Farbar Service Scanner Version: 27-01-2016
Ran by Kyle (administrator) on 02-01-2017 at 10:18:48
Running from "C:\Users\Kyle\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is set to Disabled. The default start type is 3.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
MiniToolBox by Farbar Version: 17-06-2016
Ran by Kyle (administrator) on 02-01-2017 at 10:18:17
Running from "C:\Users\Kyle\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Model: OEM Manufacturer: OEM
Boot Mode: Normal
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Realtek PCIe GBE Family Controller = Local Area Connection 2 (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
StrongVPN Adapter = Local Area Connection 3 (Media disconnected)
TAP-Win32 Adapter V9 (Tunngle) = Tunngle (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
add address name="VMware Network Adapter VMnet8" address=192.168.75.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet1" address=192.168.235.1 mask=255.255.255.0
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Computer
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net
Ethernet adapter Tunngle:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle)
Physical Address. . . . . . . . . : 00-FF-3C-52-4F-5F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : StrongVPN Adapter
Physical Address. . . . . . . . . : 00-FF-2A-54-A6-F2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : hsd1.wa.comcast.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller #2
Physical Address. . . . . . . . . : 02-01-64-8A-03-C0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2601:602:c302:378a:2428:3b63:d603:4b19(Preferred)
Temporary IPv6 Address. . . . . . : 2601:602:c302:378a:1c63:d64b:485a:6142(Preferred)
Link-local IPv6 Address . . . . . : fe80::2428:3b63:d603:4b19%14(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.50(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, January 01, 2017 2:25:29 PM
Lease Expires . . . . . . . . . . : Sunday, January 08, 2017 2:25:29 PM
Default Gateway . . . . . . . . . : fe80::dcf8:3bff:fe68:34d9%14
10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 318775228
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-7F-8B-2B-00-1F-BC-02-49-25
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-1F-BC-02-49-25
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c1c3:225c:aed6:b8a1%17(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.235.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 503337046
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-7F-8B-2B-00-1F-BC-02-49-25
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::98bd:8cd6:96fb:9f16%18(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.75.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 520114262
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-7F-8B-2B-00-1F-BC-02-49-25
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{3C524F5F-670B-4174-A4BA-DBCEEB1D37D1}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{2A54A6F2-D29F-4928-94EB-FC5E693C12C9}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.hsd1.wa.comcast.net:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.wa.comcast.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{E26A1425-C4CC-40E8-B200-1BF2A4468B02}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{55AA8FB3-8371-4178-BD69-4C4E05517AFF}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{6695B060-B0B8-472E-A1E6-5C34BA1D1170}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 2607:f8b0:400a:807::200e
216.58.216.174
Pinging google.com [2607:f8b0:400a:806::200e] with 32 bytes of data:
Reply from 2607:f8b0:400a:806::200e: time=41ms
Reply from 2607:f8b0:400a:806::200e: time=20ms
Ping statistics for 2607:f8b0:400a:806::200e:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 41ms, Average = 30ms
Server: cdns01.comcast.net
Address: 75.75.75.75
Name: yahoo.com
Addresses: 2001:4998:c:a06::2:4008
