Not sure what he did or clicked or what. but this computer is so slow it's infuriating.. pop up windows that i can't close without rebooting saying the system is infected with a number to call to microsoft.. i've tried calling that number and couldn't understand a word of what the agent there said. so i googled and found you guys.. i have followed the directions and here are the logfiles.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Justin (administrator) on JUSTIN-PC (11-11-2016 11:41:53)
Running from C:\Users\Justin\Desktop
Loaded Profiles: Justin (Available Profiles: Justin & Justin2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(ServiceEx) C:\Windows\SysWOW64\drivers\svchost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ServiceEx) C:\Windows\SysWOW64\drivers\svchost.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(BitTorrent Inc.) C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Justin\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(BitTorrent Inc.) C:\Users\Justin\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [2015136 2011-05-27] (Affinegy, Inc.)
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-09] (Valve Corporation)
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4299968 2016-08-29] (Disc Soft Ltd)
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\Run: [uTorrent] => C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe [2375360 2016-11-10] (BitTorrent Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NextFlik Demo.lnk [2015-12-04]
ShortcutTarget: NextFlik Demo.lnk -> C:\Program Files (x86)\NextFlik\NextFlik.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{BA96E8D0-C855-43A0-9040-E321B3917C9A}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2840602664-1174431460-2861059735-1000: RSATom.name/FBVLC -> C:\Users\Justin\AppData\Roaming\RSATom\FBVLC\0.1.5\npFBVLC.dll [2014-06-24] (RSATom)
Chrome:
=======
CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default [2016-11-11]
CHR Extension: (Google Slides) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-17]
CHR Extension: (Google Docs) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-17]
CHR Extension: (Google Drive) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-17]
CHR Extension: (Google Docs Offline) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-09]
CHR Extension: (Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-17]
CHR Extension: (Chrome Media Router) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-10]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [562592 2011-05-27] (Affinegy, Inc.)
R2 ApplicationLayerGateway32; C:\Windows\SysWOW64\drivers\svchost.exe [114688 2015-09-21] (ServiceEx) [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-08-29] (Disc Soft Ltd)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2015-11-03] (Realtek Semiconductor.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMIconfigPerformance; C:\Windows\SysWOW64\drivers\svchost.exe [114688 2015-09-21] (ServiceEx) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 A3721F45; C:\Windows\System32\drivers\A3721F45.sys [478392 2015-09-17] (Kaspersky Lab ZAO)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-09-17] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-09-17] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12464 2015-11-25] (Macrovision Europe Ltd) [File not signed]
S1 bsdriver; \??\C:\Windows\system32\drivers\bsdriver.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-11 11:41 - 2016-11-11 11:42 - 00010745 _____ C:\Users\Justin\Desktop\FRST.txt
2016-11-11 11:41 - 2016-11-11 11:41 - 02410496 _____ (Farbar) C:\Users\Justin\Desktop\FRST64.exe
2016-11-11 11:39 - 2016-11-11 11:39 - 02410496 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe
2016-11-11 11:31 - 2016-11-11 11:31 - 00000000 ____D C:\Users\Justin\Downloads\Grand.Theft.Auto.V-RELOADED
2016-11-11 11:20 - 2016-11-11 11:29 - 00000000 ____D C:\Users\Justin\AppData\LocalLow\uTorrent
2016-11-11 10:52 - 2016-11-11 10:52 - 00000000 ____D C:\Users\Justin\AppData\Local\2K Games
2016-11-11 10:51 - 2016-11-11 10:51 - 13767776 _____ (Microsoft Corporation) C:\Users\Justin\Downloads\vc_redist.x86 (1).exe
2016-11-11 10:50 - 2015-06-06 18:13 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:13 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-11-11 10:50 - 2015-06-06 18:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-11-11 10:47 - 2016-11-11 10:47 - 14572000 _____ (Microsoft Corporation) C:\Users\Justin\Downloads\vc_redist.x64.exe
2016-11-11 10:45 - 2016-11-11 10:45 - 14456872 _____ (Microsoft Corporation) C:\Users\Justin\Downloads\vc_redist.x86.exe
2016-11-11 10:40 - 2016-11-11 11:03 - 267372759 _____ C:\Users\Justin\Downloads\Mafia3_patch_1.02.exe
2016-11-11 10:32 - 2016-11-11 10:32 - 00001571 _____ C:\Users\Justin\Desktop\Play Mafia III.lnk
2016-11-11 10:32 - 2016-11-11 10:32 - 00000814 _____ C:\Users\Justin\Desktop\visit www.nosteam.ro.lnk
2016-11-10 20:51 - 2016-11-10 20:51 - 00002645 _____ C:\Users\Justin\Desktop\µTorrent.lnk
2016-11-10 20:51 - 2016-11-10 20:51 - 00002645 _____ C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-11-10 20:50 - 2016-11-11 11:43 - 00000000 ____D C:\Users\Justin\AppData\Roaming\uTorrent
2016-10-30 18:37 - 2016-10-31 20:02 - 00000000 ____D C:\Users\Justin\AppData\Roaming\DVD Flick
2016-10-30 18:36 - 2016-10-30 18:36 - 00001918 _____ C:\Users\Justin\Desktop\DVD Flick.lnk
2016-10-30 18:36 - 2016-10-30 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
2016-10-30 18:36 - 2016-10-30 18:36 - 00000000 ____D C:\Program Files (x86)\DVD Flick
2016-10-30 18:36 - 2016-10-30 08:58 - 12951423 _____ (Dennis Meuwissen ) C:\Users\Justin\Desktop\dvdflick_setup_1.3.0.7.exe
2016-10-30 18:36 - 2008-08-31 12:27 - 00028672 _____ (-) C:\Windows\SysWOW64\mousewheel.ocx
2016-10-30 18:36 - 2007-08-31 17:36 - 00036864 _____ (Robdogg Inc.) C:\Windows\SysWOW64\trayicon_handler.ocx
2016-10-30 18:36 - 2004-03-08 23:00 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx
2016-10-30 18:36 - 2003-01-26 12:41 - 00040960 _____ (vbAccelerator) C:\Windows\SysWOW64\ssubtmr6.dll
2016-10-30 18:36 - 1998-06-23 23:00 - 00164144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx
2016-10-28 11:19 - 2016-10-28 11:19 - 00000000 ____D C:\Users\Justin\AppData\LocalLow\Amistech
2016-10-28 10:21 - 2016-10-28 10:21 - 00006144 ___SH C:\Windows\SysWOW64\access.ctl
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-11 11:41 - 2015-05-02 19:38 - 00000000 ____D C:\FRST
2016-11-11 11:29 - 2009-07-14 00:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-11 11:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-11-11 11:26 - 2015-04-24 05:28 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-11 11:24 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-11 11:24 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-11 11:23 - 2015-09-17 22:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-11 11:23 - 2014-10-25 22:34 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-11 11:23 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-11 11:16 - 2014-11-07 20:19 - 00000000 ____D C:\Games
2016-11-11 11:06 - 2015-09-17 22:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-11 10:48 - 2015-09-24 19:58 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-11 09:32 - 2015-06-15 12:45 - 00000000 ____D C:\Program Files (x86)\Nancy Drew
2016-11-11 09:31 - 2015-01-25 12:01 - 00000000 ____D C:\Nancy Drew
2016-11-10 15:10 - 2015-09-17 22:18 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-10 15:10 - 2015-09-17 22:18 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-10 15:08 - 2015-09-17 22:42 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-10 15:08 - 2015-09-17 22:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories =======
2015-01-30 20:54 - 2015-02-12 19:57 - 0000000 _____ () C:\Users\Justin\AppData\Roaming\FileIn.cns
2015-01-30 20:54 - 2015-02-12 19:57 - 0000000 _____ () C:\Users\Justin\AppData\Roaming\FileOut.cns
2003-04-08 22:28 - 2003-04-08 22:28 - 0233472 ____R () C:\Users\Justin\AppData\Roaming\MafiaSetup.exe
2015-09-17 07:07 - 2015-09-17 07:07 - 0000187 _____ () C:\Users\Justin\AppData\Local\siliconcity.exe.config
2014-10-31 11:36 - 2014-10-31 11:36 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\Justin\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Justin\AppData\Local\Temp\launcher_vs2012_sp4_vcredist_x86.exe
C:\Users\Justin\AppData\Local\Temp\SIntf16.dll
C:\Users\Justin\AppData\Local\Temp\SIntf32.dll
C:\Users\Justin\AppData\Local\Temp\SIntfNT.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-04 10:32
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Justin (11-11-2016 11:44:12)
Running from C:\Users\Justin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-10-26 03:30:08)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2840602664-1174431460-2861059735-500 - Administrator - Disabled)
Guest (S-1-5-21-2840602664-1174431460-2861059735-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2840602664-1174431460-2861059735-1005 - Limited - Enabled)
Justin (S-1-5-21-2840602664-1174431460-2861059735-1000 - Administrator - Enabled) => C:\Users\Justin
Justin2 (S-1-5-21-2840602664-1174431460-2861059735-1006 - Limited - Enabled) => C:\Users\Justin2
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
AceIt v1.3.1 (HKLM-x32\...\AceIt_is1) (Version: - Scott M. Miller)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Automation (HKLM-x32\...\Automation) (Version: - )
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version: - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
BLLW PRR K4 PACIFIC SERIES (HKLM-x32\...\BLLW PRR K4 PACIFIC SERIES) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Car Mechanic Simulator 2015 (HKLM-x32\...\Steam App 320300) (Version: - PlayWay S.A.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0195 - Disc Soft Ltd)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EAX Unified (HKLM-x32\...\EAX Unified) (Version: - )
Farm Mechanic Simulator 2015 (HKLM-x32\...\Farm Mechanic Simulator 2015_is1) (Version: - )
FBVLC (HKLM-x32\...\{FDFD2D0E-1CC4-446A-8E36-65298CE711D5}) (Version: 0.1.5 - RSATom)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
House, M.D. (HKLM-x32\...\House, M.D.) (Version: - )
HP Deskjet 1010 series Basic Device Software (HKLM\...\{CFD917BE-F1F6-410E-ABEC-9EC819507D0D}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
Isoplex version 1.0.4 (HKLM-x32\...\{D7777196-0C77-4FA8-A02E-37A6E295657A}_is1) (Version: 1.0.4 - Isoplex, Inc.)
Mafia (HKLM-x32\...\Mafia) (Version: - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Nancy Drew 30 - The Shattered Medallion (HKLM-x32\...\Nancy Drew 30 - The Shattered MedallionFinal) (Version: Final - Game-Owl.com)
Nancy Drew 31 - Labyrinth of Lies BE (HKLM-x32\...\Nancy Drew 31 - Labyrinth of Lies BE1.1) (Version: 1.1 - Foxy Games)
Nancy Drew: Sea of Darkness (HKLM-x32\...\{241C6D36-570D-4616-B07F-E460AF6E59D2}) (Version: 8.0.0.30162 - Her Interactive, Inc.)
Nancy Drew: Secret of Shadow Ranch (HKLM-x32\...\{06874C62-EC70-4275-9F30-BD81969993A8}) (Version: - )
Nancy Drew: Secrets Can Kill Remastered (HKLM-x32\...\BFG-Nancy Drew - Secrets Can Kill Remastered) (Version: - )
Nancy Drew: The Curse of Blackmoor Manor (HKLM-x32\...\{9E38979C-FA65-476D-80C7-72F4EADE726C}) (Version: - )
Nancy Drew: The Final Scene (HKLM-x32\...\{3B304631-1355-4A32-BEA0-494DEFB3506D}) (Version: - )
Need for Speed Underground 2 (HKLM-x32\...\Need for Speed Underground 2) (Version: - )
NextFlik Demo version 3.0.2 (HKLM-x32\...\{F55E249C-69C5-4237-BD6B-9239BCC16F6F}_is1) (Version: 3.0.2 - Garletts Studios)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.16.11.9107 - NVIDIA Corporation)
Open Rails version pre-v1.0 (HKLM-x32\...\{94E15E08-869D-4B69-B8D7-8C82075CB51C} ; Generat~67F3DAC8_is1) (Version: pre-v1.0 - Open Rails)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TGATool2A version 4.00.34 (HKLM-x32\...\TGATool2A_is1) (Version: - Martin Wright)
The Game Of Life by Hasbro (HKLM-x32\...\The Game Of Life by Hasbro1.0) (Version: 1.0 - Adnan_Boy 2008)
thriXXX-Launcher (HKLM-x32\...\thriXXX-Launcher) (Version: - thriXXX Software GmbH)
Truck Mechanic Simulator 2015 (HKLM-x32\...\Truck Mechanic Simulator 2015_is1) (Version: - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.5.0 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Walking Dead (HKLM-x32\...\Walking Dead_is1) (Version: - Audioslave)
Walking Dead 2 (HKLM-x32\...\Walking Dead 2_is1) (Version: - Audioslave)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1EA8ED24-CD0E-4E0B-9E24-0F536A8491F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {23B8E525-768E-4DD9-A2B2-997084F149E9} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {2A965A54-C575-4A51-8481-EE40456B648F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {9B9DB96A-AC7B-465E-A40F-B768E9AE1A55} - System32\Tasks\propagationUtilityManager => C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\syscomplus80.exe [2015-09-17] ()
Task: {BA0EA0B5-99B6-4B63-9D72-995048600DD4} - System32\Tasks\{64D2B978-4421-4B22-AC6B-2761F9E38EC3} => pcalua.exe -a "C:\Program Files\Mafia\setup.exe" -d "C:\Program Files\Mafia"
Task: {CDB6D540-42E0-4696-B911-30349ECC5865} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {E8359096-AE4F-41DB-A979-62BFE1532DFC} - System32\Tasks\procedure_quality_service => C:\Program Files (x86)\Common Files\microsoft shared\DW\syseventman32.exe [2015-09-16] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-11-14 18:31 - 2011-05-27 15:57 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2014-11-14 18:31 - 2010-08-22 21:01 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2014-11-14 18:31 - 2010-08-22 21:01 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2014-11-14 18:31 - 2010-08-22 21:01 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2014-11-14 18:31 - 2010-08-22 21:01 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2014-11-14 18:31 - 2010-08-22 20:32 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2014-11-14 18:31 - 2011-05-27 15:08 - 00660480 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2016-11-10 15:10 - 2016-10-20 03:47 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-11-10 15:10 - 2016-10-20 03:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
2016-11-10 19:40 - 2016-10-28 09:36 - 17772736 _____ () C:\Users\Justin\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2015-09-19 14:44 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2840602664-1174431460-2861059735-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^Users^Justin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 1010 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 1010 series.lnk.Startup
MSCONFIG\startupreg: ospd_us_1121 => "C:\Program Files (x86)\ospd_us_1121\ospd_us_1121.exe"
MSCONFIG\startupreg: Rs => C:\Program Files (x86)\Rising\Rs.exe
MSCONFIG\startupreg: RSDTRAY => "C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{592433A6-B5D5-4A8D-9143-D014D3F0A098}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{E4924E03-0B93-41A0-BF84-2F4A591AC26C}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{B968BD3F-A19F-4F9A-B43F-B6DD6D739B94}] => (Allow) C:\Program Files\HP\HP Deskjet 1010 series\Bin\USBSetup.exe
FirewallRules: [{BECBB57E-52C5-409A-A8E7-9E769A4593E0}] => (Allow) C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B2EA9EE5-138B-457C-8D18-C59E93B63CF5}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{7B70B987-9A08-46F7-AB4B-063811C9BF63}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{98B88A6A-B23A-4AE8-BF87-759B520A1E51}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{0E81057A-358B-44B4-AEED-2481B0DB1157}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{8868EF6C-7058-419C-8345-0D044CCEF982}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{CDB05C47-1464-407C-9262-EA1DF2C9CFAE}] => (Allow) C:\Program Files (x86)\Isoplex\Isoplex.exe
FirewallRules: [{058D7982-12DB-4B13-A98E-A17B9A78D66F}] => (Allow) C:\Program Files (x86)\Isoplex\Isoplex.exe
FirewallRules: [{739853BE-C0BA-4D41-9F51-EF1126FA40E6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C1700498-35DC-45A4-A96B-B426D1800F89}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{10DE57DA-85F8-4B65-AC24-70683A6B43E6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{13ACAFCD-3744-40ED-AA31-7F987082CBA7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{870ED69E-C530-4A30-8D88-AB333A2417FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Car Mechanic Simulator 2015\cms2015.exe
FirewallRules: [{BD8EF9B0-E26A-4755-89A5-9D9F8F7D632E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Car Mechanic Simulator 2015\cms2015.exe
FirewallRules: [TCP Query User{9C750E60-CEFE-41F7-B016-262DD302AF65}C:\users\justin\appdata\local\temp\rar$exa0.695\trainz a new era\tane.exe] => (Block) C:\users\justin\appdata\local\temp\rar$exa0.695\trainz a new era\tane.exe
FirewallRules: [UDP Query User{C98134F2-BCFF-4EC5-A23D-3F26E3ED397F}C:\users\justin\appdata\local\temp\rar$exa0.695\trainz a new era\tane.exe] => (Block) C:\users\justin\appdata\local\temp\rar$exa0.695\trainz a new era\tane.exe
FirewallRules: [TCP Query User{D723499C-122E-4149-9D47-CB92F668CA3D}C:\program files (x86)\trainz a new era\tane.exe] => (Block) C:\program files (x86)\trainz a new era\tane.exe
FirewallRules: [UDP Query User{62B74FEB-E1F5-4BE9-9F73-AD221A7609EB}C:\program files (x86)\trainz a new era\tane.exe] => (Block) C:\program files (x86)\trainz a new era\tane.exe
FirewallRules: [{F75FCE97-D2CD-4FC3-88D2-E1DAF67136E5}] => (Allow) C:\Users\Justin\AppData\Roaming\TWV\TWV.exe
FirewallRules: [{A0B59C54-10CD-46F3-9103-DC1621215521}] => (Allow) C:\Users\Justin\AppData\Roaming\TWV\upd.exe
FirewallRules: [{459745CD-CFA7-4628-A769-C032FA109F24}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{41416784-C576-4F3E-8233-501658DA5236}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{F6F6588B-1045-47A2-B74A-336E4FDA4490}] => (Allow) C:\Users\Justin\AppData\Local\BrowserAir\Application\BrowserAir.exe
FirewallRules: [{443DD8CB-F5B3-4C06-9890-03407975F0BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AA16F713-237A-446D-BB3B-A1814672C8F2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0EFD209A-D008-4FAC-9103-44D577528418}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0405B956-C740-4221-8B62-74A0F9F904DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{453B4F38-D13C-4EE9-8B70-88613B78E646}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{D8897329-FA5A-40B8-879B-00FFBF59392C}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{C40A2A74-9DC2-4628-8FAE-1AAEAFF01EB9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8CDDBB9B-9493-443D-92DA-7CFEE06D51AE}] => (Allow) C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6A51CF74-A145-4D95-8BF7-A47724A3D69C}] => (Allow) C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F5946DDA-E637-474D-8606-0EBB42427843}] => (Allow) C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D5F2A692-1BA7-41D8-8AF4-3FEEF6F7449C}] => (Allow) C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{035E3CA3-88BB-4202-B06A-7379A827FC22}] => (Allow) C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{43754618-8184-417E-AEBA-C17F3862871E}] => (Allow) C:\Users\Justin\AppData\Roaming\uTorrent\uTorrent.exe
==================== Restore Points =========================
11-11-2016 10:45:25 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
11-11-2016 10:48:19 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
11-11-2016 10:49:23 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
11-11-2016 10:49:50 Windows Update
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: bsdriver
Description: bsdriver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: bsdriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/11/2016 11:23:37 AM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (11/11/2016 11:23:22 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
Error: (11/11/2016 11:20:07 AM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at SetupAfterRebootService.SetupARService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (11/11/2016 11:19:46 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
Error: (11/11/2016 11:15:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mafia3.exe, version: 1.0.0.1, time stamp: 0x57eead5b
Faulting module name: mafia3.exe, version: 1.0.0.1, time stamp: 0x57eead5b
Exception code: 0xc0000005
Fault offset: 0x0000000002948790
Faulting process id: 0x1240
Faulting application start time: 0x01d23c36b94a094e
Faulting application path: C:\Games\Mafia III\mafia3.exe
Faulting module path: C:\Games\Mafia III\mafia3.exe
Report Id: fe599e08-a829-11e6-9aa9-50e549952de2
Error: (11/11/2016 11:08:37 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
Error: (11/11/2016 10:54:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mafia3.exe, version: 1.0.0.1, time stamp: 0x57eead5b
Faulting module name: mafia3.exe, version: 1.0.0.1, time stamp: 0x57eead5b
Exception code: 0xc0000005
Fault offset: 0x0000000002948790
Faulting process id: 0x67c
Faulting application start time: 0x01d23c33c9e4e294
Faulting application path: C:\Games\Mafia III\mafia3.exe
Faulting module path: C:\Games\Mafia III\mafia3.exe
Report Id: 1017ecf2-a827-11e6-9aa9-50e549952de2
Error: (11/11/2016 10:52:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mafia3.exe, version: 1.0.0.1, time stamp: 0x57eead5b
Faulting module name: mafia3.exe, version: 1.0.0.1, time stamp: 0x57eead5b
Exception code: 0xc0000005
Fault offset: 0x0000000002948790
Faulting process id: 0xf0
Faulting application start time: 0x01d23c339643ba9c
Faulting application path: C:\Games\Mafia III\mafia3.exe
Faulting module path: C:\Games\Mafia III\mafia3.exe
Report Id: e4ad3ee3-a826-11e6-9aa9-50e549952de2
Error: (11/11/2016 10:45:18 AM) (Source: ESENT) (EventID: 428) (User: )
Description: Windows (1060) Windows: The database engine is rejecting update operations due to low free disk space on the log disk.
Error: (11/11/2016 10:27:39 AM) (Source: ESENT) (EventID: 482) (User: )
Description: Windows (1060) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log" at offset 0 (0x0000000000000000) for 1048576 (0x00100000) bytes failed after 0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.
System errors:
=============
Error: (11/11/2016 11:23:58 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bsdriver
Error: (11/11/2016 11:23:05 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: Event-ID 14
Error: (11/11/2016 11:23:12 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:21:25 AM on 11/11/2016 was unexpected.
Error: (11/11/2016 11:19:30 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: Event-ID 14
Error: (11/11/2016 11:19:38 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:18:57 AM on 11/11/2016 was unexpected.
Error: (11/11/2016 10:49:16 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
Error: (11/11/2016 09:54:28 AM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
Error: (11/10/2016 12:07:50 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
"5"
Happened while starting this command:
C:\Windows\System32\slui.exe -Embedding
Error: (11/10/2016 11:52:39 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 116.26.0.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Signature Type: Network Inspection System
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 2.1.12706.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Error: (11/10/2016 11:52:39 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.227.2901.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Signature Type: AntiSpyware
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 1.1.13000.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2015-09-18 21:02:53.612
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-18 21:02:53.581
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-09-17 08:09:23.210
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-09-17 08:09:23.179
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD Athlon II X3 450 Processor
Percentage of memory in use: 44%
Total physical RAM: 4093.55 MB
Available physical RAM: 2269.46 MB
Total Virtual: 8485.29 MB
Available Virtual: 6540.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:83.49 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 30207C24)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================