exe
2015-05-31 23:17 - 2015-06-04 15:44 - 00000000 ____D C:\Users\JamesTrevor\Downloads\John Gorka - Bright Side Of Down (2014)
2015-05-31 16:21 - 2015-05-31 16:21 - 00000000 ____D C:\Users\JamesTrevor\Documents\Files from Zoom TF card
2015-05-31 15:07 - 2015-05-31 16:25 - 00000000 ____D C:\Users\JamesTrevor\Documents\Disc 1
2015-05-31 08:42 - 2015-05-31 08:42 - 02575855 _____ C:\Users\JamesTrevor\Downloads\Files.zip
2015-05-30 20:07 - 2015-05-30 20:07 - 00356096 _____ C:\Users\JamesTrevor\Downloads\(cliffs notes) stanley p. baldwin-the odyssey -cliffs notes (2000).epub
2015-05-30 11:56 - 2015-05-30 11:56 - 00000000 ____D C:\Users\JamesTrevor\Documents\Audible
2015-05-30 05:50 - 2015-05-30 05:50 - 00000000 ____D C:\Users\JamesTrevor\Documents\181268e1f8fda0e1c320a67e60820a85
2015-05-29 18:02 - 2015-05-29 18:02 - 00406651 _____ C:\Users\JamesTrevor\Downloads\Roland_Barthes-S_Z-Hill_and_Wang(1974) (1).epub
2015-05-29 18:01 - 2015-05-29 18:01 - 00516206 _____ C:\Users\JamesTrevor\Downloads\Roland_Barthes-S_Z-Hill_and_Wang(1974).txt
2015-05-29 18:01 - 2015-05-29 18:01 - 00406651 _____ C:\Users\JamesTrevor\Downloads\Roland_Barthes-S_Z-Hill_and_Wang(1974).epub
2015-05-29 16:25 - 2015-05-29 16:25 - 00000594 _____ C:\Users\JamesTrevor\Desktop\159.full.html
2015-05-29 06:59 - 2015-06-05 10:31 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1127797416-4057108860-4142931385-1002
2015-05-28 04:35 - 2015-05-28 05:08 - 00000000 ____D C:\Users\JamesTrevor\Documents\KAIST application
2015-05-27 17:49 - 2015-05-27 17:50 - 00885904 _____ C:\Windows\Minidump\052715-70437-01.dmp
2015-05-27 02:43 - 2015-05-27 02:48 - 00000022 _____ C:\Users\JamesTrevor\Downloads\toepub (2).zip
2015-05-26 03:06 - 2015-05-26 03:06 - 05324288 _____ C:\Users\JamesTrevor\Downloads\Growing_Old_(Absolutely_Stunning_Photos).pps
2015-05-25 17:55 - 2015-05-25 17:55 - 00000000 ____D C:\Users\JamesTrevor\AppData\Roaming\TuneSmith
2015-05-25 17:55 - 2015-05-25 17:55 - 00000000 ____D C:\Users\JamesTrevor\AppData\Roaming\24U
2015-05-25 17:55 - 2015-05-25 17:55 - 00000000 ____D C:\ProgramData\24U
2015-05-25 17:54 - 2015-05-25 17:54 - 00002026 _____ C:\ProgramData\Microsoft\Windows\Start Menu\TuneSmith.lnk
2015-05-25 17:54 - 2015-05-25 17:54 - 00002020 _____ C:\Users\Public\Desktop\TuneSmith.lnk
2015-05-25 17:53 - 2015-05-25 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneSmith
2015-05-25 17:44 - 2015-05-25 17:47 - 37915648 _____ (Idolumic) C:\Users\JamesTrevor\Downloads\install_tunesmith.exe
2015-05-25 06:04 - 2015-05-25 06:04 - 00441560 _____ (PureVPN ) C:\Users\JamesTrevor\Downloads\purevpn_windows (4).exe
2015-05-23 20:01 - 2015-05-23 20:01 - 00000149 _____ C:\Users\JamesTrevor\Downloads\Studies_of_the_Greek_Poets.enw
2015-05-23 09:19 - 2015-05-23 09:19 - 00000191 _____ C:\Users\JamesTrevor\Downloads\scholar.enw
2015-05-23 03:54 - 2015-05-23 03:54 - 00000571 _____ C:\Users\JamesTrevor\Downloads\citations.ris
2015-05-22 15:19 - 2015-05-22 15:19 - 00920170 _____ C:\Users\JamesTrevor\Downloads\Leo Tolstoy-Anna Karenina (Penguin Classics)-Penguin Books USA, Inc. (2002).epub
2015-05-22 11:26 - 2015-05-22 11:27 - 26932057 _____ C:\Users\JamesTrevor\Downloads\Amlit resources_606403084.zip
2015-05-22 06:36 - 2015-05-22 06:36 - 00000297 _____ C:\Users\JamesTrevor\Downloads\Dictionnary_of_the_English_Language_with.enw
2015-05-22 04:49 - 2015-05-22 04:49 - 00793933 _____ C:\Users\JamesTrevor\Downloads\Author and Narrator_ Transdisciplinary Contributions to a Narratological Debate-De Gruyter (2015) Dorothee Birke.epub
2015-05-21 15:48 - 2015-05-21 15:48 - 00793933 _____ C:\Users\JamesTrevor\Downloads\(Linguae & Litterae) Dorothee Birke, Tilmann Köppe-Author and Narrator_ Transdisciplinary Contributions to a Narratological Debate-De Gruyter (2015).epub
2015-05-21 15:48 - 2015-05-21 15:48 - 00793933 _____ C:\Users\JamesTrevor\Downloads\(Linguae & Litterae) Dorothee Birke, Tilmann Köppe-Author and Narrator_ Transdisciplinary Contributions to a Narratological Debate-De Gruyter (2015) (1).epub
2015-05-21 15:47 - 2015-05-21 15:47 - 00793985 _____ C:\Users\JamesTrevor\Downloads\toepub (1).zip
2015-05-19 07:17 - 2015-06-06 21:47 - 00000000 ___RD C:\Users\JamesTrevor\iCloudDrive
2015-05-19 07:17 - 2015-05-19 07:17 - 00000000 ____D C:\Users\JamesTrevor\AppData\Local\Apple Inc
2015-05-19 07:08 - 2015-05-19 07:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-05-19 07:04 - 2015-05-19 07:05 - 71807792 _____ (Apple Inc.) C:\Users\JamesTrevor\Downloads\iCloudSetup (1).exe
2015-05-19 06:05 - 2015-05-19 06:06 - 00000022 _____ C:\Users\JamesTrevor\Downloads\toepub.zip
2015-05-18 06:06 - 2015-05-18 06:06 - 01417216 _____ C:\Users\JamesTrevor\Downloads\crj301SamplePresentation.ppt
2015-05-18 06:01 - 2015-05-18 06:01 - 00212992 _____ C:\Users\JamesTrevor\Downloads\research.ppt
2015-05-18 05:52 - 2015-05-18 05:55 - 01850368 _____ C:\Users\JamesTrevor\Downloads\Chapter 1 what is sociology f.PPT
2015-05-18 05:48 - 2015-05-18 05:49 - 00155136 _____ C:\Users\JamesTrevor\Downloads\SOCIO101.PPT
2015-05-17 16:00 - 2015-05-17 16:00 - 00277068 _____ C:\Users\JamesTrevor\Downloads\anthony s. abbott-ralph ellisons the invisible man  .epub
2015-05-17 12:05 - 2015-05-17 12:05 - 00187900 _____ C:\Users\JamesTrevor\Downloads\Jeanne Inness, James L. Roberts-Ellison's The Invisible Man (Cliffs Notes)-Cliffs Notes (1969).epub
2015-05-17 11:45 - 2015-05-17 11:45 - 00002507 _____ C:\Users\Public\Desktop\Evernote.lnk
2015-05-17 11:45 - 2015-05-17 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-05-17 11:28 - 2015-05-17 11:28 - 00231220 _____ C:\Users\JamesTrevor\Downloads\RMSA.pptx
2015-05-17 10:20 - 2015-05-22 05:29 - 00000000 ____D C:\Users\JamesTrevor\Documents\!Sunshine
2015-05-17 09:57 - 2015-05-17 10:00 - 00000000 ____D C:\Users\JamesTrevor\AppData\Roaming\TypingMaster7
2015-05-17 09:57 - 2015-05-17 09:57 - 00001096 _____ C:\Users\Public\Desktop\TypingMaster Pro.lnk
2015-05-17 09:57 - 2015-05-17 09:57 - 00000000 ___RD C:\Program Files (x86)\TypingMaster
2015-05-17 09:57 - 2015-05-17 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TypingMaster
2015-05-17 09:54 - 2015-05-17 09:55 - 09434048 _____ (TypingMaster Inc ) C:\Users\JamesTrevor\Downloads\TypingMaster710install.exe
2015-05-17 09:42 - 2015-05-18 04:44 - 00023118 _____ C:\Users\JamesTrevor\Documents\!Sunshine May 2015.wbk
2015-05-17 09:42 - 2015-05-17 09:42 - 00019661 _____ C:\Users\JamesTrevor\Documents\LastSave.wbk
2015-05-17 07:51 - 2015-05-17 12:17 - 00000000 ____D C:\Users\JamesTrevor\.freemind
2015-05-17 07:42 - 2015-05-17 07:42 - 00001123 _____ C:\Users\JamesTrevor\AppData\Roaming\Microsoft\Windows\Start Menu\FreeMind.lnk
2015-05-17 07:42 - 2015-05-17 07:42 - 00001099 _____ C:\Users\JamesTrevor\Desktop\FreeMind.lnk
2015-05-17 07:42 - 2015-05-17 07:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind
2015-05-17 07:42 - 2015-05-17 07:42 - 00000000 ____D C:\Program Files (x86)\FreeMind
2015-05-17 07:42 - 2015-05-17 07:41 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-17 07:41 - 2015-05-17 07:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-17 07:41 - 2015-05-17 07:41 - 00000000 ____D C:\Program Files (x86)\Java
2015-05-17 07:36 - 2015-05-17 07:37 - 00562272 _____ (Oracle Corporation) C:\Users\JamesTrevor\Downloads\chromeinstall-8u45.exe
2015-05-17 07:34 - 2015-05-17 07:35 - 37675279 _____ ( ) C:\Users\JamesTrevor\Downloads\FreeMind-Windows-Installer-1.0.1-max.exe
2015-05-17 06:33 - 2015-05-23 20:24 - 00053682 _____ C:\Users\JamesTrevor\Documents\My EndNote Library.enl
2015-05-17 06:33 - 2015-05-17 06:33 - 00000000 ____D C:\Users\JamesTrevor\Documents\My EndNote Library.Data
2015-05-17 05:58 - 2015-05-17 06:01 - 00000000 ____D C:\Users\Public\Documents\EndNote
2015-05-16 11:27 - 2015-05-16 11:27 - 00000000 ____D C:\Users\JamesTrevor\AppData\Local\IsolatedStorage
2015-05-16 11:22 - 2015-05-17 05:21 - 00000000 ____D C:\Program Files (x86)\Writer's Blocks 4
2015-05-16 11:22 - 2015-05-16 11:22 - 00003120 _____ C:\Windows\SysWOW64\8UTE87VV.ocx
2015-05-16 11:22 - 2015-05-16 11:22 - 00003120 _____ C:\Windows\SysWOW64\62WHCJ5H.ocx
2015-05-16 11:22 - 2015-05-16 11:22 - 00003120 _____ C:\Windows\SysWOW64\29J6LTGH.ocx
2015-05-16 11:22 - 2015-05-16 11:22 - 00003120 _____ C:\Windows\FHMHRSIC.ocx
2015-05-16 11:22 - 2015-05-16 11:22 - 00003120 _____ C:\Windows\BSO9GEK4.ocx
2015-05-16 11:22 - 2015-05-16 11:22 - 00003120 _____ C:\Windows\B7NERBMF.ocx
2015-05-16 11:22 - 2015-05-16 11:22 - 00001180 _____ C:\Users\Public\Desktop\Writer's Blocks 4.lnk
2015-05-16 11:22 - 2015-05-16 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Writer's Blocks 4
2015-05-16 11:12 - 2015-05-16 11:15 - 24860912 _____ (Ashley Software) C:\Users\JamesTrevor\Downloads\wb4trialsetup.exe
2015-05-16 08:15 - 2015-05-16 08:16 - 00000000 ____D C:\Users\JamesTrevor\Documents\junkware cleaning files
2015-05-16 06:44 - 2015-05-16 06:44 - 00000207 _____ C:\Windows\tweaking.com-regbackup-TREVOR-Windows-8-(64-bit).dat
2015-05-16 06:44 - 2015-05-16 06:44 - 00000000 ____D C:\RegBackup
2015-05-16 06:40 - 2015-05-16 06:41 - 02721175 _____ (Thisisu) C:\Users\JamesTrevor\Downloads\JRT.exe
2015-05-14 16:41 - 2015-05-14 16:41 - 01987448 _____ C:\Users\JamesTrevor\Downloads\iliad fagles translation (1).epub
2015-05-14 00:52 - 2015-05-14 00:52 - 00000000 ____D C:\Users\JamesTrevor\AppData\Roaming\DigitalVolcano
2015-05-14 00:45 - 2015-05-14 00:46 - 05172392 _____ (DigitalVolcano Software Ltd) C:\Users\JamesTrevor\Downloads\DuplicateCleaner_setup.exe
2015-05-13 06:10 - 2015-05-13 06:10 - 00000039 _____ C:\Users\JamesTrevor\Downloads\Serial.txt
2015-05-13 02:23 - 2015-05-13 02:23 - 01068032 _____ C:\Users\JamesTrevor\Downloads\TheRomantics (1).ppt
