Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Webpages opening very slow

webpages shockwave crashes hourglass games eratic

  • Please log in to reply

#1
shar907

shar907

    Member

  • Member
  • PipPip
  • 38 posts

Takes a long time for Rocket to open. When it does it takes a long time to open pages. When I play Bubble Witch Saga 2 the bubbles won't shoot or the page crashes and says unresponsive. Something about Shockwave. An hourglass pops up when I try to do just about anything. Yesterday I got a message saying I didn't have an internet connection. Tried to restore to an earlier date and it said I couldn't. Mouse not responding. Have to click it a few times for it to respond. When I went to the desktop to run OTL twenty or more picture icons were on my desktop. There weren't there before. They disappeared overnight from the desktop. Today when I logged on I got the message " Whoa! Google Chrome has Crashed. Relaunch now? I clicked ok. Then the message unresponsive two or three times appeared. I clicked wait. Then the finger appeared. Then tried to open this website and log in. Unresponsive again. I waited then attempted to sign in and it went to Malware removal tutorial.

 

OTL logfile created on: 1/4/2015 11:16:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.07 Mb Total Physical Memory | 328.48 Mb Available Physical Memory | 32.39% Memory free
2.38 Gb Paging File | 1.17 Gb Available in Paging File | 48.87% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 43.33 Gb Free Space | 58.16% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER-52964B | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/04 19:45:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2015/01/03 20:36:25 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\JollyBear\Jwsexklllrq\twnkylxmgm\qkapvyw.exe
PRC - [2014/12/18 11:42:30 | 006,699,800 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2014/12/13 11:58:44 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/11/21 11:39:08 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/11/17 12:46:42 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014/07/25 03:42:26 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2014/07/25 03:42:20 | 001,562,264 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2014/07/22 18:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2014/06/17 02:32:54 | 001,014,272 | ---- | M] (Fast Browsers) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\rocket.exe
PRC - [2014/03/27 07:07:18 | 000,581,568 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Online Games Manager\ogmservice.exe
PRC - [2014/02/20 15:51:03 | 001,565,759 | ---- | M] () -- C:\Program Files\CDBurnerXP\unins000.exe
PRC - [2013/03/14 18:22:46 | 004,973,456 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\Free Ride Games\GPlayer.exe
PRC - [2012/02/27 06:02:02 | 000,249,440 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIIVE.EXE
PRC - [2011/12/11 23:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) -- C:\WINDOWS\system32\escsvc.exe
PRC - [2011/11/10 21:10:33 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2011/03/03 09:33:48 | 000,591,248 | ---- | M] (Oberon Media ) -- C:\Program Files\GamesBar\SearchEngineProtection.exe
PRC - [2009/09/13 02:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/13 02:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 02:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regsvr32.exe
PRC - [2005/03/08 22:46:12 | 000,061,440 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/04 15:03:21 | 002,909,696 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\15010401\algo.dll
MOD - [2015/01/03 20:36:18 | 000,353,096 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\JollyBear\Jwsexklllrq\twnkylxmgm\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2015/01/03 20:36:17 | 014,669,128 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\JollyBear\Jwsexklllrq\twnkylxmgm\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2015/01/03 20:36:07 | 008,537,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\JollyBear\Jwsexklllrq\twnkylxmgm\36.0.1985.143\pdf.dll
MOD - [2015/01/03 20:35:56 | 001,732,936 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\JollyBear\Jwsexklllrq\twnkylxmgm\36.0.1985.143\ffmpegsumo.dll
MOD - [2015/01/03 20:35:56 | 000,310,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\JollyBear\Jwsexklllrq\twnkylxmgm\36.0.1985.143\libexif.dll
MOD - [2015/01/03 20:31:47 | 000,280,064 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Big Fish\Qvggbiah.dll
MOD - [2014/12/13 14:27:44 | 016,843,952 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll
MOD - [2014/11/21 11:39:14 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/25 03:40:10 | 014,937,600 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
MOD - [2014/07/25 03:39:58 | 000,594,944 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
MOD - [2014/07/25 03:39:54 | 000,036,864 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
MOD - [2014/07/25 03:39:30 | 000,023,040 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
MOD - [2014/06/17 02:32:54 | 000,788,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.1650.23\ffmpegsumo.dll
MOD - [2014/06/17 02:32:54 | 000,394,240 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.1650.23\ppgooglenaclpluginchrome.dll
MOD - [2014/02/20 15:51:03 | 001,565,759 | ---- | M] () -- C:\Program Files\CDBurnerXP\unins000.exe
MOD - [2014/02/17 02:10:33 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/02/17 02:08:29 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/17 00:58:00 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014/02/17 00:54:43 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/17 00:53:08 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
MOD - [2014/02/17 00:52:28 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dad6af4d4f3b92adf0497c5ec9565236\PresentationFramework.ni.dll
MOD - [2014/02/17 00:51:37 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
MOD - [2014/02/17 00:51:11 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
MOD - [2014/02/17 00:50:39 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/17 00:50:15 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2014/01/23 17:23:26 | 000,057,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
MOD - [2011/04/02 15:03:48 | 000,151,552 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2011/04/02 15:03:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2010/03/18 13:18:36 | 000,509,304 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\ExentCtl.ocx
MOD - [2008/04/14 02:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 02:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/12/13 14:27:46 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/21 11:39:08 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/11/17 12:46:42 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/07/22 18:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2014/03/27 07:07:18 | 000,581,568 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files\Online Games Manager\ogmservice.exe -- (ogmservice)
SRV - [2011/12/11 23:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\WINDOWS\system32\escsvc.exe -- (EpsonScanSvc)
SRV - [2011/11/10 21:10:33 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/03/08 22:46:12 | 000,061,440 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] --  -- (cerc6)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2014/11/21 23:40:01 | 000,787,800 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/11/21 11:40:49 | 000,423,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/11/21 11:39:16 | 000,206,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/11/21 11:39:16 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/11/21 11:39:16 | 000,057,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/11/21 11:39:16 | 000,055,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswrdr.sys -- (AswRdr)
DRV - [2014/11/21 11:39:16 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/11/21 11:39:16 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/06/16 01:01:38 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2014/06/16 01:01:38 | 000,089,856 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2014/01/23 17:31:06 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2013/08/25 10:30:48 | 000,013,120 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2012/08/02 14:57:26 | 000,058,696 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx_Pr143.sys -- (X4HSEx_Pr143)
DRV - [2011/10/08 02:28:44 | 000,017,408 | R--- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/02 21:45:08 | 000,724,736 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Drt2870.sys -- (rt2870)
DRV - [2005/03/17 19:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/04/24 18:21:50 | 000,006,025 | R--- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKLM\..\SearchScopes\{AA49FBA3-4A0A-413A-9349-972EA64BFC06}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {07BEA7CA-756C-4E81-9EC5-471208BF1D93}
IE - HKCU\..\SearchScopes\{07BEA7CA-756C-4E81-9EC5-471208BF1D93}: "URL" = http://search.whites...m={SearchTerms}
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://search.yahoo....petb&type=10723
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{AA49FBA3-4A0A-413A-9349-972EA64BFC06}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{C85E431D-D351-4AAF-8D56-0BC2EACF0225}: "URL" = http://rocket-find.c...=2051559981&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\npGameTreatWidget.dll (Exent Technologies Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/11/21 11:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014/09/27 10:12:36 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2008/04/14 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1ec8187a-6435-44e3-bbe4-6ce6d3c69254} - No CLSID value found.
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4C0E0399-7CF2-4AD7-8C59-96DA76220CBC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {974B9B5E-0BB9-42E9-88A1-3E8CC3219E23} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_1D779E6F1F1A75C4ED2C2669C0FDD24A] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Qvggbiah] C:\Documents and Settings\Administrator\Local Settings\Application Data\Big Fish\Qvggbiah.dll ()
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: dmc.org ([dmcnf04] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1362715067859 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C883191-008E-4C6D-87A9-5AA6D8C51CFD}: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F31A93C3-05B6-4B1B-801C-18AAD00745AF}: DhcpNameServer = 75.75.76.76 75.75.75.75
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/03/07 19:56:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8cdc6e3f-8c5c-11e4-81f9-00137273238d}\Shell - "" = AutoRun
O33 - MountPoints2\{8cdc6e3f-8c5c-11e4-81f9-00137273238d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8cdc6e3f-8c5c-11e4-81f9-00137273238d}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{f0047960-0474-11e4-8176-00137273238d}\Shell - "" = AutoRun
O33 - MountPoints2\{f0047960-0474-11e4-8176-00137273238d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f0047960-0474-11e4-8176-00137273238d}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/04 19:44:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2015/01/04 01:13:13 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/12/25 19:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\tifff new thanksgiving
[2014/12/25 12:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2014/12/14 00:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2014/12/14 00:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2014/12/14 00:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2014/12/14 00:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/12/08 12:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Eligibility Notices
[2014/12/07 11:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ResultReport_files
[2014/12/07 10:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2014/12/07 10:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/05 00:54:01 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2831618B-F7F8-41DB-B0EA-7521879D55D3}.job
[2015/01/05 00:53:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2015/01/05 00:52:47 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2015/01/05 00:34:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/01/05 00:32:28 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/04 23:41:11 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2015/01/04 22:00:55 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2015/01/04 20:00:53 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2015/01/04 19:45:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2015/01/04 18:00:18 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2015/01/04 16:01:22 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2015/01/04 14:00:38 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2015/01/04 12:32:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/04 12:00:58 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2015/01/04 10:38:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015/01/04 10:38:06 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2015/01/04 10:37:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/01/02 10:00:05 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2015/01/02 08:00:04 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2014/12/25 19:57:06 | 000,013,232 | -HS- | M] () -- C:\Documents and Settings\Administrator\Desktop\Folder.jpg
[2014/12/25 19:57:06 | 000,013,232 | -HS- | M] () -- C:\Documents and Settings\Administrator\Desktop\AlbumArt_{B721B2FD-6EC5-466B-9FD9-E8367D02143D}_Large.jpg
[2014/12/25 19:57:06 | 000,002,848 | -HS- | M] () -- C:\Documents and Settings\Administrator\Desktop\AlbumArtSmall.jpg
[2014/12/25 19:57:06 | 000,002,848 | -HS- | M] () -- C:\Documents and Settings\Administrator\Desktop\AlbumArt_{B721B2FD-6EC5-466B-9FD9-E8367D02143D}_Small.jpg
[2014/12/18 11:50:43 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2014/12/14 00:35:56 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/12/08 15:00:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/12/08 09:56:40 | 000,303,421 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\EligibilityNotice (2).pdf
[2014/12/08 09:51:17 | 000,132,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\EligibilityNotice (1).pdf
[2014/12/08 09:50:28 | 000,117,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MarketplaceOpenEnrollmentNotice.pdf
[2014/12/08 09:50:14 | 000,132,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\EligibilityNotice.pdf
[2014/12/07 11:35:31 | 000,397,068 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ResultReport.htm
[2014/12/07 10:50:50 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dat
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/25 19:57:06 | 000,013,232 | -HS- | C] () -- C:\Documents and Settings\Administrator\Desktop\AlbumArt_{B721B2FD-6EC5-466B-9FD9-E8367D02143D}_Large.jpg
[2014/12/25 19:57:06 | 000,002,848 | -HS- | C] () -- C:\Documents and Settings\Administrator\Desktop\AlbumArt_{B721B2FD-6EC5-466B-9FD9-E8367D02143D}_Small.jpg
[2014/12/21 01:30:10 | 000,424,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/12/18 11:50:43 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2014/12/18 11:50:42 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2014/12/14 00:35:56 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/12/08 10:00:59 | 000,303,421 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\EligibilityNotice (2).pdf
[2014/12/08 09:51:16 | 000,132,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\EligibilityNotice (1).pdf
[2014/12/08 09:50:28 | 000,117,951 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MarketplaceOpenEnrollmentNotice.pdf
[2014/12/08 09:50:10 | 000,132,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\EligibilityNotice.pdf
[2014/12/07 11:35:29 | 000,397,068 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ResultReport.htm
[2014/12/07 10:51:18 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2014/12/07 10:51:17 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2014/12/07 10:51:17 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2014/12/07 10:51:17 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2014/12/07 10:51:16 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2014/12/07 10:51:16 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2014/12/07 10:51:16 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2014/12/07 10:51:16 | 000,000,426 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2014/12/07 10:50:50 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dat
[2014/11/03 11:03:35 | 000,319,712 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796845957-823518204-1177238915-500-0.dat
[2014/10/22 22:55:35 | 000,129,802 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/07/22 23:51:04 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2014/07/21 23:51:39 | 000,000,102 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\WB.CFG
[2014/06/22 13:52:06 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/02/20 15:51:35 | 000,013,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2014/01/23 17:31:12 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2014/01/23 17:31:08 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2014/01/23 17:31:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2014/01/23 17:31:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2014/01/23 17:31:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2013/10/04 12:12:12 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2013/10/04 12:12:10 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2013/10/04 12:12:10 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2013/10/04 12:12:10 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2013/10/04 12:12:10 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2013/10/04 12:12:10 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2013/10/04 12:12:10 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2013/10/04 12:12:10 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2013/10/04 12:12:10 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2013/10/04 12:12:10 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2013/10/04 12:12:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2013/10/04 12:12:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2013/10/04 12:12:10 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2013/10/04 12:12:10 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2013/10/04 12:12:10 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2013/10/04 12:12:10 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2013/10/04 12:10:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPWF500.ini
[2013/06/04 00:33:40 | 000,024,772 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\P1100DEF.css
[2013/06/04 00:33:40 | 000,004,376 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\P1100OS.HTM
[2013/06/04 00:33:40 | 000,002,944 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\P1100SIG.GIF
[2013/05/28 15:39:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2013/04/08 11:25:20 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2013/04/08 11:25:20 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2013/04/08 11:25:19 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2013/04/08 11:24:57 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2013/04/08 11:24:18 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2013/03/14 18:42:59 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2013/03/08 00:04:56 | 000,206,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/08 00:04:55 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/03/07 23:11:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/03/07 22:31:10 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2013/03/07 19:58:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/03/07 19:53:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/03/07 11:46:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/03/07 11:45:35 | 000,120,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== ZeroAccess Check ==========
 
[2013/10/17 12:50:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/12/27 05:24:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/10/24 23:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVAST Software
[2014/05/26 21:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BloodTies
[2014/02/20 15:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2014/07/30 14:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\casualArts
[2014/06/05 17:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\cerasus.media
[2013/06/23 08:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\COWON
[2015/01/04 01:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2013/06/22 18:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DSite
[2014/09/01 13:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2013/10/04 12:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2013/05/28 15:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Exent Technologies
[2014/06/28 13:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Flood Light Games
[2013/03/21 16:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
[2014/12/13 19:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ID Vault
[2013/10/04 12:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2013/05/28 16:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Merscom
[2014/07/26 15:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2014/05/14 13:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MumboJumbo
[2013/03/11 03:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oberon Media
[2014/07/21 23:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenCandy
[2014/09/27 20:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice
[2013/03/12 19:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2013/06/29 07:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2013/11/17 14:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PlayFirst
[2013/06/03 15:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Righteous Kill
[2014/07/21 23:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RocketUpdater
[2014/08/03 00:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung
[2014/07/21 23:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\UpdaterEX
[2015/01/04 01:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2013/12/17 11:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WildTangent
[2014/06/22 18:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YahooCouponAddOn
[2014/06/21 23:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\133D8
[2014/08/11 22:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2308189059
[2014/07/21 23:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\28157
[2014/07/21 08:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\38251
[2013/10/24 09:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/10/05 14:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish
[2014/02/20 15:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2014/07/30 14:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\casualArts
[2013/06/22 18:02:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/07/21 23:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2014/09/27 09:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2014/05/19 20:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Excellent4App
[2014/06/28 13:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2013/05/28 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2013/03/12 16:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamesBar
[2014/05/19 20:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2014/12/07 10:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2014/11/18 01:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2014/07/27 16:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2013/05/28 16:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2013/10/12 13:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2013/03/11 03:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2013/10/12 12:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2013/03/11 03:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2014/04/20 12:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2013/06/02 17:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2014/07/22 11:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/12/17 11:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B881EAB4
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
 
< End of report >
 

OTL Extras logfile created on: 1/4/2015 11:16:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.07 Mb Total Physical Memory | 328.48 Mb Available Physical Memory | 32.39% Memory free
2.38 Gb Paging File | 1.17 Gb Available in Paging File | 48.87% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 43.33 Gb Free Space | 58.16% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER-52964B | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = RocketHTML.YCXJQSV2CGSYNK7KBKBWKP6GR4] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Constant Guard Protection Suite\IDVault.exe" = C:\Program Files\Constant Guard Protection Suite\IDVault.exe:*:Enabled:Fast Connect
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{058B32E2-6310-4359-B2D4-1988390C3B83}" = Broadcom Advanced Control Suite
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.5
"{5DB849D6-9392-4FB7-9ABB-87ED433152E5}" = LG United Mobile Drivers
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{896667C8-53F8-47B8-B6B0-B113B10F05BC}" = Epson E-Web Print
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{9395F41D-0F80-432E-9A59-B8E477E7E163}" = OpenOffice 4.1.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B307472F-7BD9-4040-9255-CE6D6A1196A3}" = Software Updater
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"89081897daeb0fe47fc159281c61a4e8" = Big City Adventure™ - Rio de Janeiro
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"avast" = Avast Free Antivirus
"d9b4a73170343d1264d5ca8d7281b070" = Vacation Adventures - Park Ranger 2
"EPSON Scanner" = EPSON Scan
"EPSON WF-2530 Series" = EPSON WF-2530 Series Printer Uninstall
"EPSON WorkForce 500 Series" = EPSON WorkForce 500 Series Printer Uninstall
"exent_472250" = 10 Talismans
"exent_515450" = Dream Chronicles
"exent_529250" = Azteca
"exent_574250" = Dream Chronicles 2 The Eternal Maze
"exent_605250" = Righteous Kill
"exent_661850" = Valerie Porter and the Scarlet Scandal
"exent_669950" = Shutter Island
"exent_687250" = Agatha Christie: Dead Man's Folly
"exent_708650" = Unlikely Suspects
"exent_745650" = Midnight Mysteries - Devil on the MissIssippi
"exent_748750" = My Farm Life 2
"exent_765950" = Mahjong Mysteries of the Past
"exent_795050" = 100 Percent Hidden Objects
"GamesBar" = GamesBar 2.0.1.82
"Google Chrome" = Google Chrome
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Online Games Manager" = Online Games Manager v1.30
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WSE Rocket" = WSE Rocket
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"Rocket" = Rocket
"UpdaterEX" = Extended Update
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/28/2014 7:51:43 PM | Computer Name = COMPUTER-52964B | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data
 
Error - 12/30/2014 12:46:30 PM | Computer Name = COMPUTER-52964B | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data
 
Error - 1/2/2015 1:47:25 PM | Computer Name = COMPUTER-52964B | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data
 
Error - 1/4/2015 12:02:16 AM | Computer Name = COMPUTER-52964B | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 1/4/2015 12:02:42 AM | Computer Name = COMPUTER-52964B | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.
 
Error - 1/4/2015 12:33:10 AM | Computer Name = COMPUTER-52964B | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 20 Getting ASF configuration table
 
Error - 1/4/2015 3:45:20 PM | Computer Name = COMPUTER-52964B | Source = Application Hang | ID = 1002
Description = Hanging application rocket.exe, version 31.0.1650.23, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 1/4/2015 3:45:20 PM | Computer Name = COMPUTER-52964B | Source = Application Hang | ID = 1002
Description = Hanging application rocket.exe, version 31.0.1650.23, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 1/4/2015 3:46:15 PM | Computer Name = COMPUTER-52964B | Source = Application Hang | ID = 1001
Description = Fault bucket 117456821.
 
Error - 1/4/2015 3:47:21 PM | Computer Name = COMPUTER-52964B | Source = Application Hang | ID = 1001
Description = Fault bucket 117456821.
 
[ System Events ]
Error - 1/4/2015 11:00:31 AM | Computer Name = COMPUTER-52964B | Source = SideBySide | ID = 16842786
Description = Component identity found in manifest does not match the identity of
 the component requested
 
Error - 1/4/2015 11:00:31 AM | Computer Name = COMPUTER-52964B | Source = SideBySide | ID = 16842810
Description = Syntax error in manifest or policy file "C:\Program Files\Citrix\ICA
 Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5.
 
Error - 1/4/2015 11:00:31 AM | Computer Name = COMPUTER-52964B | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Citrix\ICA
 Client\MFC80.DLL.  Reference error message: The operation completed successfully.
.
 
Error - 1/4/2015 11:38:07 AM | Computer Name = COMPUTER-52964B | Source = SideBySide | ID = 16842786
Description = Component identity found in manifest does not match the identity of
 the component requested
 
Error - 1/4/2015 11:38:07 AM | Computer Name = COMPUTER-52964B | Source = SideBySide | ID = 16842810
Description = Syntax error in manifest or policy file "C:\Program Files\Citrix\ICA
 Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5.
 
Error - 1/4/2015 11:38:07 AM | Computer Name = COMPUTER-52964B | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Citrix\ICA
 Client\MFC80.DLL.  Reference error message: The operation completed successfully.
.
 
Error - 1/4/2015 11:38:14 AM | Computer Name = COMPUTER-52964B | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.2 for the Network Card with network address
 00137273238D has been  denied by the DHCP server 10.0.0.1 (The DHCP Server sent a
 DHCPNACK message).
 
Error - 1/4/2015 10:33:37 PM | Computer Name = COMPUTER-52964B | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service gupdate with
 arguments "/comsvc"  in order to run the server:  {4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error - 1/4/2015 10:34:00 PM | Computer Name = COMPUTER-52964B | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
 (gupdate) service to connect.
 
Error - 1/4/2015 10:34:00 PM | Computer Name = COMPUTER-52964B | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%1053
 
 
< End of report >
 

Edited by shar907, 05 January 2015 - 10:46 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c
 
 
:OTL
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1ec8187a-6435-44e3-bbe4-6ce6d3c69254} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4C0E0399-7CF2-4AD7-8C59-96DA76220CBC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {974B9B5E-0BB9-42E9-88A1-3E8CC3219E23} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [Qvggbiah] C:\Documents and Settings\Administrator\Local Settings\Application Data\Big Fish\Qvggbiah.dll ()
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
O33 - MountPoints2\{8cdc6e3f-8c5c-11e4-81f9-00137273238d}\Shell - "" = AutoRun
O33 - MountPoints2\{8cdc6e3f-8c5c-11e4-81f9-00137273238d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8cdc6e3f-8c5c-11e4-81f9-00137273238d}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{f0047960-0474-11e4-8176-00137273238d}\Shell - "" = AutoRun
O33 - MountPoints2\{f0047960-0474-11e4-8176-00137273238d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f0047960-0474-11e4-8176-00137273238d}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
 
:files
C:\Documents and Settings\Administrator\Local Settings\Application Data\JollyBear
C:\Documents and Settings\Administrator\Local Settings\Application Data\Big Fish
at /c
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
 
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
 
 
then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
 
 
Run OTL again and select Quickscan.  You will just get one log.  Please copy and paste it.
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  

    • 0

    #3
    shar907

    shar907

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts

     I ran the programs as you instructed. I downloaded each one and when I went to the desktop to run them There were several (20) album art icons on the desktop that weren't there before. Today when I attempted to send the enclosed logs I could not open Rocket to get on the internet it said Rocket could not open and to choose a program to open it. I had to use Chrome to get to the internet  Rocket file name had been changed to Rocket.exe.vir. I have enclosed the logs from the programs I ran. I believe there is one log that I did not get from the programs I ran. 

       Thank You

    # AdwCleaner v4.107 - Report created 11/01/2015 at 20:43:26
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-11.2 [Live]
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Administrator - COMPUTER-52964B
    # Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
    Service Deleted : YahooAUService
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\2308189059
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Free Ride Games
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\GamesBar
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\GamesBar
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\Free Ride Games
    Folder Deleted : C:\Program Files\GamesBar
    Folder Deleted : C:\Program Files\WSE Rocket
    Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\NativeMessaging
    Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket
    Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\visi_coupon
    Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DSite
    Folder Deleted : C:\Documents and Settings\Administrator\Application Data\OpenCandy
    Folder Deleted : C:\Documents and Settings\Administrator\Application Data\RocketUpdater
    Folder Deleted : C:\Documents and Settings\Administrator\Application Data\UpdaterEX
    Folder Deleted : C:\Documents and Settings\Administrator\Application Data\YahooCouponAddOn
    Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\Free Ride Games
    Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\Rocket
    [!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
    [!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
    File Deleted : C:\WINDOWS\Downloaded Program Files\popcaploader.inf
    File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
    File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget
    Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
    Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C85E431D-D351-4AAF-8D56-0BC2EACF0225}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Myfree Codec
    Key Deleted : HKCU\Software\Rocket Browser
    Key Deleted : HKCU\Software\RocketUpdater
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Toolbar
    Key Deleted : HKCU\Software\UpdaterEX
    Key Deleted : HKCU\Software\WSE Rocket
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\gamesbar
    Key Deleted : HKLM\SOFTWARE\GamesBarSetup
    Key Deleted : HKLM\SOFTWARE\InstallCore
    Key Deleted : HKLM\SOFTWARE\Myfree Codec
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Key Deleted : HKLM\SOFTWARE\Trymedia Systems
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamesbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE Rocket
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\UpdaterEX
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\gamesbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE Rocket
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v8.0.6001.18702
     
     
    -\\ Google Chrome v39.0.2171.95
     
    [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://findwide.com/serp?guid={372CE485-33C8-4590-89BF-26C45606E90C}&action=default_search&serpv=6&k={searchTerms}
    [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&ctid=CT3306061&gd=&SearchSource=48&SearchType=&cui=UN27233250544891196&um=2&sat=SCH&Suggest=2+lb+beef+tenderloin+&useHistory=0&isHotTopic=
    [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&ctid=CT3306061&gd=&SearchSource=48&SearchType=&cui=UN27233250544891196&um=2&sat=SCH&Suggest=2+lb+beef+tenderloin+&useHistory=0&isHotTopic=
    [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.findwide.com/serp?s=0&filter_level=1&k={searchTerms}&guid=%7B372CE485-33C8-4590-89BF-26C45606E90C%7D&action=homepage_search&parent_action=homepage_search&serpv=29&i=&campaign=&pub=
    [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.findwide.com/serp?s=0&filter_level=1&k={searchTerms}&guid=%7B372CE485-33C8-4590-89BF-26C45606E90C%7D&action=homepage_search&parent_action=homepage_search&serpv=29&i=&campaign=&pub=
     
    *************************
     
    AdwCleaner[R0].txt - [14056 octets] - [11/01/2015 20:21:28]
    AdwCleaner[R1].txt - [14117 octets] - [11/01/2015 20:28:02]
    AdwCleaner[S0].txt - [13465 octets] - [11/01/2015 20:43:26]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13526 octets] ##########
     

    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Microsoft Windows XP x86
    Ran by Administrator on Sun 01/11/2015 at 21:52:27.85
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\exetender
     
     
     
    ~~~ Registry Keys
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\cre"
    Successfully deleted: [Folder] "C:\Program Files\myfree codec"
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 01/11/2015 at 22:00:09.81
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-01-2015 01
    Ran by Administrator (administrator) on COMPUTER-52964B on 11-01-2015 22:26:08
    Running from C:\Documents and Settings\Administrator\Desktop
    Loaded Profile: Administrator (Available profiles: Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: Rocket)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Samsung) C:\Program Files\Samsung\Kies\Kies.exe
    (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
    (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIIVE.EXE
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Broadcom Corporation) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
    (HP) C:\WINDOWS\system32\HPSIsvc.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
    HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)
    HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [103768 2009-09-13] (Citrix Systems, Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
    HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [GoogleChromeAutoLaunch_1D779E6F1F1A75C4ED2C2669C0FDD24A] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2014-12-18] (SUPERAntiSpyware)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    HKU\S-1-5-21-796845957-823518204-1177238915-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
    HKU\S-1-5-21-796845957-823518204-1177238915-500\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
    HKU\S-1-5-21-796845957-823518204-1177238915-500\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
    SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {07BEA7CA-756C-4E81-9EC5-471208BF1D93} URL = http://search.whites...m={SearchTerms}
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.yahoo....petb&type=10723
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
    BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1362715067859
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
    DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll No File
    FF Plugin HKU\S-1-5-21-796845957-823518204-1177238915-500: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-08]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
    FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-09-27]
     
    Chrome: 
    =======
    CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (Oberon com adapter) - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
    CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files\Free Ride Games\npExentCtl.dll No File
    CHR Plugin: (         "name": "",) - C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
    CHR Plugin: (Java™ Platform SE 7 U67) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
    CHR HKLM\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [61440 2005-03-08] (Broadcom Corporation) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
    R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-11-17] (Oracle Corporation)
    R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
    S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{8EB1C2D4-CE55-423E-BB79-57C86B5EE06D}
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 andnetadb; C:\WINDOWS\System32\Drivers\lgandnetadb.sys [25856 2012-07-03] (Google Inc)
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-21] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software)
    R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-21] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-21] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-21] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-21] ()
    R2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [6025 2003-04-24] (Broadcom Corporation) [File not signed]
    S3 rt2870; C:\WINDOWS\System32\DRIVERS\Drt2870.sys [724736 2010-02-02] (Ralink Technology, Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
    S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog32.sys [X]
    S0 cerc6; No ImagePath
    S4 IntelIde; No ImagePath
    U1 WS2IFSL; No ImagePath
    S2 X4HSEx_Pr143; \??\C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-11 22:26 - 2015-01-11 22:26 - 00016813 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
    2015-01-11 22:25 - 2015-01-11 22:26 - 00000000 ____D () C:\FRST
    2015-01-11 22:00 - 2015-01-11 22:01 - 00000890 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
    2015-01-11 21:52 - 2015-01-11 21:52 - 00000000 ____D () C:\WINDOWS\ERUNT
    2015-01-11 20:56 - 2015-01-11 20:56 - 00013607 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner[S0].txt
    2015-01-11 20:20 - 2015-01-11 20:44 - 00000000 ____D () C:\AdwCleaner
    2015-01-11 20:16 - 2015-01-11 20:16 - 02124288 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
    2015-01-11 20:16 - 2015-01-11 20:16 - 01115648 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
    2015-01-11 20:14 - 2015-01-11 20:14 - 01707939 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
    2015-01-11 20:12 - 2015-01-11 20:13 - 02191360 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
    2015-01-11 20:08 - 2015-01-11 20:08 - 00083028 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.Txt 2.txt
    2015-01-11 20:08 - 2015-01-11 20:08 - 00083028 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.Txt
    2015-01-11 18:35 - 2015-01-11 18:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\New Folder
    2015-01-11 18:26 - 2015-01-11 18:26 - 00000000 ____D () C:\_OTL
    2015-01-10 19:39 - 2015-01-10 19:39 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf
    2015-01-06 23:34 - 2015-01-06 23:34 - 00090112 _____ () C:\WINDOWS\Minidump\Mini010615-01.dmp
    2015-01-04 19:44 - 2015-01-04 19:45 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
    2015-01-04 17:42 - 2015-01-04 17:42 - 00003046 _____ () C:\Documents and Settings\Administrator\My Documents\VolumeC DEFRAG.txt
    2015-01-04 01:13 - 2015-01-04 01:13 - 00000000 ____D () C:\SUPERDelete
    2015-01-03 23:04 - 2015-01-03 23:04 - 00347816 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Desktop\MicrosoftFixit.IEAddon.WER.Run (1).exe
    2015-01-02 12:46 - 2015-01-02 12:46 - 00090112 _____ () C:\WINDOWS\Minidump\Mini010215-01.dmp
    2014-12-27 10:46 - 2014-12-27 10:46 - 00090112 _____ () C:\WINDOWS\Minidump\Mini122714-01.dmp
    2014-12-25 19:48 - 2015-01-11 02:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\tifff new thanksgiving
    2014-12-25 12:55 - 2014-12-25 12:55 - 00000000 ____D () C:\Program Files\LG Electronics
    2014-12-21 01:30 - 2015-01-11 20:45 - 00424528 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2014-12-18 11:50 - 2014-12-18 12:03 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    2014-12-18 11:50 - 2014-12-18 11:50 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
    2014-12-18 11:45 - 2014-12-18 11:47 - 50107976 _____ (Adobe Systems Incorporated) C:\Documents and Settings\Administrator\Desktop\AdbeRdr11003_en_US.exe
    2014-12-18 11:30 - 2014-12-18 11:30 - 00090112 _____ () C:\WINDOWS\Minidump\Mini121814-01.dmp
    2014-12-14 00:36 - 2014-12-14 00:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2014-12-14 00:35 - 2015-01-11 20:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-12-14 00:35 - 2014-12-14 00:35 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    2014-12-14 00:35 - 2014-12-14 00:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    2014-12-14 00:35 - 2014-12-14 00:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-11 22:26 - 2013-03-07 22:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
    2015-01-11 21:34 - 2014-08-15 19:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-01-11 21:32 - 2013-07-18 21:46 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-11 20:49 - 2013-03-07 19:54 - 01926325 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-11 20:47 - 2013-03-08 00:04 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2015-01-11 20:46 - 2014-03-29 10:36 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-01-11 20:46 - 2013-07-18 21:46 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-11 20:46 - 2013-03-07 22:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-01-11 20:46 - 2013-03-07 11:49 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2015-01-11 20:46 - 2013-03-07 11:49 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2015-01-11 20:46 - 2008-04-14 02:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-01-11 20:45 - 2013-03-07 22:25 - 00032518 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-01-11 20:45 - 2013-03-07 22:25 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
    2015-01-11 18:19 - 2013-10-06 10:48 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{2831618B-F7F8-41DB-B0EA-7521879D55D3}.job
    2015-01-11 05:40 - 2013-03-07 19:55 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
    2015-01-11 01:50 - 2013-03-07 19:52 - 00046313 _____ () C:\WINDOWS\wmsetup.log
    2015-01-10 21:49 - 2013-03-07 19:59 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
    2015-01-10 19:39 - 2013-03-07 11:45 - 00891604 _____ () C:\WINDOWS\setupapi.log
    2015-01-10 19:39 - 2013-03-07 11:45 - 00192550 _____ () C:\WINDOWS\setupact.log
    2015-01-08 15:00 - 2014-03-29 10:36 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2015-01-08 01:37 - 2014-01-16 11:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Unused Desktop Shortcuts
    2015-01-06 23:34 - 2014-05-14 14:00 - 00000000 ____D () C:\WINDOWS\Minidump
    2015-01-04 01:12 - 2014-06-22 14:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Dropbox
    2015-01-04 01:12 - 2014-05-18 22:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\uTorrent
    2015-01-04 01:12 - 2013-03-13 15:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2015-01-03 23:50 - 2014-07-21 23:27 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
    2015-01-03 21:11 - 2014-08-03 00:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Chivas stuff
    2015-01-03 21:11 - 2013-06-21 10:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Msic
    2015-01-03 20:36 - 2014-10-23 00:08 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\ID Vault
    2015-01-03 20:36 - 2013-10-04 12:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\ArcSoft
    2014-12-18 14:18 - 2013-03-07 22:25 - 00000000 ____D () C:\Documents and Settings\Administrator
    2014-12-18 11:52 - 2014-11-17 14:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
    2014-12-18 11:49 - 2013-03-13 15:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
    2014-12-15 00:41 - 2014-06-22 14:12 - 00000000 ___RD () C:\Documents and Settings\Administrator\My Documents\Dropbox
    2014-12-14 01:54 - 2014-11-03 11:03 - 00319712 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796845957-823518204-1177238915-500-0.dat
    2014-12-14 01:54 - 2014-10-22 22:55 - 00129802 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2014-12-13 19:43 - 2013-03-07 11:46 - 01552593 _____ () C:\WINDOWS\iis6.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 01325797 _____ () C:\WINDOWS\FaxSetup.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00680378 _____ () C:\WINDOWS\ocgen.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00625188 _____ () C:\WINDOWS\tsoc.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00460614 _____ () C:\WINDOWS\comsetup.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00426864 _____ () C:\WINDOWS\msmqinst.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00283823 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00235197 _____ () C:\WINDOWS\netfxocm.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00094194 _____ () C:\WINDOWS\MedCtrOC.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00074965 _____ () C:\WINDOWS\ocmsn.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00068073 _____ () C:\WINDOWS\msgsocm.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00066604 _____ () C:\WINDOWS\tabletoc.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00001943 _____ () C:\WINDOWS\imsins.log
    2014-12-13 19:40 - 2014-10-23 00:08 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\ID Vault
    2014-12-13 19:07 - 2013-03-13 01:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Sharon's Stuff
    2014-12-13 14:27 - 2014-08-15 19:02 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-12-13 14:27 - 2014-08-15 19:02 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
     
    Some content of TEMP:
    ====================
    C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\strings.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\_is2A.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-01-2015 01
    Ran by Administrator at 2015-01-11 22:27:48
    Running from C:\Documents and Settings\Administrator\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    µTorrent (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
    10 Talismans (HKLM\...\exent_472250) (Version:  - )
    100 Percent Hidden Objects (HKLM\...\exent_795050) (Version:  - )
    ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Agatha Christie: Dead Man's Folly (HKLM\...\exent_687250) (Version:  - )
    Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
    Azteca (HKLM\...\exent_529250) (Version:  - )
    Big City Adventure™ - Rio de Janeiro (HKLM\...\89081897daeb0fe47fc159281c61a4e8) (Version:  - GameHouse)
    Broadcom Advanced Control Suite (HKLM\...\{058B32E2-6310-4359-B2D4-1988390C3B83}) (Version: 8.20.01 - Broadcom Corporation)
    Broadcom ASF Management Applications (HKLM\...\{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}) (Version: 8.06.01 - Broadcom)
    Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.10.07 - Broadcom Corporation)
    CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
    Citrix online plug-in (Web) (HKLM\...\{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
    Dream Chronicles (HKLM\...\exent_515450) (Version:  - )
    Dream Chronicles 2 The Eternal Maze (HKLM\...\exent_574250) (Version:  - )
    Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
    Epson E-Web Print (HKLM\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
    EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
    EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
    EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
    EPSON WorkForce 500 Series Printer Uninstall (HKLM\...\EPSON WorkForce 500 Series) (Version:  - SEIKO EPSON Corporation)
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
    Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
    Mahjong Mysteries of the Past (HKLM\...\exent_765950) (Version:  - )
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Midnight Mysteries - Devil on the MissIssippi (HKLM\...\exent_745650) (Version:  - )
    My Farm Life 2 (HKLM\...\exent_748750) (Version:  - )
    MyFreeCodec (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\MyFreeCodec) (Version:  - )
    Online Games Manager v1.30 (HKLM\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
    OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Righteous Kill (HKLM\...\exent_605250) (Version:  - )
    Rocket (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Rocket) (Version: 31.0.1650.23 - Rocket) <==== ATTENTION!
    Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
    Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Shutter Island (HKLM\...\exent_669950) (Version:  - )
    Software Updater (HKLM\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
    SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
    System Checkup 3.5 (HKLM\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.2.0 - iolo technologies, LLC)
    Unlikely Suspects (HKLM\...\exent_708650) (Version:  - )
    Vacation Adventures - Park Ranger 2 (HKLM\...\d9b4a73170343d1264d5ca8d7281b070) (Version:  - GameHouse)
    Valerie Porter and the Scarlet Scandal (HKLM\...\exent_661850) (Version:  - )
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
    Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32 -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.165 (the data entry has 34 more characters).
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No Fil (the data entry has 1 more characters).
     
    ==================== Restore Points  =========================
     
    29-11-2014 18:38:23 System Checkpoint
    30-11-2014 19:27:10 System Checkpoint
    01-12-2014 19:28:15 System Checkpoint
    02-12-2014 20:27:09 System Checkpoint
    03-12-2014 21:27:09 System Checkpoint
    04-12-2014 22:27:09 System Checkpoint
    05-12-2014 23:30:12 System Checkpoint
    07-12-2014 00:12:40 System Checkpoint
    08-12-2014 10:24:31 System Checkpoint
    09-12-2014 10:39:28 System Checkpoint
    10-12-2014 12:16:59 System Checkpoint
    10-12-2014 13:00:19 Software Distribution Service 3.0
    11-12-2014 13:53:19 System Checkpoint
    12-12-2014 14:00:10 System Checkpoint
    13-12-2014 15:00:14 System Checkpoint
    14-12-2014 15:29:24 System Checkpoint
    15-12-2014 15:41:04 System Checkpoint
    16-12-2014 16:31:32 System Checkpoint
    18-12-2014 11:48:59 Installed Adobe Reader XI (11.0.03).
    19-12-2014 11:55:46 System Checkpoint
    20-12-2014 11:55:55 System Checkpoint
    21-12-2014 12:36:09 System Checkpoint
    22-12-2014 13:05:25 System Checkpoint
    23-12-2014 13:12:36 System Checkpoint
    24-12-2014 20:25:04 System Checkpoint
    25-12-2014 12:55:07 Installed LG United Mobile Drivers.
    26-12-2014 13:45:46 System Checkpoint
    27-12-2014 13:51:43 System Checkpoint
    28-12-2014 19:09:46 System Checkpoint
    30-12-2014 13:24:56 System Checkpoint
    31-12-2014 13:54:32 System Checkpoint
    01-01-2015 15:28:08 System Checkpoint
    02-01-2015 21:09:01 System Checkpoint
    04-01-2015 00:28:13 Restore Operation
    04-01-2015 00:45:33 Restore Operation
    04-01-2015 01:17:38 Restore Operation
    06-01-2015 12:28:57 System Checkpoint
    07-01-2015 13:42:43 System Checkpoint
    08-01-2015 14:05:02 System Checkpoint
    09-01-2015 14:13:58 System Checkpoint
    10-01-2015 14:40:11 System Checkpoint
    11-01-2015 19:17:24 System Checkpoint
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2008-04-14 02:00 - 2008-04-14 02:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{2831618B-F7F8-41DB-B0EA-7521879D55D3}.job => C:\WINDOWS\system32\msfeedssync.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2015-01-11 18:19 - 2015-01-11 18:19 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011101\algo.dll
    2013-04-08 11:25 - 2011-04-02 15:03 - 00151552 _____ () C:\WINDOWS\system32\HP1100LM.DLL
    2013-04-08 11:25 - 2011-04-02 15:03 - 00069632 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1100PP.DLL
    2013-10-24 09:53 - 2014-11-21 11:39 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00036864 _____ () C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
    2014-02-14 20:54 - 2014-07-25 03:40 - 14937600 _____ () C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00594944 _____ () C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00023040 _____ () C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
    2014-01-23 17:23 - 2014-01-23 17:23 - 00057856 _____ () C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B881EAB4
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-796845957-823518204-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    Guest (S-1-5-21-796845957-823518204-1177238915-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-796845957-823518204-1177238915-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-796845957-823518204-1177238915-1002 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (01/10/2015 08:49:20 AM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/06/2015 11:34:52 PM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/06/2015 10:01:44 AM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/04/2015 02:47:21 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 117456821.
     
    Error: (01/04/2015 02:46:15 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 117456821.
     
    Error: (01/04/2015 02:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application rocket.exe, version 31.0.1650.23, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (01/04/2015 02:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application rocket.exe, version 31.0.1650.23, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (01/03/2015 11:33:10 PM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 20 Getting ASF configuration table
     
    Error: (01/03/2015 11:02:42 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 1180947459.
     
    Error: (01/03/2015 11:02:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
     
    System errors:
    =============
    Error: (01/11/2015 08:46:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The X4HSEx_Pr143 service failed to start due to the following error: 
    %%3
     
    Error: (01/11/2015 08:46:18 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .
     
    Error: (01/11/2015 08:46:18 PM) (Source: SideBySide) (EventID: 58) (User: )
    Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
    1" on line The manifest file contains one or more syntax errors.
    2.
     
    Error: (01/11/2015 08:46:18 PM) (Source: SideBySide) (EventID: 34) (User: )
    Description: Component identity found in manifest does not match the identity of the component requested
     
    Error: (01/11/2015 08:45:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (01/11/2015 08:45:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (01/11/2015 08:45:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Online Games Manager service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (01/11/2015 08:45:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (01/11/2015 08:45:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Broadcom ASF IP Monitor service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (01/11/2015 08:45:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (01/10/2015 08:49:20 AM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/06/2015 11:34:52 PM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/06/2015 10:01:44 AM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/04/2015 02:47:21 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: 117456821
     
    Error: (01/04/2015 02:46:15 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: 117456821
     
    Error: (01/04/2015 02:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: rocket.exe31.0.1650.23hungapp0.0.0.000000000
     
    Error: (01/04/2015 02:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: rocket.exe31.0.1650.23hungapp0.0.0.000000000
     
    Error: (01/03/2015 11:33:10 PM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 20 Getting ASF configuration table
     
    Error: (01/03/2015 11:02:42 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: 1180947459
     
    Error: (01/03/2015 11:02:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
     
     
    ==================== Memory info =========================== 
     
    Processor:  Intel® Pentium® 4 CPU 3.20GHz
    Percentage of memory in use: 45%
    Total physical RAM: 1014.07 MB
    Available physical RAM: 551.14 MB
    Total Pagefile: 2441.07 MB
    Available Pagefile: 2078.71 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1927.46 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:74.5 GB) (Free:42.31 GB) NTFS ==>[Drive with boot components (Windows XP)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: DAB7DAB7)
    Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================
     

    OTL logfile created on: 1/11/2015 7:55:41 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1014.07 Mb Total Physical Memory | 401.59 Mb Available Physical Memory | 39.60% Memory free
    2.38 Gb Paging File | 1.95 Gb Available in Paging File | 81.87% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 42.55 Gb Free Space | 57.12% Space Free | Partition Type: NTFS
     
    Computer Name: COMPUTER-52964B | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2015/01/09 11:40:03 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
    PRC - [2015/01/04 19:45:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2014/12/18 11:42:30 | 006,699,800 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2014/11/21 11:39:08 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2014/11/17 12:46:42 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2014/07/25 03:42:26 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2014/07/25 03:42:20 | 001,562,264 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
    PRC - [2014/07/22 18:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2014/03/27 07:07:18 | 000,581,568 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Online Games Manager\ogmservice.exe
    PRC - [2013/03/14 18:22:46 | 004,973,456 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\Free Ride Games\GPlayer.exe
    PRC - [2012/02/27 06:02:02 | 000,249,440 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIIVE.EXE
    PRC - [2011/12/11 23:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) -- C:\WINDOWS\system32\escsvc.exe
    PRC - [2011/11/10 21:10:33 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
    PRC - [2009/09/13 02:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
    PRC - [2009/09/13 02:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/03/08 22:46:12 | 000,061,440 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2015/01/11 18:19:24 | 002,909,696 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\15011101\algo.dll
    MOD - [2014/11/21 11:39:14 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2014/07/25 03:40:10 | 014,937,600 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
    MOD - [2014/07/25 03:39:58 | 000,594,944 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
    MOD - [2014/07/25 03:39:54 | 000,036,864 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
    MOD - [2014/07/25 03:39:30 | 000,023,040 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
    MOD - [2014/02/17 02:10:33 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
    MOD - [2014/02/17 02:08:29 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
    MOD - [2014/02/17 00:58:00 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2014/02/17 00:54:43 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
    MOD - [2014/02/17 00:53:08 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
    MOD - [2014/02/17 00:52:28 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dad6af4d4f3b92adf0497c5ec9565236\PresentationFramework.ni.dll
    MOD - [2014/02/17 00:51:37 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
    MOD - [2014/02/17 00:51:11 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
    MOD - [2014/02/17 00:50:39 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
    MOD - [2014/02/17 00:50:15 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
    MOD - [2014/01/23 17:23:26 | 000,057,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
    MOD - [2011/04/02 15:03:48 | 000,151,552 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
    MOD - [2011/04/02 15:03:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
    MOD - [2010/03/18 13:18:36 | 000,509,304 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\ExentCtl.ocx
     
     
    ========== Services (SafeList) ==========
     
    SRV - [2014/12/13 14:27:46 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/11/21 11:39:08 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2014/11/17 12:46:42 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2014/07/22 18:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2014/03/27 07:07:18 | 000,581,568 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files\Online Games Manager\ogmservice.exe -- (ogmservice)
    SRV - [2011/12/11 23:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\WINDOWS\system32\escsvc.exe -- (EpsonScanSvc)
    SRV - [2011/11/10 21:10:33 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2005/03/08 22:46:12 | 000,061,440 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
    DRV - File not found [Kernel | Boot | Stopped] --  -- (cerc6)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AntiLog32.sys -- (AntiLog32)
    DRV - [2014/11/21 23:40:01 | 000,787,800 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsnx.sys -- (aswSnx)
    DRV - [2014/11/21 11:40:49 | 000,423,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
    DRV - [2014/11/21 11:39:16 | 000,206,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2014/11/21 11:39:16 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2014/11/21 11:39:16 | 000,057,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2014/11/21 11:39:16 | 000,055,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswrdr.sys -- (AswRdr)
    DRV - [2014/11/21 11:39:16 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2014/11/21 11:39:16 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
    DRV - [2014/06/16 01:01:38 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
    DRV - [2014/06/16 01:01:38 | 000,089,856 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV - [2014/01/23 17:31:06 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
    DRV - [2013/08/25 10:30:48 | 000,013,120 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2012/08/02 14:57:26 | 000,058,696 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx_Pr143.sys -- (X4HSEx_Pr143)
    DRV - [2012/07/03 11:56:00 | 000,025,856 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandnetadb.sys -- (andnetadb)
    DRV - [2011/10/08 02:28:44 | 000,017,408 | R--- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/02 21:45:08 | 000,724,736 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Drt2870.sys -- (rt2870)
    DRV - [2005/03/17 19:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
    DRV - [2003/04/24 18:21:50 | 000,006,025 | R--- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
    IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
    IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
    IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
    IE - HKLM\..\SearchScopes\{AA49FBA3-4A0A-413A-9349-972EA64BFC06}: "URL" = http://www.google.co...g}&sourceid=ie7
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
    IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\InprocServer32 File not found
    IE - HKCU\..\SearchScopes,DefaultScope = {07BEA7CA-756C-4E81-9EC5-471208BF1D93}
    IE - HKCU\..\SearchScopes\{07BEA7CA-756C-4E81-9EC5-471208BF1D93}: "URL" = http://search.whites...m={SearchTerms}
    IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
    IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://search.yahoo....petb&type=10723
    IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
    IE - HKCU\..\SearchScopes\{AA49FBA3-4A0A-413A-9349-972EA64BFC06}: "URL" = http://www.google.co...g}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{C85E431D-D351-4AAF-8D56-0BC2EACF0225}: "URL" = http://rocket-find.c...=2051559981&ir=
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
     
    ========== FireFox ==========
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll File not found
    FF - HKCU\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\npGameTreatWidget.dll (Exent Technologies Ltd.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/11/21 11:39:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014/09/27 10:12:36 | 000,000,000 | ---D | M]
     
     
    ========== Chrome  ==========
     
    CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
    CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
    CHR - plugin: Exent® AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll
    CHR - plugin:  (Enabled) = C:\Program Files\Free Ride Games\npGameTreatWidget.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
    CHR - plugin: Java Deployment Toolkit 7.0.670.1 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
    CHR - plugin: Java™ Platform SE 7 U67 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: No name found = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
    CHR - Extension: No name found = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
    CHR - Extension: No name found = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
     
    O1 HOSTS File: ([2008/04/14 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKCU..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    O4 - HKCU..\Run: [GoogleChromeAutoLaunch_1D779E6F1F1A75C4ED2C2669C0FDD24A] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1421020932 File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O15 - HKCU\..Trusted Domains: dmc.org ([dmcnf04] https in Trusted sites)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1362715067859 (WUWebControl Class)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
    O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C883191-008E-4C6D-87A9-5AA6D8C51CFD}: DhcpNameServer = 10.1.10.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F31A93C3-05B6-4B1B-801C-18AAD00745AF}: DhcpNameServer = 75.75.76.76 75.75.75.75
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/03/07 19:56:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2015/01/11 18:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
    [2015/01/11 18:26:25 | 000,000,000 | ---D | C] -- C:\_OTL
    [2015/01/04 19:44:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2015/01/04 01:13:13 | 000,000,000 | ---D | C] -- C:\SUPERDelete
    [2014/12/25 19:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\tifff new thanksgiving
    [2014/12/25 12:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
    [2014/12/14 00:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    [2014/12/14 00:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2014/12/14 00:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2014/12/14 00:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2015/01/11 19:34:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2015/01/11 19:32:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2015/01/11 19:03:07 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2015/01/11 19:02:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2015/01/11 19:02:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2015/01/11 19:02:12 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
    [2015/01/11 19:02:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2015/01/11 18:19:06 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2831618B-F7F8-41DB-B0EA-7521879D55D3}.job
    [2015/01/10 19:39:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
    [2015/01/08 15:00:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
    [2015/01/04 19:45:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2014/12/25 19:57:06 | 000,013,232 | -HS- | M] () -- C:\Documents and Settings\Administrator\Desktop\Folder.jpg
    [2014/12/25 19:57:06 | 000,013,232 | -HS- | M] () -- C:\Documents and Settings\Administrator\Desktop\AlbumArt_{B721B2FD-6EC5-466B-9FD9-E8367D02143D}_Large.jpg
    [2014/12/25 19:57:06 | 000,002,848 | -HS- | M] () -- C:\Documents and Settings\Administrator\Desktop\AlbumArtSmall.jpg
    [2014/12/25 19:57:06 | 000,002,848 | -HS- | M] () -- C:\Documents and Settings\Administrator\Desktop\AlbumArt_{B721B2FD-6EC5-466B-9FD9-E8367D02143D}_Small.jpg
    [2014/12/18 11:50:43 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
    [2014/12/14 00:35:56 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2015/01/10 19:39:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
    [2014/12/25 19:57:06 | 000,013,232 | -HS- | C] () -- C:\Documents and Settings\Administrator\Desktop\AlbumArt_{B721B2FD-6EC5-466B-9FD9-E8367D02143D}_Large.jpg
    [2014/12/25 19:57:06 | 000,002,848 | -HS- | C] () -- C:\Documents and Settings\Administrator\Desktop\AlbumArt_{B721B2FD-6EC5-466B-9FD9-E8367D02143D}_Small.jpg
    [2014/12/21 01:30:10 | 000,424,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2014/12/18 11:50:43 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
    [2014/12/18 11:50:42 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    [2014/12/14 00:35:56 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/12/07 10:50:50 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dat
    [2014/11/03 11:03:35 | 000,319,712 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796845957-823518204-1177238915-500-0.dat
    [2014/10/22 22:55:35 | 000,129,802 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2014/07/22 23:51:04 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
    [2014/07/21 23:51:39 | 000,000,102 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\WB.CFG
    [2014/06/22 13:52:06 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
    [2014/02/20 15:51:35 | 000,013,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2014/01/23 17:31:12 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
    [2014/01/23 17:31:08 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
    [2014/01/23 17:31:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
    [2014/01/23 17:31:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
    [2014/01/23 17:31:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
    [2013/10/04 12:12:12 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2013/10/04 12:12:10 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2013/10/04 12:12:10 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2013/10/04 12:12:10 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2013/10/04 12:12:10 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2013/10/04 12:12:10 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2013/10/04 12:12:10 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2013/10/04 12:12:10 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2013/10/04 12:12:10 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2013/10/04 12:12:10 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2013/10/04 12:12:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2013/10/04 12:12:10 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2013/10/04 12:12:10 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2013/10/04 12:12:10 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2013/10/04 12:12:10 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2013/10/04 12:12:10 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2013/10/04 12:10:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPWF500.ini
    [2013/06/04 00:33:40 | 000,024,772 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\P1100DEF.css
    [2013/06/04 00:33:40 | 000,004,376 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\P1100OS.HTM
    [2013/06/04 00:33:40 | 000,002,944 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\P1100SIG.GIF
    [2013/05/28 15:39:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
    [2013/04/08 11:25:20 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
    [2013/04/08 11:25:20 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
    [2013/04/08 11:25:19 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
    [2013/04/08 11:24:57 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\mvusbews.dll
    [2013/04/08 11:24:18 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
    [2013/03/14 18:42:59 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
    [2013/03/08 00:04:56 | 000,206,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/03/08 00:04:55 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2013/03/07 23:11:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2013/03/07 22:31:10 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
    [2013/03/07 19:58:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2013/03/07 19:53:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2013/03/07 11:46:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2013/03/07 11:45:35 | 000,120,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
     
    ========== ZeroAccess Check ==========
     
    [2013/10/17 12:50:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2012/12/27 05:24:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== LOP Check ==========
     
    [2013/10/24 23:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVAST Software
    [2014/05/26 21:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BloodTies
    [2014/02/20 15:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
    [2014/07/30 14:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\casualArts
    [2014/06/05 17:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\cerasus.media
    [2013/06/23 08:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\COWON
    [2015/01/04 01:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
    [2013/06/22 18:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DSite
    [2014/09/01 13:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
    [2013/10/04 12:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
    [2013/05/28 15:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Exent Technologies
    [2014/06/28 13:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Flood Light Games
    [2013/03/21 16:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
    [2014/12/13 19:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ID Vault
    [2013/10/04 12:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
    [2013/05/28 16:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Merscom
    [2014/07/26 15:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
    [2014/05/14 13:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MumboJumbo
    [2013/03/11 03:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oberon Media
    [2014/07/21 23:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenCandy
    [2014/09/27 20:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice
    [2013/03/12 19:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
    [2013/06/29 07:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
    [2013/11/17 14:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PlayFirst
    [2013/06/03 15:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Righteous Kill
    [2014/07/21 23:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RocketUpdater
    [2014/08/03 00:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung
    [2014/07/21 23:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\UpdaterEX
    [2015/01/04 01:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
    [2013/12/17 11:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WildTangent
    [2014/06/22 18:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YahooCouponAddOn
    [2014/06/21 23:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\133D8
    [2014/08/11 22:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2308189059
    [2014/07/21 23:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\28157
    [2014/07/21 08:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\38251
    [2013/10/24 09:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2014/10/05 14:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish
    [2014/02/20 15:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
    [2014/07/30 14:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\casualArts
    [2013/06/22 18:02:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2014/07/21 23:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conduit
    [2014/09/27 09:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2014/05/19 20:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Excellent4App
    [2014/06/28 13:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
    [2013/05/28 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
    [2013/03/12 16:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamesBar
    [2014/05/19 20:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
    [2014/12/07 10:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
    [2014/11/18 01:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
    [2014/07/27 16:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
    [2013/05/28 16:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
    [2013/10/12 13:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2013/03/11 03:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
    [2013/10/12 12:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2013/03/11 03:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2014/04/20 12:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
    [2013/06/02 17:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
    [2014/07/22 11:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2013/12/17 11:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B881EAB4
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
     
    < End of report >
     
     

    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP
    Appears your Rocket is considered adware.  If you really must have it then wait until we finish to redownload and install it.
     
    Uninstall:
    McAfee Security Scan Plus  (foistware)
    Broadcom ASF Management Applications (It's causing errors and you don't need it unless your PC is in a big company and managed by the IT department)
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.  Uninstall Speccy.
     
     
    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     
     
    Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 
     
    Reboot. 
     
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Double-click VEW.exe
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
    Ron

     


    • 0

    #5
    shar907

    shar907

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll No File
    S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog32.sys [X]
    S0 cerc6; No ImagePath
    S4 IntelIde; No ImagePath
    U1 WS2IFSL; No ImagePath
    S2 X4HSEx_Pr143; \??\C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [X]
    C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\strings.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\_is2A.exe
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32 -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.165 (the data entry has 34 more characters).
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No Fil (the data entry has 1 more characters).
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
     
     
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll No File
    S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog32.sys [X]
    S0 cerc6; No ImagePath
    S4 IntelIde; No ImagePath
    U1 WS2IFSL; No ImagePath
    S2 X4HSEx_Pr143; \??\C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [X]
    C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\strings.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\_is2A.exe
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32 -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.165 (the data entry has 34 more characters).
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No Fil (the data entry has 1 more characters).
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
     
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll No File
    S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog32.sys [X]
    S0 cerc6; No ImagePath
    S4 IntelIde; No ImagePath
    U1 WS2IFSL; No ImagePath
    S2 X4HSEx_Pr143; \??\C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [X]
    C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\strings.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\_is2A.exe
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32 -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.165 (the data entry has 34 more characters).
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No Fil (the data entry has 1 more characters).
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
     
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll No File
    S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog32.sys [X]
    S0 cerc6; No ImagePath
    S4 IntelIde; No ImagePath
    U1 WS2IFSL; No ImagePath
    S2 X4HSEx_Pr143; \??\C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [X]
    C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\strings.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\_is2A.exe
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32 -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.165 (the data entry has 34 more characters).
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No Fil (the data entry has 1 more characters).
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
     
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll No File
    S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog32.sys [X]
    S0 cerc6; No ImagePath
    S4 IntelIde; No ImagePath
    U1 WS2IFSL; No ImagePath
    S2 X4HSEx_Pr143; \??\C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [X]
    C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\strings.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\_is2A.exe
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32 -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.165 (the data entry has 34 more characters).
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No Fil (the data entry has 1 more characters).
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
     
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll No File
    S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog32.sys [X]
    S0 cerc6; No ImagePath
    S4 IntelIde; No ImagePath
    U1 WS2IFSL; No ImagePath
    S2 X4HSEx_Pr143; \??\C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [X]
    C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\strings.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\_is2A.exe
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32 -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.165 (the data entry has 34 more characters).
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No Fil (the data entry has 1 more characters).
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
     
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll No File
    S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog32.sys [X]
    S0 cerc6; No ImagePath
    S4 IntelIde; No ImagePath
    U1 WS2IFSL; No ImagePath
    S2 X4HSEx_Pr143; \??\C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [X]
    C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\strings.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\_is2A.exe
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32 -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.165 (the data entry has 34 more characters).
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No Fil (the data entry has 1 more characters).
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
     
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll No File
    S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog32.sys [X]
    S0 cerc6; No ImagePath
    S4 IntelIde; No ImagePath
    U1 WS2IFSL; No ImagePath
    S2 X4HSEx_Pr143; \??\C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [X]
    C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\strings.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\_is2A.exe
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32 -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.165 (the data entry has 34 more characters).
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No Fil (the data entry has 1 more characters).
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
     
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll No File
    S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog32.sys [X]
    S0 cerc6; No ImagePath
    S4 IntelIde; No ImagePath
    U1 WS2IFSL; No ImagePath
    S2 X4HSEx_Pr143; \??\C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [X]
    C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\strings.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\_is2A.exe
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32 -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.165 (the data entry has 34 more characters).
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No Fil (the data entry has 1 more characters).
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
     

    • 0

    #6
    shar907

    shar907

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts

    Please ignore the just posted information.  I believe I posted it wrong. Will submit the correct logs tomorrow.

     
     

    • 0

    #7
    shar907

    shar907

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts

    Will try it again now.

     
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-01-2015 01
    Ran by Administrator (administrator) on COMPUTER-52964B on 11-01-2015 22:26:08
    Running from C:\Documents and Settings\Administrator\Desktop
    Loaded Profile: Administrator (Available profiles: Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: Rocket)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Samsung) C:\Program Files\Samsung\Kies\Kies.exe
    (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
    (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIIVE.EXE
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Broadcom Corporation) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
    (HP) C:\WINDOWS\system32\HPSIsvc.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
    HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)
    HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [103768 2009-09-13] (Citrix Systems, Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
    HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [GoogleChromeAutoLaunch_1D779E6F1F1A75C4ED2C2669C0FDD24A] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2014-12-18] (SUPERAntiSpyware)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    HKU\S-1-5-21-796845957-823518204-1177238915-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
    HKU\S-1-5-21-796845957-823518204-1177238915-500\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
    HKU\S-1-5-21-796845957-823518204-1177238915-500\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
    SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {07BEA7CA-756C-4E81-9EC5-471208BF1D93} URL = http://search.whites...m={SearchTerms}
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.yahoo....petb&type=10723
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
    BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1362715067859
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
    DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll No File
    FF Plugin HKU\S-1-5-21-796845957-823518204-1177238915-500: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-08]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
    FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-09-27]
     
    Chrome: 
    =======
    CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (Oberon com adapter) - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
    CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files\Free Ride Games\npExentCtl.dll No File
    CHR Plugin: (         "name": "",) - C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
    CHR Plugin: (Java™ Platform SE 7 U67) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
    CHR HKLM\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [61440 2005-03-08] (Broadcom Corporation) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
    R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-11-17] (Oracle Corporation)
    R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
    S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{8EB1C2D4-CE55-423E-BB79-57C86B5EE06D}
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 andnetadb; C:\WINDOWS\System32\Drivers\lgandnetadb.sys [25856 2012-07-03] (Google Inc)
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-21] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software)
    R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-21] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-21] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-21] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-21] ()
    R2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [6025 2003-04-24] (Broadcom Corporation) [File not signed]
    S3 rt2870; C:\WINDOWS\System32\DRIVERS\Drt2870.sys [724736 2010-02-02] (Ralink Technology, Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
    S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog32.sys [X]
    S0 cerc6; No ImagePath
    S4 IntelIde; No ImagePath
    U1 WS2IFSL; No ImagePath
    S2 X4HSEx_Pr143; \??\C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-11 22:26 - 2015-01-11 22:26 - 00016813 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
    2015-01-11 22:25 - 2015-01-11 22:26 - 00000000 ____D () C:\FRST
    2015-01-11 22:00 - 2015-01-11 22:01 - 00000890 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
    2015-01-11 21:52 - 2015-01-11 21:52 - 00000000 ____D () C:\WINDOWS\ERUNT
    2015-01-11 20:56 - 2015-01-11 20:56 - 00013607 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner[S0].txt
    2015-01-11 20:20 - 2015-01-11 20:44 - 00000000 ____D () C:\AdwCleaner
    2015-01-11 20:16 - 2015-01-11 20:16 - 02124288 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
    2015-01-11 20:16 - 2015-01-11 20:16 - 01115648 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
    2015-01-11 20:14 - 2015-01-11 20:14 - 01707939 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
    2015-01-11 20:12 - 2015-01-11 20:13 - 02191360 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
    2015-01-11 20:08 - 2015-01-11 20:08 - 00083028 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.Txt 2.txt
    2015-01-11 20:08 - 2015-01-11 20:08 - 00083028 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.Txt
    2015-01-11 18:35 - 2015-01-11 18:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\New Folder
    2015-01-11 18:26 - 2015-01-11 18:26 - 00000000 ____D () C:\_OTL
    2015-01-10 19:39 - 2015-01-10 19:39 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf
    2015-01-06 23:34 - 2015-01-06 23:34 - 00090112 _____ () C:\WINDOWS\Minidump\Mini010615-01.dmp
    2015-01-04 19:44 - 2015-01-04 19:45 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
    2015-01-04 17:42 - 2015-01-04 17:42 - 00003046 _____ () C:\Documents and Settings\Administrator\My Documents\VolumeC DEFRAG.txt
    2015-01-04 01:13 - 2015-01-04 01:13 - 00000000 ____D () C:\SUPERDelete
    2015-01-03 23:04 - 2015-01-03 23:04 - 00347816 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Desktop\MicrosoftFixit.IEAddon.WER.Run (1).exe
    2015-01-02 12:46 - 2015-01-02 12:46 - 00090112 _____ () C:\WINDOWS\Minidump\Mini010215-01.dmp
    2014-12-27 10:46 - 2014-12-27 10:46 - 00090112 _____ () C:\WINDOWS\Minidump\Mini122714-01.dmp
    2014-12-25 19:48 - 2015-01-11 02:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\tifff new thanksgiving
    2014-12-25 12:55 - 2014-12-25 12:55 - 00000000 ____D () C:\Program Files\LG Electronics
    2014-12-21 01:30 - 2015-01-11 20:45 - 00424528 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2014-12-18 11:50 - 2014-12-18 12:03 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    2014-12-18 11:50 - 2014-12-18 11:50 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
    2014-12-18 11:45 - 2014-12-18 11:47 - 50107976 _____ (Adobe Systems Incorporated) C:\Documents and Settings\Administrator\Desktop\AdbeRdr11003_en_US.exe
    2014-12-18 11:30 - 2014-12-18 11:30 - 00090112 _____ () C:\WINDOWS\Minidump\Mini121814-01.dmp
    2014-12-14 00:36 - 2014-12-14 00:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2014-12-14 00:35 - 2015-01-11 20:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-12-14 00:35 - 2014-12-14 00:35 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    2014-12-14 00:35 - 2014-12-14 00:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    2014-12-14 00:35 - 2014-12-14 00:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-11 22:26 - 2013-03-07 22:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
    2015-01-11 21:34 - 2014-08-15 19:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-01-11 21:32 - 2013-07-18 21:46 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-11 20:49 - 2013-03-07 19:54 - 01926325 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-11 20:47 - 2013-03-08 00:04 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2015-01-11 20:46 - 2014-03-29 10:36 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-01-11 20:46 - 2013-07-18 21:46 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-11 20:46 - 2013-03-07 22:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-01-11 20:46 - 2013-03-07 11:49 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2015-01-11 20:46 - 2013-03-07 11:49 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2015-01-11 20:46 - 2008-04-14 02:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-01-11 20:45 - 2013-03-07 22:25 - 00032518 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-01-11 20:45 - 2013-03-07 22:25 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
    2015-01-11 18:19 - 2013-10-06 10:48 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{2831618B-F7F8-41DB-B0EA-7521879D55D3}.job
    2015-01-11 05:40 - 2013-03-07 19:55 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
    2015-01-11 01:50 - 2013-03-07 19:52 - 00046313 _____ () C:\WINDOWS\wmsetup.log
    2015-01-10 21:49 - 2013-03-07 19:59 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
    2015-01-10 19:39 - 2013-03-07 11:45 - 00891604 _____ () C:\WINDOWS\setupapi.log
    2015-01-10 19:39 - 2013-03-07 11:45 - 00192550 _____ () C:\WINDOWS\setupact.log
    2015-01-08 15:00 - 2014-03-29 10:36 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2015-01-08 01:37 - 2014-01-16 11:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Unused Desktop Shortcuts
    2015-01-06 23:34 - 2014-05-14 14:00 - 00000000 ____D () C:\WINDOWS\Minidump
    2015-01-04 01:12 - 2014-06-22 14:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Dropbox
    2015-01-04 01:12 - 2014-05-18 22:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\uTorrent
    2015-01-04 01:12 - 2013-03-13 15:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2015-01-03 23:50 - 2014-07-21 23:27 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
    2015-01-03 21:11 - 2014-08-03 00:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Chivas stuff
    2015-01-03 21:11 - 2013-06-21 10:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Msic
    2015-01-03 20:36 - 2014-10-23 00:08 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\ID Vault
    2015-01-03 20:36 - 2013-10-04 12:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\ArcSoft
    2014-12-18 14:18 - 2013-03-07 22:25 - 00000000 ____D () C:\Documents and Settings\Administrator
    2014-12-18 11:52 - 2014-11-17 14:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
    2014-12-18 11:49 - 2013-03-13 15:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
    2014-12-15 00:41 - 2014-06-22 14:12 - 00000000 ___RD () C:\Documents and Settings\Administrator\My Documents\Dropbox
    2014-12-14 01:54 - 2014-11-03 11:03 - 00319712 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796845957-823518204-1177238915-500-0.dat
    2014-12-14 01:54 - 2014-10-22 22:55 - 00129802 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2014-12-13 19:43 - 2013-03-07 11:46 - 01552593 _____ () C:\WINDOWS\iis6.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 01325797 _____ () C:\WINDOWS\FaxSetup.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00680378 _____ () C:\WINDOWS\ocgen.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00625188 _____ () C:\WINDOWS\tsoc.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00460614 _____ () C:\WINDOWS\comsetup.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00426864 _____ () C:\WINDOWS\msmqinst.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00283823 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00235197 _____ () C:\WINDOWS\netfxocm.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00094194 _____ () C:\WINDOWS\MedCtrOC.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00074965 _____ () C:\WINDOWS\ocmsn.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00068073 _____ () C:\WINDOWS\msgsocm.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00066604 _____ () C:\WINDOWS\tabletoc.log
    2014-12-13 19:43 - 2013-03-07 11:46 - 00001943 _____ () C:\WINDOWS\imsins.log
    2014-12-13 19:40 - 2014-10-23 00:08 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\ID Vault
    2014-12-13 19:07 - 2013-03-13 01:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Sharon's Stuff
    2014-12-13 14:27 - 2014-08-15 19:02 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-12-13 14:27 - 2014-08-15 19:02 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
     
    Some content of TEMP:
    ====================
    C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\strings.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\_is2A.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    ==================== End Of Log ============================
     
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-01-2015 01
    Ran by Administrator at 2015-01-11 22:27:48
    Running from C:\Documents and Settings\Administrator\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    µTorrent (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
    10 Talismans (HKLM\...\exent_472250) (Version:  - )
    100 Percent Hidden Objects (HKLM\...\exent_795050) (Version:  - )
    ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Agatha Christie: Dead Man's Folly (HKLM\...\exent_687250) (Version:  - )
    Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
    Azteca (HKLM\...\exent_529250) (Version:  - )
    Big City Adventure™ - Rio de Janeiro (HKLM\...\89081897daeb0fe47fc159281c61a4e8) (Version:  - GameHouse)
    Broadcom Advanced Control Suite (HKLM\...\{058B32E2-6310-4359-B2D4-1988390C3B83}) (Version: 8.20.01 - Broadcom Corporation)
    Broadcom ASF Management Applications (HKLM\...\{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}) (Version: 8.06.01 - Broadcom)
    Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.10.07 - Broadcom Corporation)
    CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
    Citrix online plug-in (Web) (HKLM\...\{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
    Dream Chronicles (HKLM\...\exent_515450) (Version:  - )
    Dream Chronicles 2 The Eternal Maze (HKLM\...\exent_574250) (Version:  - )
    Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
    Epson E-Web Print (HKLM\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
    EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
    EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
    EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
    EPSON WorkForce 500 Series Printer Uninstall (HKLM\...\EPSON WorkForce 500 Series) (Version:  - SEIKO EPSON Corporation)
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
    Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
    Mahjong Mysteries of the Past (HKLM\...\exent_765950) (Version:  - )
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Midnight Mysteries - Devil on the MissIssippi (HKLM\...\exent_745650) (Version:  - )
    My Farm Life 2 (HKLM\...\exent_748750) (Version:  - )
    MyFreeCodec (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\MyFreeCodec) (Version:  - )
    Online Games Manager v1.30 (HKLM\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
    OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Righteous Kill (HKLM\...\exent_605250) (Version:  - )
    Rocket (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Rocket) (Version: 31.0.1650.23 - Rocket) <==== ATTENTION!
    Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
    Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Shutter Island (HKLM\...\exent_669950) (Version:  - )
    Software Updater (HKLM\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
    SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
    System Checkup 3.5 (HKLM\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.2.0 - iolo technologies, LLC)
    Unlikely Suspects (HKLM\...\exent_708650) (Version:  - )
    Vacation Adventures - Park Ranger 2 (HKLM\...\d9b4a73170343d1264d5ca8d7281b070) (Version:  - GameHouse)
    Valerie Porter and the Scarlet Scandal (HKLM\...\exent_661850) (Version:  - )
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
    Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32 -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.165 (the data entry has 34 more characters).
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No Fil (the data entry has 1 more characters).
     
    ==================== Restore Points  =========================
     
    29-11-2014 18:38:23 System Checkpoint
    30-11-2014 19:27:10 System Checkpoint
    01-12-2014 19:28:15 System Checkpoint
    02-12-2014 20:27:09 System Checkpoint
    03-12-2014 21:27:09 System Checkpoint
    04-12-2014 22:27:09 System Checkpoint
    05-12-2014 23:30:12 System Checkpoint
    07-12-2014 00:12:40 System Checkpoint
    08-12-2014 10:24:31 System Checkpoint
    09-12-2014 10:39:28 System Checkpoint
    10-12-2014 12:16:59 System Checkpoint
    10-12-2014 13:00:19 Software Distribution Service 3.0
    11-12-2014 13:53:19 System Checkpoint
    12-12-2014 14:00:10 System Checkpoint
    13-12-2014 15:00:14 System Checkpoint
    14-12-2014 15:29:24 System Checkpoint
    15-12-2014 15:41:04 System Checkpoint
    16-12-2014 16:31:32 System Checkpoint
    18-12-2014 11:48:59 Installed Adobe Reader XI (11.0.03).
    19-12-2014 11:55:46 System Checkpoint
    20-12-2014 11:55:55 System Checkpoint
    21-12-2014 12:36:09 System Checkpoint
    22-12-2014 13:05:25 System Checkpoint
    23-12-2014 13:12:36 System Checkpoint
    24-12-2014 20:25:04 System Checkpoint
    25-12-2014 12:55:07 Installed LG United Mobile Drivers.
    26-12-2014 13:45:46 System Checkpoint
    27-12-2014 13:51:43 System Checkpoint
    28-12-2014 19:09:46 System Checkpoint
    30-12-2014 13:24:56 System Checkpoint
    31-12-2014 13:54:32 System Checkpoint
    01-01-2015 15:28:08 System Checkpoint
    02-01-2015 21:09:01 System Checkpoint
    04-01-2015 00:28:13 Restore Operation
    04-01-2015 00:45:33 Restore Operation
    04-01-2015 01:17:38 Restore Operation
    06-01-2015 12:28:57 System Checkpoint
    07-01-2015 13:42:43 System Checkpoint
    08-01-2015 14:05:02 System Checkpoint
    09-01-2015 14:13:58 System Checkpoint
    10-01-2015 14:40:11 System Checkpoint
    11-01-2015 19:17:24 System Checkpoint
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2008-04-14 02:00 - 2008-04-14 02:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{2831618B-F7F8-41DB-B0EA-7521879D55D3}.job => C:\WINDOWS\system32\msfeedssync.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2015-01-11 18:19 - 2015-01-11 18:19 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011101\algo.dll
    2013-04-08 11:25 - 2011-04-02 15:03 - 00151552 _____ () C:\WINDOWS\system32\HP1100LM.DLL
    2013-04-08 11:25 - 2011-04-02 15:03 - 00069632 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1100PP.DLL
    2013-10-24 09:53 - 2014-11-21 11:39 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00036864 _____ () C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
    2014-02-14 20:54 - 2014-07-25 03:40 - 14937600 _____ () C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00594944 _____ () C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00023040 _____ () C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
    2014-01-23 17:23 - 2014-01-23 17:23 - 00057856 _____ () C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B881EAB4
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-796845957-823518204-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    Guest (S-1-5-21-796845957-823518204-1177238915-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-796845957-823518204-1177238915-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-796845957-823518204-1177238915-1002 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (01/10/2015 08:49:20 AM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/06/2015 11:34:52 PM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/06/2015 10:01:44 AM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/04/2015 02:47:21 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 117456821.
     
    Error: (01/04/2015 02:46:15 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 117456821.
     
    Error: (01/04/2015 02:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application rocket.exe, version 31.0.1650.23, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (01/04/2015 02:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application rocket.exe, version 31.0.1650.23, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (01/03/2015 11:33:10 PM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 20 Getting ASF configuration table
     
    Error: (01/03/2015 11:02:42 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 1180947459.
     
    Error: (01/03/2015 11:02:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
     
    System errors:
    =============
    Error: (01/11/2015 08:46:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The X4HSEx_Pr143 service failed to start due to the following error: 
    %%3
     
    Error: (01/11/2015 08:46:18 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .
     
    Error: (01/11/2015 08:46:18 PM) (Source: SideBySide) (EventID: 58) (User: )
    Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
    1" on line The manifest file contains one or more syntax errors.
    2.
     
    Error: (01/11/2015 08:46:18 PM) (Source: SideBySide) (EventID: 34) (User: )
    Description: Component identity found in manifest does not match the identity of the component requested
     
    Error: (01/11/2015 08:45:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (01/11/2015 08:45:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (01/11/2015 08:45:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Online Games Manager service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (01/11/2015 08:45:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (01/11/2015 08:45:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Broadcom ASF IP Monitor service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (01/11/2015 08:45:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (01/10/2015 08:49:20 AM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/06/2015 11:34:52 PM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/06/2015 10:01:44 AM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/04/2015 02:47:21 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: 117456821
     
    Error: (01/04/2015 02:46:15 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: 117456821
     
    Error: (01/04/2015 02:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: rocket.exe31.0.1650.23hungapp0.0.0.000000000
     
    Error: (01/04/2015 02:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: rocket.exe31.0.1650.23hungapp0.0.0.000000000
     
    Error: (01/03/2015 11:33:10 PM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 20 Getting ASF configuration table
     
    Error: (01/03/2015 11:02:42 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: 1180947459
     
    Error: (01/03/2015 11:02:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
     
     
    ==================== Memory info =========================== 
     
    Processor:  Intel® Pentium® 4 CPU 3.20GHz
    Percentage of memory in use: 45%
    Total physical RAM: 1014.07 MB
    Available physical RAM: 551.14 MB
    Total Pagefile: 2441.07 MB
    Available Pagefile: 2078.71 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1927.46 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:74.5 GB) (Free:42.31 GB) NTFS ==>[Drive with boot components (Windows XP)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: DAB7DAB7)
    Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================
     
     
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll No File
    S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog32.sys [X]
    S0 cerc6; No ImagePath
    S4 IntelIde; No ImagePath
    U1 WS2IFSL; No ImagePath
    S2 X4HSEx_Pr143; \??\C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [X]
    C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\strings.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\_is2A.exe
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32 -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.165 (the data entry has 34 more characters).
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No Fil (the data entry has 1 more characters).
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
     
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
    Ran by Administrator at 2015-01-13 11:49:17
    Running from C:\Documents and Settings\Administrator\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    µTorrent (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
    10 Talismans (HKLM\...\exent_472250) (Version:  - )
    100 Percent Hidden Objects (HKLM\...\exent_795050) (Version:  - )
    ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Agatha Christie: Dead Man's Folly (HKLM\...\exent_687250) (Version:  - )
    Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
    Azteca (HKLM\...\exent_529250) (Version:  - )
    Big City Adventure™ - Rio de Janeiro (HKLM\...\89081897daeb0fe47fc159281c61a4e8) (Version:  - GameHouse)
    Broadcom Advanced Control Suite (HKLM\...\{058B32E2-6310-4359-B2D4-1988390C3B83}) (Version: 8.20.01 - Broadcom Corporation)
    Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.10.07 - Broadcom Corporation)
    CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
    Citrix online plug-in (Web) (HKLM\...\{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
    Dream Chronicles (HKLM\...\exent_515450) (Version:  - )
    Dream Chronicles 2 The Eternal Maze (HKLM\...\exent_574250) (Version:  - )
    Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
    Epson E-Web Print (HKLM\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
    EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
    EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
    EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
    EPSON WorkForce 500 Series Printer Uninstall (HKLM\...\EPSON WorkForce 500 Series) (Version:  - SEIKO EPSON Corporation)
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
    Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
    Mahjong Mysteries of the Past (HKLM\...\exent_765950) (Version:  - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Midnight Mysteries - Devil on the MissIssippi (HKLM\...\exent_745650) (Version:  - )
    My Farm Life 2 (HKLM\...\exent_748750) (Version:  - )
    MyFreeCodec (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\MyFreeCodec) (Version:  - )
    Online Games Manager v1.30 (HKLM\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
    OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Righteous Kill (HKLM\...\exent_605250) (Version:  - )
    Rocket (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Rocket) (Version: 31.0.1650.23 - Rocket) <==== ATTENTION!
    Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
    Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Shutter Island (HKLM\...\exent_669950) (Version:  - )
    Software Updater (HKLM\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
    SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
    System Checkup 3.5 (HKLM\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.2.0 - iolo technologies, LLC)
    Unlikely Suspects (HKLM\...\exent_708650) (Version:  - )
    Vacation Adventures - Park Ranger 2 (HKLM\...\d9b4a73170343d1264d5ca8d7281b070) (Version:  - GameHouse)
    Valerie Porter and the Scarlet Scandal (HKLM\...\exent_661850) (Version:  - )
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
    Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
     
    ==================== Restore Points  =========================
     
    10-12-2014 12:16:59 System Checkpoint
    10-12-2014 13:00:19 Software Distribution Service 3.0
    11-12-2014 13:53:19 System Checkpoint
    12-12-2014 14:00:10 System Checkpoint
    13-12-2014 15:00:14 System Checkpoint
    14-12-2014 15:29:24 System Checkpoint
    15-12-2014 15:41:04 System Checkpoint
    16-12-2014 16:31:32 System Checkpoint
    18-12-2014 11:48:59 Installed Adobe Reader XI (11.0.03).
    19-12-2014 11:55:46 System Checkpoint
    20-12-2014 11:55:55 System Checkpoint
    21-12-2014 12:36:09 System Checkpoint
    22-12-2014 13:05:25 System Checkpoint
    23-12-2014 13:12:36 System Checkpoint
    24-12-2014 20:25:04 System Checkpoint
    25-12-2014 12:55:07 Installed LG United Mobile Drivers.
    26-12-2014 13:45:46 System Checkpoint
    27-12-2014 13:51:43 System Checkpoint
    28-12-2014 19:09:46 System Checkpoint
    30-12-2014 13:24:56 System Checkpoint
    31-12-2014 13:54:32 System Checkpoint
    01-01-2015 15:28:08 System Checkpoint
    02-01-2015 21:09:01 System Checkpoint
    04-01-2015 00:28:13 Restore Operation
    04-01-2015 00:45:33 Restore Operation
    04-01-2015 01:17:38 Restore Operation
    06-01-2015 12:28:57 System Checkpoint
    07-01-2015 13:42:43 System Checkpoint
    08-01-2015 14:05:02 System Checkpoint
    09-01-2015 14:13:58 System Checkpoint
    10-01-2015 14:40:11 System Checkpoint
    11-01-2015 19:17:24 System Checkpoint
    12-01-2015 19:58:34 System Checkpoint
    13-01-2015 10:58:14 Removed Broadcom ASF Management Applications
    13-01-2015 10:58:43 Removed Broadcom Gigabit Integrated Controller
    13-01-2015 10:59:22 Removed Broadcom Advanced Control Suite
    13-01-2015 11:14:32 Restore Operation
    13-01-2015 11:24:30 Removed Broadcom ASF Management Applications
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2008-04-14 02:00 - 2008-04-14 02:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{2831618B-F7F8-41DB-B0EA-7521879D55D3}.job => C:\WINDOWS\system32\msfeedssync.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2015-01-13 11:21 - 2015-01-13 11:21 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011300\algo.dll
    2013-04-08 11:25 - 2011-04-02 15:03 - 00151552 _____ () C:\WINDOWS\system32\HP1100LM.DLL
    2013-04-08 11:25 - 2011-04-02 15:03 - 00069632 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1100PP.DLL
    2013-10-24 09:53 - 2014-11-21 11:39 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00036864 _____ () C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
    2014-02-14 20:54 - 2014-07-25 03:40 - 14937600 _____ () C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00594944 _____ () C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00023040 _____ () C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
    2014-01-23 17:23 - 2014-01-23 17:23 - 00057856 _____ () C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B881EAB4
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-796845957-823518204-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    Guest (S-1-5-21-796845957-823518204-1177238915-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-796845957-823518204-1177238915-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-796845957-823518204-1177238915-1002 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (01/10/2015 08:49:20 AM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/06/2015 11:34:52 PM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/06/2015 10:01:44 AM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/04/2015 02:47:21 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 117456821.
     
    Error: (01/04/2015 02:46:15 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 117456821.
     
    Error: (01/04/2015 02:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application rocket.exe, version 31.0.1650.23, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (01/04/2015 02:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application rocket.exe, version 31.0.1650.23, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (01/03/2015 11:33:10 PM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 20 Getting ASF configuration table
     
    Error: (01/03/2015 11:02:42 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 1180947459.
     
    Error: (01/03/2015 11:02:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
     
    System errors:
    =============
    Error: (01/13/2015 11:18:27 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .
     
    Error: (01/13/2015 11:18:27 AM) (Source: SideBySide) (EventID: 58) (User: )
    Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
    1" on line The manifest file contains one or more syntax errors.
    2.
     
    Error: (01/13/2015 11:18:27 AM) (Source: SideBySide) (EventID: 34) (User: )
    Description: Component identity found in manifest does not match the identity of the component requested
     
    Error: (01/13/2015 11:16:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The X4HSEx_Pr143 service failed to start due to the following error: 
    %%3
     
    Error: (01/13/2015 10:45:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The X4HSEx_Pr143 service failed to start due to the following error: 
    %%3
     
    Error: (01/13/2015 10:45:19 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .
     
    Error: (01/13/2015 10:45:19 AM) (Source: SideBySide) (EventID: 58) (User: )
    Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
    1" on line The manifest file contains one or more syntax errors.
    2.
     
    Error: (01/13/2015 10:45:19 AM) (Source: SideBySide) (EventID: 34) (User: )
    Description: Component identity found in manifest does not match the identity of the component requested
     
    Error: (01/12/2015 02:56:51 PM) (Source: System Error) (EventID: 1003) (User: )
    Description: Error code 1000008e, parameter1 c0000005, parameter2 bf85fcb0, parameter3 a883bae4, parameter4 00000000.
     
    Error: (01/12/2015 02:55:59 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .
     
     
    Microsoft Office Sessions:
    =========================
    Error: (01/10/2015 08:49:20 AM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/06/2015 11:34:52 PM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/06/2015 10:01:44 AM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 53 Refreshing BMAPI data
     
    Error: (01/04/2015 02:47:21 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: 117456821
     
    Error: (01/04/2015 02:46:15 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: 117456821
     
    Error: (01/04/2015 02:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: rocket.exe31.0.1650.23hungapp0.0.0.000000000
     
    Error: (01/04/2015 02:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: rocket.exe31.0.1650.23hungapp0.0.0.000000000
     
    Error: (01/03/2015 11:33:10 PM) (Source: Broadcom ASF IP Monitor) (EventID: 0) (User: )
    Description: !ERROR 20 Getting ASF configuration table
     
    Error: (01/03/2015 11:02:42 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: 1180947459
     
    Error: (01/03/2015 11:02:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
     
     
    ==================== Memory info =========================== 
     
    Processor:  Intel® Pentium® 4 CPU 3.20GHz
    Percentage of memory in use: 49%
    Total physical RAM: 1014.07 MB
    Available physical RAM: 511.44 MB
    Total Pagefile: 2441.07 MB
    Available Pagefile: 2041.6 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1930.73 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:74.5 GB) (Free:42.99 GB) NTFS ==>[Drive with boot components (Windows XP)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: DAB7DAB7)
    Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
    Ran by Administrator (administrator) on COMPUTER-52964B on 13-01-2015 11:47:31
    Running from C:\Documents and Settings\Administrator\My Documents\Downloads
    Loaded Profile: Administrator (Available profiles: Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: Rocket)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (HP) C:\WINDOWS\system32\HPSIsvc.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
    (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Samsung) C:\Program Files\Samsung\Kies\Kies.exe
    (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
    (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIIVE.EXE
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
    HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)
    HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [103768 2009-09-13] (Citrix Systems, Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
    HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [GoogleChromeAutoLaunch_1D779E6F1F1A75C4ED2C2669C0FDD24A] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2014-12-18] (SUPERAntiSpyware)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\RunOnce: [Adobe Speed Launcher] => 1421165997
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
    HKU\S-1-5-21-796845957-823518204-1177238915-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
    HKU\S-1-5-21-796845957-823518204-1177238915-500\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
    HKU\S-1-5-21-796845957-823518204-1177238915-500\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
    SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
    SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {07BEA7CA-756C-4E81-9EC5-471208BF1D93} URL = http://search.whites...m={SearchTerms}
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.yahoo....petb&type=10723
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
    BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1362715067859
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
    DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-796845957-823518204-1177238915-500: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-08]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
    FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-09-27]
     
    Chrome: 
    =======
    CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (Oberon com adapter) - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
    CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files\Free Ride Games\npExentCtl.dll No File
    CHR Plugin: (         "name": "",) - C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
    CHR Plugin: (Java™ Platform SE 7 U67) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
    CHR HKLM\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
    R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-11-17] (Oracle Corporation)
    R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
    S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{8EB1C2D4-CE55-423E-BB79-57C86B5EE06D}
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 andnetadb; C:\WINDOWS\System32\Drivers\lgandnetadb.sys [25856 2012-07-03] (Google Inc)
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-21] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software)
    R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-21] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-21] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-21] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-21] ()
    S3 rt2870; C:\WINDOWS\System32\DRIVERS\Drt2870.sys [724736 2010-02-02] (Ralink Technology, Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-13 11:39 - 2015-01-13 11:39 - 00000946 _____ () C:\Documents and Settings\Administrator\Desktop\Shortcut to fixlist (2).txt.lnk
    2015-01-13 11:28 - 2015-01-13 11:28 - 00005452 _____ () C:\Documents and Settings\Administrator\Desktop\fixlist.txt  TODAY.txt
    2015-01-13 11:15 - 2015-01-13 11:24 - 00000000 ____D () C:\Program Files\Broadcom
    2015-01-13 11:15 - 2015-01-13 11:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom
    2015-01-11 22:27 - 2015-01-11 22:29 - 00020584 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt
    2015-01-11 22:26 - 2015-01-11 22:28 - 00027491 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
    2015-01-11 22:25 - 2015-01-13 11:47 - 00000000 ____D () C:\FRST
    2015-01-11 22:00 - 2015-01-11 22:01 - 00000890 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
    2015-01-11 21:52 - 2015-01-11 21:52 - 00000000 ____D () C:\WINDOWS\ERUNT
    2015-01-11 20:56 - 2015-01-11 20:56 - 00013607 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner[S0].txt
    2015-01-11 20:20 - 2015-01-11 20:44 - 00000000 ____D () C:\AdwCleaner
    2015-01-11 20:16 - 2015-01-11 20:16 - 02124288 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
    2015-01-11 20:16 - 2015-01-11 20:16 - 01115648 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
    2015-01-11 20:14 - 2015-01-11 20:14 - 01707939 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
    2015-01-11 20:12 - 2015-01-11 20:13 - 02191360 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
    2015-01-11 20:08 - 2015-01-11 20:08 - 00083028 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.Txt 2.txt
    2015-01-11 20:08 - 2015-01-11 20:08 - 00083028 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.Txt
    2015-01-11 18:35 - 2015-01-11 18:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\New Folder
    2015-01-11 18:26 - 2015-01-11 18:26 - 00000000 ____D () C:\_OTL
    2015-01-10 19:39 - 2015-01-10 19:39 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf
    2015-01-06 23:34 - 2015-01-06 23:34 - 00090112 _____ () C:\WINDOWS\Minidump\Mini010615-01.dmp
    2015-01-04 19:44 - 2015-01-04 19:45 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
    2015-01-04 17:42 - 2015-01-04 17:42 - 00003046 _____ () C:\Documents and Settings\Administrator\My Documents\VolumeC DEFRAG.txt
    2015-01-04 01:13 - 2015-01-04 01:13 - 00000000 ____D () C:\SUPERDelete
    2015-01-03 23:04 - 2015-01-03 23:04 - 00347816 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Desktop\MicrosoftFixit.IEAddon.WER.Run (1).exe
    2015-01-02 12:46 - 2015-01-02 12:46 - 00090112 _____ () C:\WINDOWS\Minidump\Mini010215-01.dmp
    2014-12-27 10:46 - 2014-12-27 10:46 - 00090112 _____ () C:\WINDOWS\Minidump\Mini122714-01.dmp
    2014-12-25 19:48 - 2015-01-11 02:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\tifff new thanksgiving
    2014-12-25 12:55 - 2014-12-25 12:55 - 00000000 ____D () C:\Program Files\LG Electronics
    2014-12-21 01:30 - 2015-01-13 11:14 - 00424528 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2014-12-18 11:50 - 2014-12-18 12:03 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    2014-12-18 11:50 - 2014-12-18 11:50 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
    2014-12-18 11:45 - 2014-12-18 11:47 - 50107976 _____ (Adobe Systems Incorporated) C:\Documents and Settings\Administrator\Desktop\AdbeRdr11003_en_US.exe
    2014-12-18 11:30 - 2014-12-18 11:30 - 00090112 _____ () C:\WINDOWS\Minidump\Mini121814-01.dmp
    2014-12-14 00:36 - 2014-12-14 00:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2014-12-14 00:35 - 2015-01-13 11:20 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-12-14 00:35 - 2014-12-14 00:35 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    2014-12-14 00:35 - 2014-12-14 00:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    2014-12-14 00:35 - 2014-12-14 00:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-13 11:48 - 2013-03-07 22:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
    2015-01-13 11:40 - 2013-03-08 00:04 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2015-01-13 11:34 - 2014-08-15 19:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-01-13 11:32 - 2013-07-18 21:46 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-13 11:24 - 2013-03-07 19:54 - 01953234 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-13 11:18 - 2013-10-06 10:48 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{2831618B-F7F8-41DB-B0EA-7521879D55D3}.job
    2015-01-13 11:17 - 2008-04-14 02:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-01-13 11:16 - 2013-07-18 21:46 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-13 11:16 - 2013-03-07 22:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-01-13 11:16 - 2013-03-07 11:49 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2015-01-13 11:16 - 2013-03-07 11:49 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2015-01-13 11:15 - 2013-03-07 22:25 - 00000000 __SHD () C:\Documents and Settings\LocalService
    2015-01-13 11:15 - 2013-03-07 22:25 - 00000000 ____D () C:\Documents and Settings\Administrator
    2015-01-13 11:15 - 2013-03-07 19:59 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2015-01-13 11:15 - 2013-03-07 19:52 - 00000000 ____D () C:\WINDOWS\Registration
    2015-01-13 11:14 - 2013-03-07 22:25 - 00032428 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-01-13 10:58 - 2013-03-07 11:45 - 00892742 _____ () C:\WINDOWS\setupapi.log
    2015-01-12 14:04 - 2013-03-07 22:25 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
    2015-01-12 11:18 - 2014-07-21 23:55 - 00002633 _____ () C:\Documents and Settings\Administrator\Desktop\Rocket.lnk
    2015-01-12 09:46 - 2013-03-07 19:59 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
    2015-01-11 05:40 - 2013-03-07 19:55 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
    2015-01-11 01:50 - 2013-03-07 19:52 - 00046313 _____ () C:\WINDOWS\wmsetup.log
    2015-01-10 19:39 - 2013-03-07 11:45 - 00192550 _____ () C:\WINDOWS\setupact.log
    2015-01-08 01:37 - 2014-01-16 11:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Unused Desktop Shortcuts
    2015-01-06 23:34 - 2014-05-14 14:00 - 00000000 ____D () C:\WINDOWS\Minidump
    2015-01-04 01:12 - 2014-06-22 14:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Dropbox
    2015-01-04 01:12 - 2014-05-18 22:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\uTorrent
    2015-01-04 01:12 - 2013-03-13 15:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2015-01-03 23:50 - 2014-07-21 23:27 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
    2015-01-03 21:11 - 2014-08-03 00:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Chivas stuff
    2015-01-03 21:11 - 2013-06-21 10:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Msic
    2015-01-03 20:36 - 2014-10-23 00:08 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\ID Vault
    2015-01-03 20:36 - 2013-10-04 12:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\ArcSoft
    2014-12-18 11:52 - 2014-11-17 14:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
    2014-12-18 11:49 - 2013-03-13 15:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
    2014-12-15 00:41 - 2014-06-22 14:12 - 00000000 ___RD () C:\Documents and Settings\Administrator\My Documents\Dropbox
    2014-12-14 01:54 - 2014-11-03 11:03 - 00319712 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796845957-823518204-1177238915-500-0.dat
    2014-12-14 01:54 - 2014-10-22 22:55 - 00129802 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    ==================== End Of Log ============================
     
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll No File
    S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog32.sys [X]
    S0 cerc6; No ImagePath
    S4 IntelIde; No ImagePath
    U1 WS2IFSL; No ImagePath
    S2 X4HSEx_Pr143; \??\C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [X]
    C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\strings.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\_is2A.exe
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32 -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.165 (the data entry has 34 more characters).
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No Fil (the data entry has 1 more characters).
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
     
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll No File
    S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog32.sys [X]
    S0 cerc6; No ImagePath
    S4 IntelIde; No ImagePath
    U1 WS2IFSL; No ImagePath
    S2 X4HSEx_Pr143; \??\C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [X]
    C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\strings.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\_is2A.exe
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32 -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.165 (the data entry has 34 more characters).
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No Fil (the data entry has 1 more characters).
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
     
     
    HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll No File
    S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog32.sys [X]
    S0 cerc6; No ImagePath
    S4 IntelIde; No ImagePath
    U1 WS2IFSL; No ImagePath
    S2 X4HSEx_Pr143; \??\C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [X]
    C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\strings.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\_is2A.exe
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32 -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Administrator\Local Settings\Application Data\Rocket\Application\31.0.165 (the data entry has 34 more characters).
    CustomCLSID: HKU\S-1-5-21-796845957-823518204-1177238915-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No Fil (the data entry has 1 more characters).
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
     
    Vino's Event Viewer v01c run on Windows XP in English
    Report run at 13/01/2015 12:18:40 PM
     
    Note: All dates below are in the format dd/mm/yyyy
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 13/01/2015 12:11:03 PM
    Type: error Category: 0
    Event: 59 Source: SideBySide
    Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL. Reference error message: The operation completed successfully. . 
     
    Log: 'System' Date/Time: 13/01/2015 12:11:03 PM
    Type: error Category: 0
    Event: 58 Source: SideBySide
    Syntax error in manifest or policy file "C:\Program Files\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. 
     
    Log: 'System' Date/Time: 13/01/2015 12:11:03 PM
    Type: error Category: 0
    Event: 34 Source: SideBySide
    Component identity found in manifest does not match the identity of the component requested 
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    Vino's Event Viewer v01c run on Windows XP in English
    Report run at 13/01/2015 12:20:37 PM
     
    Note: All dates below are in the format dd/mm/yyyy
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     

    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    VEW looks better but your FRST log is an older version.  Can you run a new FRST scan with the Addition option checked and then post both logs.


    • 0

    #9
    shar907

    shar907

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts

    Thank You.

     

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-01-2015 01
    Ran by Administrator at 2015-01-14 10:16:09
    Running from C:\Documents and Settings\Administrator\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    µTorrent (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
    10 Talismans (HKLM\...\exent_472250) (Version:  - )
    100 Percent Hidden Objects (HKLM\...\exent_795050) (Version:  - )
    ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Agatha Christie: Dead Man's Folly (HKLM\...\exent_687250) (Version:  - )
    Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
    Azteca (HKLM\...\exent_529250) (Version:  - )
    Big City Adventure™ - Rio de Janeiro (HKLM\...\89081897daeb0fe47fc159281c61a4e8) (Version:  - GameHouse)
    Broadcom Advanced Control Suite (HKLM\...\{058B32E2-6310-4359-B2D4-1988390C3B83}) (Version: 8.20.01 - Broadcom Corporation)
    Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.10.07 - Broadcom Corporation)
    CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
    Citrix online plug-in (Web) (HKLM\...\{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
    Dream Chronicles (HKLM\...\exent_515450) (Version:  - )
    Dream Chronicles 2 The Eternal Maze (HKLM\...\exent_574250) (Version:  - )
    Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
    Epson E-Web Print (HKLM\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
    EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
    EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
    EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
    EPSON WorkForce 500 Series Printer Uninstall (HKLM\...\EPSON WorkForce 500 Series) (Version:  - SEIKO EPSON Corporation)
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
    Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
    Mahjong Mysteries of the Past (HKLM\...\exent_765950) (Version:  - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Midnight Mysteries - Devil on the MissIssippi (HKLM\...\exent_745650) (Version:  - )
    My Farm Life 2 (HKLM\...\exent_748750) (Version:  - )
    MyFreeCodec (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\MyFreeCodec) (Version:  - )
    Online Games Manager v1.30 (HKLM\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
    OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Righteous Kill (HKLM\...\exent_605250) (Version:  - )
    Rocket (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Rocket) (Version: 31.0.1650.23 - Rocket) <==== ATTENTION!
    Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
    Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Shutter Island (HKLM\...\exent_669950) (Version:  - )
    Software Updater (HKLM\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
    SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
    Speccy (HKLM\...\Speccy) (Version: 1.27 - Piriform)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
    System Checkup 3.5 (HKLM\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.2.0 - iolo technologies, LLC)
    Unlikely Suspects (HKLM\...\exent_708650) (Version:  - )
    Vacation Adventures - Park Ranger 2 (HKLM\...\d9b4a73170343d1264d5ca8d7281b070) (Version:  - GameHouse)
    Valerie Porter and the Scarlet Scandal (HKLM\...\exent_661850) (Version:  - )
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
    Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
     
    ==================== Restore Points  =========================
     
    10-12-2014 12:16:59 System Checkpoint
    10-12-2014 13:00:19 Software Distribution Service 3.0
    11-12-2014 13:53:19 System Checkpoint
    12-12-2014 14:00:10 System Checkpoint
    13-12-2014 15:00:14 System Checkpoint
    14-12-2014 15:29:24 System Checkpoint
    15-12-2014 15:41:04 System Checkpoint
    16-12-2014 16:31:32 System Checkpoint
    18-12-2014 11:48:59 Installed Adobe Reader XI (11.0.03).
    19-12-2014 11:55:46 System Checkpoint
    20-12-2014 11:55:55 System Checkpoint
    21-12-2014 12:36:09 System Checkpoint
    22-12-2014 13:05:25 System Checkpoint
    23-12-2014 13:12:36 System Checkpoint
    24-12-2014 20:25:04 System Checkpoint
    25-12-2014 12:55:07 Installed LG United Mobile Drivers.
    26-12-2014 13:45:46 System Checkpoint
    27-12-2014 13:51:43 System Checkpoint
    28-12-2014 19:09:46 System Checkpoint
    30-12-2014 13:24:56 System Checkpoint
    31-12-2014 13:54:32 System Checkpoint
    01-01-2015 15:28:08 System Checkpoint
    02-01-2015 21:09:01 System Checkpoint
    04-01-2015 00:28:13 Restore Operation
    04-01-2015 00:45:33 Restore Operation
    04-01-2015 01:17:38 Restore Operation
    06-01-2015 12:28:57 System Checkpoint
    07-01-2015 13:42:43 System Checkpoint
    08-01-2015 14:05:02 System Checkpoint
    09-01-2015 14:13:58 System Checkpoint
    10-01-2015 14:40:11 System Checkpoint
    11-01-2015 19:17:24 System Checkpoint
    12-01-2015 19:58:34 System Checkpoint
    13-01-2015 10:58:14 Removed Broadcom ASF Management Applications
    13-01-2015 10:58:43 Removed Broadcom Gigabit Integrated Controller
    13-01-2015 10:59:22 Removed Broadcom Advanced Control Suite
    13-01-2015 11:14:32 Restore Operation
    13-01-2015 11:24:30 Removed Broadcom ASF Management Applications
    13-01-2015 14:31:23 Software Distribution Service 3.0
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2008-04-14 02:00 - 2008-04-14 02:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{2831618B-F7F8-41DB-B0EA-7521879D55D3}.job => C:\WINDOWS\system32\msfeedssync.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2015-01-14 09:58 - 2015-01-14 09:58 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011400\algo.dll
    2013-04-08 11:25 - 2011-04-02 15:03 - 00151552 _____ () C:\WINDOWS\system32\HP1100LM.DLL
    2013-04-08 11:25 - 2011-04-02 15:03 - 00069632 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1100PP.DLL
    2013-10-24 09:53 - 2014-11-21 11:39 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00036864 _____ () C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
    2014-02-14 20:54 - 2014-07-25 03:40 - 14937600 _____ () C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00594944 _____ () C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00023040 _____ () C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
    2014-01-23 17:23 - 2014-01-23 17:23 - 00057856 _____ () C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B881EAB4
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-796845957-823518204-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    Guest (S-1-5-21-796845957-823518204-1177238915-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-796845957-823518204-1177238915-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-796845957-823518204-1177238915-1002 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
     
    System errors:
    =============
    Error: (01/14/2015 09:56:28 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .
     
    Error: (01/14/2015 09:56:28 AM) (Source: SideBySide) (EventID: 58) (User: )
    Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
    1" on line The manifest file contains one or more syntax errors.
    2.
     
    Error: (01/14/2015 09:56:28 AM) (Source: SideBySide) (EventID: 34) (User: )
    Description: Component identity found in manifest does not match the identity of the component requested
     
    Error: (01/14/2015 00:00:52 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .
     
    Error: (01/14/2015 00:00:52 AM) (Source: SideBySide) (EventID: 58) (User: )
    Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
    1" on line The manifest file contains one or more syntax errors.
    2.
     
    Error: (01/14/2015 00:00:52 AM) (Source: SideBySide) (EventID: 34) (User: )
    Description: Component identity found in manifest does not match the identity of the component requested
     
    Error: (01/13/2015 00:11:03 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .
     
    Error: (01/13/2015 00:11:03 PM) (Source: SideBySide) (EventID: 58) (User: )
    Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
    1" on line The manifest file contains one or more syntax errors.
    2.
     
    Error: (01/13/2015 00:11:03 PM) (Source: SideBySide) (EventID: 34) (User: )
    Description: Component identity found in manifest does not match the identity of the component requested
     
     
    Microsoft Office Sessions:
    =========================
     
    ==================== Memory info =========================== 
     
    Processor:  Intel® Pentium® 4 CPU 3.20GHz
    Percentage of memory in use: 46%
    Total physical RAM: 1014.07 MB
    Available physical RAM: 542.25 MB
    Total Pagefile: 2441.07 MB
    Available Pagefile: 2065.63 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1930.87 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:74.5 GB) (Free:42.85 GB) NTFS ==>[Drive with boot components (Windows XP)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: DAB7DAB7)
    Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================
     
    This was the first log, below.
     
    ==================== End Of Log ============================

    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    uninstall Citrix online plug-in

     

    it's not installing correctly.

     

    FRST log please.


    • 0

    Advertisements


    #11
    shar907

    shar907

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts

    I uninstalled Citrix online plugin. I need it for work. Can i install it later?

     

    1. Scan without Addition checked

     

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-01-2015 01
    Ran by Administrator at 2015-01-15 01:19:21
    Running from C:\Documents and Settings\Administrator\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    µTorrent (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
    10 Talismans (HKLM\...\exent_472250) (Version:  - )
    100 Percent Hidden Objects (HKLM\...\exent_795050) (Version:  - )
    ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Agatha Christie: Dead Man's Folly (HKLM\...\exent_687250) (Version:  - )
    Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
    Azteca (HKLM\...\exent_529250) (Version:  - )
    Big City Adventure™ - Rio de Janeiro (HKLM\...\89081897daeb0fe47fc159281c61a4e8) (Version:  - GameHouse)
    Broadcom Advanced Control Suite (HKLM\...\{058B32E2-6310-4359-B2D4-1988390C3B83}) (Version: 8.20.01 - Broadcom Corporation)
    Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.10.07 - Broadcom Corporation)
    CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
    Dream Chronicles (HKLM\...\exent_515450) (Version:  - )
    Dream Chronicles 2 The Eternal Maze (HKLM\...\exent_574250) (Version:  - )
    Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
    Epson E-Web Print (HKLM\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
    EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
    EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
    EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
    EPSON WorkForce 500 Series Printer Uninstall (HKLM\...\EPSON WorkForce 500 Series) (Version:  - SEIKO EPSON Corporation)
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
    Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
    Mahjong Mysteries of the Past (HKLM\...\exent_765950) (Version:  - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Midnight Mysteries - Devil on the MissIssippi (HKLM\...\exent_745650) (Version:  - )
    My Farm Life 2 (HKLM\...\exent_748750) (Version:  - )
    MyFreeCodec (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\MyFreeCodec) (Version:  - )
    Online Games Manager v1.30 (HKLM\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
    OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Righteous Kill (HKLM\...\exent_605250) (Version:  - )
    Rocket (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Rocket) (Version: 31.0.1650.23 - Rocket) <==== ATTENTION!
    Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
    Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Shutter Island (HKLM\...\exent_669950) (Version:  - )
    Software Updater (HKLM\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
    SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
    Speccy (HKLM\...\Speccy) (Version: 1.27 - Piriform)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
    System Checkup 3.5 (HKLM\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.2.0 - iolo technologies, LLC)
    Unlikely Suspects (HKLM\...\exent_708650) (Version:  - )
    Vacation Adventures - Park Ranger 2 (HKLM\...\d9b4a73170343d1264d5ca8d7281b070) (Version:  - GameHouse)
    Valerie Porter and the Scarlet Scandal (HKLM\...\exent_661850) (Version:  - )
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
    Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
     
    ==================== Restore Points  =========================
     
    10-12-2014 12:16:59 System Checkpoint
    10-12-2014 13:00:19 Software Distribution Service 3.0
    11-12-2014 13:53:19 System Checkpoint
    12-12-2014 14:00:10 System Checkpoint
    13-12-2014 15:00:14 System Checkpoint
    14-12-2014 15:29:24 System Checkpoint
    15-12-2014 15:41:04 System Checkpoint
    16-12-2014 16:31:32 System Checkpoint
    18-12-2014 11:48:59 Installed Adobe Reader XI (11.0.03).
    19-12-2014 11:55:46 System Checkpoint
    20-12-2014 11:55:55 System Checkpoint
    21-12-2014 12:36:09 System Checkpoint
    22-12-2014 13:05:25 System Checkpoint
    23-12-2014 13:12:36 System Checkpoint
    24-12-2014 20:25:04 System Checkpoint
    25-12-2014 12:55:07 Installed LG United Mobile Drivers.
    26-12-2014 13:45:46 System Checkpoint
    27-12-2014 13:51:43 System Checkpoint
    28-12-2014 19:09:46 System Checkpoint
    30-12-2014 13:24:56 System Checkpoint
    31-12-2014 13:54:32 System Checkpoint
    01-01-2015 15:28:08 System Checkpoint
    02-01-2015 21:09:01 System Checkpoint
    04-01-2015 00:28:13 Restore Operation
    04-01-2015 00:45:33 Restore Operation
    04-01-2015 01:17:38 Restore Operation
    06-01-2015 12:28:57 System Checkpoint
    07-01-2015 13:42:43 System Checkpoint
    08-01-2015 14:05:02 System Checkpoint
    09-01-2015 14:13:58 System Checkpoint
    10-01-2015 14:40:11 System Checkpoint
    11-01-2015 19:17:24 System Checkpoint
    12-01-2015 19:58:34 System Checkpoint
    13-01-2015 10:58:14 Removed Broadcom ASF Management Applications
    13-01-2015 10:58:43 Removed Broadcom Gigabit Integrated Controller
    13-01-2015 10:59:22 Removed Broadcom Advanced Control Suite
    13-01-2015 11:14:32 Restore Operation
    13-01-2015 11:24:30 Removed Broadcom ASF Management Applications
    13-01-2015 14:31:23 Software Distribution Service 3.0
    15-01-2015 01:07:57 Removed Citrix online plug-in (Web)
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2008-04-14 02:00 - 2008-04-14 02:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{2831618B-F7F8-41DB-B0EA-7521879D55D3}.job => C:\WINDOWS\system32\msfeedssync.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2015-01-14 23:50 - 2015-01-14 23:50 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011401\algo.dll
    2013-04-08 11:25 - 2011-04-02 15:03 - 00151552 _____ () C:\WINDOWS\system32\HP1100LM.DLL
    2013-04-08 11:25 - 2011-04-02 15:03 - 00069632 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1100PP.DLL
    2013-10-24 09:53 - 2014-11-21 11:39 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00036864 _____ () C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
    2014-02-14 20:54 - 2014-07-25 03:40 - 14937600 _____ () C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00594944 _____ () C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00023040 _____ () C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
    2014-01-23 17:23 - 2014-01-23 17:23 - 00057856 _____ () C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
    2008-04-14 02:00 - 2008-04-14 02:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2008-04-14 02:00 - 2008-04-14 02:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2014-12-11 15:34 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
    2014-12-11 15:34 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B881EAB4
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-796845957-823518204-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    Guest (S-1-5-21-796845957-823518204-1177238915-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-796845957-823518204-1177238915-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-796845957-823518204-1177238915-1002 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
     
    System errors:
    =============
    Error: (01/15/2015 01:08:01 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .
     
    Error: (01/15/2015 01:08:01 AM) (Source: SideBySide) (EventID: 58) (User: )
    Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
    1" on line The manifest file contains one or more syntax errors.
    2.
     
    Error: (01/15/2015 01:08:01 AM) (Source: SideBySide) (EventID: 34) (User: )
    Description: Component identity found in manifest does not match the identity of the component requested
     
    Error: (01/15/2015 01:07:27 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .
     
    Error: (01/15/2015 01:07:27 AM) (Source: SideBySide) (EventID: 58) (User: )
    Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
    1" on line The manifest file contains one or more syntax errors.
    2.
     
    Error: (01/15/2015 01:07:27 AM) (Source: SideBySide) (EventID: 34) (User: )
    Description: Component identity found in manifest does not match the identity of the component requested
     
    Error: (01/14/2015 11:49:20 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .
     
    Error: (01/14/2015 11:49:20 PM) (Source: SideBySide) (EventID: 58) (User: )
    Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
    1" on line The manifest file contains one or more syntax errors.
    2.
     
    Error: (01/14/2015 11:49:20 PM) (Source: SideBySide) (EventID: 34) (User: )
    Description: Component identity found in manifest does not match the identity of the component requested
     
    Error: (01/14/2015 09:56:28 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .
     
     
    Microsoft Office Sessions:
    =========================
     
    ==================== Memory info =========================== 
     
    Processor:  Intel® Pentium® 4 CPU 3.20GHz
    Percentage of memory in use: 49%
    Total physical RAM: 1014.07 MB
    Available physical RAM: 515.58 MB
    Total Pagefile: 2441.07 MB
    Available Pagefile: 1881.14 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1930.87 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:74.5 GB) (Free:42.73 GB) NTFS ==>[Drive with boot components (Windows XP)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: DAB7DAB7)
    Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================
     
     
    2. Second scan with Addition checked
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-01-2015 01
    Ran by Administrator (administrator) on COMPUTER-52964B on 15-01-2015 01:17:54
    Running from C:\Documents and Settings\Administrator\Desktop
    Loaded Profile: Administrator (Available profiles: Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: Rocket)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Samsung) C:\Program Files\Samsung\Kies\Kies.exe
    (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
    (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIIVE.EXE
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
    (HP) C:\WINDOWS\system32\HPSIsvc.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
    () C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
    HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
    HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [GoogleChromeAutoLaunch_1D779E6F1F1A75C4ED2C2669C0FDD24A] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIIVE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2014-12-18] (SUPERAntiSpyware)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
    HKU\S-1-5-21-796845957-823518204-1177238915-500\...\RunOnce: [Adobe Speed Launcher] => !)sc
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
    HKU\S-1-5-21-796845957-823518204-1177238915-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
    HKU\S-1-5-21-796845957-823518204-1177238915-500\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
    HKU\S-1-5-21-796845957-823518204-1177238915-500\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
    SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
    SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {07BEA7CA-756C-4E81-9EC5-471208BF1D93} URL = http://search.whites...m={SearchTerms}
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.yahoo....petb&type=10723
    SearchScopes: HKU\S-1-5-21-796845957-823518204-1177238915-500 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
    BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1362715067859
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
    DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-796845957-823518204-1177238915-500: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-08]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
    FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-09-27]
     
    Chrome: 
    =======
    CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (Oberon com adapter) - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
    CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files\Free Ride Games\npExentCtl.dll No File
    CHR Plugin: (         "name": "",) - C:\Program Files\Free Ride Games\npGameTreatWidget.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
    CHR Plugin: (Java™ Platform SE 7 U67) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
    CHR HKLM\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
    CHR HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
    R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-11-17] (Oracle Corporation)
    R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
    S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{8EB1C2D4-CE55-423E-BB79-57C86B5EE06D}
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 andnetadb; C:\WINDOWS\System32\Drivers\lgandnetadb.sys [25856 2012-07-03] (Google Inc)
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-21] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software)
    R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-21] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-21] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-21] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-21] ()
    S3 rt2870; C:\WINDOWS\System32\DRIVERS\Drt2870.sys [724736 2010-02-02] (Ralink Technology, Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-14 10:16 - 2015-01-15 01:18 - 00015422 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
    2015-01-14 10:16 - 2015-01-14 10:16 - 00016102 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt
    2015-01-13 12:18 - 2015-01-13 12:20 - 00000359 _____ () C:\VEW.txt
    2015-01-13 12:14 - 2015-01-13 12:14 - 00061440 _____ ( ) C:\Documents and Settings\Administrator\Desktop\VEW.exe
    2015-01-13 11:55 - 2015-01-13 11:55 - 00000654 _____ () C:\Documents and Settings\All Users\Desktop\Speccy.lnk
    2015-01-13 11:55 - 2015-01-13 11:55 - 00000000 ____D () C:\Program Files\Speccy
    2015-01-13 11:55 - 2015-01-13 11:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
    2015-01-13 11:15 - 2015-01-13 11:24 - 00000000 ____D () C:\Program Files\Broadcom
    2015-01-13 11:15 - 2015-01-13 11:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom
    2015-01-11 22:25 - 2015-01-15 01:18 - 00000000 ____D () C:\FRST
    2015-01-11 21:52 - 2015-01-11 21:52 - 00000000 ____D () C:\WINDOWS\ERUNT
    2015-01-11 20:20 - 2015-01-11 20:44 - 00000000 ____D () C:\AdwCleaner
    2015-01-11 20:16 - 2015-01-11 20:16 - 01115648 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
    2015-01-11 20:14 - 2015-01-11 20:14 - 01707939 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
    2015-01-11 20:12 - 2015-01-11 20:13 - 02191360 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
    2015-01-11 18:35 - 2015-01-11 18:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\New Folder
    2015-01-11 18:26 - 2015-01-11 18:26 - 00000000 ____D () C:\_OTL
    2015-01-10 19:39 - 2015-01-10 19:39 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf
    2015-01-06 23:34 - 2015-01-06 23:34 - 00090112 _____ () C:\WINDOWS\Minidump\Mini010615-01.dmp
    2015-01-04 19:44 - 2015-01-04 19:45 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
    2015-01-04 17:42 - 2015-01-04 17:42 - 00003046 _____ () C:\Documents and Settings\Administrator\My Documents\VolumeC DEFRAG.txt
    2015-01-04 01:13 - 2015-01-04 01:13 - 00000000 ____D () C:\SUPERDelete
    2015-01-03 23:04 - 2015-01-03 23:04 - 00347816 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Desktop\MicrosoftFixit.IEAddon.WER.Run (1).exe
    2015-01-02 12:46 - 2015-01-02 12:46 - 00090112 _____ () C:\WINDOWS\Minidump\Mini010215-01.dmp
    2014-12-27 10:46 - 2014-12-27 10:46 - 00090112 _____ () C:\WINDOWS\Minidump\Mini122714-01.dmp
    2014-12-25 19:48 - 2015-01-11 02:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\tifff new thanksgiving
    2014-12-25 12:55 - 2014-12-25 12:55 - 00000000 ____D () C:\Program Files\LG Electronics
    2014-12-21 01:30 - 2015-01-14 13:54 - 00424528 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2014-12-18 11:50 - 2014-12-18 12:03 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    2014-12-18 11:50 - 2014-12-18 11:50 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
    2014-12-18 11:45 - 2014-12-18 11:47 - 50107976 _____ (Adobe Systems Incorporated) C:\Documents and Settings\Administrator\Desktop\AdbeRdr11003_en_US.exe
    2014-12-18 11:30 - 2014-12-18 11:30 - 00090112 _____ () C:\WINDOWS\Minidump\Mini121814-01.dmp
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-15 01:18 - 2013-03-07 22:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
    2015-01-15 01:08 - 2013-10-06 10:48 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{2831618B-F7F8-41DB-B0EA-7521879D55D3}.job
    2015-01-15 01:08 - 2013-03-07 19:54 - 02003171 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-15 00:34 - 2014-08-15 19:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-01-15 00:32 - 2013-07-18 21:46 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-14 23:54 - 2013-03-08 00:04 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2015-01-14 23:50 - 2014-12-14 00:35 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-01-14 23:49 - 2013-07-18 21:46 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-14 23:49 - 2013-03-07 22:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-01-14 23:49 - 2013-03-07 11:49 - 00000157 _____ () C:\WINDOWS\wiadebug.log
    2015-01-14 23:49 - 2013-03-07 11:49 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2015-01-14 23:49 - 2008-04-14 02:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-01-14 13:54 - 2013-03-07 22:25 - 00032606 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-01-14 13:54 - 2013-03-07 22:25 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
    2015-01-14 10:34 - 2014-08-15 19:02 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-01-14 10:34 - 2014-08-15 19:02 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2015-01-13 14:43 - 2013-08-17 12:56 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-01-13 14:31 - 2013-03-07 23:30 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-01-13 11:59 - 2013-03-07 11:45 - 00897866 _____ () C:\WINDOWS\setupapi.log
    2015-01-13 11:15 - 2013-03-07 22:25 - 00000000 __SHD () C:\Documents and Settings\LocalService
    2015-01-13 11:15 - 2013-03-07 22:25 - 00000000 ____D () C:\Documents and Settings\Administrator
    2015-01-13 11:15 - 2013-03-07 19:59 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2015-01-13 11:15 - 2013-03-07 19:52 - 00000000 ____D () C:\WINDOWS\Registration
    2015-01-12 11:18 - 2014-07-21 23:55 - 00002633 _____ () C:\Documents and Settings\Administrator\Desktop\Rocket.lnk
    2015-01-12 09:46 - 2013-03-07 19:59 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
    2015-01-11 05:40 - 2013-03-07 19:55 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
    2015-01-11 01:50 - 2013-03-07 19:52 - 00046313 _____ () C:\WINDOWS\wmsetup.log
    2015-01-10 19:39 - 2013-03-07 11:45 - 00192550 _____ () C:\WINDOWS\setupact.log
    2015-01-08 01:37 - 2014-01-16 11:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Unused Desktop Shortcuts
    2015-01-06 23:34 - 2014-05-14 14:00 - 00000000 ____D () C:\WINDOWS\Minidump
    2015-01-04 01:12 - 2014-06-22 14:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Dropbox
    2015-01-04 01:12 - 2014-05-18 22:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\uTorrent
    2015-01-04 01:12 - 2013-03-13 15:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2015-01-03 23:50 - 2014-07-21 23:27 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
    2015-01-03 21:11 - 2014-08-03 00:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Chivas stuff
    2015-01-03 21:11 - 2013-06-21 10:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Msic
    2015-01-03 20:36 - 2014-10-23 00:08 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\ID Vault
    2015-01-03 20:36 - 2013-10-04 12:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\ArcSoft
    2014-12-18 11:52 - 2014-11-17 14:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
    2014-12-18 11:49 - 2013-03-13 15:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    ==================== End Of Log ============================
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-01-2015 01
    Ran by Administrator at 2015-01-15 01:19:21
    Running from C:\Documents and Settings\Administrator\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    µTorrent (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
    10 Talismans (HKLM\...\exent_472250) (Version:  - )
    100 Percent Hidden Objects (HKLM\...\exent_795050) (Version:  - )
    ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Agatha Christie: Dead Man's Folly (HKLM\...\exent_687250) (Version:  - )
    Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
    Azteca (HKLM\...\exent_529250) (Version:  - )
    Big City Adventure™ - Rio de Janeiro (HKLM\...\89081897daeb0fe47fc159281c61a4e8) (Version:  - GameHouse)
    Broadcom Advanced Control Suite (HKLM\...\{058B32E2-6310-4359-B2D4-1988390C3B83}) (Version: 8.20.01 - Broadcom Corporation)
    Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.10.07 - Broadcom Corporation)
    CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
    Dream Chronicles (HKLM\...\exent_515450) (Version:  - )
    Dream Chronicles 2 The Eternal Maze (HKLM\...\exent_574250) (Version:  - )
    Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
    Epson E-Web Print (HKLM\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
    EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
    EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
    EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
    EPSON WorkForce 500 Series Printer Uninstall (HKLM\...\EPSON WorkForce 500 Series) (Version:  - SEIKO EPSON Corporation)
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
    Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
    Mahjong Mysteries of the Past (HKLM\...\exent_765950) (Version:  - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Midnight Mysteries - Devil on the MissIssippi (HKLM\...\exent_745650) (Version:  - )
    My Farm Life 2 (HKLM\...\exent_748750) (Version:  - )
    MyFreeCodec (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\MyFreeCodec) (Version:  - )
    Online Games Manager v1.30 (HKLM\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
    OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Righteous Kill (HKLM\...\exent_605250) (Version:  - )
    Rocket (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Rocket) (Version: 31.0.1650.23 - Rocket) <==== ATTENTION!
    Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
    Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Shutter Island (HKLM\...\exent_669950) (Version:  - )
    Software Updater (HKLM\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
    SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
    Speccy (HKLM\...\Speccy) (Version: 1.27 - Piriform)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
    System Checkup 3.5 (HKLM\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.2.0 - iolo technologies, LLC)
    Unlikely Suspects (HKLM\...\exent_708650) (Version:  - )
    Vacation Adventures - Park Ranger 2 (HKLM\...\d9b4a73170343d1264d5ca8d7281b070) (Version:  - GameHouse)
    Valerie Porter and the Scarlet Scandal (HKLM\...\exent_661850) (Version:  - )
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
    Zuma Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}) (Version:  - Oberon Media)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
     
    ==================== Restore Points  =========================
     
    10-12-2014 12:16:59 System Checkpoint
    10-12-2014 13:00:19 Software Distribution Service 3.0
    11-12-2014 13:53:19 System Checkpoint
    12-12-2014 14:00:10 System Checkpoint
    13-12-2014 15:00:14 System Checkpoint
    14-12-2014 15:29:24 System Checkpoint
    15-12-2014 15:41:04 System Checkpoint
    16-12-2014 16:31:32 System Checkpoint
    18-12-2014 11:48:59 Installed Adobe Reader XI (11.0.03).
    19-12-2014 11:55:46 System Checkpoint
    20-12-2014 11:55:55 System Checkpoint
    21-12-2014 12:36:09 System Checkpoint
    22-12-2014 13:05:25 System Checkpoint
    23-12-2014 13:12:36 System Checkpoint
    24-12-2014 20:25:04 System Checkpoint
    25-12-2014 12:55:07 Installed LG United Mobile Drivers.
    26-12-2014 13:45:46 System Checkpoint
    27-12-2014 13:51:43 System Checkpoint
    28-12-2014 19:09:46 System Checkpoint
    30-12-2014 13:24:56 System Checkpoint
    31-12-2014 13:54:32 System Checkpoint
    01-01-2015 15:28:08 System Checkpoint
    02-01-2015 21:09:01 System Checkpoint
    04-01-2015 00:28:13 Restore Operation
    04-01-2015 00:45:33 Restore Operation
    04-01-2015 01:17:38 Restore Operation
    06-01-2015 12:28:57 System Checkpoint
    07-01-2015 13:42:43 System Checkpoint
    08-01-2015 14:05:02 System Checkpoint
    09-01-2015 14:13:58 System Checkpoint
    10-01-2015 14:40:11 System Checkpoint
    11-01-2015 19:17:24 System Checkpoint
    12-01-2015 19:58:34 System Checkpoint
    13-01-2015 10:58:14 Removed Broadcom ASF Management Applications
    13-01-2015 10:58:43 Removed Broadcom Gigabit Integrated Controller
    13-01-2015 10:59:22 Removed Broadcom Advanced Control Suite
    13-01-2015 11:14:32 Restore Operation
    13-01-2015 11:24:30 Removed Broadcom ASF Management Applications
    13-01-2015 14:31:23 Software Distribution Service 3.0
    15-01-2015 01:07:57 Removed Citrix online plug-in (Web)
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2008-04-14 02:00 - 2008-04-14 02:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{2831618B-F7F8-41DB-B0EA-7521879D55D3}.job => C:\WINDOWS\system32\msfeedssync.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2015-01-14 23:50 - 2015-01-14 23:50 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011401\algo.dll
    2013-04-08 11:25 - 2011-04-02 15:03 - 00151552 _____ () C:\WINDOWS\system32\HP1100LM.DLL
    2013-04-08 11:25 - 2011-04-02 15:03 - 00069632 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1100PP.DLL
    2013-10-24 09:53 - 2014-11-21 11:39 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00036864 _____ () C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
    2014-02-14 20:54 - 2014-07-25 03:40 - 14937600 _____ () C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00594944 _____ () C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
    2014-02-14 20:53 - 2014-07-25 03:39 - 00023040 _____ () C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
    2014-01-23 17:23 - 2014-01-23 17:23 - 00057856 _____ () C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
    2008-04-14 02:00 - 2008-04-14 02:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2008-04-14 02:00 - 2008-04-14 02:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2014-12-11 15:34 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
    2014-12-11 15:34 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:B881EAB4
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-796845957-823518204-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    Guest (S-1-5-21-796845957-823518204-1177238915-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-796845957-823518204-1177238915-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-796845957-823518204-1177238915-1002 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
     
    System errors:
    =============
    Error: (01/15/2015 01:08:01 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .
     
    Error: (01/15/2015 01:08:01 AM) (Source: SideBySide) (EventID: 58) (User: )
    Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
    1" on line The manifest file contains one or more syntax errors.
    2.
     
    Error: (01/15/2015 01:08:01 AM) (Source: SideBySide) (EventID: 34) (User: )
    Description: Component identity found in manifest does not match the identity of the component requested
     
    Error: (01/15/2015 01:07:27 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .
     
    Error: (01/15/2015 01:07:27 AM) (Source: SideBySide) (EventID: 58) (User: )
    Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
    1" on line The manifest file contains one or more syntax errors.
    2.
     
    Error: (01/15/2015 01:07:27 AM) (Source: SideBySide) (EventID: 34) (User: )
    Description: Component identity found in manifest does not match the identity of the component requested
     
    Error: (01/14/2015 11:49:20 PM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .
     
    Error: (01/14/2015 11:49:20 PM) (Source: SideBySide) (EventID: 58) (User: )
    Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
    1" on line The manifest file contains one or more syntax errors.
    2.
     
    Error: (01/14/2015 11:49:20 PM) (Source: SideBySide) (EventID: 34) (User: )
    Description: Component identity found in manifest does not match the identity of the component requested
     
    Error: (01/14/2015 09:56:28 AM) (Source: SideBySide) (EventID: 59) (User: )
    Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
    Reference error message: The operation completed successfully.
    .
     
     
    Microsoft Office Sessions:
    =========================
     
    ==================== Memory info =========================== 
     
    Processor:  Intel® Pentium® 4 CPU 3.20GHz
    Percentage of memory in use: 49%
    Total physical RAM: 1014.07 MB
    Available physical RAM: 515.58 MB
    Total Pagefile: 2441.07 MB
    Available Pagefile: 1881.14 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1930.87 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:74.5 GB) (Free:42.73 GB) NTFS ==>[Drive with boot components (Windows XP)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: DAB7DAB7)
    Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================
     

    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Download. Save and install:

     

    https://www.microsof...ls.aspx?id=5638

     

    Then reinstall your Citrix.  That's supposed to fix these errors.

     

    Error: (01/15/2015 01:08:01 AM) (Source: SideBySide) (EventID: 58) (User: )
    Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
    1" on line The manifest file contains one or more syntax errors.
    2.
     
    Error: (01/15/2015 01:08:01 AM) (Source: SideBySide) (EventID: 34) (User: )
    Description: Component identity found in manifest does not match the identity of the component requested

     

     


    • 0

    #13
    shar907

    shar907

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts

    I downloaded the fix and re-installed Citrix. It opens differently but I can get to the information I need. 

    Thanks


    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    FRST also thinks Rocket is a bad program.

     

    Rocket (HKU\S-1-5-21-796845957-823518204-1177238915-500\...\Rocket) (Version: 31.0.1650.23 - Rocket) <==== ATTENTION!

     

     

     

    Seems to be a lot of bad press about it when I google it.  Are you sure you trust it?

     

    How is Chrome opening pages?


    • 0

    #15
    shar907

    shar907

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts

    Chrome is opening pages fast. I don't need Rocket.

     

    Thanks


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP