Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me remove AdChoices


  • This topic is locked This topic is locked
10 replies to this topic

#1 jptort

jptort

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 25 May 2015 - 02:32 PM

I have ad choices, Please help me make it go away.  This is not urgent, just annoying.



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:19 AM

Posted 26 May 2015 - 01:56 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop. Don't kill any malicious processes at your own.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked before you press the Scan button.
  • Press Scan button.
  • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 jptort

jptort
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 26 May 2015 - 08:31 PM

Thanks, Georgi.

 

I ran the Farbar Recovery Scan Tool (64 bit) from my desktop.  Below are the contents of the two files.

-----

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-05-2015
Ran by Jim (administrator) on RECIDIVIST on 26-05-2015 20:18:44
Running from C:\Users\Jim\Desktop
Loaded Profiles: Jim (Available Profiles: Jim)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
() C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
() C:\Windows\System32\spool\drivers\x64\3\ssd4cpi.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_188_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7507968 2012-02-06] (Dell Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-04-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-06] (IDT, Inc.)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2193614321-2031638678-2520315675-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-02-07] (Siber Systems)
HKU\S-1-5-21-2193614321-2031638678-2520315675-1000\...\MountPoints2: {034625cc-af54-11e4-bced-806e6f6e6963} - "E:\Install Navigator.exe"
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-02-07]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk [2015-02-08]
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk [2015-02-08]
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk [2015-02-08]
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2015-02-08]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-02-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\Root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\Root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\Root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2193614321-2031638678-2520315675-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000 -> {8F23E664-9FE3-4E7D-85A0-CDA8320861B1} URL = https://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-02-07] (Siber Systems Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\Root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-02-07] (Siber Systems Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\Root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-02-07] (Siber Systems Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-02-07] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-02-07] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 67.216.112.253 67.216.112.252 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\Root\Office15\NPSPWRAP.DLL [2015-02-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-02-15]

Chrome:
=======
CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-14]
CHR Extension: (Google Docs) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-14]
CHR Extension: (Google Drive) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-14]
CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-14]
CHR Extension: (Google Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-14]
CHR Extension: (Google Sheets) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-14]
CHR Extension: (TweetBe.at) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fodfojgmmkbgabpmbhjphcbjhgbdpdil [2015-02-15]
CHR Extension: (Bookmark Manager) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-24]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-02-15]
CHR Extension: (RoboForm Lite Password Manager) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidhjpmgjfbkmcfpfakmdddddgfbhahj [2015-02-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-14]
CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-14]
CHR Extension: (RoboForm) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-02-15]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-02-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-02-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [226584 2014-11-20] (Code 42 Software)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [8380424 2015-02-25] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6294016 2012-02-06] (Dell Inc.) []