2015-05-13 02:21 - 2015-05-13 02:21 - 01068032 _____ C:\Users\JamesTrevor\Downloads\TheRomantics.ppt
2015-05-12 17:54 - 2015-05-12 17:54 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2015-05-11 19:18 - 2015-05-11 19:18 - 00002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Copernic Desktop Search 4.lnk
2015-05-11 19:18 - 2015-05-11 19:18 - 00002132 _____ C:\Users\Public\Desktop\Copernic Desktop Search 4.lnk
2015-05-11 19:18 - 2015-05-11 19:18 - 00000000 ____D C:\Program Files (x86)\Copernic
2015-05-11 19:14 - 2015-05-11 19:15 - 22008080 _____ (Copernic, a division of N. Harris Computer Systems) C:\Users\JamesTrevor\Downloads\Copernic_Desktop_Search_-_4.3.0.7665.exe
2015-05-10 12:17 - 2015-05-10 12:17 - 00000000 ____D C:\Users\Public\Documents\Baidu Security
2015-05-10 12:17 - 2015-05-10 12:17 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-05-10 11:47 - 2015-05-10 11:49 - 00000000 ____D C:\Users\JamesTrevor\Pristine
2015-05-10 10:59 - 2015-05-10 10:59 - 00000000 ____D C:\ProgramData\Copernic
2015-05-10 10:57 - 2015-05-10 10:57 - 00000000 ____D C:\Users\JamesTrevor\AppData\Local\Copernic
2015-05-10 10:50 - 2015-05-10 10:54 - 22008080 _____ (Copernic, a division of N. Harris Computer Systems) C:\Users\JamesTrevor\Downloads\copernicdesktopsearch.exe
2015-05-10 10:11 - 2015-05-21 16:04 - 00000000 ____D C:\Users\JamesTrevor\Documents\!PDF's
2015-05-10 09:59 - 2015-05-30 11:36 - 00000000 ____D C:\Users\JamesTrevor\Documents\!Teaching
2015-05-10 09:59 - 2015-05-29 18:55 - 00000000 ____D C:\Users\JamesTrevor\Documents\!Personal
2015-05-10 09:59 - 2015-05-16 14:50 - 00000000 ____D C:\Users\JamesTrevor\Documents\!Study
2015-05-09 22:10 - 2015-05-09 22:10 - 00483170 _____ C:\Users\JamesTrevor\Downloads\(blooms guides) harold bloom-homers the iliad-chelsea house publishers (2006) (1).epub
2015-05-09 19:45 - 2015-05-09 19:48 - 04194304 _____ C:\Users\JamesTrevor\Documents\Nvivo for personal use.nvp
2015-05-09 19:32 - 2015-05-09 19:33 - 23071597 _____ C:\Users\JamesTrevor\Downloads\the greek mind-walter r. agard- van nostrand (1957).mobi
2015-05-09 17:49 - 2015-05-09 17:50 - 06656429 _____ C:\Users\JamesTrevor\Downloads\[Christopher_Gill]_The_Person_and_the_Human_Mind_(BookZZ.org).djvu
2015-05-09 17:45 - 2015-05-09 17:45 - 03950860 _____ C:\Users\JamesTrevor\Downloads\[Christopher_Gill,_T.P._Wiseman]_Lies_and_Fiction_(BookZZ.org).djvu
2015-05-09 17:09 - 2015-05-16 13:10 - 00002240 _____ C:\Windows\system32\esnecil.ind
2015-05-09 17:09 - 2015-05-16 13:10 - 00000004 _____ C:\Windows\vx86036.dat
2015-05-09 17:08 - 2015-06-06 21:10 - 00003290 _____ C:\Windows\errord.log
2015-05-09 17:08 - 2015-06-06 21:10 - 00002564 _____ C:\Windows\error.log
2015-05-09 17:08 - 2015-05-09 17:09 - 00000000 ____D C:\ProgramData\CrypKey
2015-05-09 17:08 - 2015-05-09 17:08 - 00001965 _____ C:\Users\Public\Desktop\AceReader Elite.lnk
2015-05-09 17:08 - 2015-05-09 17:08 - 00000055 _____ C:\Windows\Crypkey.ini
2015-05-09 17:08 - 2015-05-09 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AceReader Elite
2015-05-09 17:08 - 2013-04-12 08:07 - 00031416 _____ C:\Windows\system32\Ckldrv.sys
2015-05-09 17:08 - 2013-04-12 05:31 - 00126976 _____ (CrypKey (Canada) Ltd.) C:\Windows\system32\Crypserv.exe
2015-05-09 17:08 - 2010-01-21 00:28 - 00165888 ____R (Kenonic Controls) C:\Windows\Ckconfig.exe
2015-05-09 17:08 - 2010-01-21 00:28 - 00011776 _____ C:\Windows\Ckrfresh.exe
2015-05-09 17:07 - 2015-05-09 17:12 - 00000000 ____D C:\ProgramData\AceReader Elite
2015-05-09 17:07 - 2015-05-09 17:08 - 00000000 ____D C:\Program Files (x86)\AceReader Elite
2015-05-09 16:56 - 2015-05-09 17:07 - 48529440 _____ ( StepWare, Inc.) C:\Users\JamesTrevor\Downloads\are.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-07 07:22 - 2014-07-31 14:47 - 00004990 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for TREVOR-JamesTrevor Trevor
2015-06-07 07:21 - 2012-12-29 08:34 - 02084880 _____ C:\Windows\WindowsUpdate.log
2015-06-07 07:14 - 2013-08-17 16:47 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-07 07:00 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\sru
2015-06-07 04:56 - 2013-08-17 16:47 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-06 22:55 - 2012-12-29 09:17 - 00000000 ____D C:\ProgramData\Temp
2015-06-06 21:47 - 2013-08-21 08:26 - 00000000 ___RD C:\Users\JamesTrevor\Dropbox
2015-06-06 21:30 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\system32\NDF
2015-06-06 21:19 - 2013-08-21 08:20 - 00000000 ____D C:\Users\JamesTrevor\AppData\Roaming\Dropbox
2015-06-06 21:15 - 2014-07-31 14:47 - 00000000 ___RD C:\Users\JamesTrevor\OneDrive
2015-06-06 21:11 - 2012-07-26 13:26 - 00000144 _____ C:\Windows\win.ini
2015-06-06 21:10 - 2012-09-15 03:43 - 00053284 _____ C:\Windows\system32\wpbbin.exe
2015-06-06 21:10 - 2012-07-26 15:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-06 21:09 - 2012-07-26 13:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-06 19:34 - 2013-08-19 09:26 - 00000000 ____D C:\Users\JamesTrevor\AppData\Local\CrashDumps
2015-06-06 16:34 - 2014-10-23 22:16 - 00501610 _____ C:\Windows\system32\prfh0804.dat
2015-06-06 16:34 - 2014-10-23 22:16 - 00161178 _____ C:\Windows\system32\prfc0804.dat
2015-06-06 16:34 - 2012-07-26 15:28 - 01586922 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-06 16:24 - 2013-08-17 16:46 - 00000000 ____D C:\Users\JamesTrevor\AppData\Local\Deployment
2015-06-06 09:57 - 2014-01-31 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-06 09:29 - 2013-08-18 07:37 - 00000000 ____D C:\Users\JamesTrevor\AppData\Roaming\vlc
2015-06-06 08:09 - 2012-08-04 01:14 - 00788814 _____ C:\Windows\PFRO.log
2015-06-06 04:12 - 2013-08-17 16:47 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-06 02:37 - 2014-11-07 13:44 - 00000000 ____D C:\Users\JamesTrevor\AppData\Roaming\Skype
2015-06-05 16:12 - 2014-11-12 17:07 - 00006582 _____ C:\Windows\setupact.log
2015-06-05 09:53 - 2014-11-07 13:44 - 00000000 ____D C:\ProgramData\Skype
2015-06-05 09:17 - 2013-09-17 23:04 - 00000000 ____D C:\Users\JamesTrevor\AppData\Roaming\uTorrent
2015-06-04 21:18 - 2013-12-13 20:34 - 01331712 ___SH C:\Users\JamesTrevor\Downloads\Thumbs.db
2015-06-04 06:31 - 2013-09-15 20:29 - 00000000 ____D C:\Users\JamesTrevor\AppData\Local\Downloaded Installations
2015-06-04 05:38 - 2014-08-25 23:30 - 00000000 ____D C:\Users\JamesTrevor\AppData\Local\770bc6656ddf6c8f26bf2a92e4b368e3
2015-06-04 05:12 - 2014-07-26 21:23 - 00000000 ____D C:\AdwCleaner
2015-06-03 10:45 - 2015-05-03 17:47 - 00000000 ____D C:\Users\JamesTrevor\Downloads\Bluegrass Collection @ 320
2015-06-01 05:55 - 2015-05-02 10:38 - 00000000 ____D C:\Users\JamesTrevor\AppData\Roaming\iMazing
2015-05-31 19:21 - 2015-05-02 10:36 - 00001121 _____ C:\Users\Public\Desktop\iMazing.lnk
2015-05-31 19:21 - 2015-05-02 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMazing
2015-05-31 16:25 - 2014-01-08 14:01 - 00000000 ____D C:\Users\JamesTrevor\Documents\ZOOM_R8
2015-05-31 16:25 - 2014-01-08 14:00 - 00000000 ___RD C:\Users\JamesTrevor\Documents\CubaseLE_template_WIN
2015-05-31 16:25 - 2014-01-08 14:00 - 00000000 ___RD C:\Users\JamesTrevor\Documents\CubaseLE_template_MAC
2015-05-31 16:22 - 2014-01-08 14:00 - 00000000 ____D C:\Users\JamesTrevor\Documents\Manuals
2015-05-29 00:56 - 2014-11-07 13:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-28 17:47 - 2015-03-27 18:53 - 00000000 ____D C:\Users\JamesTrevor\Documents\Evernote attachments march 2015
2015-05-28 04:31 - 2013-08-24 16:50 - 02413568 ___SH C:\Users\JamesTrevor\Desktop\Thumbs.db
2015-05-28 04:26 - 2015-02-03 08:15 - 00000000 ____D C:\Users\JamesTrevor\Documents\desktop empty
2015-05-27 17:49 - 2014-06-26 08:59 - 00000000 ____D C:\Windows\Minidump
2015-05-27 17:49 - 2012-12-29 08:45 - 00434592 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-27 17:48 - 2014-12-13 18:23 - 754767218 _____ C:\Windows\MEMORY.DMP
2015-05-26 03:19 - 2013-08-17 15:05 - 00000000 ____D C:\Users\JamesTrevor\AppData\Local\Packages
2015-05-25 17:53 - 2014-07-29 20:00 - 00000000 ____D C:\Program Files (x86)\Idolumic
2015-05-23 19:56 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-05-22 19:07 - 2014-07-31 14:46 - 00002281 _____ C:\Users\JamesTrevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-05-22 08:30 - 2013-10-13 14:37 - 00524800 ___SH C:\Users\JamesTrevor\Documents\Thumbs.db
2015-05-22 06:50 - 2015-01-10 20:42 - 00000000 ____D C:\Users\JamesTrevor\Documents\Academic miscellany
2015-05-19 07:35 - 2013-08-17 17:41 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-19 07:21 - 2013-08-19 17:31 - 00000000 ____D C:\Users\JamesTrevor\AppData\Roaming\Apple Computer
2015-05-19 07:21 - 2013-08-19 17:31 - 00000000 ____D C:\Users\JamesTrevor\AppData\Local\Apple Computer
2015-05-19 07:17 - 2013-08-17 15:05 - 00000000 ____D C:\Users\JamesTrevor
2015-05-19 05:15 - 2013-09-20 22:14 - 00000000 ____D C:\Users\JamesTrevor\AppData\Roaming\EndNote
2015-05-18 04:51 - 2013-08-17 16:47 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 04:51 - 2013-08-17 16:47 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 07:41 - 2013-09-27 13:51 - 00000000 ____D C:\ProgramData\Oracle
2015-05-17 06:01 - 2013-09-19 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
2015-05-17 06:01 - 2013-09-19 21:12 - 00000000 ____D C:\Program Files (x86)\EndNote X7
2015-05-17 06:01 - 2013-09-19 19:49 - 00000000 ____D C:\ProgramData\Thomson.ResearchSoft.Installers
2015-05-15 17:01 - 2014-11-16 13:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-10 11:23 - 2015-01-21 08:16 - 00000000 ____D C:\Users\JamesTrevor\Documents\Masterfile of complaint
2015-05-09 07:02 - 2015-05-03 18:02 - 00000000 ____D C:\Users\JamesTrevor\Downloads\John Gorka...Out of the Valley(1994)[FLAC]

