Solved Virus, please help, thank you so much!! FRST file here

[Bunbun]

FirewallRules: [UDP Query User{1A27D61D-4A2A-41D7-9B5A-02491C56AE0E}C:\users\nancy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nancy\appdata\roaming\spotify\spotify.exe
FirewallRules: [{26B9624E-FA34-4E5E-999B-92D6503242ED}] => (Allow) E:\steam games\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{A602FB3A-AEE0-4C4A-B350-E5258EE1143F}] => (Allow) E:\steam games\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{CE673219-D543-41C7-90D5-14576F9051B2}] => (Allow) E:\steam games\steamapps\common\App Game Kit 2\Tier 1\Editor\bin\AGK.exe
FirewallRules: [{92E983B0-31A6-4550-9B6C-5EB5BB7CA3E5}] => (Allow) E:\steam games\steamapps\common\App Game Kit 2\Tier 1\Editor\bin\AGK.exe
FirewallRules: [{ACFC0827-9F5F-45B0-8D4F-488C77F7F7CF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5785979C-50C6-46E7-B70E-2CEFB9F292C3}] => (Allow) LPort=2869
FirewallRules: [{7EAF4EC3-BACD-495D-8E35-5660A74FF5AD}] => (Allow) LPort=1900
FirewallRules: [{7945D5CA-8950-4FB5-9A0F-1A0E49C3C374}] => (Allow) E:\steam games\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{FE9905EC-F275-4C09-9B65-A2040EB9E087}] => (Allow) E:\steam games\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{F5860BBA-308D-4DA8-98F8-731C551BBB4D}] => (Allow) E:\steam games\steamapps\common\The Knobbly Crook Chapter I\Knobbly Crook.exe
FirewallRules: [{10E24C0B-7754-45EB-97F8-9022CDE8878B}] => (Allow) E:\steam games\steamapps\common\The Knobbly Crook Chapter I\Knobbly Crook.exe
FirewallRules: [{F3060FC9-480E-49B1-B724-5B6CE61999B6}] => (Allow) E:\steam games\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{6FE94E7C-BC0F-4A37-ACFA-4392294DD965}] => (Allow) E:\steam games\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{E874A4A5-7860-4403-B5C2-971E8A76E0C5}] => (Allow) F:\SteamLibrary\steamapps\common\Firewatch\Firewatch.exe
FirewallRules: [{882E45CA-B8A3-4B77-870F-0A9608433017}] => (Allow) F:\SteamLibrary\steamapps\common\Firewatch\Firewatch.exe
FirewallRules: [{1E319306-A72E-4938-8FC4-65C698DE5CC9}] => (Allow) F:\SteamLibrary\steamapps\common\There's Poop In My Soup\PoopInMySoup.exe
FirewallRules: [{2FCF3C33-7D5E-4A13-964F-BF89A4BF77A2}] => (Allow) F:\SteamLibrary\steamapps\common\There's Poop In My Soup\PoopInMySoup.exe
FirewallRules: [{AB26598F-BCAC-4151-9BC4-1CA3E1B7B549}] => (Allow) F:\quicktime\QuickTimePlayer.exe
FirewallRules: [{47EA068B-6CC5-484C-A6E2-1D8FA06E7EE3}] => (Allow) F:\quicktime\QuickTimePlayer.exe
FirewallRules: [{78CEDC61-EF1A-413A-B6F8-3CC7AAC710CE}] => (Allow) F:\quicktime\QuickTimePlayer.exe
FirewallRules: [{EF914AC4-29A5-4C8D-9E3A-473B8E91C9DF}] => (Allow) F:\quicktime\QuickTimePlayer.exe
FirewallRules: [TCP Query User{1782FC31-3120-4554-BBEF-1E405292D9F2}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Allow) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
FirewallRules: [UDP Query User{F29A427A-4E9A-4EDD-86BC-26D097D861E8}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Allow) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