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-06] (Broadcom Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 20:18 - 2015-05-26 20:18 - 00019920 _____ () C:\Users\Jim\Desktop\FRST.txt
2015-05-26 20:17 - 2015-05-26 20:18 - 00000000 ____D () C:\FRST
2015-05-26 20:17 - 2015-05-26 20:17 - 02108928 _____ (Farbar) C:\Users\Jim\Desktop\FRST64.exe
2015-05-25 14:28 - 2015-05-25 14:29 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Jim\Downloads\tdsskiller.exe
2015-05-25 03:01 - 2015-05-25 03:01 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-05-25 03:01 - 2015-05-25 03:01 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-05-24 22:35 - 2015-05-24 22:35 - 00000000 _____ () C:\autoexec.bat
2015-05-24 22:32 - 2015-05-24 22:32 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Jim\Downloads\SpyHunter-Installer.exe
2015-05-24 22:31 - 2015-05-26 15:36 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 22:31 - 2015-05-24 22:31 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-24 22:31 - 2015-05-24 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-24 22:31 - 2015-05-24 22:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-24 22:31 - 2015-05-24 22:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-24 22:31 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-24 22:31 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-24 22:31 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-24 22:30 - 2015-05-24 22:30 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Jim\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-24 19:16 - 2015-05-24 21:08 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-24 19:16 - 2015-05-24 19:16 - 00000000 ____D () C:\Users\Jim\AppData\Local\CrashRpt
2015-05-24 19:13 - 2015-05-24 19:13 - 00002201 _____ () C:\Users\Public\Desktop\TurboCAD LTE 5 - x64.lnk
2015-05-24 19:13 - 2015-05-24 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IMSIDesign TurboCAD LTE 5 - x64
2015-05-24 19:13 - 2015-05-24 19:13 - 00000000 ____D () C:\Program Files\IMSIDesign
2015-05-24 19:10 - 2015-05-24 19:10 - 00000000 ____D () C:\Program Files (x86)\TurboCAD LTE v5 x64
2015-05-24 19:06 - 2015-05-24 19:06 - 00000000 ___SD () C:\Users\Jim\Documents\My Shapes
2015-05-24 19:04 - 2015-05-25 03:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-24 19:04 - 2015-05-24 19:04 - 00000000 ____D () C:\Windows\PCHEALTH
2015-05-24 19:04 - 2015-05-24 19:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-05-24 19:03 - 2015-05-24 19:03 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-05-24 18:38 - 2015-05-25 18:40 - 00005708 _____ () C:\Users\Jim\Documents\Base trim in pantry and half bath.cxp
2015-05-24 15:53 - 2015-05-24 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-05-24 15:53 - 2015-05-24 15:53 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-05-24 15:52 - 2015-05-24 15:52 - 00004464 _____ () C:\Windows\System32\Tasks\Validate Installation
2015-05-24 15:52 - 2015-05-24 15:52 - 00004256 _____ () C:\Windows\System32\Tasks\Check Updates
2015-05-24 15:52 - 2015-05-24 15:52 - 00000064 _____ () C:\Users\Jim\AppData\Local\cf846f4b060f9bacf86530213ab1f8c6
2015-05-19 18:19 - 2015-05-19 18:19 - 00047731 _____ () C:\Users\Jim\Desktop\20150220 Data for Rebecca.xlsx
2015-05-16 13:38 - 2015-05-25 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-16 13:34 - 2015-05-16 13:34 - 00000000 ____D () C:\Users\Jim\AppData\Local\Microsoft Help
2015-05-16 11:54 - 2015-05-26 02:41 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Recidivist-Jim Recidivist
2015-05-13 17:39 - 2015-05-13 17:39 - 00000041 _____ () C:\script.txt
2015-05-13 17:38 - 2015-05-13 17:39 - 00000031 _____ () C:\Windows\script.txt
2015-05-13 17:36 - 2015-05-13 17:36 - 00001862 _____ () C:\Users\Public\Desktop\Data Migration.lnk
2015-05-13 17:36 - 2015-05-13 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-05-13 03:03 - 2015-05-01 08:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:03 - 2015-05-01 08:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 02:42 - 2015-05-04 20:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 02:42 - 2015-05-04 20:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 02:42 - 2015-04-27 14:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 02:42 - 2015-04-27 14:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 02:42 - 2015-04-27 14:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 02:42 - 2015-04-27 14:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 02:42 - 2015-04-27 14:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 02:42 - 2015-04-27 14:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 02:42 - 2015-04-27 14:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 02:42 - 2015-04-27 14:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 02:42 - 2015-04-27 14:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 02:42 - 2015-04-27 14:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 02:42 - 2015-04-27 14:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 02:42 - 2015-04-27 14:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 02:42 - 2015-04-27 14:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 02:42 - 2015-04-27 14:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 02:42 - 2015-04-27 14:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 02:42 - 2015-04-27 14:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 14:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 02:42 - 2015-04-27 14:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 02:42 - 2015-04-27 14:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 02:42 - 2015-04-27 14:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 02:42 - 2015-04-27 14:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 02:42 - 2015-04-27 14:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 02:42 - 2015-04-27 14:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 02:42 - 2015-04-27 14:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 02:42 - 2015-04-27 14:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 02:42 - 2015-04-27 14:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 02:42 - 2015-04-27 14:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 02:42 - 2015-04-27 14:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 02:42 - 2015-04-27 14:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 02:42 - 2015-04-27 14:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 02:42 - 2015-04-27 14:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 02:42 - 2015-04-27 14:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 02:42 - 2015-04-27 14:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 02:42 - 2015-04-27 14:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 02:42 - 2015-04-27 14:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 02:42 - 2015-04-27 14:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 02:42 - 2015-04-27 14:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 02:42 - 2015-04-27 14:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 02:42 - 2015-04-27 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 02:42 - 2015-04-27 14:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 02:42 - 2015-04-27 14:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 02:42 - 2015-04-27 14:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 02:42 - 2015-04-27 13:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 02:42 - 2015-04-21 21:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 02:42 - 2015-04-21 20:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 02:42 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 02:42 - 2015-04-21 12:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 02:42 - 2015-04-21 12:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 02:42 - 2015-04-21 11:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 02:42 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 02:42 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 02:42 - 2015-04-21 11:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 02:42 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 02:42 - 2015-04-21 11:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 02:42 - 2015-04-21 11:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 02:42 - 2015-04-21 11:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 02:42 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 02:42 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 02:42 - 