==================== Files in the root of some directories =======

2014-07-23 20:49 - 2014-07-23 20:49 - 6365184 _____ () C:\Program Files\PSP VintageWarmer2.dll
2014-02-02 13:18 - 2015-04-25 09:33 - 0002039 _____ () C:\Users\JamesTrevor\AppData\Roaming\SAS7_000.DAT
2014-10-25 19:03 - 2014-10-25 19:03 - 0000850 _____ () C:\Users\JamesTrevor\AppData\Local\recently-used.xbel
2014-07-24 20:35 - 2014-07-24 20:35 - 0007597 _____ () C:\Users\JamesTrevor\AppData\Local\Resmon.ResmonCfg
2014-09-23 18:26 - 2014-09-23 18:26 - 0000000 _____ () C:\Users\JamesTrevor\AppData\Local\{1B96F96B-17E1-41C4-B77C-F011F4956B9D}
2015-01-10 14:48 - 2015-01-10 14:48 - 0000227 _____ () C:\ProgramData\bc.ini
2012-12-29 08:52 - 2012-12-29 08:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\JamesTrevor\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.7.102888.exe
C:\Users\JamesTrevor\AppData\Local\Temp\BavPro_Setup_Mini_110.exe
C:\Users\JamesTrevor\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxfi0h7.dll
C:\Users\JamesTrevor\AppData\Local\Temp\oi_{4E0931BA-03FB-4F9A-8CEF-DF26C096F915}.exe
C:\Users\JamesTrevor\AppData\Local\Temp\Quarantine.exe
C:\Users\JamesTrevor\AppData\Local\Temp\SAS6_Update.exe
C:\Users\JamesTrevor\AppData\Local\Temp\SkypeSetup.exe
C:\Users\JamesTrevor\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 03:06

