Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

mbamswissarmy.sys corrupted


  • This topic is locked This topic is locked

#1
prblm

prblm

    Member

  • Member
  • PipPip
  • 12 posts
Hello, after I foolishly downloaded an adblocker from a shady website, my computer became unresponsive soon after and I decided I would just restart it. My computer went to the startup repair screen and said my computer couldn't be repaired, I checked the logs and it said mbamswissarmy.sys was corrupted. I used FRST and here is the log, can someone help me please?
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by SYSTEM on MININT-NMU4FUL (03-02-2017 21:06:45)
Running from F:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11842152 2011-05-02] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] => "D:\Malwarebytes Anti-Malware\mbam.exe" /bootscan -resetprotection
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6532664 2016-03-16] (GOG.com)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-17] (NVIDIA Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-17] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-17] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 GalaxyClientService; "D:\GalaxyClient\GalaxyClientService.exe" [X]
S4 MBAMScheduler; "D:\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "D:\Malwarebytes Anti-Malware\mbamservice.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2017-02-03] () <==== ATTENTION (zero byte File/Folder)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-17] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-06-17] (NVIDIA Corporation)
S3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-18] (Scarlet.Crush Productions)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-03 21:06 - 2017-02-03 21:06 - 00000000 ____D C:\FRST
2017-02-02 11:48 - 2017-02-02 11:49 - 00000000 ____D C:\Users\Zach\Documents\crap
2017-01-18 18:09 - 2017-01-18 18:10 - 00000000 ____D C:\Windows\rescache
2017-01-11 11:38 - 2017-01-05 10:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2017-01-11 11:38 - 2017-01-05 10:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2017-01-11 11:38 - 2017-01-05 10:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\rpchttp.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\System32\bcrypt.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-11 11:38 - 2017-01-05 09:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-11 11:38 - 2017-01-05 09:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2017-01-11 11:38 - 2017-01-05 09:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-01-11 11:38 - 2017-01-05 09:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-01-11 11:38 - 2017-01-05 09:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2017-01-11 11:38 - 2017-01-05 09:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2017-01-11 11:38 - 2017-01-05 09:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-11 11:38 - 2017-01-05 09:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-03 20:02 - 2016-07-17 14:48 - 00000000 _____ C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-02-03 19:10 - 2016-04-18 03:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-03 07:27 - 2009-07-13 20:45 - 00027184 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-03 07:27 - 2009-07-13 20:45 - 00027184 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-01 10:22 - 2015-08-05 02:32 - 00002424 _____ C:\Users\Zach\Desktop\Google Chrome Canary.lnk
2017-02-01 05:04 - 2016-11-18 13:30 - 00000000 ____D C:\Users\Zach\AppData\LocalLow\Mozilla
2017-01-31 21:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2017-01-31 20:57 - 2009-07-13 21:13 - 00006242 _____ C:\Windows\System32\PerfStringBackup.INI
2017-01-31 20:51 - 2016-11-17 18:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-31 20:51 - 2014-05-06 16:15 - 00000000 ___RD C:\Users\Zach\Google Drive
2017-01-31 20:51 - 2014-03-10 22:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-31 20:51 - 2013-10-22 17:00 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-31 20:51 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-30 16:33 - 2016-04-18 03:49 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-30 16:33 - 2016-04-18 03:49 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-30 16:33 - 2016-04-18 03:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-30 16:33 - 2016-04-18 03:49 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-30 16:33 - 2016-04-18 03:49 - 00000000 ____D C:\Windows\System32\Macromed
2017-01-30 16:33 - 2016-04-18 03:48 - 00000000 ____D C:\Users\Zach\AppData\Local\Adobe
2017-01-20 06:47 - 2014-08-19 08:59 - 00000000 ____D C:\Program Files (x86)\Steam
==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2016-10-11 15:29] - [2016-08-29 07:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA
C:\Windows\SysWOW64\explorer.exe
[2016-10-11 15:29] - [2016-08-29 06:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-12-14 10:18] - [2016-11-10 08:32] - 1009152 ____A (Microsoft Corporation) 34BA256FBF83457F9D5E51A56DB54542
C:\Windows\SysWOW64\User32.dll
[2016-12-14 10:18] - [2016-11-10 08:19] - 0833024 ____A (Microsoft Corporation) 3CB074875AC88A7C1010A2A7F9881A8C
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Association (Whitelisted) =============

==================== Restore Points =========================

==================== Memory info ===========================
Percentage of memory in use: 7%
Total physical RAM: 16288.36 MB
Available physical RAM: 15033 MB
Total Virtual: 16286.56 MB
Available Virtual: 15041 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:0.37 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive f: (Lexar) (Removable) (Total:7.32 GB) (Free:6.39 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:1863.01 GB) (Free:1538.56 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FB1AD951)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 8B1FACCE)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)
LastRegBack: 2017-02-02 09:49
==================== End of FRST.txt ============================

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

I'll be back shortly with a set of instructions for you.
  • 0

#3
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

I'll be back shortly with a set of instructions for you.

