Solved Need help with Malware Removal please.

Ok, it's telling me Chrome already has Adobe and will keep it updated, skip that step?
Figure I should ask incase I have missed something lol
 
Sorry but I still have a problem ><
I just opened Steam and got a pop up, fake virus alert thing telling me to call some 1800 number to get help disinfecting.
A Java script popped up saying:

"Chrome Browser has detected a new virus

WARNING! VIRUS TROJAN (TRJ.dealware.stealth) HAS BEEN INJECTED INTO YOUR COMPUTER"
 
Reset Chrome...
Click on "Customize and control Google Chrome":
p22003758.gif

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/
  • Close all Chrome windows and tabs.
  • Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
  • Click Programs and Features.
  • Double-click Google Chrome.
  • Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
Install fresh copy.
 
Ok, I reset Chrome but still got the pop ups in Steam so have uninstalled/reinstalled a fresh copy but am still getting random pop ups. Should I perhaps reinstall Steam? Just worried if I do that my friend will lose all his games from his pc.
 
Let's try to reset your router.

Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer.

NOTE. You may need to re-check your router security settings, as described HERE
 
Hey Broni, where can I find Malwarebytes logs? I did a scan last night and it detected 5 items, I haven't been doing anything with this pc apart from playing Vermintide, using Facebook and YouTube. Maybe you can get an idea of what is happening if I can show you the log? I will also try resetting the modem.
 
  • open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
 
Reset the modem to factory settings and problem is persisting.

Here is the log of the latest MBAM scan:


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/11/2015
Scan Time: 1:58 AM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.08.04
Rootkit Database: v2015.11.04.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344511
Time Elapsed: 8 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUP.Optional.CrossBrowse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{F9A5D59F-4C25-4E49-95A6-728A0A5D7194}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe|Name=Crossbrowse (mDNS-In)|Desc=Inbound rule for Crossbrowse to allow mDNS traffic.|EmbedCtxt=Crossbrowse|, Quarantined, [237109727b107fb75eed1bb6659ef010]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.VBates.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}, Quarantined, [e8ac90ebdcaf221439f4790562a002fe],
PUP.Optional.VBates.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}, Quarantined, [e8ac90ebdcaf221439f4790562a002fe],
PUP.Optional.VBates.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5, Quarantined, [e8ac90ebdcaf221439f4790562a002fe],

Files: 1
PUP.Optional.VBates.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js, Quarantined, [e8ac90ebdcaf221439f4790562a002fe],

Physical Sectors: 0
(No malicious items detected)


(end)

Definitely going to make a donation for all the time you have spent helping me (y)
 
Thank you :)

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by user (administrator) on BRONS-PC (12-11-2015 12:07:46)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [RaidCall] => C:\Program Files (x86)\RaidCall\raidcall.exe [4152984 2015-02-11] (RAIDCALL.COM)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-2055689581-48535413-3719112780-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2055689581-48535413-3719112780-1000\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)
HKU\S-1-5-21-2055689581-48535413-3719112780-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-2055689581-48535413-3719112780-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6E7D7906-54DD-4042-81E5-EB8C7F91EC4A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8C930C13-1218-40D7-8434-D3180DE42253}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2055689581-48535413-3719112780-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-07] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-07] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\op8egejq.default-1446260642654
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-19] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-04] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-06] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\user\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-07] (Google Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-07]
CHR Extension: (From Dust) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2015-11-07]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-07]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Dropbox for Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-08]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-07]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-11-07]
CHR Extension: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-07]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2015-09-02] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-08-01] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-09-13] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-08-20] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-10-03] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\DRTWlanU.sys [3409112 2014-07-30] (Realtek Semiconductor Corporation )
R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [132712 2014-07-22] (Yamaha Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 12:05 - 2015-11-12 12:07 - 00015276 _____ C:\Users\user\Desktop\FRST.txt
2015-11-12 12:05 - 2015-11-12 12:07 - 00000000 ____D C:\FRST
2015-11-12 12:05 - 2015-11-12 12:05 - 00000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
2015-11-11 16:28 - 2015-11-06 01:41 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-11-11 12:29 - 2015-11-06 04:13 - 42914096 _____ C:\Windows\system32\nvcompiler.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 22308656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 18362160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 17515208 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 15717864 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 11130488 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-11-11 12:29 - 2015-11-06 04:13 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 02490488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435891.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435891.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 00500872 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 00413816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 00388208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-11-11 12:29 - 2015-11-06 04:13 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-11-10 12:23 - 2015-11-10 12:23 - 00000000 ____D C:\Users\user\AppData\Local\Fallout4
2015-11-10 01:25 - 2015-11-10 01:26 - 00000222 _____ C:\Users\user\Desktop\Fallout 4.url
2015-11-09 15:07 - 2015-11-09 15:07 - 00000000 ____D C:\Users\user\Tracing
2015-11-09 15:05 - 2015-11-12 12:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2015-11-09 15:05 - 2015-11-09 15:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-09 15:05 - 2015-11-09 15:05 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-09 15:05 - 2015-11-09 15:05 - 00000000 ____D C:\Users\user\AppData\Local\Skype
2015-11-09 15:05 - 2015-11-09 15:05 - 00000000 ____D C:\ProgramData\Skype
2015-11-09 15:05 - 2015-11-09 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-09 15:03 - 2015-11-09 15:03 - 01503872 _____ (Skype Technologies S.A.) C:\Users\user\Downloads\SkypeSetup.exe
2015-11-09 14:48 - 2015-11-09 14:48 - 00000222 _____ C:\Users\user\Desktop\Rogue Legacy.url
2015-11-09 01:46 - 2015-11-09 01:46 - 00000222 _____ C:\Users\user\Desktop\Warhammer End Times - Vermintide.url
2015-11-09 01:43 - 2015-11-09 01:43 - 00001120 _____ C:\Users\user\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-09 01:41 - 2015-11-12 12:03 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-09 01:41 - 2015-11-09 01:41 - 00000963 _____ C:\Users\Public\Desktop\Steam.lnk
2015-11-09 01:41 - 2015-11-09 01:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-09 01:38 - 2015-11-09 01:38 - 01476720 _____ C:\Users\user\Downloads\SteamSetup (1).exe
2015-11-07 15:08 - 2015-11-11 17:13 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-07 15:08 - 2015-11-07 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-07 15:07 - 2015-11-12 00:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 15:07 - 2015-11-07 15:07 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-07 15:06 - 2015-11-12 11:59 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-07 15:06 - 2015-11-07 15:06 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-07 12:10 - 2015-11-07 12:11 - 00001771 _____ C:\DelFix.txt
2015-11-07 12:10 - 2015-11-07 12:10 - 00000000 ____D C:\Windows\ERUNT
2015-11-07 12:02 - 2015-11-07 12:02 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-07 12:02 - 2015-11-07 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-07 12:01 - 2015-11-07 12:01 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-07 11:57 - 2015-11-07 11:57 - 00584288 _____ (Oracle Corporation) C:\Users\user\Downloads\jre-8u65-windows-i586-iftw.exe
2015-11-06 18:09 - 2015-11-06 18:09 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2015-11-06 18:00 - 2015-11-06 04:13 - 15121784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-11-06 18:00 - 2015-11-03 09:48 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-11-06 18:00 - 2015-11-03 09:48 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-11-06 18:00 - 2015-11-03 04:10 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435887.dll
2015-11-06 18:00 - 2015-11-03 04:10 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435887.dll
2015-11-05 16:38 - 2015-11-05 16:39 - 00000000 ____D C:\ProgramData\Sophos
2015-11-05 16:37 - 2015-11-05 16:37 - 00002759 _____ C:\Users\user\Desktop\Sophos Virus Removal Tool.lnk
2015-11-05 16:37 - 2015-11-05 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-11-05 16:37 - 2015-11-05 16:37 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-11-05 16:29 - 2015-11-05 16:35 - 137405704 _____ (Sophos Limited) C:\Users\user\Desktop\Sophos Virus Removal Tool.exe
2015-11-05 16:27 - 2015-11-05 16:28 - 00448512 _____ (OldTimer Tools) C:\Users\user\Desktop\TFC.exe
2015-11-05 16:25 - 2015-11-05 16:26 - 00002746 _____ C:\Users\user\Desktop\FSS.txt
2015-11-05 16:25 - 2015-11-05 16:25 - 00899072 _____ (Farbar) C:\Users\user\Desktop\FSS.exe
2015-11-05 16:21 - 2015-11-05 16:21 - 00852720 _____ C:\Users\user\Desktop\SecurityCheck.exe
2015-11-04 15:05 - 2015-11-04 15:15 - 00000000 ____D C:\Windows\erdnt
2015-11-04 15:01 - 2015-11-04 15:02 - 05637361 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2015-11-02 17:49 - 2015-11-02 17:49 - 00001756 _____ C:\Users\user\Desktop\JRT.txt
2015-11-02 17:14 - 2015-11-09 17:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-02 17:13 - 2015-11-02 17:13 - 00001102 _____ C:\Users\user\Desktop\Malwarebytes Anti-Malware (2).lnk
2015-11-02 17:13 - 2015-11-02 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-02 17:13 - 2015-11-02 17:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-02 17:13 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-02 17:13 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-02 17:13 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-02 16:54 - 2015-11-02 16:55 - 22908888 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-31 18:49 - 2015-11-12 12:05 - 02198528 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2015-10-31 18:41 - 2015-10-31 18:41 - 00000848 _____ C:\Users\user\Desktop\RogueKiller.lnk
2015-10-31 18:41 - 2015-10-31 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-10-31 18:41 - 2015-10-31 18:41 - 00000000 ____D C:\Program Files\RogueKiller
2015-10-31 18:37 - 2015-10-31 18:41 - 24925400 _____ (Adlice Software ) C:\Users\user\Downloads\setup.exe
2015-10-31 18:28 - 2015-10-31 18:28 - 00003176 _____ C:\Windows\System32\Tasks\{A8EA9BD8-0656-4434-BDB3-191E1EB378C5}
2015-10-31 18:21 - 2015-11-02 16:53 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-31 18:21 - 2015-10-31 18:26 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-31 15:04 - 2015-10-31 15:04 - 00000000 ____D C:\Users\user\Downloads\backups
2015-10-31 15:02 - 2015-10-31 18:08 - 00000816 _____ C:\Users\user\Documents\hosts.txt
2015-10-31 14:59 - 2015-10-31 14:59 - 06792566 _____ C:\Users\user\Documents\USER-PC.arn
2015-10-31 14:45 - 2015-10-31 14:45 - 00606643 _____ C:\Users\user\Downloads\Autoruns.zip
2015-10-31 13:14 - 2015-10-31 13:14 - 00000621 _____ C:\Users\user\Desktop\windowsk.vbs
2015-10-30 21:46 - 2015-10-30 21:49 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-10-30 21:46 - 2015-05-27 17:38 - 02825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-10-30 21:45 - 2015-10-30 21:46 - 131494359 _____ (Realtek Semiconductor Corp.) C:\Users\user\Downloads\0006-64bit_Win7_Win8_Win81_Win10_R279.exe
2015-10-30 19:55 - 2015-10-30 19:55 - 00000015 _____ C:\Users\user\Desktop\WIFI.txt
2015-10-25 11:56 - 2015-10-25 12:41 - 00000000 ____D C:\Users\user\AppData\Roaming\Winamp
2015-10-25 11:56 - 2015-10-25 12:02 - 00000000 ____D C:\Program Files (x86)\Winamp
2015-10-25 11:56 - 2015-10-25 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-10-25 11:49 - 2015-10-25 11:54 - 10328598 _____ (Nullsoft, Inc.) C:\Users\user\Downloads\winamp5666_full_en-us_redux.exe
2015-10-24 13:13 - 2015-10-24 13:13 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-10-24 13:13 - 2015-10-24 13:13 - 00001945 _____ C:\Windows\epplauncher.mif
2015-10-24 13:13 - 2015-10-24 13:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-10-24 13:13 - 2015-10-24 13:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-10-24 13:12 - 2015-10-24 13:12 - 14243008 _____ (Microsoft Corporation) C:\Users\user\Downloads\mseinstall.exe
2015-10-24 12:33 - 2015-11-06 04:13 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-10-24 12:33 - 2015-11-06 04:13 - 03158736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435850.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435850.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-10-24 12:31 - 2015-10-24 12:31 - 00000000 ____D C:\NVIDIA
2015-10-24 12:13 - 2015-10-24 12:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Sun
2015-10-24 12:13 - 2015-10-24 12:13 - 00000000 ____D C:\Users\user\AppData\LocalLow\Sun
2015-10-24 12:13 - 2015-10-24 12:13 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2015-10-24 12:13 - 2015-10-24 12:13 - 00000000 ____D C:\ProgramData\Oracle
2015-10-24 12:11 - 2015-10-24 12:11 - 00584288 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-8u65.exe
2015-10-24 12:11 - 2015-10-24 12:11 - 00000000 ____D C:\Users\user\AppData\LocalLow\Oracle
2015-10-24 01:27 - 2015-10-24 01:27 - 00000000 ____D C:\Program Files\Common Files\Steinberg
2015-10-24 01:27 - 2015-10-24 01:27 - 00000000 ____D C:\Program Files (x86)\Yamaha
2015-10-23 23:53 - 2015-10-23 23:53 - 00000000 ____D C:\Windows\{26F3D17D-4FF9-46D5-9255-A1F9FF6BD7E4}
2015-10-23 23:53 - 2015-10-23 23:53 - 00000000 ____D C:\Program Files (x86)\Belkin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 12:06 - 2009-07-14 15:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-12 12:06 - 2009-07-14 15:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-12 12:05 - 2009-07-14 16:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-12 12:02 - 2015-07-04 18:42 - 01060662 _____ C:\Windows\WindowsUpdate.log
2015-11-12 12:01 - 2015-08-20 23:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-12 11:59 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-12 11:59 - 2009-07-14 15:51 - 00088252 _____ C:\Windows\setupact.log
2015-11-12 11:58 - 2015-07-04 18:58 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-12 11:58 - 2010-11-21 14:47 - 00640342 _____ C:\Windows\PFRO.log
2015-11-11 16:29 - 2015-07-04 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-11 16:29 - 2015-07-04 18:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-11 11:31 - 2009-07-14 16:32 - 00000000 ____D C:\Windows\addins
2015-11-10 12:23 - 2015-07-05 19:52 - 00000000 ____D C:\Users\user\Documents\My Games
2015-11-09 17:22 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-07 15:08 - 2015-07-05 13:29 - 00000000 ____D C:\Users\user\AppData\Local\Google
2015-11-07 15:08 - 2015-07-05 13:29 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-07 15:06 - 2015-07-05 13:29 - 00000000 ____D C:\Users\user\AppData\Local\Deployment
2015-11-07 12:55 - 2015-10-03 15:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-06 17:57 - 2015-07-08 20:24 - 00001377 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-11-06 17:22 - 2015-07-05 13:29 - 00000000 ____D C:\Users\user\AppData\Local\Apps\2.0
2015-11-06 04:13 - 2015-07-08 19:33 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-06 04:13 - 2015-07-04 18:52 - 03579000 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-06 02:13 - 2015-07-04 18:58 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-06 02:13 - 2010-07-31 09:52 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-06 02:13 - 2010-07-31 09:52 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-06 02:13 - 2010-07-31 09:52 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-06 02:13 - 2010-07-31 09:52 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-06 02:13 - 2010-07-31 09:52 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-04 15:16 - 2009-07-14 14:20 - 00000000 __RHD C:\Users\Default
2015-11-04 15:14 - 2009-07-14 13:34 - 00000215 _____ C:\Windows\system.ini
2015-11-03 09:48 - 2015-07-08 19:42 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-11-02 17:34 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\SchCache
2015-10-31 17:28 - 2015-07-05 14:15 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-10-31 15:01 - 2015-07-04 18:45 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2015-10-31 13:59 - 2015-07-04 18:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-30 21:48 - 2015-07-04 18:48 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-10-28 18:42 - 2015-07-05 14:06 - 06027430 _____ C:\Windows\system32\nvcoproc.bin
2015-10-27 12:18 - 2009-07-14 16:08 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-24 12:34 - 2015-07-04 18:58 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-10-24 12:01 - 2015-07-08 19:42 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-24 11:44 - 2015-07-08 20:24 - 00000000 ____D C:\Users\user\AppData\Local\NVIDIA Corporation
2015-10-24 01:26 - 2015-07-04 18:48 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2015-10-24 00:03 - 2015-08-19 22:53 - 00000000 ____D C:\Windows\system32\appmgmt
2015-10-17 20:28 - 2015-10-03 17:02 - 00000000 ____D C:\Users\user\AppData\Roaming\fatshark
2015-10-15 12:50 - 2009-07-14 16:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-10-15 12:25 - 2015-08-18 21:04 - 00022528 ___SH C:\Users\user\Thumbs.db

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\user\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-10 03:52

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by user (2015-11-12 12:08:29)
Running from C:\Users\user\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-07-04 07:45:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2055689581-48535413-3719112780-500 - Administrator - Disabled)
Guest (S-1-5-21-2055689581-48535413-3719112780-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2055689581-48535413-3719112780-1003 - Limited - Enabled)
user (S-1-5-21-2055689581-48535413-3719112780-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.06 beta (HKLM-x32\...\7-Zip) (Version: 15.06 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.5.2.34169 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.10 - Belkin) Hidden
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version: - 2K Australia)
Card Hunter (HKLM-x32\...\Steam App 293260) (Version: - Blue Manchu)
Command & Conquer™ Red Alert™ 3 (HKLM-x32\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.0.1.0 - Electronic Arts)
CosmicBreak_US (HKLM-x32\...\{DF46F74C-46D2-4740-99B0-6D89D81D389A}) (Version: 1.00.0000 - CyberStep, Inc.)
Crusader Kings II Demo (HKLM-x32\...\Steam App 206310) (Version: - Paradox Interactive)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Defiance (HKLM-x32\...\Glyph Defiance) (Version: - Trion Worlds, Inc.)
D-Link DWA-131 - V5.00 (HKLM-x32\...\{B7C11488-750D-4E48-A9A4-7207A335984D}) (Version: - D-Link)
Dream of Mirror Online (HKU\S-1-5-21-2055689581-48535413-3719112780-1000\...\{305734a7-c0c2-43cb-b1bf-d6e344958038}}_is1) (Version: - Suba Games)
Duke Nukem 3D: Megaton Edition (HKLM-x32\...\Steam App 225140) (Version: - 3D Realms)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
FATAL ZERO ACTION (HKLM-x32\...\FATAL ZERO ACTION) (Version: - )
Flesh Eaters (HKLM-x32\...\Steam App 383580) (Version: - 16bit Nights)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hi-Rez Studios Games (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Lords of the Realm II (HKLM-x32\...\1207663263_is1) (Version: 2.1.0.32 - GOG.com)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.55.8 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5922 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4639 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.13004.105 - raidcall.com)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version: - Cellar Door Games)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Sakura Clicker (HKLM-x32\...\Steam App 383080) (Version: - Winged Cloud)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version: - Beam Team Games)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Warhammer: End Times - Vermintide (HKLM-x32\...\Steam App 235540) (Version: - Fatshark)
Warhammer: End Times - Vermintide | Public Test (HKLM-x32\...\Steam App 252650) (Version: - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{D6E6D5BA-F07E-4495-A8E4-B735B291C9EF}) (Version: 1.8.7 - Yamaha Corporation)
Yamaha Steinberg USB Driver (Version: 1.8.7 - Yamaha Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

11-11-2015 15:41:37 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2015-11-04 15:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26DB560A-8816-46DA-AA55-4C10CD84F27E} - System32\Tasks\{D5025425-8E0E-46E3-B133-D1318DC3ABAA} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {28C89DE0-9541-4F17-BDC9-AD3036B04BD7} - System32\Tasks\{A8EA9BD8-0656-4434-BDB3-191E1EB378C5} => pcalua.exe -a C:\Users\user\Downloads\0006-64bit_Win7_Win8_Win81_Win10_R279.exe -d C:\Users\user\Downloads
Task: {312EC84C-DDF1-4D15-9CF2-45473E10F45D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {3B14F243-4BE9-49FE-87E0-941897A82482} - System32\Tasks\{054A600D-01A9-41E6-9AB6-11EE7905A3CA} => pcalua.exe -a D:\Autorun.exe -d D:\
Task: {8BC6CCDB-BD8B-499F-8D48-C0D5132B1A7A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-19] (Adobe Systems Incorporated)
Task: {A8FF16E6-BBE9-4133-BA7E-D66E3FCFA3C4} - System32\Tasks\{4E5F3AA6-C344-438C-B787-E5793E8E5AA0} => pcalua.exe -a D:\Drivers\Audio\VIA\Driver\SETUP.EXE -d D:\Drivers\Audio\VIA\Driver
Task: {FA16FACF-6EC8-45D7-9598-E418AF81140E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-04 18:58 - 2015-11-06 02:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-07-09 08:04 - 2015-09-13 03:12 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-07-08 19:45 - 2015-10-12 14:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-11-11 17:13 - 2015-11-07 15:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 17:13 - 2015-11-07 15:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2055689581-48535413-3719112780-1000\...\localhost -> localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2055689581-48535413-3719112780-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\startupreg: SaferBrowserIsDefault => "C:\Program Files (x86)\Safer Technologies\Safer Browser\Application\SaferBrowserProtector.exe" --force-protect
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3E909B1B-5502-4305-BECF-82118DA7E595}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B537C59A-9602-4F73-A9FB-53AD12EDE9A9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{902A09D8-74C5-4603-8CA1-329A048AF58C}] => (Allow) C:\Program Files (x86)\D-Link\DWA-131 revE\IHV\RTLDHCP.exe
FirewallRules: [{2E1AAA33-E7E9-4426-ACBF-D4403616A05A}] => (Allow) C:\Program Files (x86)\D-Link\DWA-131 revE\IHV\PortableWiFi.exe
FirewallRules: [{3AA37618-C13A-4D23-882F-843D39C1FA6A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2465C55B-C271-46E0-AF4E-5B413492B98C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{756FE56F-91F4-4E4F-99DB-89F0398DF6A4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{69BAD9D2-5901-4941-8F3B-9B48A90E3479}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3BCC9B59-4791-4559-96CA-6A17D3BFB42C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{80C59196-FAD1-47F6-B28C-6E3FBDDB6CC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{FFDBE512-6ADD-4F47-A39E-550FD43E89F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{F55FBAF6-A807-4B9C-B036-904614DC508D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{0F8C431C-7915-4C2B-8F7E-29855E67EE0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{29571D18-A094-48BC-AB85-19524CE71EAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [TCP Query User{BFBF8DA5-CCD0-4DE0-9FCB-EDD590130CA5}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{424189FF-7CF6-4EA7-818A-2E50AC2195F8}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{8353EA6F-4EA8-4DF0-AD5C-F026B0A48EAA}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{67090F26-E06D-4085-80C8-880511EEE6F5}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{7491E87E-6D78-40D4-A9A7-CDCDF77EF9D3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{085250FA-B178-4C57-A8AB-07C4DC8EA037}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3079852F-AB7C-4C9B-BEDD-A6825BB51453}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{55560404-52F6-4ED6-8D65-5916C30E7C75}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{D8143BB6-3646-4F18-ABD7-6E031F66E071}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{7C1B13C0-A5C9-468B-996F-F2C47BA80C2C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{AB965C91-69ED-486E-B391-BA99CC46DF58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{B6E72611-50D4-4E11-90E4-643A37332759}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{00C55414-4D28-4586-A683-681E43B02C73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sakura Clicker\Sakura Clicker.exe
FirewallRules: [{C5F5B0B2-FDEF-404B-96EF-08767D8433E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sakura Clicker\Sakura Clicker.exe
FirewallRules: [{2C85DD79-F715-4AFD-9CD5-C51BBB7995C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CardHunter\CardHunter.exe
FirewallRules: [{BD32DB0A-DCA0-4342-95B7-D8736165CD8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CardHunter\CardHunter.exe
FirewallRules: [TCP Query User{D6354A6B-A4ED-4D39-A4AF-1D7C101FA603}C:\program files (x86)\deep silver\baldur's gate ii - enhanced edition\baldur.exe] => (Allow) C:\program files (x86)\deep silver\baldur's gate ii - enhanced edition\baldur.exe
FirewallRules: [UDP Query User{A78F1468-9493-4E92-9E89-9A9589A69CBA}C:\program files (x86)\deep silver\baldur's gate ii - enhanced edition\baldur.exe] => (Allow) C:\program files (x86)\deep silver\baldur's gate ii - enhanced edition\baldur.exe
FirewallRules: [{6E39C245-FCBB-4EA0-9CE0-133173BFAAE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{E3778834-44CC-46A4-B1BD-FEDEA4AD68F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [TCP Query User{C491B014-4174-4D62-AB5A-FF5B92359FF5}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Block) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{2CD4A0AA-ADA9-4453-923B-F1B55FD6B94A}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Block) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{70D22F26-3BD2-45D0-A611-557154321EB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Flesh Eaters\game.exe
FirewallRules: [{2CEDFD19-523C-41DF-8A6B-C9FF74C8EC0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Flesh Eaters\game.exe
FirewallRules: [{068E521F-7786-41CF-80FA-C0B4940D4B8E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{77D3DBC6-1ECD-4200-826D-147BA0E50FBC}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{27B865F4-5BD0-45ED-AF63-97F42DFEFF7A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BCA500A4-DB30-4470-B3D3-13788FC7A023}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7E0F2580-6551-4E6A-BC68-DE96D75B3FBF}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{D7CA79DA-AE82-4E94-8F61-7AEAED131D1B}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{55F34302-9D08-4861-B26D-87ED91B13C18}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{9396CCCB-3273-446B-99E9-D4D020290B20}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{963DAAB8-0CFF-4146-8427-6EF5D7DA66DF}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{1312E13F-D2C8-4E4E-95D7-51C346A0934B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{A8CB4003-4DCA-4080-89EB-1BED350946FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{A6C542C0-444C-4CBE-9E7B-9B90EDF31107}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{6F91AE60-C6A3-40D6-AE7A-8527ECEB3A17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II Demo\ck2demo.exe
FirewallRules: [{3E94F044-1829-4C65-A435-EF2F28B1DE18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II Demo\ck2demo.exe
FirewallRules: [{01B8E25E-123A-4F36-A614-CB0A34A4D65B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{9AB638BB-9E80-41EE-805D-AFC4CB60CF3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{8AC78135-8C41-47A0-A191-C444760DF17F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{D3F2180C-0864-4B3F-8E92-843A50805DB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{F5B952E7-CBC9-4A70-BC3B-9C8FE848B8F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{72FAE596-8DC3-436E-A849-EF404FA8E46B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{E37E51A2-78A2-457E-8C81-31988E4AC901}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{5B7DD177-F924-4D78-A6DA-579CD4D6FCCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{05A0611C-B5A7-4BA3-938C-DF55A84FE690}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{90787D1B-3B4B-4708-96BF-049FA6A17679}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{9422BAA8-4B4F-47E7-B9B1-9A36F7F90128}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{CAF847D4-609C-4E96-8894-BB33830B0835}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{EE541E98-C0FA-45C0-9D7E-8C109994D980}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6E5C5ACB-AF4F-4C93-953D-BA28837807AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4EF26C20-8BF1-4140-A277-0AAE9A023E20}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D4C13B3B-73D2-4B15-A3D2-1D8746ADB343}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7539E826-C852-4BCA-BC6A-22CB4FAB9CB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E424235F-87D3-4DE8-8E3B-6FD8D32C9166}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{DD38AAE9-A3DF-494B-8702-A67DEB9AF3C9}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{D8F83293-04FF-4F13-82A5-466971538D51}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5FC60B3D-934A-4275-AE06-71D5811E3C6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{1E2FD16E-8360-49DE-A055-43CD72466890}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{1DF49D0F-D508-473D-A1EE-BE8EA548B5C3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2015 12:06:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 7.11.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 49c

Start Time: 01d11ce643281c5e

Termination Time: 1

Application Path: C:\Users\user\Desktop\AV Stuff (DO NOT DELETE)\FRST64.exe

Report Id: 8e0e75a4-88d9-11e5-b924-e0cb4e39b4b5

Error: (11/12/2015 12:00:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2015 11:35:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/09/2015 01:44:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.125.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8b4

Start Time: 01d11a33c920e218

Termination Time: 3

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 230bd16f-8627-11e5-8123-e0cb4e39b4b5

Error: (11/09/2015 01:41:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2015 12:08:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2015 11:50:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 06:12:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2015 06:09:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RunDll32.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0x40000015
Fault offset: 0x0005620a
Faulting process id: 0x8c4
Faulting application start time: 0xRunDll32.EXE0
Faulting application path: RunDll32.EXE1
Faulting module path: RunDll32.EXE2
Report Id: RunDll32.EXE3

Error: (11/06/2015 05:55:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/12/2015 12:03:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (11/12/2015 12:03:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (11/12/2015 12:03:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (11/12/2015 12:03:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (11/12/2015 12:03:21 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (11/12/2015 12:03:21 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (11/12/2015 12:03:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (11/12/2015 12:03:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (11/12/2015 12:03:10 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (11/12/2015 01:02:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535


CodeIntegrity:
===================================
Date: 2015-11-04 15:14:06.109
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-04 15:14:06.078
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-20 20:54:36.635
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-20 20:54:36.607
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-20 20:54:34.107
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-20 20:54:34.091
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-20 20:54:30.149
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-20 20:54:30.122
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-20 20:53:56.379
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-07-20 20:53:56.338
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 49%
Total physical RAM: 8190.05 MB
Available physical RAM: 4118.44 MB
Total Virtual: 16378.3 MB
Available Virtual: 12542.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:440.74 GB) NTFS
Drive f: (FATAL_ZERO_ACTION) (CDROM) (Total:0.45 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 8A93EB8C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Perfectly clean there.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 65
Java version 32-bit out of Date!
Adobe Flash Player 18.0.0.232 Flash Player out of Date!
Google Chrome (46.0.2490.80)
Google Chrome (46.0.2490.86)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 26-07-2015
Ran by user (administrator) on 12-11-2015 at 12:51:57
Running from "C:\Users\user\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
No threats detected in Sophos, no pop ups in Steam recently either but my unstable connection has come back.
 
redtarget.gif
Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

redtarget.gif
As for connection issue I suggest new topic in Windows forum.

Here...

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
794
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back