==================== End of log ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-06-2015
Ran by JamesTrevor at 2015-06-07 07:27:59
Running from C:\Users\JamesTrevor\Desktop\Computer fix
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1127797416-4057108860-4142931385-500 - Administrator - Disabled)
Guest (S-1-5-21-1127797416-4057108860-4142931385-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1127797416-4057108860-4142931385-1004 - Limited - Enabled)
JamesTrevor (S-1-5-21-1127797416-4057108860-4142931385-1002 - Administrator - Enabled) => C:\Users\JamesTrevor
UpdatusUser (S-1-5-21-1127797416-4057108860-4142931385-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Ableton Live 8 (HKLM\...\{B61FAE5A-4BAF-4D7B-A1FA-3E9290E1A6A1}) (Version: 8.0.0.0 - Ableton)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3007 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
AceReader Elite (HKLM-x32\...\{3C778D53-D695-42EB-8A84-3DC02C4F1742}) (Version: 10.00.0000 -  StepWare, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
AmpliTube 3.11.2 (HKLM-x32\...\AMP3112_is1) (Version:  - IK Multimedia)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 18414980.4759644.48.2000551298 - Audible, Inc.)
AxSignGATE 3.0 (HKLM-x32\...\AxSignGATE) (Version: 3.0 - Çѱ¹Á¤º¸ÀÎÁõ(ÁÖ))
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Band-in-a-Box Server (HKLM-x32\...\BBServer_is1) (Version:  - PG Music Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camel Audio Alchemy (HKLM-x32\...\Camel Audio Alchemy) (Version: 1.55.0 - Camel Audio)
Camel Audio CamelSpace64 (HKLM-x32\...\Camel Audio CamelSpace64) (Version: 1.50.0 - Camel Audio)
CCB "E Safety" Internet Banking security components  1.0.8.1 (HKLM-x32\...\CCB "E Safety" Internet Banking security components Setup) (Version: 1.0.8.1 - China Construction Bank)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Copernic Desktop Search 4 (HKLM-x32\...\CopernicDesktopSearch4) (Version: 4.3.0.7665 - Copernic)
Copernic Desktop Search 4 (x32 Version: 4.3.0.7665 - Copernic) Hidden
CoyoteWT 1.1 (HKLM-x32\...\CoyoteWT_is1) (Version:  - Coyote Electronics Inc.)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
DC1A2 version 2.1.0 (HKLM\...\DC1A2_is1) (Version: 2.1.0 - )
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Discord 2 VST plug-in (HKLM-x32\...\Discord 2 VST plug-in) (Version: 1.0.2 - Audio Damage)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
Dramatica Pro (HKLM-x32\...\{BD4BFEE6-2C1E-45E9-B46F-A3EC99192DCF}) (Version: 4.0 - Write Brothers, Inc)
Dropbox (HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Edraw Max 7.5 (HKLM-x32\...\Edraw Max_is1) (Version:  - EdrawSoft)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.2.0.8156 - Thomson Reuters)
EntraWorks Control (HKLM-x32\...\EntraWorks Control) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ÈÞ´ëÆùÀÎÁõ¼­(º¸°ü)¼­ºñ½º (HKLM-x32\...\INFovine) (Version:  - )
Evernote Sticky Notes (HKLM-x32\...\{4FC3ACD7-105C-42E2-9A48-4FFF58C76D19}) (Version: 1.5.9 - Evernote Sticky Notes)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.28 - NCH Software)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.0 - Toontrack)
EZdrummer 2 64-bit Update (HKLM\...\{11CC8964-9CB0-46E6-9218-CD39ED4A554D}) (Version: 2.0.1 - Toontrack)
EZkeys Grand Piano 64 (HKLM\...\{23CA8D91-FD3B-4EE6-BBDF-B5924E7E44EB}) (Version: 1.0.3 - Toontrack)
focus booster version 2.0.0 (HKLM-x32\...\{4A8CD634-78D6-4A35-9D1E-98CCBD11910B}_is1) (Version: 2.0.0 - focus booster)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.6.2 - Ellora Assets Corporation)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HID Monitor (HKLM-x32\...\{3D535C93-9786-48D5-9DEF-97353F1CB936}) (Version: 1.1.3 - Acer Incorporated)
Hi-Q Instruments Sets 1-2 (HKLM-x32\...\ST_Instr_is1) (Version:  - PG Music Inc.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
IK Multimedia Authorization Manager version 1.0.10 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.10 - IK Multimedia)
iMazing 1.1.7.0 (HKLM\...\iMazing_is1) (Version: 1.1.7.0 - DigiDNA)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IPinside Agent (HKLM-x32\...\IPinside Agent) (Version: 1.0.1.30 - interezen)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
IVGI version 1.1.0 (HKLM\...\IVGI_is1) (Version: 1.1.0 - )
iZotope Nectar 2 Production Suite (HKLM-x32\...\iZotope Nectar 2 Production Suite_is1) (Version: 2.02 - iZotope, Inc.)
Jamstix 3.6.0 (HKLM-x32\...\Jamstix 3_is1) (Version: 3.6.0 - Rayzoon Technologies LLC)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\JoinMe) (Version: 1.17.1.162 - LogMeIn, Inc.)
JS-8 Driver (HKLM\...\RolandRDID0100) (Version:  - Roland Corporation)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.6 - Acer Inc.)
Linguistic Tree Constructor (HKLM-x32\...\LingTreeConstructor) (Version:  - )
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mandarin Player (HKLM-x32\...\{39F85095-DECF-44F2-9E42-40B5B3D760C9}) (Version: 1.1.0 - Learn Mandarin Help)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{01078B88-2981-4F75-96B0-8B22E2D2DE03}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 파서 및 SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\MyFreeCodec) (Version:  - )
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Native Instruments Abbey Road 60s Drums Vintage (HKLM-x32\...\Native Instruments Abbey Road 60s Drums Vintage) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Guitar Rig Elements for Maschine (HKLM-x32\...\Native Instruments Guitar Rig Elements for Maschine) (Version:  - Native Instruments)
Native Instruments Komplete Elements Mk2 (HKLM-x32\...\Native Instruments Komplete Elements Mk2) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version:  - Native Instruments)
Native Instruments Kontakt Elements Selection R2 (HKLM-x32\...\Native Instruments Kontakt Elements Selection R2) (Version:  - Native Instruments)
Native Instruments Polyplex (HKLM-x32\...\Native Instruments Polyplex) (Version: 1.1.0.2 - Native Instruments)
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version: 5.9.2.1074 - Native Instruments)
Native Instruments Reaktor Elements Selection (HKLM-x32\...\Native Instruments Reaktor Elements Selection) (Version:  - Native Instruments)
Native Instruments Reaktor Spark R2 (HKLM-x32\...\Native Instruments Reaktor Spark R2) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.4.1587 - Native Instruments)
NextUp.com-NeoSpeech Paul16 Voice (HKLM-x32\...\{6A09FF5F-C19B-445A-98E5-23AD860493C3}) (Version: 2.01.0000 - NextUp.com)
nProtect Netizen v5.5 (HKLM-x32\...\nProtect Netizen v5.5) (Version:  - INCA Internet Co., Ltd.)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
Nuance OmniPage 18 (HKLM-x32\...\{560C6F9C-8D5E-4EAF-B408-98850E5DF49C}) (Version: 18.1.0000 - Nuance Communications, Inc.)
NVIDIA Graphics Driver 307.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Pdf995 (HKLM-x32\...\Pdf995) (Version:  - )
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PG Music DirectX Plugins 1.3.4.1 (HKLM-x32\...\PG Music DirectX Plugins_is1) (Version:  - PG Music Inc.)
PG Music DirectX Plugins 2.0.0.0 (HKLM-x32\...\PG_DX_Plugins_is1) (Version:  - PG Music Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.25 - NCH Software)
PSP VintageWarmer2 (HKLM-x32\...\PSP VintageWarmer2) (Version: 2.6.0 - PSPaudioware.com)
PSP VintageWarmer2 2.1.4 (HKLM-x32\...\PSP VintageWarmer2 2.1.4) (Version: 2.1.4 - PSPaudioware.com)
PureVPN (HKLM-x32\...\PureVPN_is1) (Version: 4.0.0.0 - PureVPN)
qBittorrent 3.1.9 (HKLM-x32\...\qbittorrent) (Version: 3.1.9 - The qBittorrent project)
QSR NCapture 1.0 (HKLM-x32\...\{B32CD9BC-7C16-4152-A579-2AA32730E24E}) (Version: 1.0.93.0 - QSR International Pty Ltd)
QSR NVivo 10 (HKLM\...\{49BFDB10-A9AC-4368-9BF1-236D569DD8F0}) (Version: 10.0.138.0 - QSR International Pty Ltd)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.15 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27028 - Realtek Semiconductor Corp.)
RealTracks Sets 176-181 (HKLM-x32\...\BB_is1) (Version:  - PG Music Inc.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
Rhyme Genie (HKLM-x32\...\{E48A1AFC-5649-4CC2-B8E1-BD92022C4CC4}) (Version: 6.0 - Idolumic)
SampleTank 2.5.5.b DXi Plugin (HKLM-x32\...\ST255b_is1) (Version:  - IK Multimedia)
SampleTank FREE (HKLM-x32\...\{6559654F-2F38-491F-8411-211517C3E635}) (Version: 2.5.5 - IK Multimedia)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Scarlett Plug-in Suite 1.6 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.6 - Focusrite)
Scrivener Update (HKLM-x32\...\Scrivener 1610) (Version: 1720 - Literature and Latte)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.0.2573.3 - Hi-Rez Studios)
Songwriter's Pad (HKLM-x32\...\SongwritersPad) (Version: 2.0.9 - PARAGONI.COM SOFTWARE DESIGN)
Songwriter's Pad (x32 Version: 2.0.9 - PARAGONI.COM SOFTWARE DESIGN) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.27 - Piriform)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Subliminal Flash 3.0 (HKLM-x32\...\Subliminal Flash_is1) (Version:  - Ded Pyhto, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.65 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.19 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TDR VOS SlickEQ version 1.0.2 (HKLM\...\TDR VOS SlickEQ_is1) (Version: 1.0.2 - Tokyo Dawn Labs)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TextAloud 3.0 (HKLM-x32\...\TextAloud3_is1) (Version: 3.0 - NextUp.com)
Todoist (HKLM-x32\...\{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1) (Version: 2.6.4.0 - Doist Ltd.)
TouchEn key with E2E for 32bit (HKLM-x32\...\TouchEn_key) (Version:  - RaonSecure Co., Ltd.)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TuneSmith (HKLM-x32\...\{ED535670-12A0-4653-9C27-1506F191140A}) (Version: 5.0 - Idolumic)
TypingMaster Pro (HKLM-x32\...\{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1) (Version: 7.10 - TypingMaster Inc)
UAM CorpusTool 2.8.14 (HKLM-x32\...\UAM CorpusTool_is1) (Version:  - Mick O'Donnell)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Verain(Wizvera Mozilla Plugin) - 1,0,2,6 (HKLM-x32\...\{D2C6E596-7F8C-4210-877F-42D70543F600}_is1) (Version: 1,0,2,6 - Wizvera)
Veraport20(º¸¾È¸ðµâ °ü¸® ÇÁ·Î±×·¥) - 2,0,0,13 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 2,0,0,13 - Wizvera)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
VST Bridge 1.1 (HKLM-x32\...\VST Bridge_is1) (Version:  - )
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Windows Driver Package - Focusrite USB 2.0 Audio Driver (07/07/2011 15.32.4.883) (HKLM\...\F4B837225347AABC4F4DB6067C4D5642AF04B34C) (Version: 07/07/2011 15.32.4.883 - Focusrite)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Writer's Blocks 4 (HKLM-x32\...\{D8E96B70-72D7-11DF-6784-3E1A661C18BE}) (Version: 4.0.0.29500 - Ashley Software)
XecureWeb Control (HKLM-x32\...\XecureWeb Control) (Version: 7, 2, 7, 5 - SoftForum Co., Ltd.)
XecureWeb UnifiedPlugin (HKLM-x32\...\XecureWeb UnifiedPlugin) (Version:  - )
Zoom (HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\JamesTrevor\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