Here you go,
A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] => "D:\Malwarebytes Anti-Malware\mbam.exe" /bootscan -resetprotection
D:\Malwarebytes Anti-Malware\mbam.exe
S4 MBAMScheduler; "D:\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "D:\Malwarebytes Anti-Malware\mbamservice.exe" [X]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2017-02-03] () <==== ATTENTION (zero byte File/Folder)
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your flash drive F:\ (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the flash drive F:\ (Fixlog.txt). Please post it to your reply.

  • 0

#4
prblm

prblm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hi, I forgot to mention that my computer doesn't boot normally anymore, it goes straight to the startup repair screen, just thought I'd mention that before continuing.


  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
This fix should fix the boot problem I'm hoping.
  • 0

#6
prblm

prblm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

I did as you asked and am just waiting for the computer to restart, here is the log

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by SYSTEM (04-02-2017 01:19:34) Run:1
Running from F:\
Boot Mode: Recovery
==============================================
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] => "D:\Malwarebytes Anti-Malware\mbam.exe" /bootscan -resetprotection
D:\Malwarebytes Anti-Malware\mbam.exe
S4 MBAMScheduler; "D:\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "D:\Malwarebytes Anti-Malware\mbamservice.exe" [X]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2017-02-03] () <==== ATTENTION (zero byte File/Folder)
*****************
CloseProcesses: => Error: This directive works only outside recovery mode.
Error: Restore point can only be created in normal mode.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware => value removed successfully
D:\Malwarebytes Anti-Malware\mbam.exe => moved successfully
HKLM\System\ControlSet001\Services\MBAMScheduler => key removed successfully
MBAMScheduler => service removed successfully
HKLM\System\ControlSet001\Services\MBAMService => key removed successfully
MBAMService => service removed successfully
HKLM\System\ControlSet001\Services\MBAMProtector => key removed successfully
MBAMProtector => service removed successfully
HKLM\System\ControlSet001\Services\MBAMSwissArmy => key removed successfully
MBAMSwissArmy => service removed successfully
==== End of Fixlog 01:19:34 ====

  • 0

#7
prblm

prblm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

It was able to boot back normally again!


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
From normal boot mode please download FRST and run it again as described.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#9
prblm

prblm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Dumb question, but would it be safe to go on the internet?


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts

Not a Dumb question.

Yes safe
  • 0

Advertisements


#11
prblm

prblm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Did what you asked here are the logs

 

 