2001:4998:58:c02::a9
2001:4998:44:204::a7
206.190.36.45
98.138.253.109
98.139.183.24
Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Reply from 2001:4998:58:c02::a9: time=107ms
Reply from 2001:4998:58:c02::a9: time=97ms
Ping statistics for 2001:4998:58:c02::a9:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 97ms, Maximum = 107ms, Average = 102ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
22...00 ff 3c 52 4f 5f ......TAP-Win32 Adapter V9 (Tunngle)
16...00 ff 2a 54 a6 f2 ......StrongVPN Adapter
14...02 01 64 8a 03 c0 ......Realtek PCIe GBE Family Controller #2
12...00 1f bc 02 49 25 ......Realtek PCIe GBE Family Controller
17...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
18...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.50 10
10.0.0.0 255.255.255.0 On-link 10.0.0.50 266
10.0.0.50 255.255.255.255 On-link 10.0.0.50 266
10.0.0.255 255.255.255.255 On-link 10.0.0.50 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.75.0 255.255.255.0 On-link 192.168.75.1 276
192.168.75.1 255.255.255.255 On-link 192.168.75.1 276
192.168.75.255 255.255.255.255 On-link 192.168.75.1 276
192.168.235.0 255.255.255.0 On-link 192.168.235.1 276
192.168.235.1 255.255.255.255 On-link 192.168.235.1 276
192.168.235.255 255.255.255.255 On-link 192.168.235.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.50 266
224.0.0.0 240.0.0.0 On-link 192.168.235.1 276
224.0.0.0 240.0.0.0 On-link 192.168.75.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.50 266
255.255.255.255 255.255.255.255 On-link 192.168.235.1 276
255.255.255.255 255.255.255.255 On-link 192.168.75.1 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 266 ::/0 fe80::dcf8:3bff:fe68:34d9
1 306 ::1/128 On-link
14 18 2601:602:c302:378a::/64 On-link
14 266 2601:602:c302:378a:1c63:d64b:485a:6142/128
On-link
14 266 2601:602:c302:378a:2428:3b63:d603:4b19/128
On-link
14 266 fe80::/64 On-link
17 276 fe80::/64 On-link
18 276 fe80::/64 On-link
14 266 fe80::2428:3b63:d603:4b19/128
On-link
18 276 fe80::98bd:8cd6:96fb:9f16/128
On-link
17 276 fe80::c1c3:225c:aed6:b8a1/128
On-link
1 306 ff00::/8 On-link
14 266 ff00::/8 On-link
17 276 ff00::/8 On-link
18 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\vsocklib.dll [64192] (VMware, Inc.)
Catalog9 12 C:\Windows\SysWOW64\vsocklib.dll [64192] (VMware, Inc.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\vsocklib.dll [68288] (VMware, Inc.)
x64-Catalog9 12 C:\Windows\System32\vsocklib.dll [68288] (VMware, Inc.)
========================= Event log errors: ===============================
Application errors:
==================
Error: (12/30/2016 03:05:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: iTunes.exe, version: 12.3.2.35, time stamp: 0x5673a11b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23572, time stamp: 0x57fd0696
Exception code: 0x80000003
Fault offset: 0x00000000000331f2
Faulting process id: 0x2f74
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3
Error: (12/29/2016 12:20:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/28/2016 11:58:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 50.1.0.6186, time stamp: 0x584a057c
Faulting module name: mozglue.dll, version: 50.1.0.6186, time stamp: 0x5849ff8b
Exception code: 0x80000003
Fault offset: 0x0000ec79
Faulting process id: 0x778c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
System errors:
=============
Error: (01/01/2017 03:08:25 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/01/2017 02:59:34 PM) (Source: Service Control Manager) (User: )
Description: The NAUpdate service terminated unexpectedly. It has done this 1 time(s).
Error: (01/01/2017 02:59:29 PM) (Source: Service Control Manager) (User: )
Description: The VMware Authorization Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/01/2017 02:59:22 PM) (Source: Service Control Manager) (User: )
Description: The TeamViewer 12 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.
Error: (01/01/2017 02:59:16 PM) (Source: Service Control Manager) (User: )
Description: The VMware DHCP Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/01/2017 02:59:13 PM) (Source: Service Control Manager) (User: )
Description: The Wondershare Application Framework Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/29/2016 08:32:51 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/29/2016 08:32:51 PM) (Source: Service Control Manager) (User: )
Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
Error: (12/29/2016 12:25:29 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (12/29/2016 12:18:26 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
VBoxNetAdp
Microsoft Office Sessions:
=========================
Error: (12/30/2016 03:05:19 PM) (Source: Application Error)(User: )
Description: iTunes.exe12.3.2.355673a11bKERNELBASE.dll6.1.7601.2357257fd06968000000300000000000331f22f7401d262f12cbf5df4C:\Program Files\iTunes\iTunes.exeC:\Windows\system32\KERNELBASE.dll6ed4ba55-cee4-11e6-b874-005056c00008
Error: (12/29/2016 12:20:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/28/2016 11:58:52 PM) (Source: Application Error)(User: )
Description: plugin-container.exe50.1.0.6186584a057cmozglue.dll50.1.0.61865849ff8b800000030000ec79778c01d261a95da76e28C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dlla346fc65-cd9c-11e6-b148-005056c00008
CodeIntegrity Errors:
===================================
Date: 2016-11-01 13:18:28.694
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-11-01 13:18:28.663
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
=========================== Installed Programs ============================
4500_G510nz_Help (HKLM-x32\...\{690879A5-18EF-447B-98D6-B699D51008AB}) (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (HKLM-x32\...\{5B05FF91-F20C-4832-A8DE-E1912639C17C}) (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (HKLM-x32\...\{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}) (Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.16 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.4.44.6257 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Breakaway (HKLM-x32\...\600505cc-de2f-4b99-9960-c47ee5d23f04) (Version: - AOFH7)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation)
Catalyst Control Center Next Localization BR (HKLM\...\{C80C12DC-3959-4028-1681-F2BF00866439}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{B0199EE9-B640-3D24-29F8-99B1C425697A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{8F5D8F15-4A07-E887-C8FD-498804F2522F}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{55FB36B8-663A-06C2-9A6F-34A0AFFD906C}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{27D9A3A3-D0D2-2260-A2AA-A7228B6022B6}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{C59870AD-505D-4C9E-B625-D1DE6B1ABF8D}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{38072574-E1D1-9B6C-EAB4-27E207E0B54A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{C7F2F764-33A8-7ED1-8ED9-BD594C814386}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{352C8FF2-CB23-F2C3-CC82-B2F20AC15B5C}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{13556222-6637-F9E8-A6A6-186D6996E5E0}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{3B8435FC-47AD-7A7E-BCBD-13DF296DB149}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{1E60CDCF-E4AF-2B49-3473-E9C10C0D6031}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{2459C0BB-C5C8-2FD0-2437-BD92FB666A15}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{58011544-00D2-DD75-4E0D-944AD2D3773D}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9E93DDED-A342-2621-8B33-A7FDE09E2A15}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{EBCCB5CD-B2B0-6870-DCC3-A7CCCC1B1B68}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{D214F8C8-A231-E193-971C-7D185108F908}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C078842D-6E39-ACBA-8927-51697B6D89B0}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{CE1A9479-C86A-81A5-729F-9B65120D15E1}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{81DFFE49-771C-3262-99DD-35AB35FEF71A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{56C43946-966D-1B4B-3910-3B4741F9CAF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0152 - Disc Soft Ltd)
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version: - )
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}) (Version: 130.0.372.000 - Hewlett-Packard) Hidden
Dirty Bomb (HKLM\...\Steam App 333930) (Version: - Splash Damage®)
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.125 - DivX, LLC)
ESET Smart Security (HKLM\...\{0C26C0D5-9A65-45B6-83CE-AF5105212A06}) (Version: 9.0.375.0 - ESET, spol. s r.o.)
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Fidelity Active Trader Pro® (HKCU\...\a36ba76f6187edff) (Version: 10.6.716.0 - Fidelity Investments)
Fractured Space (HKLM\...\Steam App 310380) (Version: - Edge Case Games Ltd.)