25-05-2015 17:53:09 Installed TuneSmith
03-06-2015 07:52:56 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 13:26 - 2012-07-26 13:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1173525E-01F3-4307-AF0B-059F9B35AA04} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-09-05] (Acer Incorporated)
Task: {12F3EAB3-4D44-40C0-BA03-16C1A0EB2619} - \Optimize Start Menu Cache Files-S-1-5-21-1127797416-4057108860-4142931385-500 No Task File <==== ATTENTION
Task: {19E91184-A862-4FBB-83F9-27F1386E3107} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {287249FA-C1DD-47D7-A9C4-C19F3D44C002} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {4677C412-FC1A-418E-8815-F517E44F1946} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {63611ECC-3340-4D3B-ACDF-34C7F199F0E6} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {707E139C-844A-4D54-A7A8-65998BBB276E} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-14] (Synaptics Incorporated)
Task: {7F222FF8-63DF-4C9E-9482-34E0B3C0FC91} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)
Task: {842718FF-793E-42AC-BA1E-EDEC5C251B9F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9ECAA1A3-7A39-42DF-B042-43BA454723F5} - System32\Tasks\{CA2484B3-FAEA-43EF-8044-B7137D02E561} => pcalua.exe -a C:\Users\JamesTrevor\Downloads\GS10_Win7Drv_64\GS10_Win7Drv_64\Uninstal.exe -d C:\Users\JamesTrevor\Downloads\GS10_Win7Drv_64\GS10_Win7Drv_64
Task: {A5B376A8-69CD-4BF1-B463-B82CDC1895C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17] (Google Inc.)
Task: {AE704827-7961-48E9-9CE9-5CF6E0C36FB1} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {B349FFDC-1F38-4D4E-8D24-F807BE6386AF} - System32\Tasks\{0B467B5E-9A63-4FFF-A900-112D42156374} => pcalua.exe -a C:\Users\JamesTrevor\Downloads\GS10_Win7Drv_64\GS10_Win7Drv_64\Setup.exe -d C:\Users\JamesTrevor\Downloads\GS10_Win7Drv_64\GS10_Win7Drv_64
Task: {B5E99024-BEBD-4687-9E4D-CE0DB682708F} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {C35DFC6B-475F-4618-90A2-7A5096481202} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17] (Google Inc.)
Task: {CE0D4CA9-E1BC-4BFA-BDCD-EF52F2538EAF} - System32\Tasks\HIDMonitor => C:\Program Files\Acer Incorporated\HID Monitor\HIDMonitor.exe
Task: {E7427D8D-8019-4C91-96F0-40AE96CC1BC3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for TREVOR-JamesTrevor Trevor => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {E8F28ADF-DD20-4720-B6ED-2EE9E8CDD5BE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {E9DA4608-6A96-4F55-8B9D-60A75FDA5511} - System32\Tasks\{CB29923D-E64C-4F46-94A7-B2B7290FBE6F} => pcalua.exe -a C:\Users\JamesTrevor\AppData\Local\Temp\Temp2_GS10_Win7Drv_64.zip\GS10_Win7Drv_64\Setup.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-08-21 10:27 - 2012-04-26 14:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-15 16:35 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-08-23 11:02 - 2012-08-23 11:02 - 00030640 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
2015-03-13 05:45 - 2015-01-27 23:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-12-30 03:21 - 2012-10-24 03:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-29 09:09 - 2012-12-29 09:09 - 01193176 _____ () C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
2012-09-29 16:02 - 2012-09-29 16:02 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-29 15:59 - 2012-09-29 15:59 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-09-29 16:01 - 2012-09-29 16:01 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2012-07-26 15:58 - 2012-07-26 15:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-22 12:04 - 2012-08-22 12:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-08-22 12:04 - 2012-08-22 12:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-08-23 11:02 - 2012-08-23 11:02 - 00034736 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll
2015-03-26 08:46 - 2015-03-26 08:46 - 01563408 _____ () C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.System.RT.dll
2014-07-15 06:48 - 2014-07-15 06:48 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2014-11-23 10:29 - 2014-11-23 10:29 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-23 14:26 - 2012-08-23 14:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2015-06-06 21:14 - 2015-06-06 21:14 - 00043008 _____ () c:\Users\JamesTrevor\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxfi0h7.dll
2015-03-05 05:45 - 2015-03-05 05:45 - 00750080 _____ () C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-05 05:45 - 2015-03-05 05:45 - 00047616 _____ () C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-05-07 06:45 - 2015-03-05 05:45 - 00865280 _____ () C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-05-07 06:45 - 2015-03-05 05:45 - 00200704 _____ () C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-05-07 06:45 - 2015-03-05 05:45 - 00010240 _____ () C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-05-07 06:45 - 2015-03-05 05:45 - 00726016 _____ () C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-05-07 06:45 - 2015-03-05 05:45 - 00010240 _____ () C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2012-08-23 14:25 - 2012-08-23 14:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 14:26 - 2012-08-23 14:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 14:25 - 2012-08-23 14:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 14:25 - 2012-08-23 14:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 14:25 - 2012-08-23 14:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 14:26 - 2012-08-23 14:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2015-04-30 13:17 - 2015-04-30 13:17 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-04-30 13:17 - 2015-04-30 13:17 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-11-23 10:29 - 2014-11-23 10:29 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2012-12-29 08:50 - 2012-06-25 07:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-06-06 04:12 - 2015-05-23 04:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-06-06 04:12 - 2015-05-23 04:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:A303874F
AlternateDataStreams: C:\Users\JamesTrevor\Documents\Iliad Fagles translation.pdf:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ccb.cn -> hxxps://b2b.ccb.cn
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ccb.com -> hxxps://*.ccb.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ccb.com.cn -> hxxps://*.ccb.com.cn
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\dongbulife.com -> hxxp://dongbulife.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\esero.go.kr -> hxxp://www.esero.go.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\hanwhalife.com -> hxxp://hanwhalife.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\hkbank.co.kr -> hxxp://hkbank.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\hyundaicard.com -> hxxps://hyundaicard.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\hyundailife.com -> hxxp://hyundailife.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ibk.co.kr -> hxxp://ibk.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ibk.co.kr -> hxxps://ibk.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\jbbank.co.kr -> hxxps://jbbank.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\keb.co.kr -> hxxp://keb.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\kftc.or.kr -> hxxp://kftc.or.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\prsb.co.kr -> hxxp://prsb.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\samsungcard.com -> hxxps://samsungcard.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\scourt.go.kr -> hxxps://smartoffice.scourt.go.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\shinhansavings.com -> hxxp://shinhansavings.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\smartmiraeasset.com -> hxxp://www.smartmiraeasset.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\standardchartered.co.kr -> hxxp://standardchartered.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\standardchartered.co.kr -> hxxps://standardchartered.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\suhyup-bank.com -> hxxps://suhyup-bank.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\wooribank.com -> hxxps://wooribank.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ysebank.co.kr -> hxxp://ysebank.co.kr


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\JamesTrevor\Downloads\circle_of_fifths_colors.png
DNS Servers: 8.8.8.8 - 208.67.222.222

