Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Update Win7, MSOffice Corrupts, Does not Recognize License


  • This topic is locked This topic is locked
6 replies to this topic

#1 UKHInside

UKHInside

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 16 March 2016 - 05:29 PM

Hi, and thank you for taking the time out of your day to help me with this problem. This problem has made me want to volunteer my own time to help others here (after the appropriate training) because of how much money it has cost me (in terms of time spent away from work) and because of the difficulty in tracing these issues when they become embedded. No one deserves to go through this, and I can imagine someone with a little less experience having even more of a nightmare (and I have no problem admitting how basic my knowledge really is.)
 
Brief history, timeline is iffy, apologies:
 
Desktop PC running Windows 7 Installation (64 bit) from previous owner. Has SSD w/ main install (and games), and another SATA HDD, partitioned w/ another Windows 7 Installation which I thought I had neutered, but perhaps not well enough, and a simple Media partition for anything I'd like to store (gameplay videos, code repos, schoolwork, etc.) My main account has administrator access which I realize is a no-no, so I do intend to fix that once I'm sure I can do so safely.
 
Have had some random occurrences w/ PUPs and AdWare after a long history of no issues. Anticipated that it had something to do with an exploit and began updating anything I could imagine might be expressing a vulnerability.
 
Current Symptoms:
 
Windows does not acknowledge MWB as an AV software. I do have Windows Firewall enabled, and have for the duration of these issues, and for a period preceding it.
 
Windows will no longer update (simply fails and reboots).
 
Microsoft Office refuses to acknowledge my license (through school) the first time it launches. Actually, it goes as follows (paraphrasing errors, don't want to open it as I believe it's compromised):
Open -> Found a problem that we need to fix, Fix Now? Click Yes. Closes Office.
Open again -> Unlicensed warning @ top. Close office myself.
Open again -> Finally recognized as genuine.
 
I've been finding strange permissions all over my computer from deleted users, and shared folders which should not be shared. I'm an intermediate user, so in reviewing previous logs I did find some concerning entries. I don't trust myself to make a fixlist or anything, but I know there is something fishy going on here.
 
Procmon won't start - crashes upon load every time.
 
MWB Pro Active Protection will not start. I can't tell if the import address tables associated w/ MWB are normal or not, so I'm including a GMER log as well.
 
Seems like a ton of my digital signatures are outdated, too (as checked during prompt to run program.) Should they not all be renewed?
 
What I've Tried:

 
Process Monitor won't start - crashes upon load every time.

 
MWB Pro finds nothing. ComboFix found something in the MBR and rebooted to fix.
 
Sorry if I should not have been using these tools -- I didn't create a fixlist or anything. Just ran them for scans while the others were closed, and let ComboFix do its own thing as I had been advised by a friend (who is no longer available.)
 
Attached are FRST, Addition, and GMER logs. I know I'm forgetting something here, but it isn't coming to me, so I'll include it when I remember.
 