FirewallRules: [{8A3B2752-9A65-45E1-9BF0-5933AA951DCF}] => (Allow) F:\SteamLibrary\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{F14711B0-3AB5-4E82-A292-955743BF41BC}] => (Allow) F:\SteamLibrary\steamapps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{C065E9D8-2F11-48F3-96C9-2277E38C6B71}] => (Allow) F:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{C4C392C1-E0AF-4A6A-B3EE-01EAC5C31460}] => (Allow) F:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{AF70A690-3203-4D33-8055-C9086A772ABD}] => (Allow) F:\SteamLibrary\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{652C422F-CF3A-48B1-9737-1394CF804CB4}] => (Allow) F:\SteamLibrary\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [TCP Query User{EF13DCA4-BACD-4427-BA56-172D7BDFFF76}F:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) F:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{EEFF4213-8BDF-4EA9-847E-D15064180E86}F:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) F:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{4CC24044-89D4-4602-854C-55B6DC38B33A}] => (Allow) F:\SteamLibrary\steamapps\common\Dear Esther\dearesther.exe
FirewallRules: [{E0BA2255-BD30-4687-853B-EDA7F1A7AB52}] => (Allow) F:\SteamLibrary\steamapps\common\Dear Esther\dearesther.exe
FirewallRules: [{5F3E392B-ECD4-4151-8FAE-4A19D580AA82}] => (Allow) F:\SteamLibrary\steamapps\common\LongLiveTheQueen\LongLiveTheQueen.exe
FirewallRules: [{C267D727-3C67-49A8-B23C-C1614DC42648}] => (Allow) F:\SteamLibrary\steamapps\common\LongLiveTheQueen\LongLiveTheQueen.exe
FirewallRules: [{564C8FC9-DC5C-43D3-9D59-FEE0A4D8338C}] => (Allow) E:\steam games\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{6EF1EA4A-3589-43E5-967B-CC75FCE830B3}] => (Allow) E:\steam games\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{00CD6E04-6FF7-410E-B5A2-4B3AFA4941F9}] => (Allow) F:\SteamLibrary\steamapps\common\White Night\Bin\Win32\WNight.exe
FirewallRules: [{60DCC1C1-6744-4CC6-A7BC-ACE31C8B2C83}] => (Allow) F:\SteamLibrary\steamapps\common\White Night\Bin\Win32\WNight.exe
FirewallRules: [{FC20C8E5-8212-4A69-A654-542233587F2C}] => (Allow) F:\SteamLibrary\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
FirewallRules: [{900CE209-A07B-4656-8B66-066327C28F9F}] => (Allow) F:\SteamLibrary\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
FirewallRules: [{5F66E185-1762-49EE-BA85-7D72A5C9F018}] => (Allow) F:\SteamLibrary\steamapps\common\60 Seconds!\60Seconds.exe
FirewallRules: [{22320615-E1BB-4EE4-B69B-CC41DBE6A410}] => (Allow) F:\SteamLibrary\steamapps\common\60 Seconds!\60Seconds.exe
FirewallRules: [{DABC689E-0E74-488F-895C-C6A2A13BDAE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DEBBAD97-14C7-477D-92CA-B7084ECB513F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CF937966-9D54-4296-B4C3-31759B23E38D}] => (Allow) F:\SteamLibrary\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{5A430152-248F-462F-846D-0FAF710A3E9E}] => (Allow) F:\SteamLibrary\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{8266CCCB-04C2-4B6A-ADB1-9010E7AD1FFC}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{F4C6F506-C023-43EE-B630-86912420621A}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{B633E87A-3FF6-483B-859B-8FAE48A94DE2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{C59DF322-709F-4E30-89EA-8A5D846177F1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{DCD7B397-9C0C-458A-9617-4B2C7AA047DA}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{CAF858B0-9C5D-4749-81C0-033A6392F196}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{8039991B-0897-4DBA-9F67-91965FA7D014}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{D7B85D2E-968E-468C-827E-1B89723B1068}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{EC19B3B2-DC9A-4497-87B4-81504F94B043}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{D187F224-9265-4FAA-8496-D53BE1052A95}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{8440F183-436D-4182-B3D8-F144371BF66E}] => (Allow) F:\SteamLibrary\steamapps\common\Cat Goes Fishing\Cat Goes Fishing.exe
