Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing keystrokes - suspected malware


  • This topic is locked This topic is locked
4 replies to this topic

#1 brianlmik

brianlmik

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 29 March 2016 - 10:40 AM

My computer is acting laggy and missing a lot of keystrokes (esp. when multiple keys are pressed; e.g., with SHIFT).

 

Logs are below and attached:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Mister Pinchy (administrator) on MISTERPINCHY (29-03-2016 10:28:43)
Running from C:\Users\Mister Pinchy\Downloads
Loaded Profiles: Mister Pinchy (Available Profiles: Mister Pinchy)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Lenovo) C:\Program Files\Lenovo\LBAI\LBAEvent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [289648 2012-05-24] (Lenovo Group Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630952 2012-05-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [23352 2012-02-22] ()
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2015-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\Run: [Google Update] => C:\Users\Mister Pinchy\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [881336 2015-12-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\RunOnce: [Uninstall C:\Users\Mister Pinchy\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mister Pinchy\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\RunOnce: [Uninstall C:\Users\Mister Pinchy\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mister Pinchy\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"
HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\MountPoints2: {5b901fed-065b-11e4-864e-7427ea66b1bb} - F:\LGAutoRun.exe
HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\MountPoints2: {5e64f31d-bc5b-11e5-8784-7427ea66b1bb} - F:\OnePlus_setup.exe /s
HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\MountPoints2: {7ea72a99-cddc-11e2-ab94-806e6f6e6963} - Q:\LenovoQDrive.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-23] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk [2014-11-02]
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-09-25]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-09-25]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2014-11-02]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CB02D3D3-E487-411A-8ED3-97B653EAE455}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FB953991-1015-4965-BEDA-EBEBA55C5D89}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-688495982-1245018146-1649801677-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkcentre
HKU\S-1-5-21-688495982-1245018146-1649801677-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-688495982-1245018146-1649801677-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-688495982-1245018146-1649801677-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-688495982-1245018146-1649801677-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
SearchScopes: HKU\S-1-5-21-688495982-1245018146-1649801677-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-23] (Microsoft Corporation)
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll [2013-06-05] (Google Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-09-25] (LastPass)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-23] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-23] (Microsoft Corporation)
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll [2013-06-05] (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-09-25] (LastPass)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-23] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-23] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-09-25] (LastPass)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-09-25] (LastPass)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Mister Pinchy\AppData\Roaming\Mozilla\Firefox\Profiles\ac8ap8c8.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-10] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-09-25] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-09-25] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-16] (Alcatel-Lucent)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-05-24] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin HKU\S-1-5-21-688495982-1245018146-1649801677-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Mister Pinchy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-688495982-1245018146-1649801677-1001: @fuze.com/Fuze,platform=x64,version=15.04.24583.0 -> C:\Users\Mister Pinchy\AppData\Local\FuzeBox\Fuze\x64\npfuzex64.dll [2015-04-24] (FuzeBox)
FF Plugin HKU\S-1-5-21-688495982-1245018146-1649801677-1001: @fuze.com/Fuze,platform=x86,version=15.04.24583.0 -> C:\Users\Mister Pinchy\AppData\Local\FuzeBox\Fuze\npfuzex86.dll [2015-04-24] (FuzeBox)
FF Plugin HKU\S-1-5-21-688495982-1245018146-1649801677-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Mister Pinchy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-688495982-1245018146-1649801677-1001: @talk.google.com/O1DPlugin -> C:\Users\Mister Pinchy\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-688495982-1245018146-1649801677-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-688495982-1245018146-1649801677-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-688495982-1245018146-1649801677-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Mister Pinchy\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2015-05-22] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-688495982-1245018146-1649801677-1001: bluejeans.com/bjninstallplugin -> C:\Users\Mister Pinchy\AppData\Roaming\Blue Jeans\bjnplugin\2.90.399.5\npbjninstallplugin_2.90.399.5.dll [2014-12-29] (Blue Jeans)
FF Plugin HKU\S-1-5-21-688495982-1245018146-1649801677-1001: bluejeans.com/bjnplugin -> C:\Users\Mister Pinchy\AppData\Roaming\Blue Jeans\bjnplugin\2.90.399.5\npbjnplugin_2.90.399.5.dll [2014-12-29] (Blue Jeans)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-12-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mister Pinchy\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-10-02] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Mister Pinchy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Mister Pinchy\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: LastPass - C:\Users\Mister Pinchy\AppData\Roaming\Mozilla\Firefox\Profiles\ac8ap8c8.default\Extensions\support@lastpass.com [2016-03-10]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-16]
FF HKLM-x32\...\Firefox\Extensions: [VIP4X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2013-06-05] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP"
CHR DefaultSearchKeyword: Default -> lp
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
CHR Plugin: (Norton Confidential) - C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll => No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-03-10]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-07-10]
CHR Extension: (Voice Recognition) - C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2014-07-10]
CHR Extension: (Kami (formerly Notable PDF)) - C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljojpiodmlhoehoecppliohmplbgeij [2015-08-24]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-03-16]
CHR Extension: (Evernote Web) - C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-02-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2015-05-11]
CHR Extension: (Gmail) - C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-688495982-1245018146-1649801677-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kcehcblfpidimbihdfophhhdejckolgh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2014-03-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [693440 2016-01-28] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
R2 LBAEvent; C:\Program Files\Lenovo\LBAI\LBAEvent.exe [15520 2012-03-23] (Lenovo) [File not signed]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2012-10-16] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-10-16] (Alcatel-Lucent) [File not signed]
R2 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [70968 2012-02-22] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [165176 2012-02-22] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [9600 2011-12-08] (Lenovo)
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-28] (Broadcom Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 rtkio; C:\Program Files (x86)\Realtek\RtkWin7DashClientInstaller\rtkio64.sys [21000 2012-04-03] (Windows ® Codename Longhorn DDK provider)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-29 10:28 - 2016-03-29 10:29 - 00034119 _____ C:\Users\Mister Pinchy\Downloads\FRST.txt
2016-03-29 10:28 - 2016-03-29 10:28 - 00000000 ____D C:\FRST
2016-03-29 10:25 - 2016-03-29 10:25 - 02374144 _____ (Farbar) C:\Users\Mister Pinchy\Downloads\FRST64.exe
2016-03-29 10:25 - 2016-03-29 10:25 - 00000085 _____ C:\Windows\wininit.ini
2016-03-29 09:00 - 2016-03-29 09:00 - 00082324 _____ C:\Users\Mister Pinchy\Downloads\Extras.Txt