Thanks for the help.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Feels (administrator) on FEELS-PC (16-03-2016 14:14:26)
Running from C:\Users\Feels\Desktop
Loaded Profiles: Feels (Available Profiles: Feels)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) F:\Program Files\iTunes\iTunesHelper.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe
() C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.6890\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4835\Agent.exe
() C:\Program Files (x86)\Hearthstone\Hearthstone.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => F:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKU\S-1-5-21-4206490599-248476441-2872671179-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3586848 2016-02-17] (Nota Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-25] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{50E467D1-FD92-4721-81D0-AE2FBCC9D8A3}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4206490599-248476441-2872671179-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4206490599-248476441-2872671179-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-25] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-02-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2016-02-25] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-05] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-01-18] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Feels\AppData\Roaming\Mozilla\Firefox\Profiles\z2wm0n62.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll [2014-09-01] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-18] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll [2014-09-01] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> F:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> F:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> F:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> F:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> F:\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-01-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4206490599-248476441-2872671179-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Feels\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4206490599-248476441-2872671179-1000: @talk.google.com/O1DPlugin -> C:\Users\Feels\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4206490599-248476441-2872671179-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-4206490599-248476441-2872671179-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Feels\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Feels\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Feels\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Feels\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Feels\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Session Manager) - C:\Users\Feels\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2014-02-22]
CHR Extension: (Turn Off the Lights) - C:\Users\Feels\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2016-03-16]
CHR Extension: (YouTube) - C:\Users\Feels\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\Feels\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09]
CHR Extension: (Google Search) - C:\Users\Feels\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Netflix) - C:\Users\Feels\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-03-25]
CHR Extension: (Session Buddy) - C:\Users\Feels\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-09-08]
CHR Extension: (Google Docs Offline) - C:\Users\Feels\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (XPath Helper) - C:\Users\Feels\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgimnogjllphhhkhlmebbmlgjoejdpjl [2015-12-27]
CHR Extension: (Google Hangouts) - C:\Users\Feels\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Feels\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Gmail) - C:\Users\Feels\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-08-28] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2016-03-09] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-16] (Malwarebytes)
U3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [48344 2015-12-10] (USBPcap)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
S3 athur; system32\DRIVERS\athurx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 kgloypod; \??\C:\Users\Feels\AppData\Local\Temp\kgloypod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-16 14:14 - 2016-03-16 14:14 - 00018549 _____ C:\Users\Feels\Desktop\FRST.txt
2016-03-16 14:14 - 2016-03-16 14:14 - 00000000 ____D C:\Users\Feels\AppData\Roaming\.mono
2016-03-16 14:14 - 2016-03-16 14:14 - 00000000 ____D C:\ProgramData\.mono
2016-03-16 11:27 - 2016-03-16 11:27 - 00036205 _____ C:\Users\Feels\Desktop\Addition_old2.txt
2016-03-16 11:21 - 2016-03-16 11:27 - 00052736 _____ C:\Users\Feels\Desktop\FRST_old2.txt
2016-03-16 11:21 - 2016-03-16 11:21 - 00052381 _____ C:\Users\Feels\Desktop\FRST_old.txt
2016-03-16 11:21 - 2016-03-16 11:21 - 00036436 _____ C:\Users\Feels\Desktop\Addition_old.txt
2016-03-14 01:08 - 2016-03-14 01:08 - 00019522 _____ C:\ComboFix.txt
2016-03-13 21:46 - 2016-03-13 21:46 - 00055976 _____ C:\Users\Feels\Downloads\Shortcut.txt
2016-03-13 03:09 - 2016-03-13 18:46 - 00000516 _____ C:\Users\Feels\Desktop\gtf.txt
2016-03-12 18:33 - 2016-03-12 18:33 - 01356469 _____ C:\Users\Feels\Documents\Untitled (245).wma
2016-03-12 14:32 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-12 14:32 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-12 14:32 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-12 14:32 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-12 14:32 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-12 14:32 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-12 14:32 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-12 14:32 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-12 14:31 - 2016-03-14 01:08 - 00000000 ____D C:\Qoobox
2016-03-12 14:31 - 2016-03-12 15:02 - 00000000 ____D C:\Windows\erdnt
2016-03-12 14:31 - 2016-03-12 14:31 - 05658088 ____R (Swearware) C:\Users\Feels\Downloads\ComboFix.exe
2016-03-12 13:59 - 2015-11-03 12:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-03-12 13:59 - 2015-11-03 11:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-03-12 13:51 - 2016-03-12 13:51 - 02374144 _____ (Farbar) C:\Users\Feels\Desktop\FRST64.exe
2016-03-12 11:45 - 2016-03-12 14:39 - 00100971 _____ C:\Users\Feels\Desktop\CheckResults.txt
2016-03-12 11:45 - 2016-03-12 11:45 - 01706112 _____ (Malwarebytes) C:\Users\Feels\Downloads\mbam-check-2.3.2.0.exe
2016-03-12 00:00 - 2016-03-12 00:00 - 01122989 _____ C:\Users\Feels\Documents\Untitled (244).wma
2016-03-11 22:35 - 2016-03-11 22:35 - 01383409 _____ C:\Users\Feels\Documents\Untitled (243).wma
2016-03-11 20:34 - 2016-03-11 20:34 - 287604093 _____ C:\Users\Feels\capture8.pcapng.gz
2016-03-11 20:08 - 2016-03-11 20:08 - 01270466 _____ C:\Users\Feels\Downloads\ProcessExplorer.zip
2016-03-11 16:21 - 2016-03-11 16:21 - 00001786 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-03-11 16:21 - 2016-03-11 16:21 - 00001774 _____ C:\Users\Public\Desktop\Wireshark.lnk
2016-03-11 16:21 - 2016-03-11 16:21 - 00001619 _____ C:\Users\Public\Desktop\Wireshark Legacy.lnk
2016-03-10 21:55 - 2016-03-10 21:55 - 00000000 _____ C:\kgloypod.sys
2016-03-10 21:54 - 2016-03-10 21:54 - 00000000 _____ C:\Users\Feels\Downloads\rkill64-1887.exe
2016-03-10 21:54 - 2016-03-10 21:54 - 00000000 _____ C:\Users\Feels\Downloads\rkill64.exe
2016-03-10 21:54 - 2016-03-10 21:54 - 00000000 _____ C:\Users\Feels\Downloads\iexplorer64.exe
2016-03-10 01:04 - 2016-03-13 21:36 - 00002548 _____ C:\Users\Feels\Desktop\Rkill.txt
2016-03-10 01:04 - 2016-03-10 01:04 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Feels\Downloads\iexplorer.exe
2016-03-10 00:38 - 2016-03-10 12:48 - 00000447 _____ C:\Users\Feels\Desktop\bens_rules_draft_1.txt
2016-03-09 13:45 - 2016-03-09 14:15 - 00065404 _____ C:\Windows\ntbtlog.txt
2016-03-09 10:52 - 2016-03-09 10:52 - 07896694 _____ C:\Users\Feels\capture7.pcapng.gz
2016-03-09 01:35 - 2016-03-09 01:36 - 471359843 _____ C:\Users\Feels\capture6.pcapng.gz
2016-03-09 00:53 - 2016-03-09 00:53 - 00380416 _____ C:\Users\Feels\Desktop\k2ryhwxw.exe
2016-03-09 00:37 - 2016-03-12 13:04 - 00000000 ____D C:\Users\Feels\Desktop\mbar
2016-03-09 00:37 - 2016-03-09 00:37 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Feels\Downloads\mbar-1.09.3.1001.exe
2016-03-08 13:28 - 2016-03-08 13:29 - 492482904 _____ C:\Users\Feels\capture5.pcapng
2016-03-08 12:44 - 2016-03-08 12:44 - 01894702 _____ C:\Users\Feels\Downloads\2014 Annual Report and 10-K.pdf
2016-03-08 03:09 - 2016-03-08 03:09 - 417128681 _____ C:\Users\Feels\capture4.pcapng.gz
2016-03-08 01:54 - 2016-03-08 01:54 - 00000386 _____ C:\Users\Feels\Desktop\bars6.txt
2016-03-08 01:54 - 2016-03-08 01:54 - 00000348 _____ C:\Users\Feels\Desktop\bars7.txt
2016-03-08 01:53 - 2016-03-12 09:51 - 00003364 _____ C:\Users\Feels\Desktop\cheese_war_3.txt
2016-03-08 01:53 - 2016-03-08 01:53 - 00000618 _____ C:\Users\Feels\Desktop\cheese_anotherone.txt
2016-03-08 01:53 - 2016-03-08 01:53 - 00000196 _____ C:\Users\Feels\Desktop\exercise2.txt
2016-03-08 00:44 - 2016-03-08 00:44 - 10180320 _____ C:\Users\Feels\cap5.pcapng
2016-03-07 20:51 - 2016-03-07 20:51 - 00289648 _____ C:\Users\Feels\cap4.pcapng
2016-03-07 11:24 - 2016-03-07 11:25 - 751589990 _____ C:\Users\Feels\capture3.pcapng.gz
2016-03-06 20:52 - 2016-03-07 11:58 - 00003470 _____ C:\Users\Feels\Desktop\cheese_war_2.txt
2016-03-06 19:21 - 2016-03-06 19:51 - 00002399 _____ C:\Users\Feels\Desktop\cheese_war_1.txt
2016-03-06 12:42 - 2016-03-06 12:42 - 03865123 _____ C:\Users\Feels\Downloads\cat_plunges_over_fence.webm
2016-03-06 10:15 - 2016-03-06 10:16 - 852230564 _____ C:\Users\Feels\capture2.pcapng.gz
2016-03-05 20:15 - 2016-03-05 20:15 - 00467449 _____ C:\Users\Feels\Documents\Untitled (242).wma
2016-03-04 14:03 - 2016-03-08 00:45 - 00000000 ____D C:\Users\Feels\AppData\Roaming\Wireshark
2016-03-04 14:03 - 2016-03-04 14:03 - 172744131 _____ C:\Users\Feels\capture1.pcapng.gz
2016-03-03 18:33 - 2016-03-03 18:33 - 00000000 ____D C:\Checkout
2016-03-02 11:04 - 2016-03-02 11:04 - 00000222 _____ C:\Users\Feels\Desktop\Tabletop Simulator.url
2016-03-01 10:42 - 2016-03-01 10:42 - 814172844 _____ C:\Windows\MEMORY.DMP
2016-03-01 00:18 - 2016-03-02 18:16 - 00000000 ____D C:\versa_code_1
2016-02-29 19:05 - 2016-02-29 19:08 - 00000056 _____ C:\Users\Feels\Desktop\test.php