FRST LOG

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Zach (administrator) on ZACH-PC (04-02-2017 01:39:21)
Running from C:\Users\Zach\Downloads
Loaded Profiles: Zach (Available Profiles: Zach)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(GOG.com) D:\GalaxyClient\GalaxyClient.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(Google Inc.) C:\Users\Zach\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Zach\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(GOG.com) D:\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) D:\GalaxyClient\GalaxyClient Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11842152 2011-05-02] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-546699372-1971405435-3590954436-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-546699372-1971405435-3590954436-1000\...\Run: [GalaxyClient] => D:\GalaxyClient\GalaxyClient.exe [7744568 2015-10-15] (GOG.com)
HKU\S-1-5-21-546699372-1971405435-3590954436-1000\...\Run: [Google Update] => C:\Users\Zach\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2013-10-22]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2EE0B8C9-6AEB-40B4-8074-E7EAB35481A0}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{CAA41FBC-28EF-497F-AF2C-3A217A90020A}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKU\S-1-5-21-546699372-1971405435-3590954436-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Java\bin\ssv.dll [2015-08-11] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Java\bin\jp2ssv.dll [2015-08-11] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-546699372-1971405435-3590954436-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\hpn3hkpa.default [2017-02-03]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\hpn3hkpa.default -> Astromenda
FF Extension: (uBlock Origin) - C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\hpn3hkpa.default\Extensions\[email protected] [2017-02-03]
FF Extension: (Session Manager) - C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\hpn3hkpa.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-31]
FF Extension: (Adblock Plus) - C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\hpn3hkpa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (ImageHost Grabber) - C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\hpn3hkpa.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2016-04-28]
FF Extension: (Diagnostics) - C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\hpn3hkpa.default\features\{08f4915a-b1c3-40e4-b127-86c02914c702}\[email protected] [2017-02-03]
FF Extension: (Send HSTS Priming Requests) - C:\Users\Zach\AppData\Roaming\Mozilla\Firefox\Profiles\hpn3hkpa.default\features\{08f4915a-b1c3-40e4-b127-86c02914c702}\[email protected] [2017-02-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-30] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> D:\Java\bin\dtplugin\npDeployJava1.dll [2015-08-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> D:\Java\bin\plugin2\npjp2.dll [2015-08-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-546699372-1971405435-3590954436-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-546699372-1971405435-3590954436-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default [2017-02-04]
CHR Extension: (Google Slides) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-03]
CHR Extension: (Google Docs) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-03]
CHR Extension: (Google Drive) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-03]
CHR Extension: (Adguard AdBlocker) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-12-23]
CHR Extension: (YouTube) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-03]
CHR Extension: (uBlock Origin) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-12-21]
CHR Extension: (Google Search) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-03]
CHR Extension: (Session Buddy) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-11-19]
CHR Extension: (Google Sheets) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-03]
CHR Extension: (Google Docs Offline) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2016-12-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Gmail) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-03]
CHR Extension: (Chrome Media Router) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKU\S-1-5-21-546699372-1971405435-3590954436-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Zach\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-06]
CHR HKU\S-1-5-21-546699372-1971405435-3590954436-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S3 GalaxyClientService; D:\GalaxyClient\GalaxyClientService.exe [1616440 2015-10-15] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6532664 2016-03-16] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-17] (NVIDIA Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-17] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-06-17] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-18] (Scarlet.Crush Productions)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-04 01:39 - 2017-02-04 01:39 - 00020249 _____ C:\Users\Zach\Downloads\FRST.txt
2017-02-04 01:38 - 2017-02-04 01:38 - 02420736 _____ (Farbar) C:\Users\Zach\Downloads\FRST64.exe
2017-02-03 21:06 - 2017-02-04 01:39 - 00000000 ____D C:\FRST
2017-02-02 11:48 - 2017-02-02 11:49 - 00000000 ____D C:\Users\Zach\Documents\crap
2017-01-18 18:09 - 2017-01-18 18:10 - 00000000 ____D C:\Windows\rescache
2017-01-11 11:38 - 2017-01-05 10:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-11 11:38 - 2017-01-05 10:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-11 11:38 - 2017-01-05 10:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-11 11:38 - 2017-01-05 10:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-11 11:38 - 2017-01-05 09:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-11 11:38 - 2017-01-05 09:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-11 11:38 - 2017-01-05 09:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-11 11:38 - 2017-01-05 09:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-11 11:38 - 2017-01-05 09:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-11 11:38 - 2017-01-05 09:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-11 11:38 - 2017-01-05 09:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-11 11:38 - 2017-01-05 09:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-11 11:38 - 2017-01-05 09:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-04 01:38 - 2014-05-06 16:15 - 00000000 ___RD C:\Users\Zach\Google Drive
2017-02-04 01:31 - 2009-07-13 20:45 - 00027184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-04 01:31 - 2009-07-13 20:45 - 00027184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-04 01:29 - 2009-07-13 21:13 - 00006242 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-04 01:23 - 2013-10-22 17:00 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-04 01:23 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-03 20:02 - 2016-07-17 14:48 - 00000000 _____ C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-03 19:10 - 2016-04-18 03:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-01 10:22 - 2015-08-05 02:32 - 00002432 _____ C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2017-02-01 10:22 - 2015-08-05 02:32 - 00002424 _____ C:\Users\Zach\Desktop\Google Chrome Canary.lnk
2017-02-01 05:04 - 2016-11-18 13:30 - 00000000 ____D C:\Users\Zach\AppData\LocalLow\Mozilla
2017-01-31 21:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-31 20:51 - 2016-11-17 18:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-31 20:51 - 2014-03-10 22:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-30 16:33 - 2016-04-18 03:49 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-30 16:33 - 2016-04-18 03:49 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-30 16:33 - 2016-04-18 03:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-30 16:33 - 2016-04-18 03:49 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-30 16:33 - 2016-04-18 03:49 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-30 16:33 - 2016-04-18 03:48 - 00000000 ____D C:\Users\Zach\AppData\Local\Adobe
2017-01-20 06:47 - 2014-08-19 08:59 - 00000000 ____D C:\Program Files (x86)\Steam
==================== Files in the root of some directories =======
2013-10-30 09:29 - 2013-10-30 09:29 - 0000015 _____ () C:\Users\Zach\AppData\Roaming\mbam.context.scan
2014-05-06 16:33 - 2016-01-30 16:32 - 0007606 _____ () C:\Users\Zach\AppData\Local\Resmon.ResmonCfg
2008-02-05 12:28 - 2008-02-05 12:28 - 0000051 _____ () C:\Users\Zach\AppData\Local\setup.txt
2014-10-23 21:50 - 2014-10-23 21:52 - 0000125 ___SH () C:\ProgramData\.zreglib
Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\MBAMSwissArmy.sys
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-02 09:49
==================== End of FRST.txt ============================

  • 0

#12
prblm

prblm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Addition log

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Zach (04-02-2017 01:39:39)
Running from C:\Users\Zach\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2013-10-23 00:54:11)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-546699372-1971405435-3590954436-500 - Administrator - Disabled)
Guest (S-1-5-21-546699372-1971405435-3590954436-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-546699372-1971405435-3590954436-1003 - Limited - Enabled)
Zach (S-1-5-21-546699372-1971405435-3590954436-1000 - Administrator - Enabled) => C:\Users\Zach
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-546699372-1971405435-3590954436-1000\...\uTorrent) (Version: 3.3.2.30416 - BitTorrent Inc.)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.01 - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Crysis (HKLM-x32\...\Steam App 17300) (Version:  - Crytek)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Messiah of Might & Magic Single Player (HKLM-x32\...\Steam App 2100) (Version:  - Arkane Studios)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
EVGA PrecisionX 16 (HKLM-x32\...\{2BFBCBE1-DD93-45C9-8997-FC1D1CDE47D1}) (Version: 5.3.6 - EVGA Corporation)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-546699372-1971405435-3590954436-1000\...\Google Chrome SxS) (Version: 58.0.2999.0 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hitman: Blood Money (HKLM-x32\...\Steam App 6860) (Version:  - IO Interactive)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 16.1.53.0 (HKLM\...\PROSetDX) (Version: 16.1.53.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1051 - Marvell)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version:  - Konami Digital Entertainment)
Metro: Last Light Redux (HKLM-x32\...\Metro: Last Light Redux_is1) (Version:  - Deep Silver)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-546699372-1971405435-3590954436-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Middle Earth Shadow of Mordor (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0015}) (Version: 6.0 - Black Box)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-GB)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6363 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.12.1.0 - GOG.com)
Thief 2 (HKLM-x32\...\Steam App 211740) (Version:  - Looking Glass Studios)
Thief 2 HD Mod 0.9.5 (HKLM-x32\...\Thief2) (Version:  - )
Thief Gold HD Mod 0.9.1 (HKLM-x32\...\ThiefGold) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Zach\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Zach\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Zach\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Zach\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Zach\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2EBCDAA2-7980-4D10-8CBC-C9C0CDB44C77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-12] (Google Inc.)
Task: {6136C361-D6AD-4B93-B4D8-DA491E946557} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-30] (Adobe Systems Incorporated)
Task: {6A563846-A265-4F0C-83F4-CB3EB9B39C2C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-546699372-1971405435-3590954436-1000UA => C:\Users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {77B04F1D-D384-426B-8AD2-5EB09E7554E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-546699372-1971405435-3590954436-1000Core => C:\Users\Zach\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {9785E307-0471-47F0-920B-BFA688CE1D9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-12] (Google Inc.)
Task: {D9940CC0-1B19-4464-953B-27C24C66A1A7} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2013-10-22 20:05 - 2015-06-16 22:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-15 13:25 - 2015-09-15 13:25 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 13:25 - 2015-09-15 13:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-22 17:10 - 2011-05-23 01:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 45069312 _____ () D:\GalaxyClient\libcef.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00566272 _____ () D:\GalaxyClient\PocoUtil.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00515072 _____ () D:\GalaxyClient\PocoXML.dll
2015-07-26 18:33 - 2015-07-08 08:59 - 00139776 _____ () D:\GalaxyClient\expat.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 01785344 _____ () D:\GalaxyClient\PocoFoundation.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00412672 _____ () D:\GalaxyClient\pcre.dll
2015-07-26 18:33 - 2015-07-08 09:00 - 00094208 _____ () D:\GalaxyClient\zlib.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00414208 _____ () D:\GalaxyClient\PocoJSON.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 01202176 _____ () D:\GalaxyClient\PocoNet.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 02579456 _____ () D:\GalaxyClient\PocoData.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00476672 _____ () D:\GalaxyClient\PocoDataSQLite.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00666624 _____ () D:\GalaxyClient\sqlite.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00340480 _____ () D:\GalaxyClient\PocoZip.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00332288 _____ () D:\GalaxyClient\PocoNetSSL.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00172032 _____ () D:\GalaxyClient\PocoCrypto.dll
2015-07-26 18:33 - 2015-07-08 09:00 - 00107520 _____ () D:\GalaxyClient\ZLIB1.dll
2015-07-26 21:28 - 2015-06-17 01:10 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-04 01:23 - 2017-02-04 01:23 - 00098816 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32api.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00110080 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\pywintypes27.dll
2017-02-04 01:23 - 2017-02-04 01:23 - 00364544 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\pythoncom27.dll
2017-02-04 01:23 - 2017-02-04 01:23 - 00320512 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32com.shell.shell.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00914432 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\_hashlib.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 01176576 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\wx._core_.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00806400 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\wx._gdi_.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00816128 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\wx._windows_.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 01067008 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\wx._controls_.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00733184 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\wx._misc_.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00682496 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\pysqlite2._sqlite.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00088064 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\_ctypes.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00686080 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\unicodedata.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00119808 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32file.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00108544 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32security.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00007168 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\hashobjs_ext.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00017920 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\thumbnails_ext.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00088064 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\usb_ext.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00012800 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\common.time34.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00018432 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32event.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00167936 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32gui.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00046080 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\_socket.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 01303552 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\_ssl.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00128512 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\_elementtree.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00127488 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\pyexpat.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00038912 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32inet.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00036864 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\_psutil_windows.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00524248 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\windows._lib_cacheinvalidation.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00011264 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32crypt.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00123392 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\wx._wizard.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00077312 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\wx._html2.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00027648 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\_multiprocessing.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00020480 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\_yappi.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00035840 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32process.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00078848 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\wx._animate.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00024064 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32pipe.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00010240 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\select.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00025600 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32pdh.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00017408 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32profile.pyd
2017-02-04 01:23 - 2017-02-04 01:23 - 00022528 ____R () C:\Users\Zach\AppData\Local\Temp\_MEI35082\win32ts.pyd
2015-07-26 18:33 - 2015-09-09 10:39 - 01643008 _____ () D:\GalaxyClient\libglesv2.dll
2015-07-26 18:33 - 2015-09-09 10:39 - 00074752 _____ () D:\GalaxyClient\libegl.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-09-06 19:45 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\Zach\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-06 19:45 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\Zach\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-546699372-1971405435-3590954436-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Zach\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8D9DD04B-EAD9-4213-9B68-05283E938A5C}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6CC0E9D4-1CB4-4F2D-9054-8C3C0C61C4C2}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{0BB50AAE-F2B0-4041-BCD0-0CD2A731EFCF}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BEB21877-2C62-4815-94CE-5AB76EC84F2C}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{464A6004-1351-48D4-9BB9-4A3209D4287D}C:\users\zach\appdata\roaming\utorrent\utorrent.exe] => C:\users\zach\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{38F75682-FC59-4357-99FC-B8662E7F44F8}C:\users\zach\appdata\roaming\utorrent\utorrent.exe] => C:\users\zach\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{E458DB7C-EC28-47F2-9B18-B44EB878FABE}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9A1C8698-65E4-4426-AE0B-4B963607CBA5}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4373F4C3-A158-427D-8E67-D6F3A8E62728}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5A6BE546-8223-4E53-945D-15DF3818F862}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{195E9BA1-D4EA-404D-8737-63E7509A0013}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{91CA6AFA-70F9-465D-BBCE-BE3186AC2BBE}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B0C82240-385F-49D6-81D9-D173BAF00581}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BA8FDEF4-7203-4A8D-BD8C-775371860AE4}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{CB0E1CBD-DC37-4628-8F34-BB0F71EC45F5}C:\users\zach\appdata\local\google\chrome sxs\application\chrome.exe] => C:\users\zach\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{9DD29CC0-F5F2-4668-86E9-A4361FC059B6}C:\users\zach\appdata\local\google\chrome sxs\application\chrome.exe] => C:\users\zach\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [TCP Query User{4F54234B-1A69-4328-8CD0-7535A2044146}C:\users\zach\appdata\local\google\chrome sxs\application\chrome.exe] => C:\users\zach\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{CD248312-F6D2-447F-988E-10511A0809C3}C:\users\zach\appdata\local\google\chrome sxs\application\chrome.exe] => C:\users\zach\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{1F6050EA-41BF-4E60-90B2-29C858FD37A3}] => D:\SteamLibrary\SteamApps\common\Crysis\Bin32\Crysis.exe
FirewallRules: [{CDEBBDB8-D9AC-4682-B3E4-2B09B4B68143}] => D:\SteamLibrary\SteamApps\common\Crysis\Bin32\Crysis.exe
FirewallRules: [{381FAFFB-2CD5-430F-B17A-E3B81F182457}] => D:\SteamLibrary\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{A5B27575-1A8C-44DC-81DD-303EAE3EC923}] => D:\SteamLibrary\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{0676167C-7725-4865-8B4D-81F76CA4EEA6}] => D:\SteamLibrary\SteamApps\common\Dark Messiah Might and Magic Single Player\mm.exe
FirewallRules: [{C9D047E8-98A5-4542-9F3D-AFECE4356B6B}] => D:\SteamLibrary\SteamApps\common\Dark Messiah Might and Magic Single Player\mm.exe
FirewallRules: [{E8EF34D6-0294-46EE-ACA0-854C762611C5}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5E3985DD-B6F5-49CA-8CCA-1D36F3874CEF}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{17BC9D1C-115B-4EF1-B6B9-57BFB9228360}] => E:\SteamLibrary\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{3F5078D4-A324-4504-852C-C42C2BE35E9B}] => E:\SteamLibrary\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{661D94FF-8E32-4987-8A7D-150A1B12030E}] => E:\SteamLibrary\SteamApps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{28610581-76D9-4EB7-85E3-A0BE77A87553}] => E:\SteamLibrary\SteamApps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [TCP Query User{D4588673-88A2-40DD-AAD5-DBE659CA7AA5}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{0A6D2E4B-A3E0-427B-9DB9-3F9AE437B3C8}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E441EB05-98C6-4AF1-85D3-BDCC61985DFD}] => E:\SteamLibrary\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{B093DE8D-92EE-4D08-8BD1-958FA88E2AD4}] => E:\SteamLibrary\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{2D9B59C4-03DA-4461-A1B6-56A8D13FC6B9}] => D:\SteamLibrary\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{20F82547-1A25-47BA-8C23-84A37857A77E}] => D:\SteamLibrary\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{30703479-70DD-4C54-8040-9A6A8CBEE2C6}] => D:\SteamLibrary\SteamApps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{19342635-99E5-46D2-ADE2-CA972F8DD074}] => D:\SteamLibrary\SteamApps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{EAA801A4-5AFD-4ABC-9771-9E8040F6F804}] => D:\SteamLibrary\SteamApps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [{1F401940-0835-47A0-A5F8-B2CE2A666F4A}] => D:\SteamLibrary\SteamApps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [{7BDBC1F0-8A8B-44D8-ABC1-AE0898B2F90B}] => D:\SteamLibrary\SteamApps\common\Hitman Blood Money\configure.exe
FirewallRules: [{6EB6AD52-E998-4C4D-AA95-6EC8ADE28DA9}] => D:\SteamLibrary\SteamApps\common\Hitman Blood Money\configure.exe
FirewallRules: [{6B1B2DA1-2C0B-4E05-AF3A-C5481033DBD0}] => D:\SteamLibrary\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{F66A7465-7558-48D6-814C-21019F1C08A2}] => D:\SteamLibrary\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{F2D01E38-6394-4958-A2F0-4F63EB0E520C}] => D:\SteamLibrary\SteamApps\common\thief_2\thief2.exe
FirewallRules: [{2B8520A7-AD98-4D78-A6C7-0EE35C85D8C3}] => D:\SteamLibrary\SteamApps\common\thief_2\thief2.exe
FirewallRules: [{B8524361-4161-4DA3-B5CA-4A26BF35C760}] => D:\SteamLibrary\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{B8FB66E2-F1AE-478F-9511-FCA967F68A50}] => D:\SteamLibrary\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [TCP Query User{845263D6-E69D-4BC9-9DE0-71164757E604}D:\java\bin\javaw.exe] => D:\java\bin\javaw.exe
FirewallRules: [UDP Query User{B8692AE5-8BDC-4F87-BAA2-C90546B662C2}D:\java\bin\javaw.exe] => D:\java\bin\javaw.exe
FirewallRules: [{F02042E3-4ABB-4964-B848-23391EEF82AC}] => D:\SteamLibrary\SteamApps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{07DFE7E5-BE37-4605-85E0-CAB3725C0F3E}] => D:\SteamLibrary\SteamApps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{E0C86C04-EEF9-4E95-9589-ECD816BFC916}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{89ADA8AE-E84F-4E69-A533-0EA85875F0D9}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0EAF2D0E-F4AF-44BD-82C1-77D8EC10D6F9}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{495DB2BF-5A30-4A09-9CCC-1F54593FA772}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BF39566C-3713-4FD9-A0E5-F625E16D9D92}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{F2D76F5B-A2DF-494B-B210-37A68B53E1F5}C:\users\zach\appdata\roaming\utorrent\utorrent.exe] => C:\users\zach\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{25A2408A-A906-435F-9F99-E75273262ADE}C:\users\zach\appdata\roaming\utorrent\utorrent.exe] => C:\users\zach\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{3E087D8E-BC5E-42EE-8472-A3D1F2C7F52F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0DD4C8F-CD09-48DC-B24D-D31F1AF8B6CF}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BBBF27B5-E7E9-48BC-9E0F-E3958FCF442C}] => C:\Users\Zach\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2F369571-34D5-4E21-976C-9FE8A778947A}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6D86439B-AC62-4D6D-8BAA-64816A0A3C9D}] => LPort=2869
FirewallRules: [{ACB92C97-F758-413D-8F9A-7F035A051CFA}] => LPort=1900
FirewallRules: [{69FEE45A-B407-4A59-B434-5D4B28D1307C}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5F73D0EA-5BD5-4479-8784-6AB992962DA8}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{08CB8902-E086-48C6-82D1-33E85F627080}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{36A8AE22-7D7E-464A-A69B-CCA82A679FBF}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (02/04/2017 01:29:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/04/2017 01:29:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/04/2017 01:26:38 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/04/2017 01:26:38 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/04/2017 01:23:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/03/2017 08:02:08 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-ED3411AFB1FB3E7E14988CAB99EF8DD56C71DD7B.bin.79 for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Antimalware Service Executable because of this error.
Program: Antimalware Service Executable
File: C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-ED3411AFB1FB3E7E14988CAB99EF8DD56C71DD7B.bin.79
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000007F
Disk type: 3
Error: (02/03/2017 08:02:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.10.209.0, time stamp: 0x582a94a1
Faulting module name: mpengine.dll, version: 1.1.13407.0, time stamp: 0x5866e27c
Exception code: 0xc0000006
Fault offset: 0x00000000002c58bf
Faulting process id: 0x46bc
Faulting application start time: 0x01d27e9b733fea9c
Faulting application path: C:\Program Files\Microsoft Security Client\MsMpEng.exe
Faulting module path: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C392BFB-BF5A-41D7-A640-DA2B00988713}\mpengine.dll
Report Id: b1f03d53-ea8e-11e6-8179-14dae9c684ce
Error: (02/03/2017 08:01:32 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-ED3411AFB1FB3E7E14988CAB99EF8DD56C71DD7B.bin.79 for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Antimalware Service Executable because of this error.
Program: Antimalware Service Executable
File: C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-ED3411AFB1FB3E7E14988CAB99EF8DD56C71DD7B.bin.79
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000007F
Disk type: 3
Error: (02/03/2017 08:01:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.10.209.0, time stamp: 0x582a94a1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000006
Fault offset: 0x000000000ce9a195
Faulting process id: 0x2bc
Faulting application start time: 0x01d27c46d43822f0
Faulting application path: C:\Program Files\Microsoft Security Client\MsMpEng.exe
Faulting module path: unknown
Report Id: 9ca83c2d-ea8e-11e6-8179-14dae9c684ce
Error: (02/02/2017 10:39:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17535