FirewallRules: [{5BB7F5CC-5288-4CDA-A017-BC82BEF60DA0}] => (Allow) F:\SteamLibrary\steamapps\common\Cat Goes Fishing\Cat Goes Fishing.exe
FirewallRules: [{11A81325-D3AD-4763-8214-88A003969434}] => (Allow) F:\SteamLibrary\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{5F8B873D-548C-4F0D-AD83-5449C2D4B039}] => (Allow) F:\SteamLibrary\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{3976F162-3E7A-4990-87B5-C604E3DDCA1A}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{EFA44272-9251-4BE1-97E8-3A67A6FF189E}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{2F27D29A-C785-438C-9D65-8B24E9D30D11}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{D6224275-058F-45EB-972D-D0A0D97BEE6F}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{CE0CE3D9-DDB5-49AA-90EC-56B21869500E}] => (Allow) F:\SteamLibrary\steamapps\common\Crimzon Clover\CrimzonClover_WI.exe
FirewallRules: [{533BEB7D-B1C8-4D70-ADF8-9A2F7C050186}] => (Allow) F:\SteamLibrary\steamapps\common\Crimzon Clover\CrimzonClover_WI.exe
FirewallRules: [{6D9F1EE0-9D89-4C82-8C6D-3D9764FB299A}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{79B7E3B6-3339-4CD9-8816-49FB0A31BD02}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{643D0578-8A69-4905-A8D3-0DF154B0D55E}] => (Allow) F:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{102A614F-9886-4CE3-BA01-748B24B982EC}] => (Allow) F:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{86EA2F91-3170-45B7-87BE-9EDF14D5F9F7}] => (Allow) F:\SteamLibrary\steamapps\common\Journal\Journal.exe
FirewallRules: [{E3EDAF87-F223-42D1-9D87-E517CCBD7EED}] => (Allow) F:\SteamLibrary\steamapps\common\Journal\Journal.exe
FirewallRules: [{C49029D8-B5DD-458C-9952-2E1407950793}] => (Allow) F:\SteamLibrary\steamapps\common\Keep Talking and Nobody Explodes\ktane.exe
FirewallRules: [{60CA01AA-E52C-4D89-A20E-3F6DAAC2DA6F}] => (Allow) F:\SteamLibrary\steamapps\common\Keep Talking and Nobody Explodes\ktane.exe
FirewallRules: [{B1BAEE1C-E62B-47CB-B4D1-A52BAF100417}] => (Allow) F:\SteamLibrary\steamapps\common\SleepingDogsDefinitiveEdition\sdhdship.exe
FirewallRules: [{D23216F8-3BBE-4D49-80B6-93F65D81F4A5}] => (Allow) F:\SteamLibrary\steamapps\common\SleepingDogsDefinitiveEdition\sdhdship.exe
FirewallRules: [{D47598EA-F172-4AA8-9D87-721D82CC3075}] => (Allow) F:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{1D19A12F-F54C-417B-9032-96A0914E14AF}] => (Allow) F:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{2A02F79A-A4B9-420A-9085-4F29CFDD848B}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳攮數
FirewallRules: [{1D120B5E-BAA7-4512-90A0-5A0433394B0D}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳⹟硥e
FirewallRules: [{37B4C348-9AE0-40BA-A938-A11716788080}] => (Allow) C:\Users\Nancy\AppData\Local\ddnowyes.exe
FirewallRules: [{CF246BA3-16CE-418D-B639-A3117D5C4F40}] => (Allow) C:\Users\Nancy\AppData\Local\Temp\setup.exe
FirewallRules: [{B527EDEA-467D-4D31-ABA8-311A185EFF94}] => (Allow) C:\Users\Nancy\AppData\Local\39164305.exe
FirewallRules: [{05B25E18-E8BF-44B3-A2A8-91FEE02B7976}] => (Allow) C:\Users\Nancy\AppData\Local\tinstall.exe
FirewallRules: [{CFF3917F-840A-423B-96DA-44B9F39BD8CE}] => (Allow) C:\Users\Nancy\AppData\Local\cap.exe
FirewallRules: [{BA142D32-1705-4F23-A89F-CFE050A2CF34}] => (Allow) C:\Users\Nancy\AppData\Local\ddnow.exe
FirewallRules: [{BC84FAB7-976A-4631-923A-F5DA9832CCC4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-05-2016 00:35:18 End of disinfection
05-05-2016 00:37:02 Windows Update
05-05-2016 02:34:55 Revo Uninstaller's restore point - µTorrent

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VB-Audio VoiceMeeter AUX VAIO
Description: VB-Audio VoiceMeeter AUX VAIO
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VB-Audio VoiceMeeter AUX VAIO
Description: VB-Audio VoiceMeeter AUX VAIO
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/05/2016 05:49:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/05/2016 05:48:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3920, time stamp: 0x53f57150
Faulting module name: igfxCUIService.exe, version: 6.15.10.3920, time stamp: 0x53f57150
Exception code: 0xc0000005
Fault offset: 0x00000000000172b9
Faulting process id: 0x49c
Faulting application start time: 0xigfxCUIService.exe0
Faulting application path: igfxCUIService.exe1
Faulting module path: igfxCUIService.exe2
Report Id: igfxCUIService.exe3

Error: (05/05/2016 05:47:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gaol.exe, version: 1.0.2.0, time stamp: 0x57269f54
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb3604
Exception code: 0xe0434f4d
Fault offset: 0x000000000001a06d
Faulting process id: 0x%9
Faulting application start time: 0xgaol.exe0
Faulting application path: gaol.exe1
Faulting module path: gaol.exe2
Report Id: gaol.exe3

Error: (05/05/2016 05:47:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gaol.exe, version: 1.0.2.0, time stamp: 0x57269f54
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb3604
Exception code: 0xe0434f4d
Fault offset: 0x000000000001a06d
Faulting process id: 0x%9
Faulting application start time: 0xgaol.exe0
Faulting application path: gaol.exe1
Faulting module path: gaol.exe2
Report Id: gaol.exe3

Error: (05/05/2016 12:44:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/05/2016 12:42:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3920, time stamp: 0x53f57150
Faulting module name: igfxCUIService.exe, version: 6.15.10.3920, time stamp: 0x53f57150
Exception code: 0xc0000005
Fault offset: 0x00000000000172b9
Faulting process id: 0x4b8
Faulting application start time: 0xigfxCUIService.exe0
Faulting application path: igfxCUIService.exe1
Faulting module path: igfxCUIService.exe2
Report Id: igfxCUIService.exe3

Error: (05/05/2016 12:42:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gaol.exe, version: 1.0.2.0, time stamp: 0x57269f54
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb3604
Exception code: 0xe0434f4d
Fault offset: 0x000000000001a06d
Faulting process id: 0x%9
Faulting application start time: 0xgaol.exe0
Faulting application path: gaol.exe1
Faulting module path: gaol.exe2
Report Id: gaol.exe3

Error: (05/05/2016 12:42:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gaol.exe, version: 1.0.2.0, time stamp: 0x57269f54
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb3604
Exception code: 0xe0434f4d
Fault offset: 0x000000000001a06d
Faulting process id: 0x%9
Faulting application start time: 0xgaol.exe0
Faulting application path: gaol.exe1
Faulting module path: gaol.exe2
Report Id: gaol.exe3

Error: (05/05/2016 12:26:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/05/2016 12:24:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3920, time stamp: 0x53f57150
Faulting module name: igfxCUIService.exe, version: 6.15.10.3920, time stamp: 0x53f57150
Exception code: 0xc0000005
Fault offset: 0x00000000000172b9
Faulting process id: 0x4b4
Faulting application start time: 0xigfxCUIService.exe0
Faulting application path: igfxCUIService.exe1
Faulting module path: igfxCUIService.exe2
Report Id: igfxCUIService.exe3


System errors:
=============
Error: (05/05/2016 07:57:01 PM) (Source: DCOM) (EventID: 10016) (User: Silent-Knight)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Silent-KnightNancyS-1-5-21-1716612969-2344737603-4151003975-1000LocalHost (Using LRPC)

Error: (05/05/2016 06:44:41 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{F9DDD216-3185-4A5C-BE80-E17E653E0231}.
The backup browser is stopping.

Error: (05/05/2016 05:48:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/05/2016 05:48:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
%%-2147467259

Error: (05/05/2016 12:43:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/05/2016 12:42:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
%%-2147467259

Error: (05/05/2016 12:34:32 AM) (Source: DCOM) (EventID: 10016) (User: Silent-Knight)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Silent-KnightNancyS-1-5-21-1716612969-2344737603-4151003975-1000LocalHost (Using LRPC)

Error: (05/05/2016 12:31:09 AM) (Source: DCOM) (EventID: 10016) (User: Silent-Knight)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Silent-KnightNancyS-1-5-21-1716612969-2344737603-4151003975-1000LocalHost (Using LRPC)

Error: (05/05/2016 12:25:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/05/2016 12:24:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated with the following error:
%%-2147467259


CodeIntegrity:
===================================
Date: 2016-05-03 20:04:00.828
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-05-03 20:04:00.803
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-05-01 20:27:22.088
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-01 20:27:22.053
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-01 20:27:15.159
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-01 20:27:14.539
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-01 20:27:13.455
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-01 20:27:13.138
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 43%
Total physical RAM: 8135 MB
Available physical RAM: 4583.9 MB
Total Virtual: 16268.2 MB
Available Virtual: 12261.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:26.15 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Nancy) (Fixed) (Total:465.66 GB) (Free:162.42 GB) NTFS
Drive f: (GAEMS ) (Fixed) (Total:931.51 GB) (Free:781.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 83E89C3F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 17FE5D81)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B4A6920C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After the above fix uninstall following unwanted programs:

Amazon 1Button App
Amazon Assistant

Then delete following folder manually (if exists):

C:\Program Files (x86)\Amazon Browser Settings

 

[Bunbun]

Fix result of Farbar Recovery Scan Tool (x64) Version:06-05-2016 02
Ran by Nancy (2016-05-05 21:35:44) Run:1
Running from E:\Desktop
Loaded Profiles: Nancy & postgres (Available Profiles: Nancy & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Run: [pollen.exeundependable.exe] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
HKLM\...\Run: [toys] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
C:\Program Files (x86)\dissertation
HKLM-x32\...\Run: [toys] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
2016-05-01 20:34 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files (x86)\dissertation
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
Task: {0AA017E7-D530-4046-A74F-83A42FEE2C0E} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-05-05] (Distromatic) <==== ATTENTION
Task: {140D80DF-FE86-499B-832F-88FBEA8BB0F3} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-05-05] (Distromatic) <==== ATTENTION
Task: {531BD492-B2F4-4F5B-A056-5A95EA577248} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-05-05] (Distromatic) <==== ATTENTION
Task: {D3887299-B865-4415-A295-F20E1110D13A} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-05-05] (Distromatic) <==== ATTENTION
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pollen.exeundependable.exe => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\toys => value removed successfully
C:\Program Files (x86)\dissertation => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\toys => value removed successfully
"C:\Program Files (x86)\dissertation" => not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}\\SystemComponent => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AA017E7-D530-4046-A74F-83A42FEE2C0E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AA017E7-D530-4046-A74F-83A42FEE2C0E}" => key removed successfully
C:\Windows\System32\Tasks\DistromaticUpdater-periodic => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-periodic" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{140D80DF-FE86-499B-832F-88FBEA8BB0F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{140D80DF-FE86-499B-832F-88FBEA8BB0F3}" => key removed successfully
C:\Windows\System32\Tasks\DistromaticSearchProtect-logon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-logon" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{531BD492-B2F4-4F5B-A056-5A95EA577248}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{531BD492-B2F4-4F5B-A056-5A95EA577248}" => key removed successfully
C:\Windows\System32\Tasks\DistromaticSearchProtect-hourly => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-hourly" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D3887299-B865-4415-A295-F20E1110D13A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3887299-B865-4415-A295-F20E1110D13A}" => key removed successfully
C:\Windows\System32\Tasks\DistromaticUpdater-logon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-logon" => key removed successfully
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) => Error: No automatic fix found for this entry.

==== End of Fixlog 21:35:44 ====

 

[Broni]

Did you do two other steps from my previous reply?
How are things now?

 

[Bunbun]

I uninstalled amazon assistance but the 1button app and the folder were nonexistent ^^ The network notification has stopped appearing but the other one that says"C:\Users\Nancy\AppData\Local\Temp\211247Log.iniis lost" still comes up as soon as I boot

 

[Broni]

1button app should appear AFTER running FRST fix.
If you looked for it before running the fix try again.

The error seems to be coming from Asus setup task, which we can take care of by running another fix.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Bunbun]

I just tried looking for it and the app isn't there

Here's the fixlog! ^^

Fix result of Farbar Recovery Scan Tool (x64) Version:06-05-2016 02
Ran by Nancy (2016-05-05 22:42:04) Run:2
Running from E:\Desktop
Loaded Profiles: Nancy & postgres (Available Profiles: Nancy & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {118B3AD1-1177-467F-AC83-C4FBBFD0C0D2} - System32\Tasks\ASUS\I-Setup211247 => C:\Windows\Intel_Chipset_Win7-8-8-1_V10016\AsusSetup.exe [2015-04-25] (ASUSTeK Computer Inc.)
Task: {2EACD216-55C3-44AC-B06E-8334BA428602} - System32\Tasks\ASUS\I-Setup234056 => C:\Windows\Install\AsusSetup.exe
Task: {D2E81F2D-65CE-4E13-BCE6-D165F409370B} - System32\Tasks\ASUS\I-Setup211559 => C:\Windows\MEI-Win7-8-8-1_VER10001204\AsusSetup.exe [2015-04-25] (ASUSTeK Computer Inc.)
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{118B3AD1-1177-467F-AC83-C4FBBFD0C0D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{118B3AD1-1177-467F-AC83-C4FBBFD0C0D2}" => key removed successfully
C:\Windows\System32\Tasks\ASUS\I-Setup211247 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\I-Setup211247" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2EACD216-55C3-44AC-B06E-8334BA428602}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EACD216-55C3-44AC-B06E-8334BA428602}" => key removed successfully
C:\Windows\System32\Tasks\ASUS\I-Setup234056 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\I-Setup234056" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2E81F2D-65CE-4E13-BCE6-D165F409370B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2E81F2D-65CE-4E13-BCE6-D165F409370B}" => key removed successfully
C:\Windows\System32\Tasks\ASUS\I-Setup211559 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\I-Setup211559" => key removed successfully

==== End of Fixlog 22:42:04 ====

 

[Bunbun]

Sorry! One more thing, there's a file that is always asking for permission to run. It is "C:\Windows\V0650.Mon.exe" Publisher is unknown. I looked it up and someone said it's safe to run? But I wanted to make sure. Also the prompt from before has stopped appearing!

 

[Broni]

Good news

V0650Mon.exe - Related to Creative Technology Live! Cam Console Auto Launcher from Creative Technology Ltd. - safe

Good luck and stay safe

 

[Bunbun]

Ah! Thank you so so much for your help! You are the best ^__^

 

[Broni]

You're very welcome