2016-02-28 15:45 - 2016-02-28 15:45 - 00000946 _____ C:\Users\Public\Desktop\JetBrains PhpStorm 10.0.3.lnk
2016-02-28 15:44 - 2016-02-28 15:44 - 00002277 _____ C:\Users\Feels\Downloads\BU5WF8GQR7.txt
2016-02-28 02:26 - 2016-02-28 02:26 - 00000000 ____D C:\Program Files\USBPcap
2016-02-28 02:25 - 2016-03-11 16:21 - 00000000 ____D C:\Program Files\Wireshark
2016-02-27 23:53 - 2016-02-27 23:53 - 00000219 _____ C:\Users\Feels\Desktop\Team Fortress 2.url
2016-02-27 00:22 - 2016-02-27 00:22 - 00997269 _____ C:\Users\Feels\Documents\Untitled (241).wma
2016-02-26 20:09 - 2016-02-26 20:09 - 00687459 _____ C:\Users\Feels\Documents\Untitled (240).wma
2016-02-26 01:24 - 2016-02-26 01:24 - 00002178 _____ C:\Users\Public\Desktop\Skin Tool.lnk
2016-02-26 01:24 - 2016-02-26 01:24 - 00002109 _____ C:\Users\Public\Desktop\EVGA PrecisionX 16.lnk
2016-02-26 01:24 - 2016-02-26 01:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVGA
2016-02-26 01:24 - 2015-05-27 15:51 - 00156160 _____ C:\Windows\system32\FW1FontWrapper_x64.dll
2016-02-26 01:00 - 2016-02-26 01:13 - 01065984 _____ C:\Users\Feels\AppData\Local\file__0.localstorage
2016-02-26 01:00 - 2016-02-26 01:04 - 00000000 ____D C:\Users\Feels\Heaven
2016-02-26 00:57 - 2016-02-26 00:57 - 00002117 _____ C:\Users\Public\Desktop\Heaven Benchmark 4.0.lnk
2016-02-26 00:57 - 2016-02-26 00:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
2016-02-26 00:57 - 2016-02-26 00:57 - 00000000 ____D C:\Program Files (x86)\Unigine
2016-02-25 23:32 - 2016-02-25 23:32 - 00000000 ____D C:\Users\Feels\AppData\Roaming\MAXON
2016-02-25 23:29 - 2016-02-26 01:20 - 00000000 ____D C:\Users\Feels\Desktop\CINEBENCH_R15
2016-02-25 23:25 - 2016-02-25 23:29 - 00000000 ____D C:\Users\Feels\Desktop\p95v287.win64
2016-02-25 23:20 - 2016-02-25 23:20 - 00000000 ____D C:\Users\Feels\Desktop\cpu-z_1.75-en
2016-02-25 22:00 - 2016-02-25 22:08 - 00000000 ____D C:\Users\Feels\Desktop\Mods
2016-02-25 16:23 - 2016-02-25 16:23 - 00001918 _____ C:\Users\Feels\Desktop\instructions1.txt
2016-02-25 16:23 - 2016-02-25 16:23 - 00000649 _____ C:\Users\Feels\Desktop\musculardystrophy.txt
2016-02-25 16:23 - 2016-02-25 16:23 - 00000472 _____ C:\Users\Feels\Desktop\bars5.txt
2016-02-25 16:23 - 2016-02-25 16:23 - 00000174 _____ C:\Users\Feels\Desktop\nofear.txt
2016-02-25 16:23 - 2016-02-25 16:23 - 00000145 _____ C:\Users\Feels\Desktop\understandthisquestionmark.txt
2016-02-24 16:38 - 2016-02-24 16:38 - 00004979 _____ C:\Users\Feels\Documents\Untitled (239).wma
2016-02-24 01:47 - 2016-02-24 01:47 - 00066111 _____ C:\Users\Feels\grimier3r2._2.flp
2016-02-24 01:26 - 2016-03-09 11:46 - 00000000 ____D C:\Users\Feels\Documents\Kindness
2016-02-22 20:37 - 2016-02-29 20:11 - 94408729 _____ C:\Users\Feels\Downloads\versa-tables-prod-22-feb.sql
2016-02-22 17:34 - 2016-02-22 17:34 - 00000000 ____D C:\Users\Feels\AppData\Roaming\Gyazo
2016-02-22 17:28 - 2016-02-23 17:28 - 00000000 ____D C:\Program Files (x86)\Gyazo
2016-02-22 17:28 - 2016-02-22 17:28 - 00003408 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2016-02-22 17:28 - 2016-02-22 17:28 - 00003282 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2016-02-22 17:28 - 2016-02-22 17:28 - 00000982 _____ C:\Users\Public\Desktop\Gyazo.lnk
2016-02-22 17:28 - 2016-02-22 17:28 - 00000982 _____ C:\Users\Public\Desktop\Gyazo GIF.lnk
2016-02-22 17:28 - 2016-02-22 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2016-02-21 00:45 - 2016-02-21 20:23 - 00000000 ____D C:\Users\Feels\WebstormProjects
2016-02-21 00:42 - 2016-02-21 00:43 - 00000000 ____D C:\Users\Feels\.WebStorm11
2016-02-21 00:40 - 2016-02-28 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2016-02-21 00:40 - 2016-02-28 15:45 - 00000000 ____D C:\Program Files (x86)\JetBrains
2016-02-20 21:32 - 2016-02-20 21:32 - 00000166 _____ C:\Users\Feels\Downloads\ioncube_loaders_win_vc11_x86.zip
2016-02-20 21:20 - 2016-03-01 12:45 - 00000000 ____D C:\Users\Feels\AppData\Local\ionCube
2016-02-20 14:41 - 2016-02-20 14:43 - 73245810 _____ C:\Users\Feels\Downloads\Magento-CE-2.0.2-2016-01-28-02-20-20.zip
2016-02-19 23:56 - 2016-02-19 23:56 - 00543779 _____ C:\Users\Feels\Documents\Untitled (238).wma
2016-02-19 23:40 - 2016-02-19 23:40 - 00682969 _____ C:\Users\Feels\Documents\Untitled (237).wma
2016-02-19 23:36 - 2016-02-19 23:36 - 00745829 _____ C:\Users\Feels\Documents\Untitled (236).wma
2016-02-19 22:45 - 2016-03-03 18:51 - 00000000 ____D C:\versatables
2016-02-19 21:05 - 2016-02-19 21:18 - 00000000 ____D C:\Users\Feels\.ssh
2016-02-19 21:04 - 2016-02-19 21:04 - 30770752 _____ (The Git Development Community ) C:\Users\Feels\Downloads\Git-2.7.1.2-64-bit.exe
2016-02-19 20:58 - 2016-03-04 14:48 - 00000600 _____ C:\Users\Feels\AppData\Local\PUTTY.RND
2016-02-19 20:44 - 2016-02-19 20:44 - 00000550 _____ C:\Users\Public\Desktop\MAMP.lnk
2016-02-19 20:44 - 2016-02-19 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAMP
2016-02-19 20:44 - 2014-07-30 14:13 - 02097152 _____ (The GLib developer community) C:\Windows\SysWOW64\CORE_RL_glib_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 01324544 _____ C:\Windows\SysWOW64\CORE_RL_magick_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 01129984 _____ (Red Hat Software) C:\Windows\SysWOW64\CORE_RL_pango_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00700928 _____ (ImageMagick Studio LLC) C:\Windows\SysWOW64\CORE_RL_wand_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00464896 _____ C:\Windows\SysWOW64\IM_MOD_RL_pattern_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00449024 _____ (David Turner, Robert Wilhelm, & Werner Lemberg) C:\Windows\SysWOW64\CORE_RL_ttf_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00430592 _____ C:\Windows\SysWOW64\CORE_RL_Magick++_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00427520 _____ (The GTK developer community) C:\Windows\SysWOW64\CORE_RL_librsvg_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00352256 _____ (Mike Welles, mike@onshore.com) C:\Windows\SysWOW64\CORE_RL_tiff_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00307200 _____ (D. R. Commander) C:\Windows\SysWOW64\CORE_RL_jpeg_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00295424 _____ C:\Windows\SysWOW64\CORE_RL_libxml_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00278016 _____ (Google Inc.) C:\Windows\SysWOW64\CORE_RL_webp_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00232960 _____ (Little CMS) C:\Windows\SysWOW64\CORE_RL_lcms_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00215040 _____ C:\Windows\SysWOW64\IM_MOD_RL_magick_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00180224 _____ (Michael David Adams) C:\Windows\SysWOW64\CORE_RL_jp2_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00157184 _____ (Communications and Remote Sensing Lab) C:\Windows\SysWOW64\CORE_RL_openjpeg_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00153088 _____ (Glenn Randers-Pehrson - glennrp@users.sf.net) C:\Windows\SysWOW64\CORE_RL_png_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00132096 _____ C:\Windows\SysWOW64\IM_MOD_RL_png_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00115712 _____ C:\Windows\SysWOW64\IM_MOD_RL_dcm_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00090112 _____ C:\Windows\SysWOW64\IM_MOD_RL_msl_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00068096 _____ (Jean-loup Gailly and Mark Adler) C:\Windows\SysWOW64\CORE_RL_zlib_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00055808 _____ C:\Windows\SysWOW64\IM_MOD_RL_svg_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00050688 _____ (Julian Seward, jseward@acm.org) C:\Windows\SysWOW64\CORE_RL_bzlib_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00049664 _____ (Carlo Baldassi) C:\Windows\SysWOW64\CORE_RL_lqr_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00043520 _____ C:\Windows\SysWOW64\IM_MOD_RL_tiff_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00042496 _____ C:\Windows\SysWOW64\IM_MOD_RL_pdf_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00041984 _____ C:\Windows\SysWOW64\IM_MOD_RL_jpeg_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00041984 _____ (Markus Kuhn, Friedrich-Alexander-University of Erlangen-Nuremberg) C:\Windows\SysWOW64\CORE_RL_jbig_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00038400 _____ C:\Windows\SysWOW64\IM_MOD_RL_ps_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00034816 _____ C:\Windows\SysWOW64\IM_MOD_RL_dds_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00033792 _____ C:\Windows\SysWOW64\IM_MOD_RL_json_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00032256 _____ C:\Windows\SysWOW64\IM_MOD_RL_psd_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00031744 _____ C:\Windows\SysWOW64\IM_MOD_RL_pnm_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00030720 _____ C:\Windows\SysWOW64\IM_MOD_RL_miff_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00027648 _____ C:\Windows\SysWOW64\IM_MOD_RL_pict_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00027648 _____ C:\Windows\SysWOW64\IM_MOD_RL_bmp_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00027136 _____ C:\Windows\SysWOW64\IM_MOD_RL_ps3_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00027136 _____ C:\Windows\SysWOW64\IM_MOD_RL_dpx_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00025600 _____ C:\Windows\SysWOW64\IM_MOD_RL_meta_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00023552 _____ C:\Windows\SysWOW64\IM_MOD_RL_ps2_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00022528 _____ C:\Windows\SysWOW64\IM_MOD_RL_gif_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00022016 _____ C:\Windows\SysWOW64\IM_MOD_RL_mpc_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00022016 _____ C:\Windows\SysWOW64\IM_MOD_RL_cmyk_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00021504 _____ C:\Windows\SysWOW64\IM_MOD_RL_wpg_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00020992 _____ C:\Windows\SysWOW64\IM_MOD_RL_mat_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00020992 _____ C:\Windows\SysWOW64\IM_MOD_RL_icon_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00020480 _____ C:\Windows\SysWOW64\IM_MOD_RL_rgb_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00019968 _____ C:\Windows\SysWOW64\IM_MOD_RL_ycbcr_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00019456 _____ C:\Windows\SysWOW64\IM_MOD_RL_viff_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00019456 _____ C:\Windows\SysWOW64\IM_MOD_RL_cin_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00019456 _____ C:\Windows\SysWOW64\IM_MOD_RL_bgr_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00018432 _____ C:\Windows\SysWOW64\IM_MOD_RL_jp2_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00017920 _____ C:\Windows\SysWOW64\IM_MOD_RL_pcx_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00017920 _____ C:\Windows\SysWOW64\IM_MOD_RL_pcd_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00017408 _____ C:\Windows\SysWOW64\IM_MOD_RL_xpm_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00017408 _____ C:\Windows\SysWOW64\IM_MOD_RL_txt_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00017408 _____ C:\Windows\SysWOW64\IM_MOD_RL_sgi_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00017408 _____ C:\Windows\SysWOW64\IM_MOD_RL_dib_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00016896 _____ C:\Windows\SysWOW64\IM_MOD_RL_pcl_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00016896 _____ C:\Windows\SysWOW64\IM_MOD_RL_palm_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00016896 _____ C:\Windows\SysWOW64\IM_MOD_RL_fits_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00016384 _____ C:\Windows\SysWOW64\IM_MOD_RL_xcf_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00015872 _____ C:\Windows\SysWOW64\IM_MOD_RL_pdb_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00015360 _____ C:\Windows\SysWOW64\IM_MOD_RL_webp_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00015360 _____ C:\Windows\SysWOW64\IM_MOD_RL_sun_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00015360 _____ C:\Windows\SysWOW64\IM_MOD_RL_pango_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00015360 _____ C:\Windows\SysWOW64\IM_MOD_RL_hdr_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00014848 _____ C:\Windows\SysWOW64\IM_MOD_RL_yuv_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00014848 _____ C:\Windows\SysWOW64\IM_MOD_RL_tga_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00014336 _____ C:\Windows\SysWOW64\IM_MOD_RL_cut_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00013824 _____ C:\Windows\SysWOW64\IM_MOD_RL_emf_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00013312 _____ C:\Windows\SysWOW64\IM_MOD_RL_vips_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00013312 _____ C:\Windows\SysWOW64\IM_MOD_RL_mpeg_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00013312 _____ C:\Windows\SysWOW64\IM_MOD_RL_jbig_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00012800 _____ C:\Windows\SysWOW64\IM_MOD_RL_xbm_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00012800 _____ C:\Windows\SysWOW64\IM_MOD_RL_rle_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00012800 _____ C:\Windows\SysWOW64\IM_MOD_RL_raw_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00012800 _____ C:\Windows\SysWOW64\IM_MOD_RL_pes_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00012800 _____ C:\Windows\SysWOW64\IM_MOD_RL_ipl_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00012288 _____ C:\Windows\SysWOW64\IM_MOD_RL_dng_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_xps_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_wbmp_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_vicar_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_uil_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_tim_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_sfw_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_mtv_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_html_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_histogram_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_gray_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_ept_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_cip_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_cals_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_avs_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011776 _____ C:\Windows\SysWOW64\IM_MOD_RL_aai_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011264 _____ C:\Windows\SysWOW64\IM_MOD_RL_vid_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011264 _____ C:\Windows\SysWOW64\IM_MOD_RL_ttf_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011264 _____ C:\Windows\SysWOW64\IM_MOD_RL_pwp_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011264 _____ C:\Windows\SysWOW64\IM_MOD_RL_map_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011264 _____ C:\Windows\SysWOW64\IM_MOD_RL_jnx_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011264 _____ C:\Windows\SysWOW64\IM_MOD_RL_caption_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00011264 _____ C:\Windows\SysWOW64\IM_MOD_RL_art_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_xtrn_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_uyvy_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_sct_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_rla_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_plasma_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_otb_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_mono_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_label_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_hrz_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00010752 _____ C:\Windows\SysWOW64\IM_MOD_RL_fax_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00010240 _____ C:\Windows\SysWOW64\IM_MOD_RL_url_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00010240 _____ C:\Windows\SysWOW64\IM_MOD_RL_rgf_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00010240 _____ C:\Windows\SysWOW64\IM_MOD_RL_pix_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00010240 _____ C:\Windows\SysWOW64\IM_MOD_RL_mvg_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00010240 _____ C:\Windows\SysWOW64\IM_MOD_RL_clipboard_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00010240 _____ C:\Windows\SysWOW64\IM_MOD_RL_braille_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00009728 _____ C:\Windows\SysWOW64\IM_MOD_RL_stegano_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00009728 _____ C:\Windows\SysWOW64\IM_MOD_RL_screenshot_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00009728 _____ C:\Windows\SysWOW64\IM_MOD_RL_mac_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00009728 _____ C:\Windows\SysWOW64\IM_MOD_RL_debug_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00009216 _____ C:\Windows\SysWOW64\IM_MOD_RL_thumbnail_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00009216 _____ C:\Windows\SysWOW64\IM_MOD_RL_scr_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00009216 _____ C:\Windows\SysWOW64\IM_MOD_RL_null_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00009216 _____ C:\Windows\SysWOW64\IM_MOD_RL_info_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00009216 _____ C:\Windows\SysWOW64\IM_MOD_RL_gradient_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00009216 _____ C:\Windows\SysWOW64\IM_MOD_RL_clip_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00008704 _____ C:\Windows\SysWOW64\IM_MOD_RL_xc_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00008704 _____ C:\Windows\SysWOW64\IM_MOD_RL_tile_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00008704 _____ C:\Windows\SysWOW64\IM_MOD_RL_matte_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00008704 _____ C:\Windows\SysWOW64\IM_MOD_RL_mask_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00008704 _____ C:\Windows\SysWOW64\IM_MOD_RL_inline_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00008704 _____ C:\Windows\SysWOW64\IM_MOD_RL_hald_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00008192 _____ C:\Windows\SysWOW64\IM_MOD_RL_preview_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00008192 _____ C:\Windows\SysWOW64\IM_MOD_RL_mpr_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00008192 _____ C:\Windows\SysWOW64\IM_MOD_RL_fd_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00008192 _____ C:\Windows\SysWOW64\IM_MOD_RL_djvu_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00007680 _____ C:\Windows\SysWOW64\IM_MOD_RL_wmf_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00007680 _____ C:\Windows\SysWOW64\IM_MOD_RL_fpx_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00007680 _____ C:\Windows\SysWOW64\IM_MOD_RL_exr_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00007680 _____ C:\Windows\SysWOW64\IM_MOD_RL_dps_.dll
2016-02-19 20:44 - 2014-07-30 14:13 - 00007680 _____ C:\Windows\SysWOW64\IM_MOD_RL_dot_.dll
2016-02-19 20:43 - 2016-02-20 21:27 - 00000000 ____D C:\MAMP
2016-02-19 20:20 - 2016-02-19 20:20 - 00000899 _____ C:\Users\Feels\Desktop\xtclow2.txt
2016-02-19 20:20 - 2016-02-19 20:20 - 00000082 _____ C:\Users\Feels\Desktop\bars4.txt
2016-02-19 20:20 - 2016-02-19 20:20 - 00000068 _____ C:\Users\Feels\Desktop\helpthyllis.txt
2016-02-19 20:19 - 2016-03-13 18:46 - 00003501 _____ C:\Users\Feels\Desktop\together3.txt
2016-02-19 20:19 - 2016-02-19 20:19 - 00000174 _____ C:\Users\Feels\Desktop\bars1.txt
2016-02-19 20:19 - 2016-02-19 20:19 - 00000134 _____ C:\Users\Feels\Desktop\yeezy.txt
2016-02-19 14:23 - 2016-02-19 14:23 - 00080074 _____ C:\Users\Feels\majorlab2_2.flp
2016-02-19 00:11 - 2016-02-19 00:11 - 00817669 _____ C:\Users\Feels\Documents\Untitled (235).wma
2016-02-18 17:28 - 2016-02-18 17:28 - 00063174 _____ C:\Users\Feels\Downloads\Dev Contract - NDA (1).pdf
2016-02-18 17:22 - 2016-02-18 17:22 - 00063174 _____ C:\Users\Feels\Downloads\Dev Contract - NDA.pdf
2016-02-18 02:44 - 2016-02-18 02:44 - 00002681 _____ C:\Users\Feels\Desktop\together2.txt
2016-02-17 22:19 - 2016-02-25 16:23 - 00000806 _____ C:\Users\Feels\Desktop\xtclow.txt
2016-02-17 22:18 - 2016-02-19 20:19 - 00000423 _____ C:\Users\Feels\Desktop\bars2.txt
2016-02-17 22:18 - 2016-02-17 22:18 - 00000392 _____ C:\Users\Feels\Desktop\bars3.txt
2016-02-17 22:18 - 2016-02-17 22:18 - 00000211 _____ C:\Users\Feels\Desktop\questions.txt
2016-02-17 22:18 - 2016-02-17 22:18 - 00000176 _____ C:\Users\Feels\Desktop\exercise1.txt
2016-02-17 22:17 - 2016-02-17 22:28 - 00001480 _____ C:\Users\Feels\Desktop\together.txt
2016-02-17 19:08 - 2016-02-17 19:08 - 00063886 _____ C:\Users\Feels\blueprint6b_3.flp
2016-02-17 18:33 - 2016-02-17 18:33 - 00063860 _____ C:\Users\Feels\blueprint6b_2.flp
2016-02-17 15:16 - 2016-02-17 15:16 - 00001019 _____ C:\Users\Public\Desktop\Notepad++.lnk
2016-02-16 21:56 - 2016-02-16 21:56 - 19172789 _____ C:\Users\Feels\Desktop\Untitled (235).wma
2016-02-16 20:07 - 2016-02-18 14:46 - 00000000 ____D C:\Users\Feels\Desktop\angular2

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-16 14:14 - 2015-11-24 10:40 - 00000000 ____D C:\FRST
2016-03-16 14:13 - 2014-11-14 12:56 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-03-16 14:11 - 2014-08-26 20:50 - 00000000 ____D C:\Users\Feels\AppData\Local\Battle.net
2016-03-16 14:11 - 2014-08-26 20:50 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-03-16 14:04 - 2013-08-17 19:57 - 00000000 ____D C:\Users\Feels\AppData\Roaming\Skype
2016-03-16 13:52 - 2014-07-19 21:48 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-16 13:45 - 2013-11-07 14:04 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4206490599-248476441-2872671179-1000UA.job
2016-03-16 13:28 - 2014-09-01 14:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-16 13:28 - 2013-09-05 10:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-16 13:28 - 2013-09-05 10:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-16 13:09 - 2009-07-13 21:45 - 00014208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-16 13:09 - 2009-07-13 21:45 - 00014208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-16 12:29 - 2013-09-05 10:49 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-16 12:29 - 2013-09-05 10:49 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-15 21:45 - 2013-11-07 14:04 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4206490599-248476441-2872671179-1000Core.job
2016-03-15 19:45 - 2009-07-13 22:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-15 19:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-03-15 19:38 - 2014-01-04 22:58 - 00003244 _____ C:\Windows\System32\Tasks\IORRT
2016-03-15 19:38 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-14 01:25 - 2014-11-23 03:05 - 00000000 ____D C:\Users\Feels\AppData\Local\ElevatedDiagnostics
2016-03-14 01:24 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-14 01:08 - 2013-09-05 10:48 - 00000000 ____D C:\Users\Feels\AppData\Local\Apps\2.0
2016-03-14 01:07 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2016-03-13 21:46 - 2015-11-24 10:40 - 00079937 _____ C:\Users\Feels\Downloads\FRST.txt
2016-03-13 21:46 - 2015-11-24 10:40 - 00036601 _____ C:\Users\Feels\Downloads\Addition.txt
2016-03-13 20:07 - 2014-04-08 19:21 - 00007584 _____ C:\Users\Feels\AppData\Local\Resmon.ResmonCfg
2016-03-13 18:58 - 2013-08-16 21:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-13 18:42 - 2015-05-26 09:38 - 02046608 _____ (Sysinternals - www.sysinternals.com) C:\Users\Feels\Desktop\Procmon.exe
2016-03-13 17:15 - 2014-02-09 13:27 - 00000000 ____D C:\Users\Feels\AppData\Roaming\vlc
2016-03-12 14:39 - 2014-04-06 19:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-12 14:39 - 2014-04-06 19:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-12 14:39 - 2009-07-13 19:34 - 89128960 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-03-12 14:39 - 2009-07-13 19:34 - 57671680 _____ C:\Windows\system32\config\COMPONENTS.bak
2016-03-12 14:39 - 2009-07-13 19:34 - 18874368 _____ C:\Windows\system32\config\SYSTEM.bak
2016-03-12 14:39 - 2009-07-13 19:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-03-12 14:39 - 2009-07-13 19:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-03-12 14:39 - 2009-07-13 19:34 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2016-03-12 14:20 - 2013-08-20 14:14 - 00000000 ____D C:\Users\Feels\AppData\Roaming\Audacity
2016-03-12 14:15 - 2014-03-13 12:50 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-12 14:11 - 2014-04-06 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-12 14:07 - 2015-11-05 12:56 - 00000000 ____D C:\Windows\system32\MRT
2016-03-12 14:03 - 2015-11-05 12:56 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-12 10:02 - 2016-01-01 15:21 - 00000000 ____D C:\Users\Feels\Documents\Check
2016-03-12 00:06 - 2013-08-16 21:03 - 00000000 ____D C:\Users\Feels
2016-03-11 18:47 - 2015-01-25 21:45 - 00000000 ____D C:\Users\Feels\AppData\Roaming\mIRC
2016-03-09 14:05 - 2014-07-19 21:48 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-02 11:04 - 2014-08-10 20:08 - 00000000 ____D C:\Users\Feels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-01 10:42 - 2013-11-29 18:29 - 00000000 ____D C:\Windows\Minidump
2016-02-28 15:48 - 2016-01-20 02:14 - 00000000 ____D C:\Users\Feels\.WebIde100
2016-02-26 01:24 - 2014-01-01 00:40 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-02-26 00:48 - 2014-09-12 17:10 - 00000000 ____D C:\Users\Feels\AppData\Roaming\OBS
2016-02-25 20:26 - 2015-01-18 22:41 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-25 20:26 - 2015-01-18 22:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-20 02:30 - 2015-11-14 13:45 - 00000000 ____D C:\Windows\rescache
2016-02-19 20:55 - 2015-04-17 00:08 - 00000000 ____D C:\ProgramData\Atlassian
2016-02-19 20:44 - 2015-03-25 19:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-19 20:20 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-18 17:43 - 2015-09-25 13:55 - 00000000 ____D C:\Users\Feels\Documents\Adobe
2016-02-18 17:31 - 2015-03-13 20:49 - 00000000 ___RD C:\Users\Feels\Documents\Scanned Documents
2016-02-17 15:16 - 2014-07-28 00:06 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-02-17 14:28 - 2014-07-12 23:02 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-11-22 20:21 - 2015-11-22 20:21 - 0003584 _____ () C:\Users\Feels\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-26 01:00 - 2016-02-26 01:13 - 1065984 _____ () C:\Users\Feels\AppData\Local\file__0.localstorage
2016-02-19 20:58 - 2016-03-04 14:48 - 0000600 _____ () C:\Users\Feels\AppData\Local\PUTTY.RND
2014-04-08 19:21 - 2016-03-13 20:07 - 0007584 _____ () C:\Users\Feels\AppData\Local\Resmon.ResmonCfg
2015-01-09 01:08 - 2015-01-09 01:08 - 0000101 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-09 02:14

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Feels (2016-03-16 14:14:40)
Running from C:\Users\Feels\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-08-17 04:03:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4206490599-248476441-2872671179-500 - Administrator - Disabled)
Feels (S-1-5-21-4206490599-248476441-2872671179-1000 - Administrator - Enabled) => C:\Users\Feels
Guest (S-1-5-21-4206490599-248476441-2872671179-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-4206490599-248476441-2872671179-1000\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
Awesomium Redistributable (HKLM-x32\...\{5BCB064B-9F65-4E15-BAFB-669E72E54FD9}) (Version: 1.7.4.2 - SIX Networks GmbH)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon D400-450 (HKLM\...\{87AEED05-C717-47bc-93BB-F8E527D2690F}) (Version: - )
Elpis (HKLM-x32\...\{E3D37D26-51FA-4273-B7CE-C9210CD431FF}) (Version: 1.4.5 - Adam Haile)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVGA PrecisionX 16 (HKLM-x32\...\{425A0AAA-B049-4356-A81E-E089BC5AE934}) (Version: 5.3.10 - EVGA Corporation)
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version: - )
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )
Firebird v2.0 (HKLM-x32\...\Tone2 Firebird_is1) (Version: - Tone2)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Gyazo 3.2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JetBrains PhpStorm 10.0.3 (HKLM-x32\...\PhpStorm 10.0.3) (Version: 143.1770 - JetBrains s.r.o.)
JetBrains WebStorm 11.0.3 (HKLM-x32\...\WebStorm 11.0.3) (Version: 143.1559.5 - JetBrains s.r.o.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.0.2.0 - Lightworks)
Logitech Gaming Software 8.76 (HKLM\...\Logitech Gaming Software) (Version: 8.76.155 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MAMP & MAMP PRO version 3.2.0 (HKLM-x32\...\{A62E77D4-9B74-4CA0-A254-EFE711F7A298}_is1) (Version: 3.2.0 - appsolute Gmbh)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.38 - mIRC Co. Ltd.)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Python 3.4.1 (64-bit) (HKLM\...\{D54842CB-F761-30BA-881F-1FF821DC44DF}) (Version: 3.4.1150 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6793 - Realtek Semiconductor Corp.)
Ruby 2.2.3-p173-x64 (HKU\S-1-5-21-4206490599-248476441-2872671179-1000\...\{A98E44F8-6401-400F-830E-B1A2919C22BD}_is1) (Version: 2.2.3-p173 - RubyInstaller Team)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version: - Berserk Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
USBPcap 1.1.0.0-g794bf26 (HKLM\...\USBPcap) (Version: - )
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version: - Google Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0198FE8F-E408-4FC1-AC57-0753FDAB4D75} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-26] (Microsoft Corporation)
Task: {12A4D889-6605-4FB0-9E38-F02A7919E0DC} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()
Task: {1F6B0BDD-45A5-46D8-BE1B-199805CD1CBA} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2014-01-04] ()
Task: {39556AEC-EA02-4196-AC29-485DD2473DDE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4B0D4DC3-6AFF-4EA1-8047-66306685D3BE} - System32\Tasks\{7D70E27D-0A8E-4609-A688-FD4FE78A443C} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.80.101/en/abandoninstall?page=tsProgressBar
Task: {4FD2A8BA-63C1-4669-AAA9-A50F365F876C} - System32\Tasks\Google Pinyin Daemon => C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2013-12-04] (Google Inc.) <==== ATTENTION
Task: {530B430B-0600-421D-B3E9-90A68BBDC970} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {58A52043-2A4F-46DA-B8A0-80A519204B32} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4206490599-248476441-2872671179-1000UA => C:\Users\Feels\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6295A4BD-2935-485F-A252-F682ED517ECF} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2014-01-04] ()
Task: {76487A84-3795-490D-969C-266C31AEC121} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-02-25] (Microsoft Corporation)
Task: {7C9AF082-9119-4878-AD11-E1D63CB535AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C136850B-08EB-471D-B304-0879DB55BF13} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-01] (Adobe Systems Incorporated)
Task: {C3676702-AD82-4843-86A3-F5E3ED390219} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {D5A32FA0-7FF7-4D87-9DDD-7C253B8D08F0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-26] (Microsoft Corporation)
Task: {E647BF1B-7A90-4A12-AB1B-8F0DC6B191F2} - System32\Tasks\{56658C97-D75F-4F54-AFF1-FBDAEA24390D} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.80.101/en/abandoninstall?page=tsProgressBar
Task: {EDD6C6A4-62ED-41D8-B75E-FC578F5DDAE9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4206490599-248476441-2872671179-1000Core => C:\Users\Feels\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F1B2F137-4BAF-456A-98F4-A527A0BF8F76} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4206490599-248476441-2872671179-1000Core.job => C:\Users\Feels\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4206490599-248476441-2872671179-1000UA.job => C:\Users\Feels\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Feels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.2.3-p173-x64\Interactive Ruby.lnk -> C:\Ruby22-x64\bin\irb.bat ()

ShortcutWithArgument: C:\Users\Feels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.2.3-p173-x64\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Ruby22-x64\bin\setrbvars.bat

==================== Loaded Modules (Whitelisted) ==============

2013-08-16 21:18 - 2013-06-21 03:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-18 22:30 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-11 19:02 - 2015-09-11 19:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-10-26 16:41 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-11-20 14:41 - 2015-11-20 14:41 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-11-20 14:41 - 2015-11-20 14:41 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2013-12-04 20:39 - 2013-12-04 20:39 - 00846360 _____ () C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
2014-11-14 12:56 - 2016-03-16 14:11 - 16110056 _____ () C:\Program Files (x86)\Hearthstone\Hearthstone.exe
2015-10-26 16:42 - 2015-09-01 05:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-02-19 16:29 - 2016-02-17 21:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-19 16:29 - 2016-02-17 21:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
2016-03-09 15:24 - 2016-03-08 13:16 - 17541312 _____ () C:\Users\Feels\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.182\pepflashplayer.dll
2016-03-07 21:21 - 2016-03-07 21:21 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6890\libcef.dll
2016-03-07 21:21 - 2016-03-07 21:21 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6890\libGLESv2.dll
2016-03-07 21:21 - 2016-03-07 21:21 - 00293040 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6890\ortp.dll
2016-03-07 21:21 - 2016-03-07 21:21 - 00909312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6890\platforms\qwindows.dll
2016-03-07 21:21 - 2016-03-07 21:21 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6890\libEGL.dll
2016-03-07 21:21 - 2016-03-07 21:21 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6890\imageformats\qgif.dll
2016-03-07 21:21 - 2016-03-07 21:21 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6890\imageformats\qico.dll
2016-03-07 21:21 - 2016-03-07 21:21 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6890\imageformats\qjpeg.dll
2016-03-07 21:21 - 2016-03-07 21:21 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6890\imageformats\qmng.dll
2016-03-07 21:21 - 2016-03-07 21:21 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6890\imageformats\qsvg.dll
2016-03-07 21:21 - 2016-03-07 21:21 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6890\imageformats\qtiff.dll
2016-03-07 21:21 - 2016-03-07 21:21 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6890\qml\QtQuick.2\qtquick2plugin.dll
2016-03-07 21:21 - 2016-03-07 21:21 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6890\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-03-07 21:21 - 2016-03-07 21:21 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6890\qml\QtQml\Models.2\modelsplugin.dll
2014-11-14 12:57 - 2016-03-16 14:11 - 00029696 _____ () C:\Program Files (x86)\Hearthstone\Hearthstone_Data\Plugins\PlayErrors32.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-03-12 15:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4206490599-248476441-2872671179-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Feels\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Who Is On My Wifi.lnk => C:\Windows\pss\Who Is On My Wifi.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: MampTray => C:\MAMP\MAMPROSysTray.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Feels\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Feels\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{209F37E5-D4C9-4C5B-8627-5C00F9D62208}C:\program files (x86)\hearthstone\hearthstone.exe] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{D49E1BE2-2C2B-4B12-A9CB-D58C43E05F77}C:\program files (x86)\hearthstone\hearthstone.exe] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{789BA91A-48A0-46BA-A838-957EE70349F7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{75FE88FC-D256-4174-84A5-E57C28CB669F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7D2EFD63-B9EA-4CF8-B9C1-C93E62C2DEFF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{60D81A1B-167D-4A68-A6DF-F7CE55F49B13}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2CFCDC60-93D4-4062-A35D-2CE0F4CDEBA5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{BDF7162B-0EE2-43AF-A8AA-E86F55B2B5C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{1ABCB02C-7CFF-4B46-9C5C-E6971F925A27}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{56F1E489-5B90-4730-BF38-8E5791181E10}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{F13C32E6-4E0C-40F2-A705-B17E1B88A6D6}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{A241A7DA-FD74-4BBE-9479-EC1BD4546DF1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{04780789-7054-4CA0-B188-4FD595A2F755}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-08-2013 06:08:24 Scheduled Checkpoint
14-08-2013 22:25:19 Installed Ventrilo Client for Windows x64
14-08-2013 23:57:45 Installed Microsoft Visual C++ 2005 Redistributable
14-08-2013 23:58:24 Installed DirectX

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2016 01:44:27 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Application: excel.exe; IdentityType: Unknown; HasToken: 1; AutoOrgId: 0; Roaming: 0; SessionLicensing: 0; LvuxSqm: 0; SppReady: 1; CurrentHr: 0x803d0013; CorrelationId: {EDCBE9DF-7A22-4137-99D4-A09997F6F67F}; OlsErrorCode: 0x407; CurrentProductReleaseId: O365ProPlusRetail; AllProductReleaseIds (from store): O365ProPlusRetail

Error: (03/16/2016 01:44:27 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x407; CorrelationId: {EDCBE9DF-7A22-4137-99D4-A09997F6F67F}

Error: (03/13/2016 07:19:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Procmon.exe, version: 3.20.0.0, time stamp: 0x5563c057
Faulting module name: Procmon.exe, version: 3.20.0.0, time stamp: 0x5563c057
Exception code: 0xc0000005
Fault offset: 0x0005d889
Faulting process id: 0x1710
Faulting application start time: 0xProcmon.exe0
Faulting application path: Procmon.exe1
Faulting module path: Procmon.exe2
Report Id: Procmon.exe3

Error: (03/13/2016 07:04:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Procmon.exe, version: 3.20.0.0, time stamp: 0x5563c057
Faulting module name: Procmon.exe, version: 3.20.0.0, time stamp: 0x5563c057
Exception code: 0xc0000005
Fault offset: 0x0005d889
Faulting process id: 0x2334
Faulting application start time: 0xProcmon.exe0
Faulting application path: Procmon.exe1
Faulting module path: Procmon.exe2
Report Id: Procmon.exe3

Error: (03/13/2016 07:04:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Procmon.exe, version: 3.20.0.0, time stamp: 0x5563c057
Faulting module name: Procmon.exe, version: 3.20.0.0, time stamp: 0x5563c057
Exception code: 0xc0000005
Fault offset: 0x0005d889
Faulting process id: 0x2118
Faulting application start time: 0xProcmon.exe0
Faulting application path: Procmon.exe1
Faulting module path: Procmon.exe2
Report Id: Procmon.exe3

Error: (03/13/2016 06:46:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Procmon.exe, version: 3.20.0.0, time stamp: 0x5563c057
Faulting module name: Procmon.exe, version: 3.20.0.0, time stamp: 0x5563c057
Exception code: 0xc0000005
Fault offset: 0x0005d889
Faulting process id: 0x1450
Faulting application start time: 0xProcmon.exe0
Faulting application path: Procmon.exe1
Faulting module path: Procmon.exe2
Report Id: Procmon.exe3

Error: (03/13/2016 06:46:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Procmon.exe, version: 3.20.0.0, time stamp: 0x5563c057
Faulting module name: Procmon.exe, version: 3.20.0.0, time stamp: 0x5563c057
Exception code: 0xc0000005
Fault offset: 0x0005d889
Faulting process id: 0x163c
Faulting application start time: 0xProcmon.exe0
Faulting application path: Procmon.exe1
Faulting module path: Procmon.exe2
Report Id: Procmon.exe3

Error: (03/13/2016 06:45:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Procmon.exe, version: 3.20.0.0, time stamp: 0x5563c057
Faulting module name: Procmon.exe, version: 3.20.0.0, time stamp: 0x5563c057
Exception code: 0xc0000005
Fault offset: 0x0005d889
Faulting process id: 0x18e0
Faulting application start time: 0xProcmon.exe0
Faulting application path: Procmon.exe1
Faulting module path: Procmon.exe2
Report Id: Procmon.exe3

Error: (03/13/2016 06:45:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Procmon.exe, version: 3.20.0.0, time stamp: 0x5563c057
Faulting module name: Procmon.exe, version: 3.20.0.0, time stamp: 0x5563c057
Exception code: 0xc0000005
Fault offset: 0x0005d889
Faulting process id: 0x1508
Faulting application start time: 0xProcmon.exe0
Faulting application path: Procmon.exe1
Faulting module path: Procmon.exe2
Report Id: Procmon.exe3

Error: (03/13/2016 06:43:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Procmon.exe, version: 3.20.0.0, time stamp: 0x5563c057
Faulting module name: Procmon.exe, version: 3.20.0.0, time stamp: 0x5563c057
Exception code: 0xc0000005
Fault offset: 0x0005d889
Faulting process id: 0x1c70
Faulting application start time: 0xProcmon.exe0
Faulting application path: Procmon.exe1
Faulting module path: Procmon.exe2
Report Id: Procmon.exe3


System errors:
=============
Error: (03/16/2016 01:45:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/15/2016 07:38:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
VBoxNetAdp

Error: (03/15/2016 07:38:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MSCamSvc service failed to start due to the following error:
%%2

Error: (03/15/2016 07:33:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
VBoxNetAdp

Error: (03/15/2016 07:33:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MSCamSvc service failed to start due to the following error:
%%2

Error: (03/14/2016 01:07:41 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/14/2016 01:05:52 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/14/2016 01:03:58 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/13/2016 07:08:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/13/2016 07:07:06 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


CodeIntegrity:
===================================

==================== Memory info ===========================

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 46%
Total physical RAM: 12259.32 MB
Available physical RAM: 6539.46 MB
Total Virtual: 13281.53 MB
Available Virtual: 7113.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:3.54 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Media) (Fixed) (Total:151.34 GB) (Free:5.25 GB) NTFS
Drive f: () (Fixed) (Total:314.32 GB) (Free:1.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: CEBF4E3A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3C1F9584)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=314.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=151.3 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 19 March 2016 - 08:18 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 PM

Posted 19 March 2016 - 08:19 AM

Greetings UKHInside and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of unlicensed software on your computer. I am going to request you completely uninstall Microsoft Office 365 ProPlus and all other products for which you do not have a valid Product Key. If you are willing to do that please rerun a FRST scan with Addition.txt and post both logs. If you prefer to leave the programs on your computer let me know that and I will be closing the Topic.

**EDIT**

Based on additional information provided I have determined the Office program is legitimate with a Valid Product Key.


Edited by Oh My!, 19 March 2016 - 04:48 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 UKHInside

UKHInside
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 19 March 2016 - 04:08 PM

Hi Gary,

 

Thank you for your assistance. My name is David.

 

With all due respect, before I uninstall this program, can you please clarify for me what that evidence is? I don't mean to be combative, but an accusation like that is certainly one that might affect my reputation here, and as a result, I would appreciate the opportunity to dispute that claim.

 

This product is licensed through my school - I am allowed to install Microsoft Office 365 ProPlus on up to 5 computers as a consequence of my registration with them. I only use it on one; this one. I explained that it does not recognize the software as valid until it has been repaired, opened, closed, and then opened once more.

 

How can I prove this without compromising my identity? I certainly have an active, valid license. I just logged into office.com with my student account.

 

Thank you for your time, Gary.

 

EDIT: I have no problem uninstalling the software temporarily if it assists in cleaning my computer of any infections. I just want to clarify that I do have a license for this software, and if there is a flag that indicates otherwise, it is an issue with the software, or the malware, and not my lack of a license.


Edited by UKHInside, 19 March 2016 - 04:11 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 PM

Posted 19 March 2016 - 04:18 PM

I will take your word for it and send you a Personal Message with the information you are requesting.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 PM

Posted 19 March 2016 - 04:30 PM

Greetings David.

I will tell you from the start often times Windows Update issues are difficult to overcome and direct help from Microsoft is necessary. However, we will do our best to try to resolve the issue. It may require multiple steps to try to identify the problem.

Lets start with this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4206490599-248476441-2872671179-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 athur; system32\DRIVERS\athurx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 kgloypod; \??\C:\Users\Feels\AppData\Local\Temp\kgloypod.sys [X]
2016-03-10 21:55 - 2016-03-10 21:55 - 00000000 _____ C:\kgloypod.sys
2016-03-15 19:38 - 2014-01-04 22:58 - 00003244 _____ C:\Windows\System32\Tasks\IORRT
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4206490599-248476441-2872671179-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Feels\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {1F6B0BDD-45A5-46D8-BE1B-199805CD1CBA} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2014-01-04] ()
C:\IORRT
Task: {6295A4BD-2935-485F-A252-F682ED517ECF} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2014-01-04] ()
CMD: type "C:\ComboFix.txt"
Folder: C:\versa_code_1
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 PM

Posted 22 March 2016 - 10:14 PM

Greetings,

===================================================

3 Day Bump

It has been 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 PM

Posted 24 March 2016 - 08:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users