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0293F763-1433-4512-8421-3C5CD5C18AF0}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{B3441549-7236-42BB-A403-DAF5CB5D386E}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{E3F98AD0-387F-4438-A845-350FCFD6413D}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{8C0D1F87-1394-4012-81D2-E656B291DF0E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E39B228D-B755-4F5E-958D-7B5AFF42909D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{525B90E6-FCA1-4545-9B2B-8691191D3572}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{3967AF8A-26C0-430A-8340-CB5AC5688767}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{39B95E8E-B343-423D-B976-107867F6FC62}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{54F69825-B6A4-4158-A29C-BCA86DEA5FA8}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{54DC43C2-0CDB-4EAA-8058-989EF7197603}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{AB595A20-CA38-437A-95A3-89E7E27B81C2}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{C3AF1861-7347-4016-BC54-29AFF09E7CFE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{65EC5E88-2CC5-4099-88C0-57168A26CDD4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{050310B4-E087-461F-B536-D82AA2EF175D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{E302286D-4326-4399-8740-7326D38994B5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{13809B9D-61C2-4F22-8284-311B42E95065}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{7D2AD0FC-292E-457A-802B-A42A9896FEEC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{FDE538C5-2A3D-42F7-886A-BCDA047F5A7F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{DC04053C-88AA-4948-A7C2-0C702BB3E3E8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{753AA31C-F1B7-4495-ABCA-3E4986FB754D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{40D29F49-F2FC-4753-AF10-22ABF7B1007E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{A5BE6978-E7BE-40B6-826F-5F03F7B340D9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{36B5A74C-398E-4288-8554-CB3F34271C18}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{99596387-06D3-4F52-AD9E-476CE39F4CA8}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{3D7F5F16-A34D-4AAC-B129-0F65AFE52B32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{173A16C7-08E5-429F-90A8-3151B3E7B1A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B04EFD53-DA7F-4AF3-80D3-3613D22B96DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C43CE73-4F21-42DF-AC53-6E77C38AC329}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{985359D2-A589-493E-A1C7-2E59E0016717}] => (Allow) C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{73F4156E-152A-497A-96E1-AD8855A1A685}] => (Allow) C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D3FF96A9-8968-4DD9-AB9E-312228FD43FE}] => (Allow) C:\Users\JamesTrevor\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{53BB2296-FB49-46E6-B00E-2C75F22D6728}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{A765C72A-1F02-4229-B748-75AC27E67C6B}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{E9E8ED27-1C88-4E50-86C3-66DD98730470}] => (Allow) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
FirewallRules: [{78FC9188-750D-4AE6-B029-D2FC093727B7}] => (Allow) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
FirewallRules: [{D977349D-98F1-48F5-B5E1-1D14E243F8F4}] => (Allow) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
FirewallRules: [{A7092BE8-F72F-431B-816B-4B19F15C4474}] => (Allow) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
FirewallRules: [{C80B6AEE-C1E0-40A5-8480-588B83C5B5FA}] => (Allow) C:\Program Files (x86)\Audible\Bin\Manager.exe
FirewallRules: [{F8165739-2A88-47B3-ABA6-FBE15BE8629F}] => (Allow) C:\Program Files (x86)\Audible\Bin\Manager.exe
FirewallRules: [{9F36CE6F-C66F-4773-8CC5-8DF16EE11D32}] => (Allow) C:\Program Files (x86)\Audible\Bin\Manager.exe
FirewallRules: [{0E011B1A-DC32-43DA-968B-FCBDCDC0AEC9}] => (Allow) C:\Program Files (x86)\Audible\Bin\Manager.exe
FirewallRules: [{BC01387E-1D64-4247-9A45-A80351925D68}] => (Allow) C:\Users\JamesTrevor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0749A455-B57D-444D-B5FC-1A5B271A3F34}] => (Allow) C:\Users\JamesTrevor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6C40E6B7-E17E-4F86-B27A-04F63C344166}] => (Allow) LPort=51001
FirewallRules: [{09F79CB8-83EE-4D1C-BAE3-EAB1AA30D4DA}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe
FirewallRules: [{5DBE6035-8D5B-41F8-A611-FEC1A1CB346F}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe
FirewallRules: [{D98CBF4E-F2BB-456E-9818-46601EA6B94E}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\PPMV.exe
FirewallRules: [{2875BE1B-164F-4138-BDDF-0A27EDFB4A26}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\PPMV.exe
FirewallRules: [{76A377A3-7587-4E64-B8BA-8F9158E46CD1}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe
FirewallRules: [{CAD4FE24-5478-4467-A740-27FF2E21BB6B}] => (Allow) C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe
FirewallRules: [{ABD3BCD1-876D-4BBA-BBC9-D5554EFCEA56}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{A435E765-0B5E-4527-933B-11F2F96BABDB}] => (Allow) C:\Users\JamesTrevor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2284E0DB-78BD-407A-ACAE-1CB765AB0C1E}] => (Allow) C:\Users\JamesTrevor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{564D2448-4911-492E-9FE8-EFC2346E2E61}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{3A5B3430-2F55-43A9-8AA6-DA46CDD65DC2}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{7FD7B206-6F7F-47C7-B9AE-002F61A40B12}] => (Allow) C:\bb\BBHelper\BandinaBoxServer.exe
FirewallRules: [{44DC4838-4D53-4D9C-B3C8-D03E6579F302}] => (Allow) C:\bb\BBHelper\BandinaBoxServer.exe
FirewallRules: [{150D06CD-0788-4A0D-A9A8-7139A9DBB3E0}] => (Allow) LPort=10333
FirewallRules: [{B98C993D-1A1E-471D-A50B-81D869DB58E7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{70751C75-5B70-4049-9B73-EFBE76639FA8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{BD025F16-E103-4212-B317-9F4B2CEE067A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{E2F74A73-40A0-49A3-9AC4-3B240997A6D4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{FF0787A1-C3B7-4029-9AAB-F9410B5113D4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{818B2CC0-EAC2-46C8-ACEA-1621C856CF70}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A73023DF-1ACC-48C8-A972-1179B43BC6FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D7B74C40-7B50-4FE9-9D09-A7CB84730E4C}] => (Allow) C:\Users\JamesTrevor\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{5AEFDB93-F46E-4F25-9FBD-1D56E054491F}] => (Allow) C:\Users\JamesTrevor\AppData\Roaming\Zoom\bin\airhost.exe
FirewallRules: [{5CB22565-73FA-4CF8-843B-95B3A953254A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AE659569-388F-4088-9AE6-987100CD60E1}] => (Allow) C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{AE547433-C7AE-4E97-99F5-2296078E16C4}] => (Allow) C:\Users\JamesTrevor\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C08EC27F-12DD-461D-920F-735196449E78}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/07/2015 07:24:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.

Error: (06/07/2015 07:14:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 43.0.2357.81 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2020

Start Time: 01d0a0aaddd8c351

Termination Time: 60000

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: a2ddf48d-0ca1-11e5-bf30-2016d86a1bd7

Faulting package full name:

Faulting package-relative application ID:

Error: (06/07/2015 06:48:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 43.0.2357.81 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e88

Start Time: 01d0a05a4680848f

Termination Time: 22244

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 067ae88d-0c9e-11e5-bf30-2016d86a1bd7

Faulting package full name:

Faulting package-relative application ID:

Error: (06/07/2015 06:43:23 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={EE1DF840-9E05-48B2-AB27-E31365E0A5D6}: The user SYSTEM dialed a connection named PureVPN which has failed. The error code returned on failure is 789.

Error: (06/07/2015 06:40:52 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={0B84C9C4-EEF3-4632-8DFF-42300FA4FF7D}: The user SYSTEM dialed a connection named PureVPN which has failed. The error code returned on failure is 789.

Error: (06/07/2015 06:39:05 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={87D45B49-6C59-44E2-8F16-68193317DE90}: The user SYSTEM dialed a connection named PureVPN which has failed. The error code returned on failure is 789.

Error: (06/07/2015 04:44:28 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.

Error: (06/07/2015 04:42:26 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.

Error: (06/07/2015 04:23:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.

Error: (06/07/2015 04:20:45 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.


System errors:
=============
Error: (06/06/2015 09:17:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.

Error: (06/06/2015 09:11:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server (QSRNVIVO10) service failed to start due to the following error:
%%1053

Error: (06/06/2015 09:11:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (QSRNVIVO10) service to connect.

Error: (06/06/2015 09:10:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee AP Service service failed to start due to the following error:
%%2

Error: (06/06/2015 09:10:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (06/06/2015 07:15:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WatchData ccb V3.2 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (06/06/2015 08:09:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee AP Service service failed to start due to the following error:
%%2

Error: (06/06/2015 08:09:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (06/06/2015 03:19:35 AM) (Source: RasSstp) (EventID: 1) (User: )
Description: CoId={E507A928-C06C-443C-8874-DF6D0312B620}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.

No such host is known.

Error: (06/06/2015 02:48:19 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application User Notification Service service hung on starting.


Microsoft Office:
=========================
Error: (06/07/2015 07:24:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestC:\Users\JamesTrevor\Desktop\Computer fix\esetsmartinstaller_enu.exe

Error: (06/07/2015 07:14:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe43.0.2357.81202001d0a0aaddd8c35160000C:\Program Files (x86)\Google\Chrome\Application\chrome.exea2ddf48d-0ca1-11e5-bf30-2016d86a1bd7

Error: (06/07/2015 06:48:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe43.0.2357.81e8801d0a05a4680848f22244C:\Program Files (x86)\Google\Chrome\Application\chrome.exe067ae88d-0c9e-11e5-bf30-2016d86a1bd7

Error: (06/07/2015 06:43:23 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {EE1DF840-9E05-48B2-AB27-E31365E0A5D6}SYSTEMPureVPN789

Error: (06/07/2015 06:40:52 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {0B84C9C4-EEF3-4632-8DFF-42300FA4FF7D}SYSTEMPureVPN789

Error: (06/07/2015 06:39:05 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {87D45B49-6C59-44E2-8F16-68193317DE90}SYSTEMPureVPN789

Error: (06/07/2015 04:44:28 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (06/07/2015 04:42:26 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (06/07/2015 04:23:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (06/07/2015 04:20:45 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe


==================== Memory info ===========================

Processor: Intel® Core™ i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 41%
Total physical RAM: 7987.59 MB
Available physical RAM: 4707.83 MB
Total Pagefile: 16179.59 MB
Available Pagefile: 12409.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:916.05 GB) (Free:47.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 79821AEC)

Partition: GPT Partition Type.

==================== End of log ============================

Edit: Moved topic from Am I Infected to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 11 June 2015 - 06:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/578655 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:44 AM

Posted 12 June 2015 - 09:20 PM

Greetings Charlie123 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please move FRST.exe directly onto your Desktop.

Do you recognize these? 

China Beijing Iiint
C:\Users\JamesTrevor\Downloads\Öйú½¨ÉèÒøÐжþ´úÍøÒø¶Ü£Å·»¤º½°²È«×é¼þ£¨ÎÕÆ棩
C:\Users\JamesTrevor\Downloads\Öйú½¨ÉèÒøÐжþ´úÍøÒø¶Ü£Å·»¤º½°²È«×é¼þ£¨ÎÕÆ棩.rar
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ccb.cn -> hxxps://b2b.ccb.cn
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ccb.com -> hxxps://*.ccb.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ccb.com.cn -> hxxps://*.ccb.com.cn
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\dongbulife.com -> hxxp://dongbulife.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\esero.go.kr -> hxxp://www.esero.go.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\hanwhalife.com -> hxxp://hanwhalife.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\hkbank.co.kr -> hxxp://hkbank.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\hyundaicard.com -> hxxps://hyundaicard.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\hyundailife.com -> hxxp://hyundailife.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ibk.co.kr -> hxxp://ibk.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ibk.co.kr -> hxxps://ibk.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\jbbank.co.kr -> hxxps://jbbank.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\keb.co.kr -> hxxp://keb.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\kftc.or.kr -> hxxp://kftc.or.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\prsb.co.kr -> hxxp://prsb.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\samsungcard.com -> hxxps://samsungcard.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\scourt.go.kr -> hxxps://smartoffice.scourt.go.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\shinhansavings.com -> hxxp://shinhansavings.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\smartmiraeasset.com -> hxxp://www.smartmiraeasset.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\standardchartered.co.kr -> hxxp://standardchartered.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\standardchartered.co.kr -> hxxps://standardchartered.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\suhyup-bank.com -> hxxps://suhyup-bank.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\wooribank.com -> hxxps://wooribank.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ysebank.co.kr -> hxxp://ysebank.co.kr


Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM-x32\...\Run: [{0D5AF2B5-F3AE-4fb4-A7F9-0DC68E21E8B4}] => "C:\Users\JamesTrevor\AppData\Local\770bc6656ddf6c8f26bf2a92e4b368e3\770bc6656ddf6c8f26bf2a92e4b368e3.exe" startupby sysstart
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {05EF7E59-667B-4929-98DB-FDF2F882FCF0} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1127797416-4057108860-4142931385-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002 -> {05EF7E59-667B-4929-98DB-FDF2F882FCF0} URL =
DPF: HKLM {6CE20149-ABE3-462E-A1B4-5B549971AA38}
DPF: HKLM-x32 {C1143E84-B2B1-473B-9F20-E62DD754FCAF}
FF Plugin-x32: @softforum.com/npKeyPro -> C:\Windows\system32\npKeyPro.dll No File
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssas64.sys [X]
2015-01-10 14:48 - 2015-01-10 14:48 - 0000227 _____ () C:\ProgramData\bc.ini
C:\Users\JamesTrevor\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.7.102888.exe
C:\Users\JamesTrevor\AppData\Local\Temp\BavPro_Setup_Mini_110.exe
C:\Users\JamesTrevor\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxfi0h7.dll
C:\Users\JamesTrevor\AppData\Local\Temp\oi_{4E0931BA-03FB-4F9A-8CEF-DF26C096F915}.exe
C:\Users\JamesTrevor\AppData\Local\Temp\Quarantine.exe
C:\Users\JamesTrevor\AppData\Local\Temp\SAS6_Update.exe
C:\Users\JamesTrevor\AppData\Local\Temp\SkypeSetup.exe
C:\Users\JamesTrevor\AppData\Local\Temp\sqlite3.dll
Task: {12F3EAB3-4D44-40C0-BA03-16C1A0EB2619} - \Optimize Start Menu Cache Files-S-1-5-21-1127797416-4057108860-4142931385-500 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:A303874F
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize entries?
  • Fixlog
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Charlie123

Charlie123
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 12 June 2015 - 09:51 PM

Hello,
 
In answer to your question "do you recognize these?" No, I don't. Some of the entries are of Korean financial institutions. I do have a Korean bank account. However, my bank account is not listed in the entries you pointed out. 
 
No noticeable change in performance.

Fix result of Farbar Recovery Scan Tool (x64) Version:06-06-2015
Ran by JamesTrevor at 2015-06-13 10:35:12 Run:1
Running from C:\Users\JamesTrevor\Desktop
Loaded Profiles: UpdatusUser & JamesTrevor (Available Profiles: UpdatusUser & JamesTrevor)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [{0D5AF2B5-F3AE-4fb4-A7F9-0DC68E21E8B4}] => "C:\Users\JamesTrevor\AppData\Local\770bc6656ddf6c8f26bf2a92e4b368e3\770bc6656ddf6c8f26bf2a92e4b368e3.exe" startupby sysstart
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {05EF7E59-667B-4929-98DB-FDF2F882FCF0} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1127797416-4057108860-4142931385-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002 -> {05EF7E59-667B-4929-98DB-FDF2F882FCF0} URL =
DPF: HKLM {6CE20149-ABE3-462E-A1B4-5B549971AA38}
DPF: HKLM-x32 {C1143E84-B2B1-473B-9F20-E62DD754FCAF}
FF Plugin-x32: @softforum.com/npKeyPro -> C:\Windows\system32\npKeyPro.dll No File
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssas64.sys [X]
2015-01-10 14:48 - 2015-01-10 14:48 - 0000227 _____ () C:\ProgramData\bc.ini
C:\Users\JamesTrevor\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.7.102888.exe
C:\Users\JamesTrevor\AppData\Local\Temp\BavPro_Setup_Mini_110.exe
C:\Users\JamesTrevor\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxfi0h7.dll
C:\Users\JamesTrevor\AppData\Local\Temp\oi_{4E0931BA-03FB-4F9A-8CEF-DF26C096F915}.exe
C:\Users\JamesTrevor\AppData\Local\Temp\Quarantine.exe
C:\Users\JamesTrevor\AppData\Local\Temp\SAS6_Update.exe
C:\Users\JamesTrevor\AppData\Local\Temp\SkypeSetup.exe
C:\Users\JamesTrevor\AppData\Local\Temp\sqlite3.dll
Task: {12F3EAB3-4D44-40C0-BA03-16C1A0EB2619} - \Optimize Start Menu Cache Files-S-1-5-21-1127797416-4057108860-4142931385-500 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:A303874F
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\{0D5AF2B5-F3AE-4fb4-A7F9-0DC68E21E8B4} => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock" => key removed successfully
"HKCR\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{05EF7E59-667B-4929-98DB-FDF2F882FCF0}" => key removed successfully
HKCR\CLSID\{05EF7E59-667B-4929-98DB-FDF2F882FCF0} => key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1127797416-4057108860-4142931385-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{05EF7E59-667B-4929-98DB-FDF2F882FCF0}" => key removed successfully
HKCR\CLSID\{05EF7E59-667B-4929-98DB-FDF2F882FCF0} => key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6CE20149-ABE3-462E-A1B4-5B549971AA38}" => key removed successfully
HKCR\CLSID\{6CE20149-ABE3-462E-A1B4-5B549971AA38} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{C1143E84-B2B1-473B-9F20-E62DD754FCAF}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{C1143E84-B2B1-473B-9F20-E62DD754FCAF}" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@softforum.com/npKeyPro" => key removed successfully
McAfee SiteAdvisor Service => Service removed successfully
McAPExe => Service removed successfully
JRSKD24 => Service removed successfully
rssasnt => Service removed successfully
C:\ProgramData\bc.ini => moved successfully.
C:\Users\JamesTrevor\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.7.102888.exe => moved successfully.
C:\Users\JamesTrevor\AppData\Local\Temp\BavPro_Setup_Mini_110.exe => moved successfully.
"C:\Users\JamesTrevor\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxfi0h7.dll" => File/Folder not found.
C:\Users\JamesTrevor\AppData\Local\Temp\oi_{4E0931BA-03FB-4F9A-8CEF-DF26C096F915}.exe => moved successfully.
"C:\Users\JamesTrevor\AppData\Local\Temp\Quarantine.exe" => File/Folder not found.
C:\Users\JamesTrevor\AppData\Local\Temp\SAS6_Update.exe => moved successfully.
C:\Users\JamesTrevor\AppData\Local\Temp\SkypeSetup.exe => moved successfully.
C:\Users\JamesTrevor\AppData\Local\Temp\sqlite3.dll => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12F3EAB3-4D44-40C0-BA03-16C1A0EB2619}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12F3EAB3-4D44-40C0-BA03-16C1A0EB2619}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-1127797416-4057108860-4142931385-500" => key removed successfully
C:\ProgramData\Temp => ":0FF263E8" ADS removed successfully.
C:\ProgramData\Temp => ":A303874F" ADS removed successfully.

==== End of Fixlog 10:35:26 ====

Attached Files


Edited by Oh My!, 12 June 2015 - 10:29 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:44 AM

Posted 12 June 2015 - 10:39 PM

Thank you. Are you in China? Your time listed seems to indicate you are not but there is an entry related to China Xicheng Tsinghua University. Is that familiar?

Please run this. Copy and paste the log information in your reply rather than attaching the report.

I am ending for the evening shortly so I may not be replying again until tomorrow.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\JamesTrevor\Downloads\Öйú½¨ÉèÒøÐжþ´úÍøÒø¶Ü£Å·»¤º½°²È«×é¼þ£¨ÎÕÆ棩
C:\Users\JamesTrevor\Downloads\Öйú½¨ÉèÒøÐжþ´úÍøÒø¶Ü£Å·»¤º½°²È«×é¼þ£¨ÎÕÆ棩.rar
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ccb.cn -> hxxps://b2b.ccb.cn
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ccb.com -> hxxps://*.ccb.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ccb.com.cn -> hxxps://*.ccb.com.cn
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\dongbulife.com -> hxxp://dongbulife.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\esero.go.kr -> hxxp://www.esero.go.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\hanwhalife.com -> hxxp://hanwhalife.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\hkbank.co.kr -> hxxp://hkbank.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\hyundaicard.com -> hxxps://hyundaicard.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\hyundailife.com -> hxxp://hyundailife.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ibk.co.kr -> hxxp://ibk.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ibk.co.kr -> hxxps://ibk.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\jbbank.co.kr -> hxxps://jbbank.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\keb.co.kr -> hxxp://keb.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\kftc.or.kr -> hxxp://kftc.or.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\prsb.co.kr -> hxxp://prsb.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\samsungcard.com -> hxxps://samsungcard.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\scourt.go.kr -> hxxps://smartoffice.scourt.go.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\shinhansavings.com -> hxxp://shinhansavings.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\smartmiraeasset.com -> hxxp://www.smartmiraeasset.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\standardchartered.co.kr -> hxxp://standardchartered.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\standardchartered.co.kr -> hxxps://standardchartered.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\suhyup-bank.com -> hxxps://suhyup-bank.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\wooribank.com -> hxxps://wooribank.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ysebank.co.kr -> hxxp://ysebank.co.kr
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Charlie123

Charlie123
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 13 June 2015 - 01:26 AM

Hello Gary,

 

Yes, I am in China. I teach at a university in Beijing.

 

Here is the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:06-06-2015
Ran by JamesTrevor at 2015-06-13 14:22:08 Run:2
Running from C:\Users\JamesTrevor\Desktop
Loaded Profiles: UpdatusUser & JamesTrevor (Available Profiles: UpdatusUser & JamesTrevor)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Users\JamesTrevor\Downloads\Öйú½¨ÉèÒøÐжþ´úÍøÒø¶Ü£Å·»¤º½°²È«×é¼þ£¨ÎÕÆ棩
C:\Users\JamesTrevor\Downloads\Öйú½¨ÉèÒøÐжþ´úÍøÒø¶Ü£Å·»¤º½°²È«×é¼þ£¨ÎÕÆ棩.rar
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ccb.cn -> hxxps://b2b.ccb.cn
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ccb.com -> hxxps://*.ccb.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ccb.com.cn -> hxxps://*.ccb.com.cn
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\dongbulife.com -> hxxp://dongbulife.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\esero.go.kr -> hxxp://www.esero.go.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\hanwhalife.com -> hxxp://hanwhalife.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\hkbank.co.kr -> hxxp://hkbank.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\hyundaicard.com -> hxxps://hyundaicard.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\hyundailife.com -> hxxp://hyundailife.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ibk.co.kr -> hxxp://ibk.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ibk.co.kr -> hxxps://ibk.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\jbbank.co.kr -> hxxps://jbbank.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\keb.co.kr -> hxxp://keb.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\kftc.or.kr -> hxxp://kftc.or.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\prsb.co.kr -> hxxp://prsb.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\samsungcard.com -> hxxps://samsungcard.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\scourt.go.kr -> hxxps://smartoffice.scourt.go.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\shinhansavings.com -> hxxp://shinhansavings.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\smartmiraeasset.com -> hxxp://www.smartmiraeasset.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\standardchartered.co.kr -> hxxp://standardchartered.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\standardchartered.co.kr -> hxxps://standardchartered.co.kr
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\suhyup-bank.com -> hxxps://suhyup-bank.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\wooribank.com -> hxxps://wooribank.com
IE trusted site: HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\...\ysebank.co.kr -> hxxp://ysebank.co.kr
*****************
 
C:\Users\JamesTrevor\Downloads\Öйú½¨ÉèÒøÐжþ´úÍøÒø¶Ü£Å·»¤º½°²È«×é¼þ£¨ÎÕÆ棩 => moved successfully.
C:\Users\JamesTrevor\Downloads\Öйú½¨ÉèÒøÐжþ´úÍøÒø¶Ü£Å·»¤º½°²È«×é¼þ£¨ÎÕÆ棩.rar => moved successfully.
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ccb.cn" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ccb.com" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ccb.com.cn" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dongbulife.com" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\esero.go.kr" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hanwhalife.com" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hkbank.co.kr" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hyundaicard.com" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hyundailife.com" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ibk.co.kr" => key removed successfully
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ibk.co.kr => key not found. 
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\jbbank.co.kr" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\keb.co.kr" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kftc.or.kr" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\prsb.co.kr" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\samsungcard.com" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scourt.go.kr" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\shinhansavings.com" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\smartmiraeasset.com" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\standardchartered.co.kr" => key removed successfully
HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\standardchartered.co.kr => key not found. 
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\suhyup-bank.com" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wooribank.com" => key removed successfully
"HKU\S-1-5-21-1127797416-4057108860-4142931385-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysebank.co.kr" => key removed successfully
 
==== End of Fixlog 14:22:10 ====


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:44 AM

Posted 13 June 2015 - 07:28 AM

Very good,

I am assuming you are still having the problem with MBAM, ESET, and Chrome. For MBAM and ESET which browser(s) are you using?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Charlie123

Charlie123
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 13 June 2015 - 11:14 AM

Very good,

I am assuming you are still having the problem with MBAM, ESET, and Chrome. For MBAM and ESET which browser(s) are you using?

I haven't tried to open MBAM or ESET in a week. I am using Chrome. 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:44 AM

Posted 13 June 2015 - 05:37 PM

Thank you. We have some strange entries so I need to check periodically to see if you recognize them. Does this look familiar?

INFovine

Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
ESET Online Scanner v3
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
  • Reboot your computer and attempt to launch ESET Online Scanner again
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize the entry?
  • Did ESET uninstall properly?
  • Are you able to run ESET now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Charlie123

Charlie123
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 14 June 2015 - 01:22 AM

Hi Gary,

 

No I don't recognize the entry. I uninstalled and was able to Run Eset. I scanned and I'm clean. 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:44 AM

Posted 14 June 2015 - 02:45 PM

What I have been concerned about are a few entries in your logs that might or might not be legitimate, INFovine being one. I think we need to do a more thorough analysis of the logs to see what else you don't recognize. Below are some of the entries I would like you to review. If it is not too much to ask I would like you to also review the FRST logs and point out any you think are suspicious but are not listed below.
  • (Copernic, a division of N. Harris Computer Systems) C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe
  • ( Beijing WatchData System Co., Ltd.) C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDCertM_CCB.exe
  • (PureVPN) C:\Program Files (x86)\PureVPN\purevpn.exe
  • www.kvraudio.com
  • Freemake Video Downloader
  • Block site
  • SiteBlock
  • Baidu Security
  • AxSignGATE 3.0
  • IPinside Agent
  • Veraport20

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Charlie123

Charlie123
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 14 June 2015 - 05:21 PM

The following are familiar:

Copernic

KVRAudio

 

 

Freemake is familiar, but I think there is some junkware that got downloaded with it. I have tried to remove Baidu security manually but can't. I think that one is trouble. I don't know about the others.

 

I am confused about what info you want me to go through on the Fixlog. If you could paste the list I would appreciate it. 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:44 AM

Posted 14 June 2015 - 06:04 PM

Not the Fixlog but the FRST reports. It won't hurt to run a fresh FRST scan but make sure Addition.txt is checked. You can review those 2 reports and post them.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Charlie123

Charlie123
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 14 June 2015 - 06:29 PM

Alright, I'm not at home so it will get done in 8-10 hours.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:44 AM

Posted 14 June 2015 - 06:46 PM

Let's go ahead with what we know then run and review the FRST logs. No rush. I would like to create a Restore Point just in case you find we shouldn't have deleted something. Please do this.

===================================================

Creating a System Restore Point in Windows 8

--------------------
  • Hit the Windows key + S at the same time
  • Type Restore Point then click on Create a restore point
  • Click Create
  • In the Description section type a name of your choice
  • Click Create and allow the process to complete
===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
PureVPN
AxSignGATE 3.0
IPinside Agent
Veraport20
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Windows\SysWOW64\WatchData
HKLM-x32\...\Run: [wdcertm_ccb] => C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDCertM_CCB.exe [72232 2014-04-23] ( Beijing WatchData System Co., Ltd.)
FF Plugin-x32: @ccb.com.cn/WDImportCertCtrl,version=1.0.0.2 -> C:\Program Files (x86)\CCBComponents\Plugins\npWDImportCertCtrl.dll [2014-04-23] (Watchdata (Beijing))
FF Plugin-x32: @ccb.com.cn/wdkctrl,version=1.0.0.2 -> C:\Program Files (x86)\CCBComponents\Plugins\npwdkctrl.dll [2014-04-23] (Watchdata (Beijing))
R2 WDMonitorCCB; C:\Windows\SysWOW64\WatchData\Watchdata CCB OCL CSP v3.2\WDKeyMonitorCCB.exe [141704 2014-05-09] ( Beijing WatchData System Co., Ltd.)
2015-06-06 19:15 - 2014-04-23 20:23 - 00053248 _____ ( Beijing WatchData System Co., Ltd.) C:\Windows\SysWOW64\WDCCBpkcs11.dll
CHR Extension: (Block site) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2014-02-22]
CHR Extension: (SiteBlock) - C:\Users\JamesTrevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2013-08-17]
2015-05-10 12:17 - 2015-05-10 12:17 - 00000000 ____D C:\Users\Public\Documents\Baidu Security
2015-05-10 12:17 - 2015-05-10 12:17 - 00000000 ____D C:\Users\Public\Documents\Baidu
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the programs uninstall properly?
  • Fixlog
  • FRST logs (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users