Ghost in the Shell Stand Alone Complex First Assault Online (HKLM\...\Steam App 369200) (Version: - Neople)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
Ignition Casino (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E4}}_is1) (Version: - )
Infix PDF Editor version 6.4.6.0 (HKLM-x32\...\83FFB914-6FA7-4F1F-807E-E0FFBA2E49E1_is1) (Version: 6.4.6.0 - Iceni Technology)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x64 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x64 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Recorder (HKLM-x32\...\{F3949798-3544-433B-B5AB-A61F32F0386F}) (Version: 18.001.2 - Nero AG) Hidden
Nero 2016 (HKLM-x32\...\{ED8AC7E1-18EC-4F68-8E69-938A4503D29C}) (Version: 17.0.04600 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Nitro Pro 10 (HKLM\...\{C78478E6-8206-470E-B843-0204995371C6}) (Version: 10.5.1.17 - Nitro)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.1 - Notepad++ Team)
OSFMount v1.5 (HKLM\...\OSFMount_is1) (Version: 1.5.1015 - Passmark Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)
Prerequisite installer (HKLM-x32\...\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}) (Version: 17.0.0002 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.98.107.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0015-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{835E4BED-E265-4103-AE14-0B4C70CF3FE8}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{1F7000D3-A917-4AD2-BA55-59E6FDAF062A}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{4BF13B26-3A95-4E42-900A-DEB16FDA75A0}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-002C-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C5D14A1B-6E3E-491A-96C6-ABDEEEC4E97D}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0044-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D7E879E6-B505-4DA2-BFEE-53A55E7C8E38}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1931508C-C004-4983-81E3-70BE6252904B}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E4F470B2-3601-4E1C-B291-D6B580F53136}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E2-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0115-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D7E879E6-B505-4DA2-BFEE-53A55E7C8E38}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0117-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version: - Microsoft) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Status (HKLM-x32\...\{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StrongVPN Client (HKLM\...\{6EB6293C-9286-4981-8672-956E1A92F33B}_is1) (Version: 1.6.1 - Strong Technology, LLC)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.71503 - TeamViewer)
The Ultimate Troubleshooter (HKLM-x32\...\The Ultimate Troubleshooter) (Version: - AnswersThatWork.com)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.6.0.0 - Tukero[X]Team)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM\...\Steam App 243870) (Version: - Ubisoft Singapore)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}) (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.8 - Tunngle.net GmbH)
Twitch Launcher (HKLM-x32\...\Twitch Launcher 1.0.0) (Version: 1.0.0 - Twitch)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E0107125-62C7-43B6-8E66-0582F397469E}) (Version: - Microsoft)
VBK DRM Removal version 1.16 (HKLM-x32\...\{D80788DC-9E71-4607-BE9B-FFCD8F74C979}_is1) (Version: 1.16 - eBook Converter Team)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VitalSource Bookshelf (HKLM-x32\...\{4bb6f5ce-1e01-41b1-833d-ffa2297df6f4}) (Version: 6.08.0017 - Ingram Content Group)
VitalSource Converter (HKLM-x32\...\vitalsource) (Version: - http://www.ebook-converter.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Workstation (HKLM\...\{F4C0A853-FA3B-4404-954B-799299EB5A98}) (Version: 12.1.1 - VMware, Inc.)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WizTree v1.06 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software)
Wondershare Video Converter Ultimate(Build 9.0.0.4) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 9.0.0.4 - Wondershare Software)
========================= Devices: ================================
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Device ID: ROOT\LEGACY_ZAM\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Device ID: ROOT\LEGACY_ZAM_GUARD\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid:
Manufacturer:
Service:
Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1049\57584E3145393441455A4343&1
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_1102&DEV_0005&SUBSYS_00311102&REV_00\4&2E1896D2&0&08F0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Device ID: ROOT\MULTIFUNCTION\0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
========================= Memory info: ===================================
Percentage of memory in use: 20%
Total physical RAM: 16375.18 MB
Available physical RAM: 13032.9 MB
Total Virtual: 16573.36 MB
Available Virtual: 13359.27 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:465.66 GB) (Free:240.98 GB) NTFS
4 Drive g: () (Fixed) (Total:465.66 GB) (Free:173.65 GB) NTFS
5 Drive h: () (Fixed) (Total:465.66 GB) (Free:329.36 GB) NTFS
6 Drive i: (My Passport) (Fixed) (Total:931.48 GB) (Free:625.58 GB) NTFS
========================= Users: ========================================
User accounts for \\COMPUTER
Administrator Guest Kyle
========================= Restore Points ==================================
**** End of log ****
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.18537
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED
CPU speed: 2.653000 GHz
Memory total: 17170616320, free: 13642727424
Downloaded database version: v2017.01.02.01
Downloaded database version: v2016.11.20.01
Downloaded database version: v2016.12.16.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
01/02/2017 00:54:48
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\vkxotygq.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\vmci.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vsock.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\epfwwfp.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\edevmon.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\??\C:\Program Files\ESET\ESET Smart Security\em015_64.dat
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
C:\Program Files\ESET\ESET Smart Security\em006_64.dat
C:\Program Files\ESET\ESET Smart Security\em018_64.dat
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\epfw.sys
C:\Program Files\ESET\ESET Smart Security\em008_64.dat
C:\Program Files\ESET\ESET Smart Security\em042_64.dat
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\EpfwLWF.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tapstrong.sys
\SystemRoot\system32\DRIVERS\tap0901t.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\dtlitescsibus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\dtliteusbbus.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\ekbdflt.sys
\??\C:\Windows\system32\drivers\VMkbd.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\dot4usb.sys
\SystemRoot\system32\DRIVERS\Dot4.sys
\SystemRoot\system32\DRIVERS\Dot4Prt.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\vmx86.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\SystemRoot\SysWOW64\drivers\vstor2-mntapi20-shared.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
C:\Program Files\ESET\ESET Smart Security\em042_64.dat
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\comdlg32.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\wininet.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\shell32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\msctf.dll
\Windows\System32\imm32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\nsi.dll
\Windows\System32\iertutil.dll
\Windows\System32\difxapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\lpk.dll
\Windows\System32\sechost.dll
\Windows\System32\user32.dll
\Windows\System32\gdi32.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
Scan started
Database versions:
main: v2017.01.02.01
rootkit: v2016.11.20.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800e598790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e5982c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800e598790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e308060, DeviceName: \Device\Ide\IdeDeviceP8T0L0-c\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A52EF7BF
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition is bootable
Partition file system is NTFS
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 976564224
Partition is not bootable
Partition file system is NTFS
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800e5ba060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e5bab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800e5ba060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e2ca060, DeviceName: \Device\Ide\IdeDeviceP9T0L0-d\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1F8A8533
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition is bootable
Partition file system is NTFS
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 976564224
Partition is not bootable
Partition file system is NTFS
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa800e5bb060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e5bbab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800e5bb060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d308e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800e343680, DeviceName: \Device\Ide\IdeDeviceP5T0L0-9\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 361F7B00
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition is bootable
Partition file system is NTFS
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 976564272
Partition is not bootable
Partition file system is NTFS
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa8012051060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80118d0480, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8012051060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80131ea060, DeviceName: \Device\000000a4\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A84E7E5A
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953456128
Partition is not bootable
Partition file system is NTFS
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable
Disk Size: 1000170586112 bytes
Sector size: 512 bytes
Done!
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44339A3A107BFA601669F9B57EBB832322CC671A.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44339A3A107BFA601669F9B57EBB832322CC671A.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44339A3A107BFA601669F9B57EBB832322CC671A.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44339A3A107BFA601669F9B57EBB832322CC671A.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44339A3A107BFA601669F9B57EBB832322CC671A.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44339A3A107BFA601669F9B57EBB832322CC671A.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44339A3A107BFA601669F9B57EBB832322CC671A.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44339A3A107BFA601669F9B57EBB832322CC671A.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44339A3A107BFA601669F9B57EBB832322CC671A.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44339A3A107BFA601669F9B57EBB832322CC671A.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44339A3A107BFA601669F9B57EBB832322CC671A.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44339A3A107BFA601669F9B57EBB832322CC671A.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44339A3A107BFA601669F9B57EBB832322CC671A.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44339A3A107BFA601669F9B57EBB832322CC671A.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-44339A3A107BFA601669F9B57EBB832322CC671A.bin.83" is compressed (flags = 1)
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removal finished
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/1/2017
Scan Time: 11:39 PM
Logfile: MBAM Log.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2017.01.02.01
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kyle
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317532
Time Elapsed: 11 min, 58 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)