Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

msiexec.exe slowing computer


  • This topic is locked This topic is locked
6 replies to this topic

#1 Quadclops

Quadclops

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 10 September 2015 - 02:13 PM

As of a couple days ago my computer has been really sluggish because of msiexec.exe, NOTEPAD.exe, dllhost.exe and presentationhost.exe, so yesterday I did a few things. Used Malwarebytes, Microsoft Security Essentials and Wise Registry Cleaner. A few PUPs were found but nothing too crazy. I ran the registry cleaner after to no avail. I then checked all my drivers, they were up to date. This morning before work I ran a Disc Check on Windows start up and when I got back no changes. The programs are still in my task manager running. It isnt unbearable but they spike for like 50%+ CPU usage randomly. I have never had this problem before. Any help would be appreciated.

 

EDIT: I also did a System Restore and I read on another forum that it could be a corrupt or missing Microsoft Framework NET file.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-09-2015
Ran by Matt (administrator) on DA-E15643CEE896 (10-09-2015 11:32:42)
Running from C:\Documents and Settings\Matt\My Documents\Downloads
Loaded Profiles: Matt (Available Profiles: Matt)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Dokan\DokanLibrary\mounter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(GEMTEKS) C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
(Linksys) C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
() C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\PresentationHost.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Six Engine] => C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe [5964800 2008-06-03] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2591888 2015-08-07] ()
HKU\S-1-5-21-1409082233-1035525444-1801674531-1003\...\Run: [Google Update] => C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1409082233-1035525444-1801674531-1003\...\Run: [Pando Media Booster] => C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-09-09] ()
HKU\S-1-5-21-1409082233-1035525444-1801674531-1003\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Documents and Settings\Matt\Local Settings\Application Data\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Documents and Settings\Matt\Local Settings\Application Data\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Documents and Settings\Matt\Local Settings\Application Data\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Adobe Gamma.lnk [2012-06-25]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{34D8A667-E5FA-4480-9A10-8233E0F96E78}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1409082233-1035525444-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1315460952625
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\d4hrxyze.default-1423364590281
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-09-09] (Pando Networks)
FF Plugin: @raidcall.en/RCplugin -> C:\Documents and Settings\Matt\Application Data\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1409082233-1035525444-1801674531-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1409082233-1035525444-1801674531-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1409082233-1035525444-1801674531-1003: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-09-09] (Pando Networks)
FF Extension: NetVideoHunter - C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\d4hrxyze.default-1423364590281\Extensions\netvideohunter@netvideohunter.com [2015-05-29]
FF Extension: BetterTTV - C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\d4hrxyze.default-1423364590281\Extensions\firefox@betterttv.net.xpi [2015-05-15]
FF Extension: MEGA - C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\d4hrxyze.default-1423364590281\Extensions\firefox@mega.co.nz.xpi [2015-02-17]
FF Extension: ReChat for Twitch™ - C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\d4hrxyze.default-1423364590281\Extensions\firefox@rechat.org.xpi [2015-07-11]
FF Extension: ExHentai Easy 2 - C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\d4hrxyze.default-1423364590281\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2015-02-08]
FF Extension: Adblock Plus - C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\d4hrxyze.default-1423364590281\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-07]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-09-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-21]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\45.0.2454.85\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Java™ Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR Profile: C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Sad Panda) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2013-07-30]
CHR Extension: (AdBlock) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-11-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-09-13]
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-06-25] (Adobe Systems) [File not signed]
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-12-03] () [File not signed]
R2 DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [25088 2011-01-10] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)
R2 WMP54Gv4SVC; "C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2013-01-24] (Meetinghouse Data Communications) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2011-09-07] ()
S3 BCM42RLY; C:\WINDOWS\System32\BCM42RLY.SYS [17992 2005-02-01] (Broadcom Corporation) [File not signed]
S1 blbjhqgr; C:\WINDOWS\system32\drivers\blbjhqgr.sys [48896 2015-09-10] (Microsoft Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 Dokan; C:\WINDOWS\system32\drivers\dokan.sys [91904 2011-01-10] (Windows ® Win 7 DDK provider) [File not signed]
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-09-09] (REALiX™)
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [39424 2009-08-05] (Atheros Communications, Inc.)
S3 ManyCam; C:\WINDOWS\System32\DRIVERS\mcvidrv.sys [32000 2012-01-10] (ManyCam LLC)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\WINDOWS\System32\drivers\mcaudrv.sys [22400 2012-02-22] (ManyCam LLC)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R0 mrdd; C:\WINDOWS\System32\DRIVERS\mrdd.sys [18984 2008-11-11] (Marvell Semiconductor, Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2011-09-07] ()
R0 mv61xx; C:\WINDOWS\System32\DRIVERS\mv61xx.sys [152616 2009-02-08] (Marvell Semiconductor, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [136624 2015-08-07] (NVIDIA Corporation)
S3 RT2500; C:\WINDOWS\System32\DRIVERS\RT2500.sys [243328 2005-10-20] (Ralink Technology Inc.)
S0 cerc6; no ImagePath
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 11:23 - 2015-09-10 11:23 - 00000664 _____ C:\Documents and Settings\Matt\Local Settings\Application Data\d3d9caps.dat
2015-09-10 11:19 - 2015-09-10 11:32 - 00000000 ____D C:\FRST
2015-09-10 10:48 - 2015-09-10 10:48 - 00048896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\blbjhqgr.sys
2015-09-10 10:29 - 2015-09-10 10:29 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-09-10 10:29 - 2015-09-10 10:29 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-09-10 10:16 - 2015-09-10 10:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2922229$
2015-09-10 10:15 - 2015-09-10 10:15 - 00131222 _____ C:\WINDOWS\KB946648.log
2015-09-10 10:15 - 2015-09-10 10:15 - 00128833 _____ C:\WINDOWS\KB2934207.log
2015-09-10 10:15 - 2015-09-10 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2934207$
2015-09-10 10:15 - 2015-09-10 10:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2916036$
2015-09-10 10:14 - 2015-09-10 10:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2929961$
2015-09-10 10:14 - 2015-09-10 10:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2015-09-10 10:13 - 2015-09-10 10:14 - 00129488 _____ C:\WINDOWS\KB2862335.log
2015-09-10 10:11 - 2015-09-10 10:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2930275$
2015-09-10 10:07 - 2015-09-10 10:07 - 00130383 _____ C:\WINDOWS\KB2807986.log
2015-09-10 10:07 - 2015-09-10 10:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2015-09-10 10:05 - 2015-09-10 10:05 - 00131970 _____ C:\WINDOWS\KB2868038.log
2015-09-10 10:05 - 2015-09-10 10:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2015-09-10 09:58 - 2015-09-10 09:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2015-09-10 09:51 - 2015-09-10 10:15 - 00003770 _____ C:\WINDOWS\updspapi.log
