Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015 Ran by Brad at 2015-02-08 14:16:51 Running from C:\Users\Brad\Desktop\FRST Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) clear.fi SDK - Video 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden 72-7750 Interface Program Ver 4.00 (HKLM-x32\...\{1DC47FFB-DA45-497A-80F9-CABFAFBCEB52}) (Version: 4.00 - ) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) BASIC Stamp Editor v2.3.9 (HKLM-x32\...\{E80BEC94-A496-4CE6-89B5-08922D1CCD84}) (Version: 2.3.9 - Parallax, Inc.) CadStd (HKLM-x32\...\CadStd) (Version: 3.7.4 - Apperson & Daughters) Canon CanoScan LiDE 110 User Registration (HKLM-x32\...\Canon CanoScan LiDE 110 User Registration) (Version: - ) Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - ) Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - ) CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version: - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3107 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3107 - Acer Incorporated) Commercial Series Customer Programming Software (HKLM-x32\...\{3E833A3C-19CB-48EE-BD52-AE7896435AFF}) (Version: R05.15 - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAQFlex For Windows (HKLM-x32\...\{588C2827-4AC4-4B07-AF6D-7D1B8E6AD6DF}) (Version: 3.3 - Measurement Computing) Digital microscope (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.) Digital microscope (HKLM-x32\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19104.101 - Sonix) DirectSOFT 5 - Programming (HKLM-x32\...\{8548BB1A-6F46-4A8B-A63F-3618200258DB}) (Version: 5.30.194 - Host Engineering, Inc.) Dropbox (HKU\S-1-5-21-3713703873-1345214829-3567504906-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) EaseUS Partition Master 9.3.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS) EaseUS Todo Backup Free 8.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.0 - CHENGDU YIWO Tech Development Co., Ltd) Electronics Assistant version 4.31 (HKLM-x32\...\Electronics Assistant_is1) (Version: 4.31 - Electronics 2000) GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.) Hex Workshop v6.7 (HKLM\...\{A47DAFC0-AF57-4462-BD40-B3F02F33CB40}) (Version: 6.7.3.5308 - BreakPoint Software) HHD Software Free Serial Port Monitor 6.54 (HKLM\...\HHD Device Monitoring Studio 5.01) (Version: 6.54.0.5773 - HHD Software, Ltd.) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.) Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3001 - Acer Incorporated) HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated) Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!) InstaCal and Universal Library for Windows (HKLM-x32\...\{C5C759C2-2374-4C75-80C4-C1331464CD69}) (Version: 6.24 - Measurement Computing Corporation) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 17.2 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle) JDiskReport 1.4.1 (HKLM-x32\...\JDiskReport 1.4.1) (Version: 1.4.1 (2014-02-26 11:50:44) - JGoodies Karsten Lentzsch) KG639_PCS (HKLM-x32\...\ST6UNST #1) (Version: - ) KG-639E PTT-ID (HKLM-x32\...\KG-639E PTT-IDV2.10) (Version: V2.10 - Quanzhou Wouxun Electronics Co.£¬Ltd. Right) LibreCAD (HKLM-x32\...\LibreCAD) (Version: 2.0.5 - LibreCAD Team) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) MicroCapture 2.0 (HKLM-x32\...\MicroCapture) (Version: 2.0 - ) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Basic Power Packs 3.0 (HKLM-x32\...\{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}) (Version: 9.0.30214 - Microsoft) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version: - ) Motorola Professional Radio CPS-R06.10.04 (HKLM-x32\...\ProRadio CPS R06.10.04) (Version: - ) Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG) NTE QUICKCross (HKLM-x32\...\NTE QUICKCross15.0) (Version: 15.0 - CyberSoft, Inc.) Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer) OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - ) PCB123 V4.1.25 (HKLM-x32\...\{705250AB-D4D9-4D02-B9AA-2D07B574F1EB}) (Version: 4.1.25 - Sunstone Circuits) PicPick (HKLM-x32\...\PicPick) (Version: 4.0.3 - NTeWORKS) PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific) PoKeys (remove only) (HKLM\...\PoKeys) (Version: - ) Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden Puran File Recovery 1.1 (HKLM\...\Puran File Recovery_is1) (Version: - Puran Software) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications) Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros) Quick Designer Advanced v3.32 (HKLM-x32\...\Quick Designer CTC) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden TinyCAD 2.80.06 (HKLM-x32\...\TinyCAD) (Version: 2.80.06 - TinyCAD) TracerDAQ (HKLM-x32\...\{DAB77146-1370-41FF-AB8F-D04151078BB1}) (Version: 2.2.0.0 - Measurement Computing Corporation) TurboCAD Designer 21 64-bit (HKLM\...\{6B2D2647-007A-4012-A6E8-D57199427FEC}) (Version: 21.0.251 - IMSIDesign) UT60G Interface Program_Ver 1.01 (HKLM-x32\...\{DCF0505D-84DF-4313-BA7C-2856AFCBC371}) (Version: 1.00.0000 - DMM) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun) Windows Driver Package - PoLabs (WinUSB) PoLabs (04/21/2009 9.0.9999.0) (HKLM\...\EB5B39D923AB780D273492832BEA00210AE86C15) (Version: 04/21/2009 9.0.9999.0 - PoLabs) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation) WindowsApplication1 (HKU\S-1-5-21-3713703873-1345214829-3567504906-1001\...\f7af182c60f80ebf) (Version: 1.0.0.0 - WindowsApplication1) WinHex (HKLM-x32\...