2015-04-21 11:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 02:42 - 2015-04-21 11:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 02:42 - 2015-04-21 11:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 02:42 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 02:42 - 2015-04-21 11:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 02:42 - 2015-04-21 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 02:42 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 02:42 - 2015-04-21 11:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 02:42 - 2015-04-21 11:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 02:42 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 02:42 - 2015-04-21 11:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 02:42 - 2015-04-21 11:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 02:42 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 02:42 - 2015-04-21 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 02:42 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 02:42 - 2015-04-21 11:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 02:42 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 02:42 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 02:42 - 2015-04-21 11:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 02:42 - 2015-04-21 11:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 02:42 - 2015-04-21 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 02:42 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 02:42 - 2015-04-21 10:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 02:42 - 2015-04-21 10:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 02:42 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 02:42 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 02:42 - 2015-04-21 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 02:42 - 2015-04-21 10:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 02:42 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 02:42 - 2015-04-21 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 02:42 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 02:42 - 2015-04-21 10:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 02:42 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 02:42 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 02:42 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 02:42 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 02:42 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 02:42 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 02:42 - 2015-04-21 10:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 02:42 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 02:42 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 02:42 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 02:42 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 02:42 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 02:42 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 02:42 - 2015-04-17 22:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 02:42 - 2015-04-17 21:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 02:42 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 02:41 - 2015-04-27 14:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 02:41 - 2015-04-27 14:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 02:41 - 2015-04-27 14:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 02:41 - 2015-04-27 14:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 02:41 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 02:41 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 02:41 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 02:41 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 02:41 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 02:41 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 02:41 - 2015-04-27 14:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 02:41 - 2015-04-27 14:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 02:41 - 2015-04-27 13:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 02:41 - 2015-04-27 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 02:41 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 02:41 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 02:41 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 02:41 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 02:41 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 02:41 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 02:41 - 2015-04-27 12:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 02:41 - 2015-04-27 12:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 02:41 - 2015-04-27 12:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 02:41 - 2015-04-27 12:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 02:41 - 2015-04-27 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 02:41 - 2015-04-27 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 02:41 - 2015-04-19 22:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 02:41 - 2015-04-19 22:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 02:41 - 2015-04-19 21:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 02:41 - 2015-04-19 21:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 02:41 - 2015-04-07 22:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 02:41 - 2015-04-07 22:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 02:41 - 2015-04-07 22:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 02:41 - 2015-03-03 23:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 02:41 - 2015-03-03 23:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 02:41 - 2015-03-03 23:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 02:41 - 2015-03-03 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 02:41 - 2015-03-03 23:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 02:41 - 2015-03-03 23:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 02:41 - 2015-03-03 23:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 02:41 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 02:41 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 02:41 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 02:41 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-10 13:43 - 2015-05-10 13:43 - 00005102 _____ () C:\Users\Jim\Documents\coop 4 studs.cxp
2015-05-10 13:12 - 2015-05-24 18:38 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\CutList Plus
2015-05-10 13:12 - 2015-05-10 13:12 - 00002189 _____ () C:\Users\Public\Desktop\CutList Plus fx.lnk
2015-05-10 13:12 - 2015-05-10 13:12 - 00000000 ____D () C:\ProgramData\Video32
2015-05-10 13:12 - 2015-05-10 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bridgewood Design
2015-05-10 13:12 - 2015-05-10 13:12 - 00000000 ____D () C:\ProgramData\CutList Plus
2015-05-10 13:12 - 2015-05-10 13:12 - 00000000 ____D () C:\Program Files (x86)\Bridgewood Design
2015-05-10 13:10 - 2015-05-10 13:11 - 18557776 _____ (Bridgewood Design ) C:\Users\Jim\Downloads\cutlistplus-fx-installer-12217.exe
2015-05-09 11:42 - 2015-05-09 11:42 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\SketchUp
2015-05-09 11:37 - 2015-05-09 11:37 - 00002160 _____ () C:\Users\Public\Desktop\Style Builder 2015.lnk
2015-05-09 11:37 - 2015-05-09 11:37 - 00002074 _____ () C:\Users\Public\Desktop\LayOut 2015.lnk
2015-05-09 11:37 - 2015-05-09 11:37 - 00001989 _____ () C:\Users\Public\Desktop\SketchUp 2015.lnk
2015-05-09 11:37 - 2015-05-09 11:37 - 00000000 ____D () C:\ProgramData\SketchUp
2015-05-09 11:37 - 2015-05-09 11:37 - 00000000 ____D () C:\ProgramData\Reprise
2015-05-09 11:37 - 2015-05-09 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2015
2015-05-09 11:37 - 2015-05-09 11:37 - 00000000 ____D () C:\Program Files\SketchUp
2015-05-09 11:33 - 2015-05-09 11:33 - 00002219 _____ () C:\Users\Public\Desktop\TurboCAD LTE 5.lnk
2015-05-09 11:33 - 2015-05-09 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IMSIDesign TurboCAD LTE 5
2015-05-09 11:32 - 2015-05-24 19:20 - 00000000 ____D () C:\ProgramData\IMSIDesign
2015-05-09 11:32 - 2015-05-09 11:33 - 00000000 ____D () C:\Users\Jim\Documents\TurboCAD LTE 5
2015-05-09 11:32 - 2015-05-09 11:32 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\IMSIDesign
2015-05-09 11:32 - 2015-05-09 11:32 - 00000000 ____D () C:\Program Files (x86)\IMSIDesign
2015-05-09 11:30 - 2015-05-09 11:30 - 00000000 ____D () C:\Program Files (x86)\TurboCAD LTE v 5