2015-09-10 09:50 - 2015-09-10 09:52 - 00132831 _____ C:\WINDOWS\KB2879017-IE8.log
2015-09-10 09:42 - 2015-09-10 10:16 - 00073470 _____ C:\WINDOWS\iis6.log
2015-09-10 09:42 - 2015-09-10 10:16 - 00068013 _____ C:\WINDOWS\FaxSetup.log
2015-09-10 09:42 - 2015-09-10 10:16 - 00032516 _____ C:\WINDOWS\ocgen.log
2015-09-10 09:42 - 2015-09-10 10:16 - 00031032 _____ C:\WINDOWS\tsoc.log
2015-09-10 09:42 - 2015-09-10 10:16 - 00022847 _____ C:\WINDOWS\comsetup.log
2015-09-10 09:42 - 2015-09-10 10:16 - 00020774 _____ C:\WINDOWS\msmqinst.log
2015-09-10 09:42 - 2015-09-10 10:16 - 00013818 _____ C:\WINDOWS\ntdtcsetup.log
2015-09-10 09:42 - 2015-09-10 10:16 - 00011913 _____ C:\WINDOWS\netfxocm.log
2015-09-10 09:42 - 2015-09-10 10:16 - 00004675 _____ C:\WINDOWS\MedCtrOC.log
2015-09-10 09:42 - 2015-09-10 10:16 - 00003762 _____ C:\WINDOWS\ocmsn.log
2015-09-10 09:42 - 2015-09-10 10:16 - 00003421 _____ C:\WINDOWS\tabletoc.log
2015-09-10 09:42 - 2015-09-10 10:16 - 00003399 _____ C:\WINDOWS\msgsocm.log
2015-09-10 09:42 - 2015-09-10 10:16 - 00001374 _____ C:\WINDOWS\imsins.log
2015-09-10 09:42 - 2015-09-10 10:15 - 00001374 _____ C:\WINDOWS\imsins.BAK
2015-09-10 09:42 - 2015-09-10 09:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2015-09-10 09:41 - 2015-09-10 09:42 - 00004378 _____ C:\WINDOWS\KB2914368.log
2015-09-10 09:39 - 2015-09-10 10:16 - 00133805 _____ C:\WINDOWS\KB2922229.log
2015-09-10 09:39 - 2015-09-10 10:15 - 00133599 _____ C:\WINDOWS\KB2916036.log
2015-09-10 09:39 - 2015-09-10 10:14 - 00132782 _____ C:\WINDOWS\KB2929961.log
2015-09-10 09:39 - 2015-09-10 10:11 - 00133706 _____ C:\WINDOWS\KB2930275.log
2015-09-10 09:39 - 2014-02-25 18:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2015-09-10 09:39 - 2014-02-25 18:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2015-09-10 09:38 - 2015-09-10 10:11 - 00134155 _____ C:\WINDOWS\KB2719985.log
2015-09-10 09:38 - 2015-09-10 10:07 - 00135231 _____ C:\WINDOWS\KB2839229.log
2015-09-10 09:38 - 2013-07-16 17:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2015-09-10 09:38 - 2013-07-16 17:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2015-09-10 09:37 - 2015-09-10 09:59 - 00134268 _____ C:\WINDOWS\KB2757638.log
2015-09-10 09:37 - 2013-07-16 17:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2015-09-09 22:37 - 2015-09-10 09:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-09-09 22:36 - 2015-09-09 23:36 - 00000000 ____D C:\Documents and Settings\Matt\Desktop\mbar
2015-09-09 22:13 - 2015-09-09 22:13 - 00000984 _____ C:\Documents and Settings\Matt\Desktop\SecurityCheck.txt
2015-09-09 21:26 - 2015-09-09 21:26 - 00041682 _____ C:\Documents and Settings\Matt\Desktop\MTB.txt
2015-09-09 21:23 - 2015-09-09 21:23 - 00001176 _____ C:\Documents and Settings\Matt\Desktop\mbar.txt
2015-09-09 21:20 - 2015-09-09 21:20 - 00002567 _____ C:\Documents and Settings\Matt\Desktop\FSS.txt
2015-09-09 19:40 - 2015-09-09 19:40 - 00000000 ____D C:\cmdcons
2015-09-09 19:39 - 2015-09-09 19:40 - 00000000 ___SD C:\ComboFix
2015-09-09 19:29 - 2015-09-09 19:29 - 00000902 _____ C:\Documents and Settings\Matt\Desktop\Shortcut to ComboFix.lnk
2015-09-09 19:27 - 2015-09-09 19:27 - 00000327 _____ C:\Boot.bak
2015-09-09 19:27 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2015-09-09 19:25 - 2015-09-09 19:25 - 00000000 ____D C:\Qoobox
2015-09-09 19:25 - 2011-06-25 23:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-09-09 19:25 - 2010-11-07 10:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-09-09 19:25 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-09-09 19:25 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-09-09 19:25 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-09-09 19:25 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-09-09 19:25 - 2000-08-30 17:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-09-09 19:25 - 2000-08-30 17:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-09-09 19:25 - 2000-08-30 17:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-09-09 19:24 - 2015-09-09 19:24 - 00000000 ____D C:\WINDOWS\erdnt
2015-09-09 14:16 - 2015-09-09 14:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2015-09-09 11:59 - 2015-09-09 11:59 - 00081456 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-09-09 09:51 - 2015-09-09 09:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FreeDriverScout
2015-09-09 09:51 - 2015-09-09 09:51 - 00000000 ____D C:\Documents and Settings\Matt\My Documents\Freemium Driver Utilities
2015-09-09 09:50 - 2015-09-09 09:51 - 00000000 ____D C:\Program Files\SoftwareUpdater
2015-09-09 09:50 - 2015-09-09 09:50 - 00000000 ____D C:\Documents and Settings\Matt\Application Data\dlg
2015-09-09 09:47 - 2015-09-09 19:32 - 00000000 ____D C:\Documents and Settings\Matt\Application Data\IObit
2015-09-09 09:47 - 2015-09-09 09:47 - 00023840 _____ (REALiX™) C:\WINDOWS\system32\Drivers\HWiNFO32.SYS
2015-09-09 09:47 - 2015-09-09 09:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2015-09-09 09:46 - 2015-09-09 19:32 - 00000000 ____D C:\Program Files\IObit
2015-09-09 09:24 - 2015-09-09 09:29 - 00000000 ____D C:\Documents and Settings\Matt\Application Data\Wise Registry Cleaner
2015-09-09 09:24 - 2015-09-09 09:24 - 00000880 _____ C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
2015-09-09 09:24 - 2015-09-09 09:24 - 00000000 ____D C:\Program Files\Wise
2015-09-09 09:24 - 2015-09-09 09:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Wise Registry Cleaner
2015-09-09 09:07 - 2012-10-15 17:02 - 00017840 _____ (solvusoft) C:\WINDOWS\system32\roboot.exe
2015-09-09 08:59 - 2015-09-09 08:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-09 08:59 - 2015-09-09 08:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Diablo III
2015-09-09 00:15 - 2015-09-09 22:37 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-09 00:14 - 2015-09-09 22:36 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-09 00:14 - 2015-09-09 08:48 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-09 00:14 - 2015-09-09 00:14 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-08 17:35 - 2015-09-09 11:13 - 00000664 _____ C:\Documents and Settings\Matt\Local Settings\Application Data\d3d9caps.tmp
2015-09-08 16:12 - 2015-09-09 08:49 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\{6D562978-98CA-4106-8F27-D583EFC73ABD}
2015-09-08 16:12 - 2015-09-08 16:12 - 00000000 ____D C:\Documents and Settings\Matt\Desktop\Kaskade - I Remember (Inspiron)
2015-09-08 09:27 - 2015-09-08 09:27 - 00000569 _____ C:\Documents and Settings\All Users\Desktop\Diablo III.lnk
2015-09-07 20:56 - 2015-08-31 10:34 - 20729572 _____ C:\Documents and Settings\Matt\Desktop\thetittyqueen69_310815_0723_female_chaturbate.mp4
2015-09-07 11:48 - 2015-09-07 11:42 - 00090231 ____H C:\WINDOWS\Minidump\Mini090715-01.dmp
2015-09-06 23:39 - 2015-09-06 23:39 - 00000000 ____D C:\Documents and Settings\Matt\Desktop\[MAGURO-057]
2015-09-06 21:07 - 2015-09-06 21:45 - 1650118282 _____ C:\Documents and Settings\Matt\Desktop\ure-007.mp4
2015-09-06 17:31 - 2015-09-06 19:14 - 1405652068 _____ C:\Documents and Settings\Matt\Desktop\DVDES-809 .mp4
2015-09-06 16:34 - 2015-09-06 17:26 - 2382880940 _____ C:\Documents and Settings\Matt\Desktop\AVOP122.avi
2015-09-05 15:14 - 2015-09-05 16:33 - 4137061257 _____ C:\Documents and Settings\Matt\Desktop\SDDE-403.1080p.mkv
2015-09-02 11:36 - 2015-09-02 11:51 - 138828323 _____ C:\Documents and Settings\Matt\Desktop\240P_400K_56264601.mp4
2015-08-30 13:04 - 2015-08-30 13:04 - 00000000 ____D C:\Documents and Settings\Matt\Desktop\SDDE-401
2015-08-30 10:39 - 2015-08-30 10:39 - 00000486 _____ C:\Documents and Settings\Matt\Desktop\Ziggurat.txt
2015-08-30 00:00 - 2015-09-01 23:08 - 00000000 ____D C:\Documents and Settings\Matt\Desktop\SDDE-365
2015-08-29 21:24 - 2015-08-29 21:24 - 00000000 ____D C:\Documents and Settings\Matt\Desktop\SDDE-384
2015-08-27 11:16 - 2015-09-09 08:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-25 12:33 - 2015-08-25 11:58 - 00090238 ____H C:\WINDOWS\Minidump\Mini082515-01.dmp
2015-08-21 18:38 - 2015-08-22 13:27 - 00000000 ____D C:\Documents and Settings\Matt\Desktop\Disturbed - Immortalized (Deluxe Version)
2015-08-15 13:27 - 2015-08-15 13:27 - 00001924 _____ C:\Documents and Settings\All Users\Desktop\Free WebM Video Converter.lnk
2015-08-15 13:27 - 2015-08-15 13:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
2015-08-15 13:26 - 2015-08-15 13:28 - 00000000 ____D C:\Documents and Settings\Matt\Application Data\DVDVideoSoft
2015-08-15 13:26 - 2015-08-15 13:27 - 00000000 ____D C:\Program Files\DVDVideoSoft
2015-08-15 13:26 - 2015-08-15 13:27 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2015-08-15 13:22 - 2015-08-15 13:22 - 00000000 ____D C:\Documents and Settings\Matt\Application Data\AVS4YOU
2015-08-15 13:20 - 2015-08-15 13:28 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2015-08-15 13:20 - 2015-08-15 13:28 - 00000000 ____D C:\Program Files\AVS4YOU
2015-08-15 13:20 - 2015-08-15 13:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVS4YOU
2015-08-15 13:20 - 2010-05-11 13:17 - 01700352 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-08-15 13:20 - 2010-05-11 13:17 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3a.dll
2015-08-15 12:24 - 2015-09-09 20:40 - 00000000 ____D C:\Documents and Settings\Matt\Desktop\Alinity
2015-08-14 22:27 - 2015-08-07 01:48 - 00025176 _____ C:\WINDOWS\system32\nvinfo.pb
2015-08-14 22:27 - 2015-08-07 01:41 - 01049904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco3235560.dll
2015-08-14 22:27 - 2015-08-07 01:41 - 00912504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco3235560.dll
2015-08-14 19:22 - 2015-08-14 19:23 - 00000000 ____D C:\Documents and Settings\Matt\My Documents\Heroes of the Storm
2015-08-12 11:18 - 2015-09-05 08:06 - 00000000 ____D C:\Documents and Settings\Matt\Desktop\mrsv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 11:32 - 2011-09-09 18:54 - 00000000 ____D C:\Documents and Settings\Matt\Local Settings\Application Data\PMB Files
2015-09-10 11:32 - 2011-09-07 18:24 - 00000000 ____D C:\Documents and Settings\Matt\Local Settings\Temp
2015-09-10 11:25 - 2013-02-18 18:55 - 00041874 _____ C:\WINDOWS\system32\nvAppTimestamps
2015-09-10 11:20 - 2015-07-01 16:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-10 11:01 - 2011-09-09 18:47 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1035525444-1801674531-1003UA.job
2015-09-10 10:43 - 2014-10-20 00:45 - 01367257 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-10 10:43 - 2011-09-07 18:17 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-09-10 10:30 - 2011-09-09 18:53 - 00000000 ____D C:\Program Files\Steam
2015-09-10 10:29 - 2012-02-19 23:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-10 10:29 - 2011-09-07 18:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-10 10:29 - 2011-09-07 10:15 - 00128504 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-10 10:29 - 2008-04-14 05:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2015-09-10 10:26 - 2011-09-07 18:24 - 00000278 ___SH C:\Documents and Settings\Matt\ntuser.ini
2015-09-10 10:26 - 2011-09-07 18:23 - 00032478 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-10 10:17 - 2012-04-15 16:08 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-09-10 10:15 - 2011-09-07 18:12 - 00000000 ____D C:\Program Files\Messenger
2015-09-10 10:13 - 2014-10-26 09:54 - 00555435 _____ C:\WINDOWS\setupapi.log
2015-09-10 10:13 - 2011-09-07 10:17 - 00574402 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-10 09:49 - 2012-02-19 23:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2015-09-10 09:29 - 2013-09-07 11:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2015-09-09 23:42 - 2011-09-07 23:28 - 01561260 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2015-09-09 23:42 - 2011-09-07 23:28 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2015-09-09 23:39 - 2012-12-12 10:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2015-09-09 19:40 - 2011-09-07 10:14 - 00000327 __RSH C:\boot.ini
2015-09-09 19:01 - 2011-09-09 18:47 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1035525444-1801674531-1003Core.job
2015-09-09 10:21 - 2014-11-08 10:48 - 00000221 _____ C:\WINDOWS\setupact.log
2015-09-09 09:47 - 2011-09-07 18:24 - 00000000 ____D C:\Documents and Settings\Matt
2015-09-09 08:59 - 2015-03-24 10:28 - 00000000 ____D C:\Documents and Settings\Matt\Application Data\Rainmaker Software Group LLC.​
2015-09-09 08:59 - 2013-01-24 22:33 - 00000000 ____D C:\Documents and Settings\Matt\Application Data\Malwarebytes
2015-09-09 08:58 - 2015-07-23 10:08 - 00000000 ____D C:\Documents and Settings\Matt\Desktop\JAV
2015-09-09 08:58 - 2015-03-24 10:27 - 00000000 ____D C:\Documents and Settings\Matt\Application Data\Azureus
2015-09-09 08:58 - 2013-10-31 16:17 - 00000000 ____D C:\Program Files\Battle.net
2015-09-09 08:58 - 2011-09-07 23:59 - 00000000 ____D C:\Documents and Settings\Matt\Desktop\additional user files
2015-09-09 08:57 - 2015-08-10 15:58 - 00000000 ____D C:\Heroes of the Storm
2015-09-09 08:57 - 2014-12-05 17:29 - 00000000 ____D C:\Hearthstone
2015-09-09 08:57 - 2013-01-25 19:30 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-09 08:38 - 2011-09-07 23:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975562$
2015-09-09 01:11 - 2013-04-21 10:28 - 00000279 _____ C:\Documents and Settings\Matt\Desktop\Shortcut to Data (D).lnk
2015-09-09 01:11 - 2011-09-09 18:50 - 00002277 _____ C:\Documents and Settings\Matt\Desktop\Google Chrome.lnk
2015-09-09 01:10 - 2013-05-25 22:25 - 00000719 _____ C:\Documents and Settings\Matt\Desktop\CamStudio.lnk
2015-09-09 01:10 - 2011-09-08 00:53 - 00001548 _____ C:\Documents and Settings\Matt\Desktop\CCleaner.lnk
2015-09-09 00:15 - 2013-01-24 22:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-09-08 23:48 - 2015-07-13 22:33 - 00000000 ____D C:\Documents and Settings\Matt\Application Data\vlc
2015-09-08 21:06 - 2011-09-07 23:28 - 01561116 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2015-09-08 19:30 - 2013-10-31 16:17 - 00000000 ____D C:\Documents and Settings\Matt\Local Settings\Application Data\Battle.net
2015-09-05 00:00 - 2015-08-03 09:30 - 00000000 ____D C:\Documents and Settings\Matt\Desktop\GeersLirik
2015-09-04 22:24 - 2011-09-12 20:59 - 00094208 _____ C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-31 23:52 - 2013-01-21 02:20 - 01623378 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1409082233-1035525444-1801674531-1003-0.dat
2015-08-31 23:52 - 2013-01-21 02:20 - 00121506 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-08-25 12:33 - 2011-09-15 17:27 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-24 16:31 - 2011-09-07 23:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA
2015-08-15 13:52 - 2013-05-25 22:22 - 00004548 _____ C:\Documents and Settings\Matt\Application Data\CamStudio.cfg
2015-08-15 13:52 - 2013-05-25 22:22 - 00000408 _____ C:\Documents and Settings\Matt\Application Data\CamShapes.ini
2015-08-15 13:52 - 2013-05-25 22:22 - 00000408 _____ C:\Documents and Settings\Matt\Application Data\CamLayout.ini
2015-08-15 13:52 - 2013-05-25 22:22 - 00000149 _____ C:\Documents and Settings\Matt\Application Data\Camdata.ini
2015-08-15 13:52 - 2011-09-17 22:10 - 00000000 ____D C:\Program Files\CamStudio
2015-08-15 12:59 - 2013-05-25 22:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CamStudio 2.7
2015-08-14 22:35 - 2011-09-07 23:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-14 22:34 - 2011-09-07 22:25 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2015-08-14 22:27 - 2011-09-07 23:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2015-08-14 19:22 - 2011-09-17 09:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2015-08-12 21:10 - 2015-03-24 10:27 - 00000000 ____D C:\Program Files\Vuze
2015-08-11 16:20 - 2012-07-15 10:08 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-11 16:20 - 2012-07-01 11:57 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-05-25 22:22 - 2015-08-15 13:52 - 0000149 _____ () C:\Documents and Settings\Matt\Application Data\Camdata.ini
2013-05-25 22:22 - 2015-08-15 13:52 - 0000408 _____ () C:\Documents and Settings\Matt\Application Data\CamLayout.ini
2013-05-25 22:22 - 2015-08-15 13:52 - 0000408 _____ () C:\Documents and Settings\Matt\Application Data\CamShapes.ini
2013-05-25 22:22 - 2015-08-15 13:52 - 0004548 _____ () C:\Documents and Settings\Matt\Application Data\CamStudio.cfg
2013-04-06 22:50 - 2013-04-06 22:50 - 0138056 _____ () C:\Documents and Settings\Matt\Application Data\PnkBstrK.sys
2015-09-10 11:23 - 2015-09-10 11:23 - 0000664 _____ () C:\Documents and Settings\Matt\Local Settings\Application Data\d3d9caps.dat
2015-09-08 17:35 - 2015-09-09 11:13 - 0000664 _____ () C:\Documents and Settings\Matt\Local Settings\Application Data\d3d9caps.tmp
2011-09-12 20:59 - 2015-09-04 22:24 - 0094208 _____ () C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-05 12:25 - 2015-01-05 12:25 - 0000003 _____ () C:\Documents and Settings\Matt\Local Settings\Application Data\updater.log
2015-01-05 12:25 - 2015-01-08 14:56 - 0000059 _____ () C:\Documents and Settings\Matt\Local Settings\Application Data\UserProducts.xml

Some files in TEMP:
====================
C:\Documents and Settings\Matt\Local Settings\Temp\130784740027658890.exe
C:\Documents and Settings\Matt\Local Settings\Temp\130784740135471390.exe
C:\Documents and Settings\Matt\Local Settings\Temp\130784740220315140.exe
C:\Documents and Settings\Matt\Local Settings\Temp\ExPromo.exe
C:\Documents and Settings\Matt\Local Settings\Temp\proxy_vole8676025291943120544.dll
C:\Documents and Settings\Matt\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Matt\Local Settings\Temp\SRLDetectionLibrary6315354200329593656.dll
C:\Documents and Settings\Matt\Local Settings\Temp\utt1B.tmp.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-13e36d1a.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-189b342b.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-19fc796e.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1bd118bc.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-271791ce.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-2dde6bb7.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-33349aff.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-3940c59c.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-3ac601bd.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-3acac08f.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-419d4137.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-4d184edb.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-50eca58c.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-555a370f.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-63054190.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-67634420.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-696dcadf.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-79efed97.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-7ebd009d.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-7f30a454.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8132bc76.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-918818cd.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-981651ef.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-994eb142.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-99bc5f3a.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-aa15bfaf.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-b36ce02a.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-bbdc282c.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d1e3cf74.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d4fd19ef.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d603c079.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d728d47d.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d73b6654.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-e5eb1d0a.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-ee6659b7.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f063eb5.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f9d1ae7.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-fa77b381.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-09-2015
Ran by Matt (2015-09-10 11:20:50)
Running from C:\Documents and Settings\Matt\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-09-08 01:16:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1409082233-1035525444-1801674531-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1409082233-1035525444-1801674531-1005 - Limited - Enabled)
Guest (S-1-5-21-1409082233-1035525444-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1409082233-1035525444-1801674531-1000 - Limited - Disabled)
Matt (S-1-5-21-1409082233-1035525444-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Matt
SUPPORT_388945a0 (S-1-5-21-1409082233-1035525444-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1409082233-1035525444-1801674531-1003\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Advanced Fix 2012 version 2.0.1.100 (HKLM\...\{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1) (Version: 2.0.1.100 - Advanced Fix, Inc.)
Anti-phishing Domain Advisor (HKLM\...\Anti-phishing Domain Advisor) (Version: 1.0.0.0 - Visicom Media Inc. (Powered by Panda Security))
Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.40 - Atheros Communications Inc.)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKLM\...\BitTorrent) (Version: 7.2.1 - )
BitTorrent Sync (HKLM\...\BitTorrent Sync) (Version: 1.3.105 - )
CamStudio (HKLM\...\CamStudio) (Version:  - )
CamStudio version 2.7 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
CCleaner (remove only) (HKLM\...\CCleaner) (Version:  - Piriform)
Cisco Packet Tracer 6.0.1 (HKLM\...\Cisco Packet Tracer 6.0.1_is1) (Version:  - Cisco Systems, Inc.)
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)
Dokan Library 0.6.0 (HKLM\...\DokanLibrary) (Version:  - )
Driver Booster 2.4 (HKLM\...\Driver Booster_is1) (Version: 2.4 - IObit)
EPU-6 Engine (HKLM\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.00.16 - )
Free Video Compressor (HKLM\...\{01554C33-4131-4BC7-9E6D-AF85E02BDF4F}_is1) (Version:  - freevideocompressor.com)
Free WebM Video Converter version 5.0.61.805 (HKLM\...\Free WebM Video Converter_is1) (Version: 5.0.61.805 - DVDVideoSoft Ltd.)
GameRanger (HKU\S-1-5-21-1409082233-1035525444-1801674531-1003\...\GameRanger) (Version:  - GameRanger Technologies)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Google Chrome (HKU\S-1-5-21-1409082233-1035525444-1801674531-1003\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jing (HKLM\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Linksys Connect (HKLM\...\Linksys Connect) (Version: 1.5.13310.0 - Linksys LLC)
Linksys Wireless-G PCI Adapter (HKLM\...\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}) (Version:  - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
marvell 61xx (HKLM\...\mv61xxDriver) (Version: 1.2.0.60 - Marvell)
MEGAsync 1.0.22 (HKLM\...\MEGAsync) (Version: 1.0.22 - Mega Limited)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft AppLocale (HKLM\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MPC-HC 1.7.7 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.6 - Notepad++ Team)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.6.0 - Pando Networks Inc.)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Prism Video File Converter (HKLM\...\Prism) (Version: 2.43 - NCH Software)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RaidCall (HKLM\...\RaidCall) (Version: 7.3.6-1.0.13004.105 - raidcall.com)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\{FEE1F166-EAE4-4C4B-8988-D82521F9F63F}) (Version: 6.1.5.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM\...\{6E3007EE-5C9F-4D8B-AD42-3AF16643A866}) (Version: 6.1.5.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Uninstall Helper (HKLM\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - W3i, LLC)
Uninstall Helper (Version: 2.0.1.0 - W3i, LLC) Hidden
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wise Registry Cleaner 8.71 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.71 - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.79\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\45.0.2454.85\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.28.1\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.28.13\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.28.13\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No  (the data entry has 4 more characters).

==================== Restore Points =========================

13-06-2015 10:25:38 System Checkpoint
14-06-2015 15:26:31 System Checkpoint
16-06-2015 08:44:25 System Checkpoint
17-06-2015 09:53:44 System Checkpoint
18-06-2015 13:40:32 System Checkpoint
19-06-2015 18:51:49 System Checkpoint
21-06-2015 16:47:31 System Checkpoint
22-06-2015 17:34:56 System Checkpoint
23-06-2015 18:22:24 System Checkpoint
25-06-2015 08:45:26 System Checkpoint
26-06-2015 08:46:06 System Checkpoint
27-06-2015 20:03:43 System Checkpoint
28-06-2015 18:02:32 Installed System Requirements Lab Detection
29-06-2015 18:39:42 System Checkpoint
30-06-2015 19:05:24 System Checkpoint
02-07-2015 08:45:55 System Checkpoint
03-07-2015 19:36:08 System Checkpoint
05-07-2015 17:44:58 System Checkpoint
07-07-2015 09:27:44 System Checkpoint
09-07-2015 14:29:59 System Checkpoint
11-07-2015 09:04:05 System Checkpoint
12-07-2015 17:02:57 System Checkpoint
17-07-2015 09:28:29 System Checkpoint
17-07-2015 19:11:57 Installed Realtek High Definition Audio Driver
19-07-2015 09:11:40 System Checkpoint
19-07-2015 20:13:01 Installed League of Legends
19-07-2015 20:13:23 Installed DirectX
21-07-2015 09:24:40 System Checkpoint
22-07-2015 10:29:03 System Checkpoint
23-07-2015 09:35:09 Removed League of Legends
24-07-2015 21:17:53 Installed League of Legends
24-07-2015 21:18:16 Installed DirectX
26-07-2015 13:43:44 System Checkpoint
28-07-2015 08:17:34 System Checkpoint
30-07-2015 09:14:50 System Checkpoint
02-08-2015 09:13:07 System Checkpoint
03-08-2015 14:26:12 System Checkpoint
04-08-2015 15:09:19 System Checkpoint
06-08-2015 14:25:40 System Checkpoint
09-08-2015 08:52:07 System Checkpoint
10-08-2015 16:14:16 System Checkpoint
13-08-2015 10:31:23 System Checkpoint
14-08-2015 22:28:34 Update to an unsigned driver
16-08-2015 08:33:07 System Checkpoint
18-08-2015 14:29:07 System Checkpoint
19-08-2015 19:05:52 System Checkpoint
21-08-2015 09:54:55 System Checkpoint
22-08-2015 14:26:47 System Checkpoint
24-08-2015 09:46:15 System Checkpoint
26-08-2015 10:04:10 System Checkpoint
27-08-2015 10:43:03 System Checkpoint
29-08-2015 10:17:28 System Checkpoint
01-09-2015 14:29:11 System Checkpoint
03-09-2015 09:26:41 System Checkpoint
05-09-2015 08:23:58 System Checkpoint
06-09-2015 09:09:55 System Checkpoint
07-09-2015 14:25:51 System Checkpoint
08-09-2015 09:08:46 Removed League of Legends
09-09-2015 09:02:35 Restore Operation
09-09-2015 09:50:04 Free Driver Scout
09-09-2015 19:31:32 JRT Pre-Junkware Removal
09-09-2015 23:36:55 Malwarebytes Anti-Rootkit Restore Point
09-09-2015 23:42:18 Free Driver Scout
10-09-2015 09:40:57 Software Distribution Service 3.0
10-09-2015 10:42:59 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 05:00 - 2008-04-14 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1035525444-1801674531-1003Core.job => C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1035525444-1801674531-1003UA.job => C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (Whitelisted) ==============

2014-05-01 07:15 - 2014-05-01 07:15 - 00463360 _____ () C:\Documents and Settings\Matt\Local Settings\Application Data\MEGAsync\ShellExtX32.dll
2011-01-10 05:50 - 2011-01-10 05:50 - 00025088 _____ () C:\Program Files\Dokan\DokanLibrary\mounter.exe
2011-12-27 18:53 - 2005-03-21 16:36 - 00036864 ____N () C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\Security.dll
2013-01-24 16:46 - 2002-04-24 01:00 - 00110592 _____ () C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\GEMWEP.DLL
2011-12-27 18:53 - 2005-10-05 11:26 - 00081920 ____N () C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\Ralinktek.DLL
2011-09-07 23:58 - 2008-06-03 01:06 - 05964800 _____ () C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
2011-09-07 23:58 - 2005-05-11 16:39 - 00565248 _____ () C:\Program Files\ASUS\EPU-6 Engine\pngio.dll
2011-09-07 23:57 - 2011-09-07 23:57 - 00024576 _____ () C:\WINDOWS\system32\AsIo.dll
2011-09-07 23:58 - 2008-04-15 10:07 - 00053248 _____ () C:\Program Files\ASUS\EPU-6 Engine\AsSpindownTimeout.dll
2015-04-02 00:13 - 2015-03-27 20:45 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2011-09-09 18:54 - 2011-09-09 18:54 - 03077528 _____ () C:\Program Files\Pando Networks\Media Booster\PMB.exe
2013-03-12 17:10 - 2015-07-03 09:12 - 00778240 _____ () C:\Program Files\Steam\SDL2.dll
2015-01-20 14:49 - 2015-07-03 09:12 - 04962816 _____ () C:\Program Files\Steam\v8.dll
2015-01-20 14:49 - 2015-07-03 09:12 - 01556992 _____ () C:\Program Files\Steam\icui18n.dll
2015-01-20 14:49 - 2015-07-03 09:12 - 01187840 _____ () C:\Program Files\Steam\icuuc.dll
2014-05-22 07:49 - 2015-08-19 13:39 - 02413248 _____ () C:\Program Files\Steam\video.dll
2014-08-29 08:43 - 2014-12-01 14:31 - 02396672 _____ () C:\Program Files\Steam\libavcodec-56.dll
2014-08-29 08:43 - 2014-12-01 14:31 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2014-08-29 08:43 - 2014-12-01 14:31 - 00479744 _____ () C:\Program Files\Steam\libavformat-56.dll
2014-08-29 08:43 - 2014-12-01 14:31 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2014-08-29 08:43 - 2014-12-01 14:31 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2011-09-09 18:55 - 2015-08-19 13:39 - 00704192 _____ () C:\Program Files\Steam\bin\chromehtml.dll
2015-07-22 09:27 - 2015-07-26 18:13 - 00171008 _____ () C:\Program Files\Steam\bin\openvr_api.dll
2015-08-11 16:20 - 2015-08-11 16:20 - 17482952 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll
2008-04-14 05:00 - 2013-01-01 23:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2011-09-09 18:55 - 2015-07-03 09:12 - 39553928 _____ () C:\Program Files\Steam\bin\libcef.dll
2003-06-13 17:23 - 2003-06-13 17:23 - 00081408 _____ () C:\WINDOWS\AppPatch\AlLayer.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\blbjhqgr.sys:changelist

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003\...\genieo.com -> hxxp://yahoo.genieo.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1409082233-1035525444-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Anti-phishing Domain Advisor => "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Spotify => "C:\Documents and Settings\Matt\Application Data\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Pando Networks\Media Booster\PMB.exe] => Enabled:Pando Media Booster
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\Steam.exe] => Enabled:Steam
StandardProfile\AuthorizedApplications: [C:\Program Files\Pando Networks\Media Booster\PMB.exe] => Enabled:Pando Media Booster
StandardProfile\AuthorizedApplications: [C:\Program Files\BitTorrent\BitTorrent.exe] => Enabled:BitTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe] => Enabled:Daemonu.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Ventrilo\Ventrilo.exe] => Enabled:Ventrilo.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Matt\Local Settings\Application Data\Play withSIX\tools\mingw\bin\rsync.exe] => Enabled:rsync
StandardProfile\AuthorizedApplications: [D:\SteamLibrary\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe] => Enabled:ArmA 2 OA
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Matt\Application Data\GameRanger\GameRanger\GameRanger.exe] => Enabled:GameRanger
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dplaysvr.exe] => Enabled:Microsoft DirectPlay Helper
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Matt\Local Settings\Application Data\McMyAdmin\McMyAdmin.exe] => Enabled:MCMAUpdater
StandardProfile\AuthorizedApplications: [C:\Program Files\Battle.net\Battle.net.exe] => Enabled:Battle.net
StandardProfile\AuthorizedApplications: [C:\Program Files\Cisco Packet Tracer 6.0.1\bin\PacketTracer6.exe] => Enabled:PacketTracer6
StandardProfile\AuthorizedApplications: [D:\Diablo III\Diablo III.exe] => Enabled:Diablo III
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.beta.2737\Agent.exe] => Enabled:Battle.net Update Agent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.beta.2753\Agent.exe] => Enabled:Battle.net Update Agent
StandardProfile\AuthorizedApplications: [C:\Program Files\BitTorrent Sync\BTSync.exe] => Enabled:BitTorrent Sync
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\bin\steamwebhelper.exe] => Enabled:Steam Web Helper
StandardProfile\AuthorizedApplications: [C:\Hearthstone\Hearthstone.exe] => Enabled:Hearthstone
StandardProfile\AuthorizedApplications: [C:\Program Files\Vuze\Azureus.exe] => Enabled:Azureus / Vuze
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe] => Enabled:NVIDIA Network Service TCP Exception (HTTPS)
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [D:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exe] => Enabled:Counter-Strike: Global Offensive
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [56751:TCP] => Enabled:Pando Media Booster
DomainProfile\GloballyOpenPorts: [56751:UDP] => Enabled:Pando Media Booster
StandardProfile\GloballyOpenPorts: [56751:TCP] => Enabled:Pando Media Booster
StandardProfile\GloballyOpenPorts: [56751:UDP] => Enabled:Pando Media Booster
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [80:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [443:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [20010:UDP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [3478:UDP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [7850:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [27022:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [6881:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [33333:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [20443:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [8090:TCP] => Enabled:War Thunder
StandardProfile\GloballyOpenPorts: [11100:UDP] => Enabled:RiskofRain
StandardProfile\GloballyOpenPorts: [11100:TCP] => Enabled:RoR
StandardProfile\GloballyOpenPorts: [21025:TCP] => Enabled:Starbound2
StandardProfile\GloballyOpenPorts: [21025:UDP] => Enabled:Starbound3

==================== Faulty Device Manager Devices =============

Name: Linksys Wireless-G PCI Adapter
Description: Linksys Wireless-G PCI Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Service: RT2500
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2015 10:43:21 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd, P4 11.1.5128.0, P5 mpsigstub.exe, P6 4.2.223.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (09/10/2015 10:29:33 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (08/27/2015 03:20:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application nvcplui.exe, version 8.1.780.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/16/2015 12:16:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0542cd40.
Processing media-specific event for [explorer.exe!ws!]

Error: (08/15/2015 12:56:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application recorder.exe, version 3.1.0.0, faulting module recorder.exe, version 3.1.0.0, fault address 0x0001e79c.
Processing media-specific event for [recorder.exe!ws!]

Error: (07/25/2015 02:13:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application vlc.exe, version 2.2.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/23/2015 10:01:53 AM) (Source: MsiInstaller) (EventID: 11316) (User: DA-E15643CEE896)
Description: Product: NVIDIA PhysX -- Error 1316. A network error occurred while attempting to read from the file: D:\SteamLibrary\steamapps\common\rocketleague\_CommonRedist\PhysX\9.14.0702\PhysX_9.14.0702_SystemSoftware.msi

Error: (07/11/2015 01:34:52 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TwitchDown.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeLoadException
Stack:
   at System.ModuleHandle.ResolveMethod(System.Reflection.RuntimeModule, Int32, IntPtr*, Int32, IntPtr*, Int32)
   at System.ModuleHandle.ResolveMethodHandleInternalCore(System.Reflection.RuntimeModule, Int32, IntPtr[], Int32, IntPtr[], Int32)
   at System.ModuleHandle.ResolveMethodHandleInternal(System.Reflection.RuntimeModule, Int32, System.RuntimeTypeHandle[], System.RuntimeTypeHandle[])
   at System.Reflection.CustomAttributeData..ctor(System.Reflection.RuntimeModule, System.Reflection.CustomAttributeRecord)
   at System.Reflection.CustomAttributeData.GetCustomAttributes(System.Reflection.RuntimeModule, Int32)
   at System.Reflection.CustomAttributeData.GetCustomAttributesInternal(System.Reflection.RuntimeAssembly)
   at System.Reflection.RuntimeAssembly.GetCustomAttributesData()
   at System.Reflection.CustomAttributeData.GetCustomAttributes(System.Reflection.Assembly)
   at System.Resources.ManifestBasedResourceGroveler.GetNeutralResourcesLanguage(System.Reflection.Assembly, System.Resources.UltimateResourceFallbackLocation ByRef)
   at System.Resources.ResourceManager.CommonSatelliteAssemblyInit()
   at System.Resources.ResourceManager..ctor(System.Type)
   at System.ComponentModel.ComponentResourceManager..ctor(System.Type)
   at TwitchDown.Form1.InitializeComponent()
   at TwitchDown.Form1..ctor()
   at TwitchDown.Program.Main()

Error: (07/11/2015 01:34:51 PM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 twitchdown.exe, P2 1.0.0.3, P3 551364ca, P4 mscorlib, P5 4.0.0.0, P6 50484bd7, P7 1204, P8 89, P9 clr20r30, P10 clr20r31.

Error: (07/11/2015 01:34:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TwitchDown.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeLoadException
Stack:
   at System.ModuleHandle.ResolveMethod(System.Reflection.RuntimeModule, Int32, IntPtr*, Int32, IntPtr*, Int32)
   at System.ModuleHandle.ResolveMethodHandleInternalCore(System.Reflection.RuntimeModule, Int32, IntPtr[], Int32, IntPtr[], Int32)
   at System.ModuleHandle.ResolveMethodHandleInternal(System.Reflection.RuntimeModule, Int32, System.RuntimeTypeHandle[], System.RuntimeTypeHandle[])
   at System.Reflection.CustomAttributeData..ctor(System.Reflection.RuntimeModule, System.Reflection.CustomAttributeRecord)
   at System.Reflection.CustomAttributeData.GetCustomAttributes(System.Reflection.RuntimeModule, Int32)
   at System.Reflection.CustomAttributeData.GetCustomAttributesInternal(System.Reflection.RuntimeAssembly)
   at System.Reflection.RuntimeAssembly.GetCustomAttributesData()
   at System.Reflection.CustomAttributeData.GetCustomAttributes(System.Reflection.Assembly)
   at System.Resources.ManifestBasedResourceGroveler.GetNeutralResourcesLanguage(System.Reflection.Assembly, System.Resources.UltimateResourceFallbackLocation ByRef)
   at System.Resources.ResourceManager.CommonSatelliteAssemblyInit()
   at System.Resources.ResourceManager..ctor(System.Type)
   at System.ComponentModel.ComponentResourceManager..ctor(System.Type)
   at TwitchDown.Form1.InitializeComponent()
   at TwitchDown.Form1..ctor()
   at TwitchDown.Program.Main()


System errors:
=============
Error: (09/10/2015 10:44:04 AM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.205.2121.0).

Error: (09/10/2015 10:43:23 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.205.1918.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.2.0223.00

    Source Path: 4.2.0223.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (09/10/2015 10:32:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (09/10/2015 09:41:50 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.205.1731.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.2.0223.00

    Source Path: 4.2.0223.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (09/10/2015 09:41:50 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.205.1731.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.2.0223.00

    Source Path: 4.2.0223.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (09/10/2015 09:41:50 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.205.1731.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.2.0223.00

    Source Path: 4.2.0223.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (09/09/2015 11:51:41 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.205.1731.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.2.0223.00

    Source Path: 4.2.0223.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (09/09/2015 07:42:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.205.1731.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.2.0223.00

    Source Path: 4.2.0223.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (09/09/2015 07:42:25 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/09/2015 07:42:25 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}


Microsoft Office:
=========================
Error: (09/10/2015 10:43:21 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80070670patchapplicationam bdd11.1.5128.0mpsigstub.exe4.2.223.0microsoft security essentialsNILNILNIL

Error: (09/10/2015 10:29:33 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (08/27/2015 03:20:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: nvcplui.exe8.1.780.0hungapp0.0.0.000000000

Error: (08/16/2015 12:16:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.00542cd40

Error: (08/15/2015 12:56:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: recorder.exe3.1.0.0recorder.exe3.1.0.00001e79c

Error: (07/25/2015 02:13:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: vlc.exe2.2.1.0hungapp0.0.0.000000000

Error: (07/23/2015 10:01:53 AM) (Source: MsiInstaller) (EventID: 11316) (User: DA-E15643CEE896)
Description: Product: NVIDIA PhysX -- Error 1316. A network error occurred while attempting to read from the file: D:\SteamLibrary\steamapps\common\rocketleague\_CommonRedist\PhysX\9.14.0702\PhysX_9.14.0702_SystemSoftware.msi(NULL)(NULL)(NULL)

Error: (07/11/2015 01:34:52 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TwitchDown.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeLoadException
Stack:
   at System.ModuleHandle.ResolveMethod(System.Reflection.RuntimeModule, Int32, IntPtr*, Int32, IntPtr*, Int32)
   at System.ModuleHandle.ResolveMethodHandleInternalCore(System.Reflection.RuntimeModule, Int32, IntPtr[], Int32, IntPtr[], Int32)
   at System.ModuleHandle.ResolveMethodHandleInternal(System.Reflection.RuntimeModule, Int32, System.RuntimeTypeHandle[], System.RuntimeTypeHandle[])
   at System.Reflection.CustomAttributeData..ctor(System.Reflection.RuntimeModule, System.Reflection.CustomAttributeRecord)
   at System.Reflection.CustomAttributeData.GetCustomAttributes(System.Reflection.RuntimeModule, Int32)
   at System.Reflection.CustomAttributeData.GetCustomAttributesInternal(System.Reflection.RuntimeAssembly)
   at System.Reflection.RuntimeAssembly.GetCustomAttributesData()
   at System.Reflection.CustomAttributeData.GetCustomAttributes(System.Reflection.Assembly)
   at System.Resources.ManifestBasedResourceGroveler.GetNeutralResourcesLanguage(System.Reflection.Assembly, System.Resources.UltimateResourceFallbackLocation ByRef)
   at System.Resources.ResourceManager.CommonSatelliteAssemblyInit()
   at System.Resources.ResourceManager..ctor(System.Type)
   at System.ComponentModel.ComponentResourceManager..ctor(System.Type)
   at TwitchDown.Form1.InitializeComponent()
   at TwitchDown.Form1..ctor()
   at TwitchDown.Program.Main()

Error: (07/11/2015 01:34:51 PM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3twitchdown.exe1.0.0.3551364camscorlib4.0.0.050484bd7120489system.typeloadexceptionNIL

Error: (07/11/2015 01:34:29 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TwitchDown.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeLoadException
Stack:
   at System.ModuleHandle.ResolveMethod(System.Reflection.RuntimeModule, Int32, IntPtr*, Int32, IntPtr*, Int32)
   at System.ModuleHandle.ResolveMethodHandleInternalCore(System.Reflection.RuntimeModule, Int32, IntPtr[], Int32, IntPtr[], Int32)
   at System.ModuleHandle.ResolveMethodHandleInternal(System.Reflection.RuntimeModule, Int32, System.RuntimeTypeHandle[], System.RuntimeTypeHandle[])
   at System.Reflection.CustomAttributeData..ctor(System.Reflection.RuntimeModule, System.Reflection.CustomAttributeRecord)
   at System.Reflection.CustomAttributeData.GetCustomAttributes(System.Reflection.RuntimeModule, Int32)
   at System.Reflection.CustomAttributeData.GetCustomAttributesInternal(System.Reflection.RuntimeAssembly)
   at System.Reflection.RuntimeAssembly.GetCustomAttributesData()
   at System.Reflection.CustomAttributeData.GetCustomAttributes(System.Reflection.Assembly)
   at System.Resources.ManifestBasedResourceGroveler.GetNeutralResourcesLanguage(System.Reflection.Assembly, System.Resources.UltimateResourceFallbackLocation ByRef)
   at System.Resources.ResourceManager.CommonSatelliteAssemblyInit()
   at System.Resources.ResourceManager..ctor(System.Type)
   at System.ComponentModel.ComponentResourceManager..ctor(System.Type)
   at TwitchDown.Form1.InitializeComponent()
   at TwitchDown.Form1..ctor()
   at TwitchDown.Program.Main()


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7300 @ 2.66GHz
Percentage of memory in use: 44%
Total physical RAM: 3070.98 MB
Available physical RAM: 1715.7 MB
Total Virtual: 6910.39 MB
Available Virtual: 5728.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:34.93 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:698.65 GB) (Free:106.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: E90BE90B)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: EEDAEEDA)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=42)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 6DFB89A4)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=42)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: BA1FCABF)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=42)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:14 AM

Posted 11 September 2015 - 10:31 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

SearchScopes: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
CHR Plugin: (Native Client) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\45.0.2454.85\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - <no Path\update_url>
R2 WMP54Gv4SVC; "C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe" [X]
S1 blbjhqgr; C:\WINDOWS\system32\drivers\blbjhqgr.sys [48896 2015-09-10] (Microsoft Corporation)
S0 cerc6; no ImagePath
S4 IntelIde; no ImagePath
C:\WINDOWS\system32\drivers\blbjhqgr.sys
C:\Documents and Settings\Matt\Local Settings\Temp\130784740027658890.exe
C:\Documents and Settings\Matt\Local Settings\Temp\130784740135471390.exe
C:\Documents and Settings\Matt\Local Settings\Temp\130784740220315140.exe
C:\Documents and Settings\Matt\Local Settings\Temp\ExPromo.exe
C:\Documents and Settings\Matt\Local Settings\Temp\proxy_vole8676025291943120544.dll
C:\Documents and Settings\Matt\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Matt\Local Settings\Temp\SRLDetectionLibrary6315354200329593656.dll
C:\Documents and Settings\Matt\Local Settings\Temp\utt1B.tmp.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-13e36d1a.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-189b342b.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-19fc796e.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1bd118bc.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-271791ce.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-2dde6bb7.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-33349aff.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-3940c59c.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-3ac601bd.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-3acac08f.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-419d4137.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-4d184edb.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-50eca58c.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-555a370f.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-63054190.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-67634420.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-696dcadf.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-79efed97.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-7ebd009d.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-7f30a454.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8132bc76.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-918818cd.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-981651ef.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-994eb142.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-99bc5f3a.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-aa15bfaf.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-b36ce02a.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-bbdc282c.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d1e3cf74.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d4fd19ef.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d603c079.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d728d47d.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d73b6654.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-e5eb1d0a.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-ee6659b7.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f063eb5.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f9d1ae7.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-fa77b381.exe
AlternateDataStreams: C:\WINDOWS\system32\Drivers\blbjhqgr.sys:changelist

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 Quadclops

Quadclops
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 11 September 2015 - 03:13 PM

So I ran FRST fix and it froze after about 10 minutes of it going so I closed it but I noticed it still fixed all the problems. No more MSIEXEC.exe or the others and my computer is running as fast as when I got it. No more lag when opening files or anything. I have to go back to work but I will rerun it and post the logs when I get back from work. Thanks for the help so far. Great work.



#4 Quadclops

Quadclops
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 12 September 2015 - 11:51 AM

Fix result of Farbar Recovery Scan Tool (x86) Version:12-09-2015
Ran by Matt (2015-09-12 09:20:04) Run:2
Running from C:\Documents and Settings\Matt\Desktop\FRST
Loaded Profiles: Matt (Available Profiles: Matt)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

SearchScopes: HKU\S-1-5-21-1409082233-1035525444-1801674531-1003 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
CHR Plugin: (Native Client) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\45.0.2454.85\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - <no Path\update_url>
R2 WMP54Gv4SVC; "C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe" [X]
S1 blbjhqgr; C:\WINDOWS\system32\drivers\blbjhqgr.sys [48896 2015-09-10] (Microsoft Corporation)
S0 cerc6; no ImagePath
S4 IntelIde; no ImagePath
C:\WINDOWS\system32\drivers\blbjhqgr.sys
C:\Documents and Settings\Matt\Local Settings\Temp\130784740027658890.exe
C:\Documents and Settings\Matt\Local Settings\Temp\130784740135471390.exe
C:\Documents and Settings\Matt\Local Settings\Temp\130784740220315140.exe
C:\Documents and Settings\Matt\Local Settings\Temp\ExPromo.exe
C:\Documents and Settings\Matt\Local Settings\Temp\proxy_vole8676025291943120544.dll
C:\Documents and Settings\Matt\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Matt\Local Settings\Temp\SRLDetectionLibrary6315354200329593656.dll
C:\Documents and Settings\Matt\Local Settings\Temp\utt1B.tmp.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-13e36d1a.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-189b342b.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-19fc796e.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1bd118bc.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-271791ce.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-2dde6bb7.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-33349aff.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-3940c59c.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-3ac601bd.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-3acac08f.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-419d4137.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-4d184edb.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-50eca58c.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-555a370f.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-63054190.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-67634420.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-696dcadf.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-79efed97.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-7ebd009d.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-7f30a454.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8132bc76.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-918818cd.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-981651ef.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-994eb142.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-99bc5f3a.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-aa15bfaf.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-b36ce02a.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-bbdc282c.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d1e3cf74.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d4fd19ef.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d603c079.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d728d47d.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d73b6654.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-e5eb1d0a.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-ee6659b7.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f063eb5.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f9d1ae7.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-fa77b381.exe
AlternateDataStreams: C:\WINDOWS\system32\Drivers\blbjhqgr.sys:changelist

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1409082233-1035525444-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll => not found.
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\Application\45.0.2454.85\pdf.dll => not found.
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll => not found.
C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll => not found.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll => not found.
C:\WINDOWS\system32\npDeployJava1.dll => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid => key not found.
WMP54Gv4SVC => service not found.
blbjhqgr => service not found.
cerc6 => service not found.
IntelIde => service not found.
"C:\WINDOWS\system32\drivers\blbjhqgr.sys" => File/Folder not found.
"C:\Documents and Settings\Matt\Local Settings\Temp\130784740027658890.exe" => File/Folder not found.
"C:\Documents and Settings\Matt\Local Settings\Temp\130784740135471390.exe" => File/Folder not found.
"C:\Documents and Settings\Matt\Local Settings\Temp\130784740220315140.exe" => File/Folder not found.
"C:\Documents and Settings\Matt\Local Settings\Temp\ExPromo.exe" => File/Folder not found.
"C:\Documents and Settings\Matt\Local Settings\Temp\proxy_vole8676025291943120544.dll" => File/Folder not found.
"C:\Documents and Settings\Matt\Local Settings\Temp\SkypeSetup.exe" => File/Folder not found.
"C:\Documents and Settings\Matt\Local Settings\Temp\SRLDetectionLibrary6315354200329593656.dll" => File/Folder not found.
"C:\Documents and Settings\Matt\Local Settings\Temp\utt1B.tmp.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-13e36d1a.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-189b342b.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-19fc796e.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1bd118bc.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-271791ce.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-2dde6bb7.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-33349aff.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-3940c59c.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-3ac601bd.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-3acac08f.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-419d4137.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-4d184edb.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-50eca58c.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-555a370f.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-63054190.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-67634420.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-696dcadf.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-79efed97.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-7ebd009d.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-7f30a454.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8132bc76.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-918818cd.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-981651ef.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-994eb142.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-99bc5f3a.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-aa15bfaf.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-b36ce02a.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-bbdc282c.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d1e3cf74.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d4fd19ef.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d603c079.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d728d47d.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d73b6654.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-e5eb1d0a.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-ee6659b7.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f063eb5.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f9d1ae7.exe" => File/Folder not found.
"C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-fa77b381.exe" => File/Folder not found.
"C:\WINDOWS\system32\Drivers\blbjhqgr.sys" => ":changelist" ADS not found.
EmptyTemp: => 386.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:29:05 ====



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:14 AM

Posted 12 September 2015 - 01:25 PM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 Quadclops

Quadclops
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 12 September 2015 - 01:33 PM

Yup. Thanks its running much better now.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:14 AM

Posted 13 September 2015 - 06:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users