\WinHex) (Version: - ) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) Wireshark 1.12.0 (32-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.0 - The Wireshark developer community, http://www.wireshark.org) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{056ADF40-C1D0-4CEB-94D2-4B82CB2C25F4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\Ties\SolidBodyTie.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{130E8ABC-A163-43b5-B9E5-A31C1B1CB7B4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\Draggers\BPMngr.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{15544F60-D775-4962-BEB4-E580346B1591}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\Ties\ScetchTie.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{28A80F2D-0869-4E55-B0B3-0E44E64DC4C6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\Draggers\ExtRefManager.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{2C10CA50-05D0-11D2-8697-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\Ties\ObjectTie.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{49E39851-1FC0-11D2-8698-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\Ties\SmartHatch.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{554EDBD6-7585-40C5-9713-180E76DAC4FC}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\Regens\TCImage.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{5B60CCED-F564-43BA-802B-01183FAA0A84}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\Draggers\TCImageTool.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{6A481001-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWD21\Program\tcw21.exe (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{6A481002-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWD21\Program\tcw21.exe (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{6A481003-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWD21\Program\tcw21.exe (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{6A481004-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWD21\Program\tcw21.exe (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{6A481005-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWD21\Program\tcw21.exe (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{6A481100-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\ImsigxPS21.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{6A481801-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\IMSIGX21.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{6A481802-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\IMSIGX21.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{6A481803-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\IMSIGX21.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{6A481804-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\IMSIGX21.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{6A481805-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\IMSIGX21.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{6A482001-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\imsigxext\gxext21.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{6A482002-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\imsigxext\gxext21.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{6A482003-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\imsigxext\gxext21.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{6E1099B5-A2D4-11D5-BA2B-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\Draggers\RevisionCloud.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{7657D07B-63D1-480B-B9E5-839E458E659E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\Ties\DimensionTie.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{90E611F0-DE07-11D2-ABC3-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\Ties\ViewportTie.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{BF0BBC85-A311-11D3-A82D-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\TcTools\PalTool.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{C9ACD2AA-AB9F-40DE-AFBE-1350D6BCB291}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\Draggers\TCTrnTools.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{D732323E-7207-465d-9924-BCBAFE352435}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\Ties\CompoundProfileTie.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{DF9B76D3-539B-42DC-B0A3-80B0664B2C01}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWD21\Program\TcTools\TcCfpLaunchTool.dll (IMSIDesign, LLC) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3713703873-1345214829-3567504906-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brad\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 15-01-2015 20:19:38 Scheduled Checkpoint 25-01-2015 12:51:20 Scheduled Checkpoint 30-01-2015 21:05:14 Windows Update 07-02-2015 09:41:46 Scheduled Checkpoint 08-02-2015 10:05:15 Checkpoint by HitmanPro 08-02-2015 11:48:56 Revo Uninstaller Pro's restore point - shopper 08-02-2015 11:49:25 Revo Uninstaller Pro's restore point - shopperz 08-02-2015 11:50:17 Revo Uninstaller Pro's restore point - shopperz 08-02-2015 11:50:57 Revo Uninstaller Pro's restore point - shopperz 08-02-2015 11:51:32 Revo Uninstaller Pro's restore point - shopperz 08-02-2015 11:55:06 Revo Uninstaller Pro's restore point - shopperz ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0CAF79D3-33CE-4F26-91BA-E3E26C359AFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-08] (Google Inc.) Task: {1663A840-FA7E-4CCF-9DFA-5FF888866B34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-08] (Google Inc.) Task: {1D7C0029-0B89-4CDC-A5B1-EC37EAD2482A} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated) Task: {265AE342-2F12-4D73-9853-20F9825D8538} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated) Task: {4734A523-C7A3-4448-9E2B-0D739B0A8B7C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated) Task: {478AAD75-6650-4A80-BD05-29501F234FE8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd) Task: {999D752E-1781-456C-ACED-C97FF2195807} - System32\Tasks\{7D13A03B-4B85-44C8-99E9-B068C863AB91} => pcalua.exe -a "C:\Program Files (x86)\MicroCapture\uninst.exe" -d "C:\Program Files (x86)\MicroCapture" Task: {B83B7E85-DC7C-4245-9AA0-699ADFDA8EB5} - System32\Tasks\{23643892-4576-4212-AF6A-9C750E4734CB} => pcalua.exe -a E:\start.exe -d E:\ Task: {BB18F95C-7187-4BF9-94F0-F746988CD66E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-30] (Microsoft Corporation) Task: {C9210717-9BAB-43A6-8B00-ECBCC3B7B016} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.) Task: {D548611A-93A5-466C-AB4E-3BB2532979E4} - System32\Tasks\{9DC5FE29-3D0B-4111-A69B-13C015C300B2} => pcalua.exe -a "C:\Program Files\McAfee\MSC\mcuihost.exe" -c /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall Task: {E95773B2-4AE6-44AD-98BA-18331DB4AF71} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2012-06-21 20:12 - 2012-06-21 20:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll 2015-01-03 17:22 - 2014-12-15 01:03 - 00241704 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe 2012-08-28 02:50 - 2012-08-05 11:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-01-03 17:22 - 2014-12-15 01:04 - 00253992 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe 2012-08-10 20:28 - 2012-08-10 20:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00098856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00031272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll 2015-01-03 17:22 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll 2015-01-03 17:22 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00107560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00030248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll 2015-01-03 17:22 - 2014-12-15 00:53 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00280104 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll 2015-01-03 17:22 - 2014-12-15 00:53 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00754728 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll 2015-01-03 17:22 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll 2015-01-03 17:22 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll 2015-01-03 17:22 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll 2015-01-03 17:22 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00194088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll 2015-01-03 17:22 - 2014-12-15 00:53 - 00135720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll 2015-01-03 17:22 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll 2015-01-03 17:22 - 2014-12-15 00:53 - 00096808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00137256 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll 2015-01-03 17:22 - 2014-12-15 00:53 - 00146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00050216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00061992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll 2015-01-03 17:21 - 2014-12-15 00:53 - 00089640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll 2015-01-03 17:22 - 2014-12-15 00:53 - 00056360 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll 2015-01-03 17:22 - 2014-12-15 00:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll 2015-02-08 13:12 - 2015-02-08 13:12 - 00098816 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\win32api.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00110080 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\pywintypes27.dll 2015-02-08 13:12 - 2015-02-08 13:12 - 00364544 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\pythoncom27.dll 2015-02-08 13:12 - 2015-02-08 13:12 - 00045568 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\_socket.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 01160704 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\_ssl.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00320512 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\win32com.shell.shell.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00713216 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\_hashlib.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 01175040 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\wx._core_.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00805888 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\wx._gdi_.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00811008 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\wx._windows_.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 01062400 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\wx._controls_.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00735232 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\wx._misc_.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00557056 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\pysqlite2._sqlite.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00128512 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\_elementtree.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00127488 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\pyexpat.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00087552 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\_ctypes.