2016-03-29 08:58 - 2016-03-29 08:58 - 00176554 _____ C:\Users\Mister Pinchy\Downloads\OTL.Txt
2016-03-29 08:42 - 2016-03-29 08:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mister Pinchy\Downloads\HijackThis.exe
2016-03-29 08:41 - 2016-03-29 08:41 - 00602112 _____ (OldTimer Tools) C:\Users\Mister Pinchy\Downloads\OTL.exe
2016-03-28 15:41 - 2016-03-28 15:41 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-28 15:27 - 2016-03-29 10:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-28 15:27 - 2016-03-29 10:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-28 15:27 - 2016-03-28 15:27 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-03-28 15:24 - 2016-03-28 15:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mister Pinchy\Downloads\spybot-2.4.exe
2016-03-28 08:40 - 2016-03-28 08:40 - 01520248 _____ C:\Users\Mister Pinchy\Downloads\tn1500328.pdf
2016-03-24 17:13 - 2016-03-24 17:13 - 00683025 _____ C:\Users\Mister Pinchy\Downloads\Statement_Mar 2016.pdf
2016-03-24 15:58 - 2016-03-24 15:58 - 00125643 _____ C:\Users\Mister Pinchy\Downloads\Attorney and Counselor at Law Mail - Austin Bar Association Business, Corporate and Tax Section - Notice for March Meeting.pdf
2016-03-24 15:56 - 2016-03-24 15:59 - 00000000 ____D C:\Users\Mister Pinchy\Desktop\BDA receipts
2016-03-24 08:15 - 2016-03-27 08:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-23 20:34 - 2016-03-29 09:10 - 00000000 __RHD C:\Users\Mister Pinchy\Creative Cloud Files
2016-03-23 16:58 - 2016-03-23 16:58 - 04978510 _____ C:\Users\Mister Pinchy\Downloads\tn1500321.pdf
2016-03-23 16:58 - 2016-03-23 16:58 - 02037290 _____ C:\Users\Mister Pinchy\Downloads\tn1500314.pdf
2016-03-23 09:50 - 2016-03-23 10:02 - 00025643 _____ C:\Users\Mister Pinchy\Desktop\2016_03_23_09_50_00.pdf
2016-03-12 18:49 - 2016-03-12 18:50 - 00524347 _____ C:\Users\Mister Pinchy\Downloads\15_3522.pdf
2016-03-11 11:28 - 2016-03-11 11:28 - 00098824 _____ C:\Users\Mister Pinchy\Downloads\NDA.pdf
2016-03-11 11:26 - 2016-03-11 11:26 - 00302191 _____ C:\Users\Mister Pinchy\Downloads\NDA_2 - Muhammed Jasim Acurax.pdf
2016-03-11 10:27 - 2016-03-11 10:27 - 01167488 _____ C:\Users\Mister Pinchy\AppData\Local\census.cache
2016-03-11 10:27 - 2016-03-11 10:27 - 00217232 _____ C:\Users\Mister Pinchy\AppData\Local\ars.cache
2016-03-11 10:13 - 2016-03-11 10:13 - 00000010 _____ C:\Users\Mister Pinchy\AppData\Local\sponge.last.runtime.cache
2016-03-11 10:08 - 2016-03-11 10:08 - 00000000 ____D C:\ProgramData\Trend Micro
2016-03-11 10:02 - 2016-03-11 10:02 - 02527376 _____ (Trend Micro Inc.) C:\Users\Mister Pinchy\Downloads\HousecallLauncher64.exe
2016-03-11 10:02 - 2016-03-11 10:02 - 00000036 _____ C:\Users\Mister Pinchy\AppData\Local\housecall.guid.cache
2016-03-11 10:02 - 2015-12-24 08:03 - 00316168 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-03-10 21:02 - 2016-03-10 20:34 - 00000030 _____ C:\AVScanner.ini
2016-03-10 20:35 - 2016-03-10 20:35 - 00000000 ____D C:\Users\Mister Pinchy\AppData\Local\Macromedia
2016-03-10 20:34 - 2016-03-10 20:34 - 00000000 ____D C:\ProgramData\McAfee
2016-03-10 17:46 - 2016-03-10 17:46 - 00009423 _____ C:\Users\Mister Pinchy\Downloads\car2go_service_overview_02170460_0884000014567725.pdf
2016-03-10 16:12 - 2016-03-10 16:12 - 00099824 _____ C:\Users\Mister Pinchy\Downloads\100901 Expenditure Responsibility (Wexler).pdf
2016-03-10 15:01 - 2016-03-10 15:01 - 00047055 _____ C:\Users\Mister Pinchy\Downloads\Expenditure Responsibilty Chart (Counsel on Found).pdf
2016-03-10 13:46 - 2016-03-10 13:46 - 00090232 _____ C:\Users\Mister Pinchy\Downloads\050401 Equivalency or Expenditure Responsibility (Adler Colvin).pdf
2016-03-10 11:42 - 2016-03-10 11:42 - 00062516 _____ C:\Users\Mister Pinchy\Downloads\160310 invoice.pdf
2016-03-10 11:42 - 2016-03-10 11:42 - 00062516 _____ C:\Users\Mister Pinchy\Downloads\160310 invoice (1).pdf
2016-03-09 17:49 - 2016-03-09 17:49 - 00490230 _____ C:\Users\Mister Pinchy\Downloads\090101 Gerson PLI Article re Section 305.pdf
2016-03-09 17:46 - 2016-03-09 17:47 - 00494740 _____ C:\Users\Mister Pinchy\Downloads\Gerson PLI Article re Section 305.pdf
2016-03-09 15:28 - 2016-03-09 15:28 - 02884448 _____ C:\Users\Mister Pinchy\Downloads\100101 Sound Fury Carried Interest Reform (Burke).pdf
2016-03-09 15:24 - 2016-03-09 15:24 - 02967878 _____ C:\Users\Mister Pinchy\Downloads\1ColumJTaxL1.pdf
2016-03-09 15:09 - 2016-03-09 15:09 - 03954396 _____ C:\Users\Mister Pinchy\Downloads\83NYULRev1.pdf
2016-03-09 10:21 - 2016-02-12 13:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 10:21 - 2016-02-12 13:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 10:21 - 2016-02-12 13:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 10:21 - 2016-02-12 13:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-09 10:21 - 2016-02-12 13:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 10:21 - 2016-02-12 13:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 10:21 - 2016-02-12 13:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 10:21 - 2016-02-12 13:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 10:21 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-09 10:21 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 10:21 - 2016-02-12 13:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-09 10:21 - 2016-02-12 13:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 10:21 - 2016-02-12 13:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 10:21 - 2016-02-12 13:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 10:21 - 2016-02-12 13:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 10:21 - 2016-02-12 13:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-09 10:21 - 2016-02-09 01:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 10:21 - 2016-02-09 01:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-09 10:21 - 2016-02-08 16:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 10:21 - 2016-02-08 15:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-09 10:21 - 2016-02-08 15:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 10:21 - 2016-02-08 15:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-09 10:21 - 2016-02-08 15:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-09 10:21 - 2016-02-08 15:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-09 10:21 - 2016-02-08 15:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-09 10:21 - 2016-02-08 15:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 10:21 - 2016-02-08 15:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-09 10:21 - 2016-02-08 15:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-09 10:21 - 2016-02-08 15:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-09 10:21 - 2016-02-08 15:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 10:21 - 2016-02-08 15:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-09 10:21 - 2016-02-08 15:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-09 10:21 - 2016-02-08 15:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-09 10:21 - 2016-02-08 15:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-09 10:21 - 2016-02-08 15:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-09 10:21 - 2016-02-08 15:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-09 10:21 - 2016-02-08 15:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-09 10:21 - 2016-02-08 15:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-09 10:21 - 2016-02-08 15:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 10:21 - 2016-02-08 15:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-09 10:21 - 2016-02-08 15:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-09 10:21 - 2016-02-08 15:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 10:21 - 2016-02-08 15:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 10:21 - 2016-02-08 15:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 10:21 - 2016-02-08 15:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-09 10:21 - 2016-02-08 14:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 10:21 - 2016-02-08 14:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 10:21 - 2016-02-08 14:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-09 10:21 - 2016-02-08 13:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-09 10:21 - 2016-02-08 13:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-09 10:21 - 2016-02-08 13:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 10:21 - 2016-02-08 13:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-09 10:21 - 2016-02-08 13:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 10:21 - 2016-02-08 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-09 10:21 - 2016-02-08 13:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-09 10:21 - 2016-02-08 13:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-09 10:21 - 2016-02-08 13:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-09 10:21 - 2016-02-08 13:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-09 10:21 - 2016-02-08 13:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 10:21 - 2016-02-08 13:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-09 10:21 - 2016-02-08 13:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-09 10:21 - 2016-02-08 13:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-09 10:21 - 2016-02-08 13:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 10:21 - 2016-02-08 13:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-09 10:21 - 2016-02-08 13:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-09 10:21 - 2016-02-08 13:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-09 10:21 - 2016-02-08 12:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 10:21 - 2016-02-08 12:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-09 10:21 - 2016-02-08 12:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 10:21 - 2016-02-08 12:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-09 10:21 - 2016-02-08 12:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-09 10:21 - 2016-02-08 12:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 10:21 - 2016-02-08 12:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 10:21 - 2016-02-08 12:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 10:21 - 2016-02-08 12:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 10:21 - 2016-02-08 12:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 10:21 - 2016-02-08 12:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-09 10:21 - 2016-02-08 12:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 10:21 - 2016-02-08 12:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 10:21 - 2016-02-08 11:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 10:21 - 2016-02-04 12:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 10:21 - 2016-02-03 13:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-09 10:21 - 2016-02-03 13:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 10:21 - 2016-02-03 13:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-09 10:21 - 2016-02-03 13:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 10:21 - 2016-02-03 13:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 10:20 - 2016-02-08 15:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 10:20 - 2016-02-08 12:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-09 10:19 - 2016-02-11 13:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 10:19 - 2016-02-11 13:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-09 10:19 - 2016-02-11 13:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-09 10:19 - 2016-02-11 13:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-09 10:19 - 2016-02-11 13:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-09 10:19 - 2016-02-11 13:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-09 10:19 - 2016-02-11 13:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-09 10:19 - 2016-02-11 13:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-09 10:19 - 2016-02-11 13:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-09 10:19 - 2016-02-11 13:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-09 10:19 - 2016-02-11 13:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-09 10:19 - 2016-02-11 13:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-09 10:19 - 2016-02-11 13:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-09 10:19 - 2016-02-11 13:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-09 10:19 - 2016-02-11 13:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-09 10:19 - 2016-02-11 13:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-09 10:19 - 2016-02-11 13:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-09 10:19 - 2016-02-11 13:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-09 10:19 - 2016-02-11 13:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 10:19 - 2016-02-11 13:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-09 10:19 - 2016-02-11 13:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-09 10:19 - 2016-02-11 13:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-09 10:19 - 2016-02-11 13:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-09 10:19 - 2016-02-11 13:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-09 10:19 - 2016-02-11 13:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-09 10:19 - 2016-02-11 13:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-09 10:19 - 2016-02-11 13:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 10:19 - 2016-02-11 13:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-09 10:19 - 2016-02-11 13:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-09 10:19 - 2016-02-11 13:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-09 10:19 - 2016-02-11 13:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-09 10:19 - 2016-02-11 13:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-09 10:19 - 2016-02-11 13:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-09 10:19 - 2016-02-11 13:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-09 10:19 - 2016-02-11 13:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-09 10:19 - 2016-02-11 13:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-09 10:19 - 2016-02-11 13:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-09 10:19 - 2016-02-11 13:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-09 10:19 - 2016-02-11 13:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-09 10:19 - 2016-02-11 13:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-09 10:19 - 2016-02-11 13:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-09 10:19 - 2016-02-11 13:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-09 10:19 - 2016-02-11 13:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-09 10:19 - 2016-02-11 13:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-09 10:19 - 2016-02-11 13:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-09 10:19 - 2016-02-11 13:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 12:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-09 10:19 - 2016-02-11 12:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-09 10:19 - 2016-02-11 12:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-09 10:19 - 2016-02-11 12:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-09 10:19 - 2016-02-11 12:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-09 10:19 - 2016-02-11 12:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-09 10:19 - 2016-02-11 12:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-09 10:19 - 2016-02-11 12:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-09 10:19 - 2016-02-11 12:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-09 10:19 - 2016-02-11 12:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-09 10:19 - 2016-02-11 12:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-09 10:19 - 2016-02-11 12:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-09 10:19 - 2016-02-11 12:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-09 10:19 - 2016-02-11 12:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-09 10:19 - 2016-02-11 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 10:19 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-09 10:19 - 2016-02-09 04:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 10:19 - 2016-02-09 04:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-09 10:19 - 2016-02-09 04:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-09 10:19 - 2016-02-09 04:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-09 10:19 - 2016-02-09 04:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 10:19 - 2016-02-09 04:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-09 10:19 - 2016-02-09 04:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-09 10:19 - 2016-02-09 04:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 10:19 - 2016-02-09 04:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-09 10:19 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-09 10:19 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-09 10:19 - 2016-02-05 13:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 10:19 - 2016-02-05 13:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-09 10:19 - 2016-02-05 13:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 10:19 - 2016-02-05 13:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-09 10:19 - 2016-02-05 13:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-09 10:19 - 2016-02-05 13:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 10:19 - 2016-02-05 13:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-09 10:19 - 2016-02-05 12:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 10:19 - 2016-02-05 12:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 10:19 - 2016-02-05 12:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 10:19 - 2016-02-04 20:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 10:19 - 2016-02-04 13:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-08 12:58 - 2016-03-08 12:58 - 07473365 _____ C:\Users\Mister Pinchy\Downloads\160205 Zach Symm MIPA - EXECUTED.PDF
2016-03-07 21:44 - 2016-03-07 21:44 - 00474779 _____ C:\Users\Mister Pinchy\Downloads\130903-336e-scorp-stock.pdf
2016-03-07 21:03 - 2016-03-07 21:05 - 00448859 _____ C:\Users\Mister Pinchy\Downloads\Passport.pdf
2016-03-07 20:46 - 2016-03-07 20:46 - 00218874 _____ C:\Users\Mister Pinchy\Downloads\I-9 to sign.pdf
2016-03-07 16:58 - 2016-03-07 17:01 - 00417209 _____ C:\Users\Mister Pinchy\Downloads\160307 Grant (BLANK) - FINAL.pdf
2016-03-07 10:29 - 2016-03-09 15:06 - 00199474 _____ C:\Users\Mister Pinchy\Downloads\110101 Taxn of Profits Interests The Carried Interest Problem (HLRev).pdf
2016-03-07 10:28 - 2016-03-09 15:01 - 00192787 _____ C:\Users\Mister Pinchy\Downloads\020301 Compensating the Service Partner (Kirkland).pdf
2016-03-07 10:28 - 2016-03-07 10:28 - 00174908 _____ C:\Users\Mister Pinchy\Downloads\140616 Practical_Considerations_for_Issuing_Profits_Interests_2.pdf
2016-03-07 08:42 - 2016-03-07 08:42 - 01788038 _____ C:\Users\Mister Pinchy\Downloads\tn1500307.pdf
2016-03-05 22:03 - 2016-03-05 22:03 - 00385470 _____ C:\Users\Mister Pinchy\Downloads\fw4_signed.pdf
2016-03-05 22:02 - 2016-03-05 22:02 - 00515441 _____ C:\Users\Mister Pinchy\Downloads\fw4_2.pdf
2016-03-05 21:58 - 2016-03-05 21:58 - 00500612 _____ C:\Users\Mister Pinchy\Downloads\i-92.pdf
2016-03-05 21:53 - 2016-03-05 21:53 - 00108510 _____ C:\Users\Mister Pinchy\Downloads\fw4.pdf
2016-03-05 21:51 - 2016-03-05 21:51 - 00480336 _____ C:\Users\Mister Pinchy\Downloads\i-9.pdf
2016-03-04 16:39 - 2016-03-04 16:39 - 00197573 _____ C:\Users\Mister Pinchy\Downloads\150629 LLC OA (track changes) (1).pdf
2016-03-04 10:48 - 2016-03-04 10:48 - 00035852 _____ C:\Users\Mister Pinchy\Downloads\160304 Notes re QSBS.pdf
2016-03-03 11:52 - 2016-03-03 11:52 - 00148909 _____ C:\Users\Mister Pinchy\Downloads\150331 How Successful People Work Less and Get More Done.pdf
2016-03-02 21:31 - 2016-03-02 21:33 - 01447090 _____ C:\Users\Mister Pinchy\Downloads\Non-BMAL information returns.pdf
2016-03-02 21:26 - 2016-03-02 21:26 - 00115077 _____ C:\Users\Mister Pinchy\Downloads\Vanguard consolidaded 1099 (2).pdf
2016-03-02 21:26 - 2016-03-02 21:26 - 00042754 _____ C:\Users\Mister Pinchy\Downloads\2015 Vanguard 1099_DIV  (1).pdf
2016-03-02 17:54 - 2016-03-02 17:54 - 00049411 _____ C:\Users\Mister Pinchy\Downloads\160302 Worksheet to Schedule C_EZ.pdf
2016-03-02 17:52 - 2016-03-02 17:52 - 00086966 _____ C:\Users\Mister Pinchy\Downloads\160302 2015 childcare expenses.pdf
2016-03-02 16:00 - 2016-03-02 16:00 - 00182349 _____ C:\Users\Mister Pinchy\Downloads\tempfile (2).pdf
2016-03-02 10:34 - 2016-03-02 10:40 - 04870571 _____ C:\Users\Mister Pinchy\Downloads\160302 Rio Bites Financials.pdf
2016-03-02 10:33 - 2016-03-02 10:33 - 01620489 _____ C:\Users\Mister Pinchy\Downloads\2015-12-18 Letter from Texas State Securities Board (1).pdf
2016-03-02 10:10 - 2016-03-02 10:10 - 00058015 _____ C:\Users\Mister Pinchy\Downloads\151110 RioBites Form 133_17 - EXECUTED.pdf
2016-03-01 16:15 - 2016-03-01 16:15 - 00200654 _____ C:\Users\Mister Pinchy\Downloads\SWA ticket receipt.pdf
2016-03-01 15:55 - 2016-03-01 15:55 - 00074572 _____ C:\Users\Mister Pinchy\Downloads\TEMP 2441.pdf
2016-03-01 15:54 - 2016-03-01 15:54 - 00253620 _____ C:\Users\Mister Pinchy\Downloads\TEMP 4562.pdf
2016-03-01 15:53 - 2016-03-01 15:53 - 00147844 _____ C:\Users\Mister Pinchy\Downloads\TEMP Schedule SE1.pdf
2016-03-01 15:53 - 2016-03-01 15:53 - 00147729 _____ C:\Users\Mister Pinchy\Downloads\TEMP Schedule SE2.pdf
2016-03-01 15:53 - 2016-03-01 15:53 - 00107901 _____ C:\Users\Mister Pinchy\Downloads\TEMP Schedule D.pdf
2016-03-01 15:52 - 2016-03-01 15:52 - 00222807 _____ C:\Users\Mister Pinchy\Downloads\TEMP Schedule C.pdf
2016-03-01 15:52 - 2016-03-01 15:52 - 00110141 _____ C:\Users\Mister Pinchy\Downloads\TEMP Schedule C_EZ.pdf
2016-03-01 15:50 - 2016-03-01 15:50 - 00734488 _____ C:\Users\Mister Pinchy\Downloads\Tax computation worksheet.pdf
2016-03-01 15:33 - 2016-03-01 15:33 - 04456065 _____ C:\Users\Mister Pinchy\Downloads\120112 A&R LLC OA (Parent) (1).pdf
2016-03-01 15:32 - 2016-03-01 15:33 - 03074114 _____ C:\Users\Mister Pinchy\Downloads\120112 2nd A&R LLC OA (2).pdf
2016-03-01 13:06 - 2016-03-01 13:06 - 00115077 _____ C:\Users\Mister Pinchy\Downloads\Vanguard consolidaded 1099 (1).pdf
2016-03-01 12:33 - 2016-03-01 12:33 - 00065410 _____ C:\Users\Mister Pinchy\Downloads\160301 Invoice (RLS Fire).pdf
2016-03-01 12:03 - 2016-03-01 12:03 - 00064843 _____ C:\Users\Mister Pinchy\Downloads\160301 Invoice (ANJI) (1).pdf
2016-03-01 12:01 - 2016-03-01 12:01 - 00064843 _____ C:\Users\Mister Pinchy\Downloads\160301 Invoice (ANJI).pdf
2016-02-29 10:56 - 2016-02-29 10:56 - 00115077 _____ C:\Users\Mister Pinchy\Downloads\Vanguard consolidaded 1099.pdf
2016-02-29 08:23 - 2016-02-29 08:23 - 01675941 _____ C:\Users\Mister Pinchy\Downloads\tn1500229.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-29 10:26 - 2013-06-05 08:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-29 10:26 - 2013-06-05 07:48 - 00000330 _____ C:\Windows\Tasks\RtlDashSrvStart.job
2016-03-29 10:26 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-29 10:25 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-29 10:25 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-29 10:22 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-29 10:22 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-03-29 10:20 - 2014-12-08 12:06 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-688495982-1245018146-1649801677-1001UA.job
2016-03-29 10:13 - 2013-06-05 08:02 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-29 09:41 - 2015-01-14 13:01 - 00000610 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-688495982-1245018146-1649801677-1001.job
2016-03-29 09:33 - 2013-06-05 08:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-29 09:23 - 2014-04-23 10:59 - 00000000 ____D C:\Users\Mister Pinchy\Documents\BMAL
2016-03-29 09:10 - 2013-11-29 16:36 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-03-29 09:10 - 2013-11-29 16:10 - 00000000 ____D C:\Users\Mister Pinchy\AppData\Local\Adobe
2016-03-29 08:42 - 2015-05-31 14:30 - 00000706 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-688495982-1245018146-1649801677-1001.job
2016-03-29 08:28 - 2013-11-29 16:10 - 00000000 ____D C:\Users\Mister Pinchy\AppData\Roaming\Nitro PDF
2016-03-28 19:54 - 2015-10-21 18:56 - 00025227 _____ C:\Users\Mister Pinchy\Desktop\150327 Task list.xlsm
2016-03-28 14:44 - 2015-11-23 16:59 - 00000000 ____D C:\ProgramData\Origin
2016-03-28 14:44 - 2015-11-23 16:59 - 00000000 ____D C:\Program Files (x86)\Origin
2016-03-28 14:43 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-28 14:24 - 2013-11-29 16:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-03-28 14:24 - 2013-11-29 16:06 - 00000000 ____D C:\Users\Mister Pinchy\AppData\Roaming\Adobe
2016-03-28 08:46 - 2014-03-04 15:02 - 00000000 ____D C:\ProgramData\Logishrd
2016-03-28 07:56 - 2014-12-08 12:06 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-688495982-1245018146-1649801677-1001Core.job
2016-03-27 08:02 - 2014-07-27 12:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-25 14:59 - 2014-11-03 13:29 - 00000000 ____D C:\Users\Mister Pinchy\Documents\ScanSnap
2016-03-23 20:51 - 2013-11-29 16:54 - 00000000 ____D C:\Program Files\Adobe
2016-03-23 20:34 - 2013-11-29 15:55 - 00000000 ____D C:\Users\Mister Pinchy
2016-03-23 14:22 - 2015-05-31 14:30 - 00003756 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-688495982-1245018146-1649801677-1001
2016-03-23 14:22 - 2015-01-14 13:01 - 00003660 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-688495982-1245018146-1649801677-1001
2016-03-23 09:34 - 2014-02-13 15:53 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-23 09:34 - 2013-06-05 08:03 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-23 09:33 - 2014-02-13 15:49 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-23 09:12 - 2015-06-24 08:59 - 00000000 __RHD C:\Users\Mister Pinchy\brian@bmaustinlaw.com Creative Cloud Files
2016-03-10 20:34 - 2014-12-16 21:48 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-10 20:34 - 2014-12-16 21:48 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-10 16:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-03-10 08:50 - 2009-07-13 23:45 - 05288920 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-09 18:39 - 2014-01-14 10:06 - 00000000 ____D C:\Windows\system32\MRT
2016-03-09 18:29 - 2014-01-14 10:06 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-09 16:37 - 2015-06-24 09:23 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-03-07 17:00 - 2016-02-08 10:36 - 00187413 _____ C:\Users\Mister Pinchy\Downloads\160127 _Plan - FINAL.pdf
2016-03-07 17:00 - 2016-02-08 10:35 - 00112446 _____ C:\Users\Mister Pinchy\Downloads\160127 _Option Agreement - FINAL.pdf
2016-03-07 16:59 - 2016-02-08 10:35 - 00056714 _____ C:\Users\Mister Pinchy\Downloads\160127 _Exercise - FINAL.pdf
2016-03-03 11:50 - 2014-01-17 16:45 - 00000000 ____D C:\Users\Mister Pinchy\Desktop\Tracy
2016-03-02 17:58 - 2015-04-24 16:03 - 00213674 _____ C:\Users\Mister Pinchy\Downloads\tempfile.pdf
2016-03-02 10:33 - 2016-01-28 13:23 - 00083698 _____ C:\Users\Mister Pinchy\Downloads\160302 Rio Bites Form 133_17.pdf
2016-03-02 10:33 - 2015-11-11 11:56 - 00000000 ____D C:\Users\Mister Pinchy\Desktop\New folder (2)
 
==================== Files in the root of some directories =======
 
2015-09-25 13:09 - 2015-09-25 13:09 - 16790552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-12-30 10:34 - 2013-12-30 10:34 - 0000132 _____ () C:\Users\Mister Pinchy\AppData\Roaming\Adobe GIF Format CC Prefs
2013-12-16 13:24 - 2014-02-28 16:19 - 0000132 _____ () C:\Users\Mister Pinchy\AppData\Roaming\Adobe PNG Format CC Prefs
2016-03-11 10:27 - 2016-03-11 10:27 - 0217232 _____ () C:\Users\Mister Pinchy\AppData\Local\ars.cache
2016-03-11 10:27 - 2016-03-11 10:27 - 1167488 _____ () C:\Users\Mister Pinchy\AppData\Local\census.cache
2015-04-04 19:47 - 2015-04-04 19:47 - 0003584 _____ () C:\Users\Mister Pinchy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-11 10:02 - 2016-03-11 10:02 - 0000036 _____ () C:\Users\Mister Pinchy\AppData\Local\housecall.guid.cache
2015-06-26 13:39 - 2015-06-26 13:39 - 0000218 _____ () C:\Users\Mister Pinchy\AppData\Local\recently-used.xbel
2016-03-11 10:13 - 2016-03-11 10:13 - 0000010 _____ () C:\Users\Mister Pinchy\AppData\Local\sponge.last.runtime.cache
2014-03-04 15:32 - 2014-03-04 15:32 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
 
Some files in TEMP:
====================
C:\Users\Mister Pinchy\AppData\Local\Temp\_is2C7C.exe
C:\Users\Mister Pinchy\AppData\Local\Temp\_isF1A4.exe
C:\Users\Mister Pinchy\AppData\Local\Temp\_isF884.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-23 11:32
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Mister Pinchy (2016-03-29 10:30:44)
Running from C:\Users\Mister Pinchy\Downloads
Windows 7 Professional Service Pack 1 (X64) (2013-11-29 20:55:40)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-688495982-1245018146-1649801677-500 - Administrator - Disabled)
Guest (S-1-5-21-688495982-1245018146-1649801677-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-688495982-1245018146-1649801677-1003 - Limited - Enabled)
Mister Pinchy (S-1-5-21-688495982-1245018146-1649801677-1001 - Administrator - Enabled) => C:\Users\Mister Pinchy
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader for ScanSnap ™ 4.1 (HKLM-x32\...\{FB410000-0003-0000-0000-074957833700}) (Version: 8.03.40.72525 - ABBYY)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.5.1.209 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.2 - Adobe Systems, Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7A26FDFA-2438-8A55-0CED-6D79E4EA6B32}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
bjnplugin (HKLM-x32\...\{2EC11918-1609-41C4-B612-8953CEB69D4C}) (Version: 2.90.399.5 - Blue Jeans)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Box Sync (x32 Version: 4.0.4052.0 - Box Inc.) Hidden
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dia (remove only) (HKLM-x32\...\Dia) (Version:  - )
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Fuze (HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\{88a4b5a2-26dd-4785-9d4c-25d7b6ef2cda}) (Version: 15.4.24583.0 - FuzeBox)
Fuze (per-user) (Version: 15.04.24583.0 - FuzeBox) Hidden
Fuze Outlook Add-In (per-user) (Version: 15.04.24583.0 - FuzeBox) Hidden
GitHub (HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\5f7eb300e2ea4ebf) (Version: 3.0.4.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.14.1.4670 (HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\GoToMeeting) (Version: 7.14.1.4670 - CitrixOnline)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LBAI (HKLM-x32\...\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}) (Version: 1.0.0.6 - Lenovo)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Office 365 Small Business Premium - en-us (HKLM\...\O365SmallBusPremRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Nitro Pro 7 (HKLM\...\{8E0790DA-185E-4DC1-8A88-750B2A6218FD}) (Version: 7.4.1.4 - Nitro PDF Software)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
QT Lite 4.1.0 (HKLM-x32\...\quicktime_lite_is1) (Version: 4.1.0 - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.59.516.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
ScanSnap (x32 Version: 5.1.70.1 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L70 - PFU)
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L70 - PFU)
ScanSnap Organizer (x32 Version: 4.1.70.1 - PFU LIMITED) Hidden
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
SketchUp 2015 (HKLM\...\{C630FC42-E196-4B6D-B12B-4CB8D5F399D7}) (Version: 15.1.106 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.30.0 - Lenovo)
ThinkVantage Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 2.10.0007 - Lenovo Group Limited)
View Management Utility (HKLM-x32\...\InstallShield_{C6254514-DD94-45E5-87C0-B9CB90A34C89}) (Version: 3.0.12.0507 - Lenovo)
View Management Utility (Version: 3.0.12.0507 - Lenovo) Hidden
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA  (02/23/2012 7.12.0.7706) (HKLM\...\4F4B6D75957FB3F05012136A8B9F09554300D350) (Version: 02/23/2012 7.12.0.7706 - Advanced Micro Devices)
Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display  (05/17/2012 8.947.2.0000) (HKLM\...\BA8FC787B0FE0ACFC911A5BAB4357BB249BFFB13) (Version: 05/17/2012 8.947.2.0000 - Advanced Micro Devices, Inc.)
Windows Driver Package - Realtek (RTL8167) Net  (05/16/2012 7.059.0516.2012) (HKLM\...\4BCB0E3E8838211C3B42B886E8B41F49DDE1A3F2) (Version: 05/16/2012 7.059.0516.2012 - Realtek)
Windows Driver Package - Realtek Multifunction  (07/20/2009 1.0.0217.2009) (HKLM\...\8F81B9F75450D43F572A25DC9779ED5E57C91655) (Version: 07/20/2009 1.0.0217.2009 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/27/2012 6.0.1.6602) (HKLM\...\88CB7AA478955801F99FBF6D2BCF739BEB87A7F3) (Version: 03/27/2012 6.0.1.6602 - Realtek Semiconductor Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mister Pinchy\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{4787082E-1BB0-4790-8346-4BA408818450}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\FuzeBox\Fuze\x64\npfuzex64.dll (FuzeBox)
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Citrix\GoToMeeting\3019\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{CFF3F401-4DA6-48BE-9F16-6066CFA9374C}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\FuzeBox\Fuze\x64\npfuzex64.dll (FuzeBox)
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0127B2B8-2951-41AC-A9FC-FCF551EFAB23} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {06BF57A7-3C1C-4FCC-B5A0-4C09A568F059} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PWMIDTSV.EXE [2012-02-22] (Lenovo Group Limited)
Task: {096FF6F7-6341-4DD9-A6F1-C6D54D653303} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-688495982-1245018146-1649801677-1001UA => C:\Users\Mister Pinchy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2011A8E7-D44B-4702-88CE-874F830958C9} - System32\Tasks\G2MUpdateTask-S-1-5-21-688495982-1245018146-1649801677-1001 => C:\Users\Mister Pinchy\AppData\Local\Citrix\GoToMeeting\4670\g2mupdate.exe [2016-03-23] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {23D6EBC4-E47F-4338-B9D0-552C98A87C1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {2EF2EB04-1442-441E-9667-1064B35C2564} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] ()
Task: {3247BD21-51F0-4E05-9D13-CA9435B109B0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-23] (Microsoft Corporation)
Task: {354DF729-411F-48CC-A420-95060648776D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {427A7D21-456F-4E37-A7FE-DA0100B42ACE} - System32\Tasks\RtlDashSrvStart => C:\Program Files (x86)\Realtek\RtkWin7DashClientInstaller\RtkDashClient.exe [2012-05-28] (Realtek Semiconductor Corporation)
Task: {58CEF45E-7017-4C4C-9AD3-B89707762875} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {7C71127D-82A7-443F-8D84-619EC5858D7B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-688495982-1245018146-1649801677-1001Core => C:\Users\Mister Pinchy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7EBC82DF-C6B4-4FA1-9868-D0AC3317D62F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {86AD242C-F14F-4A8F-9FDD-4CAFACC088BB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {8C9B6D48-8E9D-4BCF-8B7C-56CA8A75B094} - System32\Tasks\{D190C18E-4545-41AB-B535-8C64A78961A3} => pcalua.exe -a C:\Windows\IsUninst.exe -d C:\Windows -c -fUnLawD32.isu -c"C:\Program Files (x86)\West Group\LawDsk32\unInstll.dll"
Task: {97B4AD75-E347-4626-BBEA-AAFBE557B3FB} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {9DF9DBC4-0120-40E1-9E62-C4152949875E} - System32\Tasks\G2MUploadTask-S-1-5-21-688495982-1245018146-1649801677-1001 => C:\Users\Mister Pinchy\AppData\Local\Citrix\GoToMeeting\4670\g2mupload.exe [2016-03-23] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {B48877A1-0EC8-4367-B67E-A0457F8C3FFD} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {C1FD69B6-E075-4585-AAC7-4A160654EC2B} - System32\Tasks\{D7EE03A3-3B2F-4D96-BA1A-E69EBAE73CBD} => pcalua.exe -a E:\AutoCAD2006\AutoCAD2006\Setup.exe -d E:\AutoCAD2006\AutoCAD2006
Task: {D181647E-81B0-4A64-B8A4-39E7A7D3FCC1} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {DAB45550-1621-49E7-88C5-81BF0BCB8395} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {EC6698E5-0F75-4953-9274-3DA3A3A89B98} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {EDAAA683-A701-45CA-96AD-BA17ADA80CEA} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {F07FAE2E-50B6-4678-A913-3DC59D8E022D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-12-10] (Lenovo)
Task: {F7B81568-4322-41AD-A930-82C92BCD8BB4} - System32\Tasks\{3A79FFFD-9248-48CF-A9CC-7BBBB06F3B8B} => pcalua.exe -a E:\LAWDSK32\SETUP32.EXE -d E:\LAWDSK32
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-688495982-1245018146-1649801677-1001.job => C:\Users\Mister Pinchy\AppData\Local\Citrix\GoToMeeting\4670\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-688495982-1245018146-1649801677-1001.job => C:\Users\Mister Pinchy\AppData\Local\Citrix\GoToMeeting\4670\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-688495982-1245018146-1649801677-1001Core.job => C:\Users\Mister Pinchy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-688495982-1245018146-1649801677-1001UA.job => C:\Users\Mister Pinchy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlDashSrvStart.job => C:\Program Files (x86)\Realtek\RtkWin7DashClientInstaller\RtkDashClient.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-01-22 14:55 - 2016-01-22 14:55 - 00553136 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-03-22 08:02 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-05-24 01:04 - 2012-05-24 01:04 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-13 09:22 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-06-05 07:47 - 2012-02-12 13:10 - 00029184 ____N () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL
2016-01-22 14:54 - 2016-01-22 14:54 - 31420080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-10-28 13:22 - 2014-10-28 13:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2013-06-05 08:04 - 2012-07-12 07:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2013-06-05 08:04 - 2012-07-12 07:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2013-06-05 08:04 - 2012-07-12 07:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-06-05 08:04 - 2012-07-12 07:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2013-06-05 08:04 - 2012-07-12 07:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-06-05 08:04 - 2012-07-12 07:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-06-05 08:04 - 2012-07-12 07:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-06-05 08:04 - 2012-07-12 07:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-06-05 08:04 - 2012-07-12 07:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-06-05 08:04 - 2012-07-12 07:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-06-05 08:04 - 2012-07-12 07:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-06-05 08:04 - 2012-07-12 07:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2014-11-02 15:26 - 2012-01-18 17:35 - 00385024 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2014-11-02 15:26 - 2011-12-14 22:49 - 00233472 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2014-11-02 15:26 - 2003-03-26 19:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2014-11-02 15:26 - 2010-08-24 17:56 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2016-01-21 01:22 - 2016-01-21 01:22 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-01-21 01:22 - 2016-01-21 01:22 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-01-21 01:23 - 2016-01-21 01:23 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-01-21 01:23 - 2016-01-21 01:23 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-02-12 11:24 - 2016-02-12 11:24 - 00089280 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin7.dll
2016-01-21 01:22 - 2016-01-21 01:22 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-03-23 09:34 - 2016-03-07 21:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-23 09:34 - 2016-03-07 21:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\sharepoint.com -> hxxps://sensoryinteractiveinc.sharepoint.com
IE trusted site: HKU\S-1-5-21-688495982-1245018146-1649801677-1001\...\swcorp.org -> hxxps://membercapture.swcorp.org
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2016-03-10 21:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-688495982-1245018146-1649801677-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mister Pinchy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1C08FF09-F79A-42DC-B3F3-E93B3ECA5DFA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D410E843-9F4A-45A6-8A0F-17ED870A583D}] => (Allow) LPort=2869
FirewallRules: [{00414996-E729-4DB0-B08C-D6C6C0133B24}] => (Allow) LPort=1900
FirewallRules: [{E0400E80-6428-4490-9E2C-B6CC7F6EBB88}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{AAEA7403-09D4-4473-923E-520702E2C49C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{55BD4177-61CA-48F1-9357-CF677996D559}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{BCF13B86-596A-4B99-927B-1E1F73BABD5E}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{A9AA4171-3DD8-4D47-A3F3-BE11E1E41D1A}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{94B724A2-C5AE-4CCB-B5E4-E81A9CE8020C}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{91E7DB64-8D76-4F15-B182-F53C9C1AF321}C:\users\mister pinchy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mister pinchy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B780D8BC-75A0-4A95-9869-9CB311FF01EC}C:\users\mister pinchy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mister pinchy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{2750AD13-4696-41E1-BA9B-40478E258202}C:\users\mister pinchy\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\mister pinchy\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{1583B739-60CE-474E-8B34-F8C6A0E4922B}C:\users\mister pinchy\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\mister pinchy\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{FB1B5389-9A3E-45E9-B78E-0DCD1F561A1E}] => (Allow) C:\Users\Mister Pinchy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F56D7CA2-C31F-49E9-B9E1-B0B6BF9F6AB3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{C1C06F37-FFF5-4273-A882-9C8A666DABB7}] => (Allow) C:\Program Files (x86)\ATT-HSI\pcBrowser.exe
FirewallRules: [{E6F98F23-7761-48F2-9C51-2E06BEDC9F0C}] => (Allow) C:\Program Files (x86)\ATT-HSI\pcBrowser.exe
FirewallRules: [TCP Query User{965DD515-075B-439E-AB97-93CF3992474A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{02B846C4-2CF5-4918-B86B-2BF5285AB814}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7E1BCC17-088A-446E-9467-3E4FE5F1B853}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7E224235-EDEA-4D90-A489-2EFF4C8E89F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0DEFDCB3-77F3-4EED-9083-456B3A82751A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2B17CB5C-477F-46B6-AFF2-E9CD443E88CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AA1199DB-1AB0-444C-B65B-4A2256C7961D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{62AC1485-1EEF-4028-B8CF-10FE6448E4F7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08669B99-41A1-421D-9071-5AEF9C291B12}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{80DF0AFB-3C17-4C48-86F7-258A365F1A9A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{454EC355-28AC-4D9D-8FEA-0F026D7351EB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9DB8330F-6E30-414C-AAAC-65C177771A2D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D7AC7236-EBD4-4606-81DB-08452C901617}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{E3CD09A2-A9D7-4C2A-A163-A8D9D6451868}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D476BF0F-D5EF-46C3-881A-F13A58E3840E}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{55080484-861E-482D-8A8D-F5D1331E3B8F}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{E8055D7F-82AB-4DDE-8861-6F2662C3AEFA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{745B7F1A-7A38-4B3F-9C37-41113E782B62}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E9E3F613-9D3E-47E0-9145-207BEB71ED4D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
09-03-2016 18:29:22 Windows Update
23-03-2016 09:16:53 Windows Update
23-03-2016 20:52:16 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
23-03-2016 20:52:30 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
29-03-2016 07:58:49 Windows Update
29-03-2016 10:11:31 Removed Evernote v. 4.2.3
29-03-2016 10:12:44 Removed Google Earth
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/29/2016 10:27:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/29/2016 10:16:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/29/2016 10:07:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/29/2016 07:53:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2016 02:47:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2016 02:10:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2016 08:58:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x1748
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3
 
Error: (03/28/2016 08:53:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2016 07:51:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (03/28/2016 07:50:49 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (03/29/2016 10:27:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/29/2016 10:25:50 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (03/29/2016 10:17:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/29/2016 10:15:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Office ClickToRun Service service failed to start due to the following error: 
%%1053
 
Error: (03/29/2016 10:15:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Office ClickToRun Service service to connect.
 
Error: (03/29/2016 10:07:05 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (03/29/2016 10:06:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/29/2016 07:53:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/28/2016 09:00:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Power Manager DBC Service service.
 
Error: (03/28/2016 07:37:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Power Manager DBC Service service.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-5300 APU with Radeon™ HD Graphics 
Percentage of memory in use: 24%
Total physical RAM: 9981.82 MB
Available physical RAM: 7504.48 MB
Total Virtual: 19961.84 MB
Available Virtual: 16933.81 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:217.75 GB) (Free:129.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Elements) (Fixed) (Total:931.48 GB) (Free:792.05 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:3.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 31F9473D)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=217.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 3C3BE96C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by hamluis, 29 March 2016 - 11:08 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 AM

Posted 30 March 2016 - 08:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Windows Firewall is disabled
Turn System Restore ON - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7
==


No malware was found on you log.
This is just a fix to remove items that are not required or empty.


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
CHR Plugin: (Norton Confidential) - C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Mister Pinchy\AppData\Local\Temp\_is2C7C.exe
C:\Users\Mister Pinchy\AppData\Local\Temp\_isF1A4.exe
C:\Users\Mister Pinchy\AppData\Local\Temp\_isF884.exe
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)

===

There could be some remnant items.

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

This may take awhile, run it when you know you will not need the computer for an hour or two.
<<<>>>

If the problem persists it might just be that something is stock under the Shift key.

==

p.s.
For your added security I suggest your install the Microsoft Security Essentials.
It's more up to date than the Windows Defender (which is Disable).
When the MSE is installed it will automatically disable Windows Defender, it's normal.
http://windows.microsoft.com/en-ca/windows/security-essentials-all-versions

#3 brianlmik

brianlmik
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 30 March 2016 - 12:38 PM

Many thanks; the fixlog.txt file is attached and below.

 

I decided to remove Java.

 

The ESET found nothing, and so didn't seem to create a log file (or provide the option to)..

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Mister Pinchy (2016-03-30 09:40:28) Run:1
Running from C:\Users\Mister Pinchy\Downloads
Loaded Profiles: Mister Pinchy (Available Profiles: Mister Pinchy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
CHR Plugin: (Norton Confidential) - C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Mister Pinchy\AppData\Local\Temp\_is2C7C.exe
C:\Users\Mister Pinchy\AppData\Local\Temp\_isF1A4.exe
C:\Users\Mister Pinchy\AppData\Local\Temp\_isF884.exe
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Mister Pinchy\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\gcswf32.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\pdf.dll => not found.
C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll => not found.
C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => key removed successfully
MREMP50a64 => service removed successfully
MREMPR5 => service removed successfully
MRENDIS5 => service removed successfully
MRESP50a64 => service removed successfully
"C:\Users\Mister Pinchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
C:\Users\Mister Pinchy\AppData\Local\Temp\_is2C7C.exe => moved successfully
C:\Users\Mister Pinchy\AppData\Local\Temp\_isF1A4.exe => moved successfully
C:\Users\Mister Pinchy\AppData\Local\Temp\_isF884.exe => moved successfully
"HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-688495982-1245018146-1649801677-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
EmptyTemp: => 1.2 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 09:46:50 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 AM

Posted 30 March 2016 - 12:54 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 AM

Posted 04 April 2016 - 07:56 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users