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 20:18 - 2015-02-08 17:13 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-05-26 20:06 - 2015-02-08 16:44 - 00000000 ____D () C:\Users\Jim\Documents\Outlook Files
2015-05-26 20:06 - 2015-02-08 13:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-26 19:36 - 2015-02-08 16:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-26 16:27 - 2015-02-08 00:36 - 01354337 _____ () C:\Windows\WindowsUpdate.log
2015-05-26 04:36 - 2015-02-08 16:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 21:39 - 2015-02-14 23:02 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-25 19:23 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-25 13:12 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 13:12 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 13:04 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-25 13:04 - 2009-07-13 23:51 - 00031857 _____ () C:\Windows\setupact.log
2015-05-24 23:56 - 2010-11-20 22:47 - 00252538 _____ () C:\Windows\PFRO.log
2015-05-24 23:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-24 23:35 - 2009-07-13 23:45 - 00490632 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-24 23:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2015-05-24 19:16 - 2015-02-08 15:30 - 00000000 ___RD () C:\Users\Jim\Quick Launch
2015-05-24 19:08 - 2015-02-07 23:33 - 00135824 _____ () C:\Users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-24 19:04 - 2015-02-08 15:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-05-24 19:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-24 18:46 - 2015-02-14 15:03 - 00000000 ____D () C:\Users\Jim\AppData\Local\Adobe
2015-05-24 18:45 - 2015-02-08 13:21 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-24 18:45 - 2015-02-08 13:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-24 18:45 - 2015-02-08 13:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-24 15:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2015-05-20 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-19 19:32 - 2015-02-08 14:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-17 04:31 - 2015-02-08 16:25 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 04:31 - 2015-02-08 16:25 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 20:25 - 2015-02-08 17:14 - 00000000 ____D () C:\Program Files\CrashPlan
2015-05-13 20:13 - 2009-07-14 00:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-05-13 20:13 - 2009-07-14 00:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-05-13 17:36 - 2015-02-08 17:12 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-05-13 17:36 - 2015-02-07 23:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-13 05:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 03:35 - 2015-02-11 22:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 03:35 - 2015-02-11 22:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:33 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 03:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 03:15 - 2015-02-08 12:43 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 03:15 - 2015-02-08 12:43 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-13 03:15 - 2015-02-08 12:43 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 03:15 - 2015-02-08 12:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 03:14 - 2015-02-08 11:56 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 03:07 - 2015-02-08 11:56 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 03:03 - 2015-02-11 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-09 11:41 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-26 19:03 - 2015-04-12 19:42 - 00000000 ____D () C:\Users\Jim\Documents\My Kindle Content
2015-04-26 19:01 - 2015-04-19 18:04 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\calibre

==================== Files in the root of some directories =======

2015-05-24 15:52 - 2015-05-24 15:52 - 0000064 _____ () C:\Users\Jim\AppData\Local\cf846f4b060f9bacf86530213ab1f8c6
2015-02-22 16:51 - 2015-02-22 16:51 - 0000017 _____ () C:\Users\Jim\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Jim\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Jim\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Jim\AppData\Local\Temp\setup32.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-24 00:56

==================== End of log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-05-2015
Ran by Jim at 2015-05-26 20:19:05
Running from C:\Users\Jim\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2193614321-2031638678-2520315675-500 - Administrator - Disabled)
Guest (S-1-5-21-2193614321-2031638678-2520315675-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2193614321-2031638678-2520315675-1002 - Limited - Enabled)
Jim (S-1-5-21-2193614321-2031638678-2520315675-1000 - Administrator - Enabled) => C:\Users\Jim

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2193614321-2031638678-2520315675-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 5.5.1 - Bastien Mensink - A Must in Every Office BV)
calibre (HKLM-x32\...\{CEAD2735-F47D-4E9C-88B2-D1DBACF7BFFF}) (Version: 2.25.0 - Kovid Goyal)
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V5.0L10 - PFU)
CardMinder V5.0 (x32 Version: 5.0.10.1 - PFU) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CrashPlan (HKLM\...\{7ED69159-444F-43B6-B237-D6F655F492FF}) (Version: 3.7.0 - Code 42 Software)
CutList Plus fx (HKLM-x32\...\{61EAFC10-157E-4407-AABE-DE3243A88B05}) (Version: 12.2.17.0 - Bridgewood Design)
Dell System Detect (HKU\S-1-5-21-2193614321-2031638678-2520315675-1000\...\73f463568823ebbe) (Version: 5.14.0.9 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.217 - ALPS ELECTRIC CO., LTD.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.20.55.31 - Dell Inc.)
Findwide Toolbar (HKU\S-1-5-21-2193614321-2031638678-2520315675-1000\...\{4E374E4F-AE91-44DA-85F0-C7340F3BE5DF}) (Version:  - Freshy) <==== ATTENTION
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.9.16.6 - Siber Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6426.0 - IDT)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Logos 5 Prerequisites (HKLM-x32\...\{3B4DBF05-BB80-4C16-B007-4239B1F386E7}) (Version: 5.34.1627 - Logos Bible Software)
Logos Bible Software (HKLM-x32\...\{6E746566-C98F-4BE9-893F-1D2F75ABDD30}) (Version: 5.34.1629 - Logos Bible Software)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Project Professional 2013 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.65.1025.2012 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39013 - Realtek Semiconductor Corp.)
RoboForm 7-9-12-2 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-12-2 - Siber Systems)
Samsung CLP-410 Series (HKLM-x32\...\Samsung CLP-410 Series) (Version: 1.12 (4/18/2014) - Samsung Electronics Co., Ltd.)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.18.0 - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.0.16 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.0L10 - PFU)
ScanSnap Manager (x32 Version: 6.0.10.49.54.0 - PFU) Hidden
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V5.0L10 - PFU)
ScanSnap Organizer (x32 Version: 5.0.10.14 - PFU LIMITED) Hidden
SizeExplorer Free 4.1 (HKLM-x32\...\SEF4_is1) (Version: 4.1 - JSD Software)
SizeExplorer Pro 4.12 (HKLM-x32\...\SEP4_is1) (Version: 4.12 - JSD Software)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
TurboCAD LTE 5 - 32 bit (HKLM-x32\...\{948C8251-DC62-48A2-A08C-756E78DC63A3}) (Version: 5.0.132 - IMSIDesign)
TurboCAD LTE 5 - 64 bit (HKLM\...\{E4124A49-C504-4F48-A154-21BFBFF5489F}) (Version: 5.0.132 - IMSIDesign)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F1F6F03-9468-D082-55FF-6EEE85889A47} No File
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{130E8ABC-A163-43b5-B9E5-A31C1B1CB7B4}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\Draggers\BPMngr.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{15544F60-D775-4962-BEB4-E580346B1591}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\Ties\ScetchTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{28A80F2D-0869-4E55-B0B3-0E44E64DC4C6}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\Draggers\ExtRefManager.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{2C10CA50-05D0-11D2-8697-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\Ties\ObjectTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{49E39851-1FC0-11D2-8698-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\Ties\SmartHatch.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{4AD5B3A9-8EE4-4FA8-B0DD-FD929A1680DB}\localserver32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\turbocadlte.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{554EDBD6-7585-40C5-9713-180E76DAC4FC}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\Regens\TCImage.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{5B60CCED-F564-43BA-802B-01183FAA0A84}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\Draggers\TCImageTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{6A3A61A2-D373-4B31-8164-263601C79016}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\Draggers\TCRougness.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{6A481001-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\turbocadlte.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{6A481003-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\turbocadlte.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{6A481004-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\turbocadlte.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{6A481005-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\turbocadlte.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{6A481100-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\ImsigxPS19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{6A481801-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\IMSIGX19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{6A481802-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\IMSIGX19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{6A481803-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\IMSIGX19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{6A481804-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\IMSIGX19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{6A481805-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\IMSIGX19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{6A481816-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\wraptcapp.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{6A482001-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\imsigxext\gxext19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{6A482002-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\imsigxext\gxext19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{6A482003-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\imsigxext\gxext19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{6E1099B5-A2D4-11D5-BA2B-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\Draggers\RevisionCloud.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{71E21C97-83FB-4242-8997-A52627FFEFF9}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\Draggers\TCWeldSm.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{7657D07B-63D1-480B-B9E5-839E458E659E}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\Ties\DimensionTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{90E611F0-DE07-11D2-ABC3-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\Ties\ViewportTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{AFF6A5F1-41F6-4979-9D44-F1232D471F39}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\TcTools\DOCCompareLaunchTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{BF0BBC85-A311-11D3-A82D-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\TcTools\PalTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{C9ACD2AA-AB9F-40DE-AFBE-1350D6BCB291}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\Draggers\TCTrnTools.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{D732323E-7207-465d-9924-BCBAFE352435}\InprocServer32 -> C:\Program Files\IMSIDesign\TurboCAD LTE 5\Program\Ties\CompoundProfileTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {58DBBADB-9468-D082-8D2A-AAA985889A47} No File

==================== Restore Points =========================

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14C42E0F-309A-4A69-8840-F60E1CE18E8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-08] (Google Inc.)
Task: {34ACD263-F391-4B23-9C1F-5169BB71D8AE} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Recidivist-Jim Recidivist => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {3EFDACBE-1F92-4DC5-A466-34C05C88F93D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\Root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {43D5F1BB-0287-46FC-8154-3D679A52E81B} - System32\Tasks\Check Updates => C:\Program Files (x86)\user extensions\updater.exe
Task: {63E9482B-71D4-4314-907D-052BFF939DF0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {7635190D-9F46-4B73-A1B4-D0C2FC2C8BE6} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-02-07] (Siber Systems)
Task: {79F536A8-28A3-4C8B-A943-0CC34A3F59F4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {80CCF458-0357-4D5A-A077-95D73BCAEAA3} - System32\Tasks\{F6C85066-A99D-465F-8819-647A67F232C2} => pcalua.exe -a "D:\D Bending Docs\Computer\New folder\Audio_IDT_W7W8_A02_3F35Y-Setup_ZPE.exe" -d "D:\D Bending Docs\Computer\New folder"
Task: {829A7DDB-DA14-41A8-8A17-EE6C7A676550} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {AFB3B02E-CB5C-446B-B950-DC5C4B2BD034} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-24] (Adobe Systems Incorporated)
Task: {B1B51BCC-8048-45E2-AE4B-657D55BFF823} - System32\Tasks\Validate Installation => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
Task: {C0E55680-BA62-40D8-928D-A55B94B1FC0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-08] (Google Inc.)
Task: {CDA74126-2FA1-4F08-9AEC-EBAA4ECDBEAC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {E178B4B8-0E48-4EB5-B13E-353C629F4D15} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\Root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {EEFB127F-227D-4503-9416-4507F6D4B660} - \GeniusBox No Task File <==== ATTENTION
Task: {EFC749BD-2BE2-4276-AFB7-A66D6B9D9516} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {F0B2E4D9-3946-42B0-BA04-8AC0C784DC9F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {F8D2C4BC-1A38-486F-B474-313F0AE5CF0B} - System32\Tasks\{793A94B5-7EFB-4A87-99DF-A9A2D650E56A} => pcalua.exe -a "D:\D Bending Docs\Computer\New folder\Chipset_Intel_A00_Setup-C0G85_ZPE.exe" -d "D:\D Bending Docs\Computer\New folder"
Task: {FFFF9BB1-67E8-448F-A5AA-139E457A40A1} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLJMMJJHMLJLJNJJJCNJMMMKJLJCNLMMMJMOMCNGMJJLMOMCNMMOMHMHMLJJJKJNMKJLJOJKJJNJICMIMCNGMCNOMNMFMHMCNPMCNIMJMPMOMFMJMCNOMCNIMJMPMOMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMFLGJCJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMOMNMMMNMFMOMMMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-02-08 17:12 - 2012-02-09 05:42 - 00034304 _____ () C:\Windows\System32\ssd4clm.dll
2015-02-08 17:26 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-20 11:12 - 2014-11-20 11:12 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2015-05-14 20:25 - 2015-05-14 20:25 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2015-02-25 16:20 - 2015-02-25 16:20 - 08380424 _____ () C:\Program Files\Siber Systems\GoodSync\gs-server.exe
2015-04-14 17:11 - 2015-04-14 17:11 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-08 17:12 - 2014-04-16 20:50 - 00295984 _____ () c:\windows\system32\spool\drivers\x64\3\ssd4cpi.exe
2015-02-20 19:26 - 2015-01-27 09:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\1033\GrooveIntlResource.dll
2015-02-08 16:06 - 2012-06-25 17:54 - 00599419 _____ () C:\Program Files (x86)\PFU\ScanSnap\CardMinder\sqlite3.dll
2015-02-08 16:01 - 2012-09-04 16:09 - 00421888 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2015-02-08 16:01 - 2012-09-05 12:25 - 00241664 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2015-02-08 16:01 - 2003-03-26 19:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2015-02-08 16:01 - 2011-12-06 15:00 - 00897024 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IDIGCROP.dll
2015-02-08 16:02 - 2010-08-24 17:56 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2015-02-10 12:15 - 2015-02-20 19:19 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-05-09 11:59 - 2015-04-14 07:42 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\TEMP:18C06F28

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2193614321-2031638678-2520315675-1000\...\dell.com -> dell.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2193614321-2031638678-2520315675-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 67.216.112.253 - 67.216.112.252

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4A57242E-2C3D-4491-AF68-BC96BC82D4DE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B9146656-62EC-4B68-9CFF-0952B42BE918}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{21B793C4-A9A1-4E99-9267-A9D5B8142C67}] => (Allow) C:\Users\Jim\AppData\Local\Temp\3fec62\WebInstallAgent\SPNTInst.exe
FirewallRules: [{9BF29DC1-E0F7-4ED6-9254-C0A563BB3E47}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [{893BF11F-1479-45DA-86B8-50338216813D}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [{B993581E-504C-44FC-BC43-F8C6F534F3B9}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
FirewallRules: [{EBB61DDC-BE91-4F69-A2A2-D849373C2041}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
FirewallRules: [{B14982A0-5926-48CF-8F0C-7B3475F9CB04}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe
FirewallRules: [{C6D1D7B7-1495-4935-8943-40097BD714FD}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe
FirewallRules: [{AC508892-F095-44EE-A284-7D5C511DE809}] => (Allow) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
FirewallRules: [{27D85C8C-4F60-4BE3-83CB-10F2822095BC}] => (Allow) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
FirewallRules: [{001941F3-04EC-413B-8DE1-5AB7F99D27D7}] => (Allow) LPort=33333
FirewallRules: [{7B45FF82-7C87-4454-A12A-ECF5D106450F}] => (Allow) LPort=33338
FirewallRules: [{7444A4DD-EF7A-4BFF-9D5D-7664634498E3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{2F500523-C1AA-4658-A6E5-8380B6F5CDE9}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
FirewallRules: [{EF79A5CB-0030-47D6-84E9-931C67FAC19F}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
FirewallRules: [{E0C4520D-647F-47AB-B449-159ECEA0C0C9}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe
FirewallRules: [{C19F36E4-67DE-493A-B229-6DF33414A3C8}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe
FirewallRules: [{A53D4D8F-D3ED-4AE8-87C1-D0554EB0557F}] => (Allow) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
FirewallRules: [{47F682FD-64AA-46A5-8F58-6078226F965D}] => (Allow) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
FirewallRules: [{D3E78917-3A29-4AB6-8B3C-4D4720E2966D}] => (Allow) LPort=33333
FirewallRules: [{985A06D1-1DC9-4479-B5DD-3DB91F82CF03}] => (Allow) LPort=33338
FirewallRules: [{98A9E2E6-7296-4408-8C44-7CD2E879E3F9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{4C677A02-36E0-4C9B-946B-C875342CDEA6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{1AE609FD-22DA-46E2-BEFA-6DC7A04A82D9}] => (Allow) C:\Users\Jim\AppData\Local\TNT2\2.0.0.1983\TNT2User.exe
FirewallRules: [{66D08D13-73F6-44A6-8D7D-9FBD6DFF6C2D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/26/2015 02:19:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (05/26/2015 09:09:50 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000039CB00).

Operation:
   Get Shadow Copy Properties

Context:
   Execution Context: Coordinator

Error: (05/26/2015 09:09:50 AM) (Source: VSS) (EventID: 12298) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume \\?\Volume{e49a8247-faa0-11e4-9ea7-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x00000000, The operation completed successfully.
], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
], OnRun[0x00000000, The operation completed successfully.
].

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (05/26/2015 05:34:48 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000044AA40).

Operation:
   Get Shadow Copy Properties

Context:
   Execution Context: Coordinator

Error: (05/26/2015 05:34:48 AM) (Source: VSS) (EventID: 12298) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume \\?\Volume{e49a8247-faa0-11e4-9ea7-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x00000000, The operation completed successfully.
], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
], OnRun[0x00000000, The operation completed successfully.
].

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (05/26/2015 05:34:48 AM) (Source: VSS) (EventID: 12310) (User: )
Description: Volume Shadow Copy Service error: The shadow copy could not be committed - operation timed out.
Error context: DeviceIoControl(\\?\Volume{e49a8247-faa0-11e4-9ea7-806e6f6e6963} - 0000000000000114,0x0053c010,00000000004BD210,0,00000000004BE220,4096,[0]).

Operation:
   Committing shadow copies

Context:
   Execution Context: System Provider

Error: (05/26/2015 00:13:52 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (05/26/2015 00:00:00 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (05/25/2015 05:36:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (05/25/2015 01:05:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/24/2015 11:57:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/24/2015 11:57:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/24/2015 11:57:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/24/2015 11:57:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/24/2015 11:57:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/24/2015 11:57:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/24/2015 11:57:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/24/2015 11:57:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/24/2015 11:57:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/24/2015 11:57:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Microsoft Office:
=========================
Error: (05/26/2015 02:19:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

Error: (05/26/2015 09:09:50 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000000039CB00)

Operation:
   Get Shadow Copy Properties

Context:
   Execution Context: Coordinator

Error: (05/26/2015 09:09:50 AM) (Source: VSS) (EventID: 12298) (User: )
Description: \\?\Volume{e49a8247-faa0-11e4-9ea7-806e6f6e6963}\00x00000000, The operation completed successfully.
0x00000000, The operation completed successfully.
0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
0x00000000, The operation completed successfully.

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (05/26/2015 05:34:48 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000000044AA40)

Operation:
   Get Shadow Copy Properties

Context:
   Execution Context: Coordinator

Error: (05/26/2015 05:34:48 AM) (Source: VSS) (EventID: 12298) (User: )
Description: \\?\Volume{e49a8247-faa0-11e4-9ea7-806e6f6e6963}\00x00000000, The operation completed successfully.
0x00000000, The operation completed successfully.
0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
0x00000000, The operation completed successfully.

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (05/26/2015 05:34:48 AM) (Source: VSS) (EventID: 12310) (User: )
Description: DeviceIoControl(\\?\Volume{e49a8247-faa0-11e4-9ea7-806e6f6e6963} - 0000000000000114,0x0053c010,00000000004BD210,0,00000000004BE220,4096,[0])

Operation:
   Committing shadow copies

Context:
   Execution Context: System Provider

Error: (05/26/2015 00:13:52 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (05/26/2015 00:00:00 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

Error: (05/25/2015 05:36:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

Error: (05/25/2015 01:05:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 8052.06 MB
Available physical RAM: 4203.52 MB
Total Pagefile: 16102.32 MB
Available Pagefile: 11835.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:252.84 GB) (Free:101.23 GB) NTFS
Drive d: (Data) (Fixed) (Total:678.57 GB) (Free:250.31 GB) NTFS
Drive e: (SAMSUNG SSD) (CDROM) (Total:0.05 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9D783964)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=252.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=678.6 GB) - (Type=07 NTFS)

==================== End of log ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:19 AM

Posted 27 May 2015 - 05:08 PM

Hello,

 

 

Please go ahead and uninstall Findwide Toolbar from the Control Panel.

 

Next please download the following file => [attachment=165293:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Let me know how are things after the fix above.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#5 jptort

jptort
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 30 May 2015 - 02:30 PM

Tried it but did not work so well. 

When I tried to uninstall Findwide Toolbar I got a message that the it was already removed and I could now remove it from the list in the Programs control Panel.

Then I ran the FRST and FIX and my computer stopped when it got to the Windows Cookies part and would not go any farther.  I stopped the program after 15 minutes.



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:19 AM

Posted 01 June 2015 - 12:54 PM

Hello,

 

I am sorry about the delay. I was out of town for the weekend.

Did FRST create a fixlog.txt? If so please post its content in your next reply.

Also please run a new scan with FRST (make sure that Addition.txt is checked before you press the Scan button) and then please post both logs - FRST.txt and Addition.txt in your next reply.

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:19 AM

Posted 08 June 2015 - 05:26 AM

Hi,

It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 72 hours.
Thank you for your understanding!

 

Regards,
Georgi


cXfZ4wS.png


#8 jptort

jptort
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 08 June 2015 - 09:50 PM

Georgi:

I do still need help, but will not be able to work on this for a few weeks-months.  (Health issues). Please close the thread and I'll contact you when I can work again.

Jim



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:19 AM

Posted 09 June 2015 - 04:35 AM

Hi,

 

I am sorry to hear about your troubles. I can only imagine your stress level at the moment.
I wish you fast recovering and I hope that everything will be fine as soon as possible.
Real life is the most important thing, everything else can wait.
And don't worry, the topic will remain open as long as needed.

 

 

Regards,

Georgi


cXfZ4wS.png


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:19 AM

Posted 11 July 2015 - 10:22 PM

Hi,

 

Any news?

 

 

Regards,

Georgi


cXfZ4wS.png


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:19 AM

Posted 15 July 2015 - 04:53 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users