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00119808 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\win32file.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00108544 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\win32security.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00007168 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\hashobjs_ext.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00167936 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\win32gui.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00018432 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\win32event.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00038912 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\win32inet.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00011264 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\win32crypt.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00070656 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\wx._html2.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00027136 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\_multiprocessing.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00035840 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\win32process.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00686080 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\unicodedata.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00122368 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\wx._wizard.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00024064 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\win32pipe.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00025600 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\win32pdh.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00525640 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\windows._lib_cacheinvalidation.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00010240 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\select.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00017408 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\win32profile.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00022528 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\win32ts.pyd 2015-02-08 13:12 - 2015-02-08 13:12 - 00078336 _____ () C:\Users\Brad\AppData\Local\Temp\_MEI48442\wx._animate.pyd 2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\Brad\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-02-08 13:12 - 2015-02-08 13:12 - 00043008 _____ () c:\users\brad\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa82adp.dll 2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\Brad\AppData\Roaming\Dropbox\bin\libEGL.dll 2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\Brad\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\Brad\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-01-03 17:22 - 2014-12-15 01:04 - 00223272 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\traynet.dll 2015-01-03 17:22 - 2014-12-15 01:04 - 00275496 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\libcurl.dll 2015-01-03 17:22 - 2014-12-15 01:04 - 00118328 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\zlib1.dll 2015-01-03 17:22 - 2014-12-15 01:04 - 00249896 _____ () C:\Program Files (x86)\EaseUS\TrayPopup\uexper.dll 2012-10-11 08:18 - 2012-07-17 22:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2015-02-05 19:34 - 2015-02-04 04:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll 2015-02-05 19:34 - 2015-02-04 04:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll 2015-02-05 19:34 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm AlternateDataStreams: C:\ProgramData\Temp:C3BB6A9A AlternateDataStreams: C:\Users\Brad\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3713703873-1345214829-3567504906-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brad\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-3713703873-1345214829-3567504906-500 - Administrator - Disabled) Brad (S-1-5-21-3713703873-1345214829-3567504906-1001 - Administrator - Enabled) => C:\Users\Brad Guest (S-1-5-21-3713703873-1345214829-3567504906-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3713703873-1345214829-3567504906-1007 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/08/2015 11:55:03 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {7a7c97d7-6e03-4890-961e-951c99657dd2} Error: (02/08/2015 11:52:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOMEPC) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (02/08/2015 11:48:56 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9852c87a-8e66-487d-b932-9d2f9514fea7} Error: (02/08/2015 10:05:15 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {793ffce1-6ddc-41ee-85ca-c79161e6864f} Error: (02/07/2015 11:23:27 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database Error: (02/07/2015 10:07:12 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (02/07/2015 11:40:56 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Plc_Programming_Tutorial_downloader.exe, version: 1.0.510.1, time stamp: 0x54c2d189 Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3 Exception code: 0xc0000005 Fault offset: 0x0001d4f1 Faulting process id: 0xdf0 Faulting application start time: 0xPlc_Programming_Tutorial_downloader.exe0 Faulting application path: Plc_Programming_Tutorial_downloader.exe1 Faulting module path: Plc_Programming_Tutorial_downloader.exe2 Report Id: Plc_Programming_Tutorial_downloader.exe3 Faulting package full name: Plc_Programming_Tutorial_downloader.exe4 Faulting package-relative application ID: Plc_Programming_Tutorial_downloader.exe5 Error: (02/07/2015 10:50:28 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CD-080605-DS53-SetupDS5.exe, version: 10.1.0.238, time stamp: 0x40f7662b Faulting module name: iuser.dll, version: 10.1.0.238, time stamp: 0x40f76531 Exception code: 0xc0000005 Fault offset: 0x00010e2d Faulting process id: 0x978 Faulting application start time: 0xCD-080605-DS53-SetupDS5.exe0 Faulting application path: CD-080605-DS53-SetupDS5.exe1 Faulting module path: CD-080605-DS53-SetupDS5.exe2 Report Id: CD-080605-DS53-SetupDS5.exe3 Faulting package full name: CD-080605-DS53-SetupDS5.exe4 Faulting package-relative application ID: CD-080605-DS53-SetupDS5.exe5 Error: (02/07/2015 09:07:42 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (02/07/2015 08:29:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_stisvc, version: 6.3.9600.16384, time stamp: 0x5215dfe3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000ffffffff Faulting process id: 0x6fc Faulting application start time: 0xsvchost.exe_stisvc0 Faulting application path: svchost.exe_stisvc1 Faulting module path: svchost.exe_stisvc2 Report Id: svchost.exe_stisvc3 Faulting package full name: svchost.exe_stisvc4 Faulting package-relative application ID: svchost.exe_stisvc5 System errors: ============= Error: (02/08/2015 01:11:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The csrcc service failed to start due to the following error: %%2 Error: (02/08/2015 01:11:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CommSBEP service failed to start due to the following error: %%1275 Error: (02/08/2015 01:11:59 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\CommSBEP.SYS Error: (02/08/2015 01:11:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CommSB96 service failed to start due to the following error: %%1275 Error: (02/08/2015 01:11:59 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\CommSB96.SYS Error: (02/08/2015 00:57:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The csrcc service failed to start due to the following error: %%2 Error: (02/08/2015 00:57:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CommSBEP service failed to start due to the following error: %%1275 Error: (02/08/2015 00:57:05 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\CommSBEP.SYS Error: (02/08/2015 00:57:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CommSB96 service failed to start due to the following error: %%1275 Error: (02/08/2015 00:57:05 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\Drivers\CommSB96.SYS Microsoft Office Sessions: ========================= Error: (02/08/2015 11:55:03 AM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {7a7c97d7-6e03-4890-961e-951c99657dd2} Error: (02/08/2015 11:52:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOMEPC) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (02/08/2015 11:48:56 AM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9852c87a-8e66-487d-b932-9d2f9514fea7} Error: (02/08/2015 10:05:15 AM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {793ffce1-6ddc-41ee-85ca-c79161e6864f} Error: (02/07/2015 11:23:27 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: -2147024883 Error: (02/07/2015 10:07:12 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (02/07/2015 11:40:56 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Plc_Programming_Tutorial_downloader.exe1.0.510.154c2d189ntdll.dll6.3.9600.1727853eeb4a3c00000050001d4f1df001d042f4199949e6C:\Users\Brad\Downloads\Plc_Programming_Tutorial_downloader.exeC:\WINDOWS\SYSTEM32\ntdll.dll16086a93-aee8-11e4-8297-20689d431932 Error: (02/07/2015 10:50:28 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: CD-080605-DS53-SetupDS5.exe10.1.0.23840f7662biuser.dll10.1.0.23840f76531c000000500010e2d97801d042edcac1754bE:\CD-080605-DS53-SetupDS5.exeC:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll0969b17b-aee1-11e4-8296-20689d431932 Error: (02/07/2015 09:07:42 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (02/07/2015 08:29:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_stisvc6.3.9600.163845215dfe3unknown0.0.0.000000000c000000500000000ffffffff6fc01d042da017d6359C:\WINDOWS\system32\svchost.exeunknown486bec41-aecd-11e4-8296-20689d431932 CodeIntegrity Errors: =================================== Date: 2015-02-07 23:33:22.438 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 23:33:22.329 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 23:33:22.222 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 23:33:19.918 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 23:33:19.811 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 23:33:19.717 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 23:33:19.124 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 22:47:04.016 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 22:47:03.922 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-07 22:47:03.829 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz Percentage of memory in use: 31% Total physical RAM: 8063.49 MB Available physical RAM: 5541.82 MB Total Pagefile: 9343.49 MB Available Pagefile: 6712.46 MB Total Virtual: 131072 MB Available Virtual: 131071.81 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:905.36 GB) (Free:821.08 GB) NTFS Drive d: (Elements) (Fixed) (Total:931.51 GB) (Free:264.4 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 8DF0FEAA) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0003F466) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================