System errors:
=============
Error: (02/04/2017 01:33:21 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 New Signature Version:
 Previous Signature Version: 116.72.0.0
 Update Source: Microsoft Malware Protection Center
 Update Stage: Search
 Signature Type: Network Inspection System
 Update Type: Full
 User: NT AUTHORITY\NETWORK SERVICE
 Current Engine Version:
 Previous Engine Version: 2.1.12706.0
 Error code: 0x80072ee7
 Error description: The server name or address could not be resolved
Error: (02/04/2017 01:33:21 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 New Signature Version:
 Previous Signature Version: 1.235.1929.0
 Update Source: Microsoft Malware Protection Center
 Update Stage: Search
 Signature Type: AntiSpyware
 Update Type: Full
 User: NT AUTHORITY\NETWORK SERVICE
 Current Engine Version:
 Previous Engine Version: 1.1.13407.0
 Error code: 0x80072ee7
 Error description: The server name or address could not be resolved
Error: (02/04/2017 01:33:21 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 New Signature Version:
 Previous Signature Version: 1.235.1929.0
 Update Source: Microsoft Malware Protection Center
 Update Stage: Search
 Signature Type: AntiVirus
 Update Type: Full
 User: NT AUTHORITY\NETWORK SERVICE
 Current Engine Version:
 Previous Engine Version: 1.1.13407.0
 Error code: 0x80072ee7
 Error description: The server name or address could not be resolved
Error: (02/04/2017 01:33:21 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 New Signature Version:
 Previous Signature Version: 1.235.1929.0
 Update Source: Microsoft Update Server
 Update Stage: Search
 Signature Type: AntiVirus
 Update Type: Full
 User: NT AUTHORITY\SYSTEM
 Current Engine Version:
 Previous Engine Version: 1.1.13407.0
 Error code: 0x8024402c
 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Error: (02/04/2017 01:23:14 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:02:43 PM on ‎2/‎3/‎2017 was unexpected.
Error: (02/03/2017 08:02:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMSwissArmy service failed to start due to the following error:
MBAMSwissArmy is not a valid Win32 application.
Error: (02/03/2017 08:02:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 2 time(s).
Error: (02/03/2017 08:02:08 PM) (Source: Microsoft Antimalware) (EventID: 5008) (User: )
Description: Microsoft Antimalware engine has been terminated due to an unexpected error.
 Failure Type: Crash
 Exception code: 0xc0000006
 Resource:
Error: (02/03/2017 08:01:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.
Error: (02/03/2017 08:01:30 PM) (Source: Microsoft Antimalware) (EventID: 5008) (User: )
Description: Microsoft Antimalware engine has been terminated due to an unexpected error.
 Failure Type: Crash
 Exception code: 0xc0000006
 Resource: file:C:\Windows\SysWOW64\drmv2clt.dll

==================== Memory info ===========================
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 16288.37 MB
Available physical RAM: 13440.88 MB
Total Virtual: 32574.92 MB
Available Virtual: 29723.55 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:0.6 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:1863.01 GB) (Free:1545.6 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 8B1FACCE)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: FB1AD951)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================

  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Looks good!

Just few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\hpn3hkpa.default -> Astromenda
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CMD: ipconfig /flushdns
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your downlods folderC:\Users\Zach\Downloads (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log in the downloads folder C:\Users\Zach\Downloads (Fixlog.txt). Please post it to your reply.

  • 0

#14
prblm

prblm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Here is the fixlog

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Zach (04-02-2017 01:59:12) Run:2
Running from C:\Users\Zach\Downloads
Loaded Profiles: Zach (Available Profiles: Zach)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\hpn3hkpa.default -> Astromenda
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Zach\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Zach\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CMD: ipconfig /flushdns
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
Firefox SelectedSearchEngine removed successfully
C:\Users\Zach\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => not found.
3 VGPU; System32\drivers\rdvgkmd.sys [X] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-546699372-1971405435-3590954436-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
========= ipconfig /flushdns =========

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========

=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 29839185 B
Java, Flash, Steam htmlcache => 185627632 B
Windows/system/drivers => 270234038 B
Edge => 0 B
Chrome => 101056615 B
Firefox => 94780605 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 179637502 B
systemprofile32 => 96212 B
LocalService => 0 B
NetworkService => 37994226 B
Zach => 5910307689 B
UpdatusUser => 0 B
RecycleBin => 0 B
EmptyTemp: => 6.3 GB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 01:59:47 ====

  • 0

#15
prblm

prblm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

It rebooted normally by the way


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP