Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-05-2015
Ran by Steve at 2015-05-05 14:06:53
Running from C:\Documents and Settings\Steve\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-790525478-2000478354-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-790525478-2000478354-725345543-1005 - Limited - Enabled)
Guest (S-1-5-21-790525478-2000478354-725345543-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-790525478-2000478354-725345543-1000 - Limited - Disabled)
Steve (S-1-5-21-790525478-2000478354-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Steve
SUPPORT_388945a0 (S-1-5-21-790525478-2000478354-725345543-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-790525478-2000478354-725345543-1004\...\uTorrent) (Version: 3.4.3.40208 - BitTorrent Inc.)
AMD Catalyst Install Manager (HKLM\...\{ADFFE046-88C0-5ABF-A93A-B95C19B54DF1}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Advanced Micro Devices, Inc.)
AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD)
Asmedia USB Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.23.0 - Asmedia Technology)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Media Player Codec Pack 4.3.7 (HKLM\...\Media Player - Codec Pack) (Version: 4.3.7 - Media Player Codec Pack)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MSI Afterburner 4.1.0 (HKLM\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSI Kombustor 2.5.9 (HKLM\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD)
MSI Live Update 6 (HKLM\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.017 - MSI)
Norton Internet Security (HKLM\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.3.0 (HKLM\...\RTSS) (Version: 6.3.0 - Unwinder)
Sims 4 by BuZeR version final (HKLM\...\{ED118F10-E516-4245-160F-6213F508F71F}_is1) (Version: final - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
01-05-2015 22:25:04 System Checkpoint
01-05-2015 22:41:19 Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
01-05-2015 22:44:32 Installed AMD Processor Driver
01-05-2015 23:07:35 Installed Windows XP Service Pack 3.
01-05-2015 23:19:11 Installed Windows KB954550-v5.
01-05-2015 23:19:14 Printer Driver Microsoft XPS Document Writer Installed
01-05-2015 23:19:17 Printer Driver Microsoft XPS Document Writer Installed
01-05-2015 23:23:59 Installed Realtek High Definition Audio Driver
02-05-2015 00:00:02 Installed DirectX
02-05-2015 12:13:31 Installed Windows Media Player 11
02-05-2015 12:13:49 Software Distribution Service 3.0
02-05-2015 12:38:06 Installed Windows XP Wdf01009.
02-05-2015 14:43:42 Installed DirectX
02-05-2015 14:44:28 Installed Microsoft Visual C++ 2005 Redistributable
02-05-2015 14:51:21 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
02-05-2015 14:51:36 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
02-05-2015 23:32:44 Software Distribution Service 3.0
03-05-2015 03:00:23 Software Distribution Service 3.0
03-05-2015 13:21:17 Installed AMD OverDrive.
03-05-2015 13:37:55 Software Distribution Service 3.0
04-05-2015 16:37:52 Software Distribution Service 3.0
05-05-2015 11:59:57 Removed Google Drive
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-02-28 07:00 - 2015-05-05 13:31 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Loaded Modules (whitelisted) ==============
2015-05-03 16:03 - 2015-05-03 16:03 - 153822720 __RSH () C:\Documents and Settings\All Users\nvxasync\cvxasync.exe
2015-05-03 16:03 - 2015-05-03 16:03 - 153822720 __RSH () C:\Documents and Settings\Steve\Application Data\nvxasync\nvxasync.exe
2014-12-06 02:03 - 2014-12-06 02:03 - 00565760 _____ () C:\Program Files\MSI Afterburner\MSIAfterburner.exe
2014-12-06 02:01 - 2014-12-06 02:01 - 00071680 _____ () C:\Program Files\MSI Afterburner\RTMUI.dll
2014-12-06 02:01 - 2014-12-06 02:01 - 00056832 _____ () C:\Program Files\MSI Afterburner\RTFC.dll
2014-12-06 02:02 - 2014-12-06 02:02 - 00217600 _____ () C:\Program Files\MSI Afterburner\RTCore.dll
2014-12-06 02:01 - 2014-12-06 02:01 - 00353792 _____ () C:\Program Files\MSI Afterburner\RTUI.dll
2014-12-06 02:02 - 2014-12-06 02:02 - 00649216 _____ () C:\Program Files\MSI Afterburner\RTHAL.dll
2010-03-16 12:22 - 2010-03-16 12:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-08-30 03:03 - 2013-08-30 03:03 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2006-02-28 07:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-02-28 07:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2015-05-05 12:07 - 2015-04-27 21:07 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dl l
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-790525478-2000478354-725345543-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 10.0.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Steve\Application Data\uTorrent\uTorrent.exe] => Enabled:μTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/05/2015 01:58:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 5.5.2015.0, faulting module frst.exe, version 5.5.2015.0, fault address 0x0001f09e.
Processing media-specific event for [frst.exe!ws!]
Error: (05/05/2015 01:28:41 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
Error: (05/05/2015 01:28:13 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Error: (05/05/2015 01:28:12 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
Error: (05/05/2015 00:41:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application housecall.bin, version 1.62.0.1087, faulting module hc_core.dll, version 1.62.0.1089, fault address 0x00024d77.
Processing media-specific event for [housecall.bin!ws!]
Error: (05/04/2015 08:50:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application update.fg3, version 1.5.139.1020, faulting module simulation.dll, version 1.200.0.101, fault address 0x00304494.
Processing media-specific event for [update.fg3!ws!]
Error: (05/04/2015 08:50:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application update.fg3, version 1.5.139.1020, faulting module simulation.dll, version 1.200.0.101, fault address 0x00304494.
Processing media-specific event for [update.fg3!ws!]
Error: (05/04/2015 08:47:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application update.fg3, version 1.5.139.1020, faulting module simulation.dll, version 1.200.0.101, fault address 0x00304494.
Processing media-specific event for [update.fg3!ws!]
Error: (05/04/2015 08:44:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application update.fg3, version 1.5.139.1020, faulting module simulation.dll, version 1.200.0.101, fault address 0x00304494.
Processing media-specific event for [update.fg3!ws!]
Error: (05/04/2015 08:42:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application update.fg3, version 1.5.139.1020, faulting module simulation.dll, version 1.200.0.101, fault address 0x00304494.
Processing media-specific event for [update.fg3!ws!]
System errors:
=============
Error: (05/05/2015 01:55:40 PM) (Source: BROWSER) (EventID: 8009) (User: )
Description: The browser was unable to promote itself to master browser. The computer that currently
believes it is the master browser is GEORGE-6CA09241.
Error: (05/05/2015 01:55:40 PM) (Source: 0) (EventID: 4321) (User: )
Description: MSHOME :1d10.0.0.1110.0.0.49
Error: (05/05/2015 01:50:29 PM) (Source: 0) (EventID: 4321) (User: )
Description: MSHOME :1d10.0.0.1110.0.0.49
Error: (05/05/2015 01:42:52 PM) (Source: 0) (EventID: 4321) (User: )
Description: MSHOME :1d10.0.0.1110.0.0.49
Error: (05/05/2015 01:37:42 PM) (Source: 0) (EventID: 4321) (User: )
Description: MSHOME :1d10.0.0.1110.0.0.49
Error: (05/05/2015 01:32:32 PM) (Source: 0) (EventID: 4321) (User: )
Description: MSHOME :1d10.0.0.1110.0.0.49
Error: (05/05/2015 01:31:12 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (05/05/2015 01:28:43 PM) (Source: DCOM) (EventID: 10005) (User: STEVE-BAPC)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (05/05/2015 01:28:43 PM) (Source: DCOM) (EventID: 10005) (User: STEVE-BAPC)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error: (05/05/2015 01:28:36 PM) (Source: DCOM) (EventID: 10005) (User: STEVE-BAPC)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Microsoft Office Sessions:
=========================
Error: (05/05/2015 01:58:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe5.5.2015.0frst.exe5.5.2015.00001f09e
Error: (05/05/2015 01:28:41 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.co...rootseq.txtThe server name or address could not be resolved
Error: (05/05/2015 01:28:13 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.co...ootseq.txtThis network connection does not exist.
Error: (05/05/2015 01:28:12 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.co...rootseq.txtThe server name or address could not be resolved
Error: (05/05/2015 00:41:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: housecall.bin1.62.0.1087hc_core.dll1.62.0.108900024d77
Error: (05/04/2015 08:50:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: update.fg31.5.139.1020simulation.dll1.200.0.10100304494
Error: (05/04/2015 08:50:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: update.fg31.5.139.1020simulation.dll1.200.0.10100304494
Error: (05/04/2015 08:47:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: update.fg31.5.139.1020simulation.dll1.200.0.10100304494
Error: (05/04/2015 08:44:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: update.fg31.5.139.1020simulation.dll1.200.0.10100304494
Error: (05/04/2015 08:42:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: update.fg31.5.139.1020simulation.dll1.200.0.10100304494
==================== Memory info ===========================
Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 26%
Total physical RAM: 3033.88 MB
Available physical RAM: 2240.95 MB
Total Pagefile: 4919 MB
Available Pagefile: 3651.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.21 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.88 GB) (Free:183.82 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 89E189E1)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ran by Steve at 2015-05-05 14:06:53
Running from C:\Documents and Settings\Steve\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-790525478-2000478354-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-790525478-2000478354-725345543-1005 - Limited - Enabled)
Guest (S-1-5-21-790525478-2000478354-725345543-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-790525478-2000478354-725345543-1000 - Limited - Disabled)
Steve (S-1-5-21-790525478-2000478354-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Steve
SUPPORT_388945a0 (S-1-5-21-790525478-2000478354-725345543-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-790525478-2000478354-725345543-1004\...\uTorrent) (Version: 3.4.3.40208 - BitTorrent Inc.)
AMD Catalyst Install Manager (HKLM\...\{ADFFE046-88C0-5ABF-A93A-B95C19B54DF1}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Advanced Micro Devices, Inc.)
AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD)
Asmedia USB Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.23.0 - Asmedia Technology)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Media Player Codec Pack 4.3.7 (HKLM\...\Media Player - Codec Pack) (Version: 4.3.7 - Media Player Codec Pack)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MSI Afterburner 4.1.0 (HKLM\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSI Kombustor 2.5.9 (HKLM\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD)
MSI Live Update 6 (HKLM\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.017 - MSI)
Norton Internet Security (HKLM\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.3.0 (HKLM\...\RTSS) (Version: 6.3.0 - Unwinder)
Sims 4 by BuZeR version final (HKLM\...\{ED118F10-E516-4245-160F-6213F508F71F}_is1) (Version: final - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
01-05-2015 22:25:04 System Checkpoint
01-05-2015 22:41:19 Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
01-05-2015 22:44:32 Installed AMD Processor Driver
01-05-2015 23:07:35 Installed Windows XP Service Pack 3.
01-05-2015 23:19:11 Installed Windows KB954550-v5.
01-05-2015 23:19:14 Printer Driver Microsoft XPS Document Writer Installed
01-05-2015 23:19:17 Printer Driver Microsoft XPS Document Writer Installed
01-05-2015 23:23:59 Installed Realtek High Definition Audio Driver
02-05-2015 00:00:02 Installed DirectX
02-05-2015 12:13:31 Installed Windows Media Player 11
02-05-2015 12:13:49 Software Distribution Service 3.0
02-05-2015 12:38:06 Installed Windows XP Wdf01009.
02-05-2015 14:43:42 Installed DirectX
02-05-2015 14:44:28 Installed Microsoft Visual C++ 2005 Redistributable
02-05-2015 14:51:21 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
02-05-2015 14:51:36 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
02-05-2015 23:32:44 Software Distribution Service 3.0
03-05-2015 03:00:23 Software Distribution Service 3.0
03-05-2015 13:21:17 Installed AMD OverDrive.
03-05-2015 13:37:55 Software Distribution Service 3.0
04-05-2015 16:37:52 Software Distribution Service 3.0
05-05-2015 11:59:57 Removed Google Drive
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-02-28 07:00 - 2015-05-05 13:31 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Loaded Modules (whitelisted) ==============
2015-05-03 16:03 - 2015-05-03 16:03 - 153822720 __RSH () C:\Documents and Settings\All Users\nvxasync\cvxasync.exe
2015-05-03 16:03 - 2015-05-03 16:03 - 153822720 __RSH () C:\Documents and Settings\Steve\Application Data\nvxasync\nvxasync.exe
2014-12-06 02:03 - 2014-12-06 02:03 - 00565760 _____ () C:\Program Files\MSI Afterburner\MSIAfterburner.exe
2014-12-06 02:01 - 2014-12-06 02:01 - 00071680 _____ () C:\Program Files\MSI Afterburner\RTMUI.dll
2014-12-06 02:01 - 2014-12-06 02:01 - 00056832 _____ () C:\Program Files\MSI Afterburner\RTFC.dll
2014-12-06 02:02 - 2014-12-06 02:02 - 00217600 _____ () C:\Program Files\MSI Afterburner\RTCore.dll
2014-12-06 02:01 - 2014-12-06 02:01 - 00353792 _____ () C:\Program Files\MSI Afterburner\RTUI.dll
2014-12-06 02:02 - 2014-12-06 02:02 - 00649216 _____ () C:\Program Files\MSI Afterburner\RTHAL.dll
2010-03-16 12:22 - 2010-03-16 12:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-08-30 03:03 - 2013-08-30 03:03 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2006-02-28 07:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-02-28 07:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2015-05-05 12:07 - 2015-04-27 21:07 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dl l
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-790525478-2000478354-725345543-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 10.0.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Steve\Application Data\uTorrent\uTorrent.exe] => Enabled:μTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/05/2015 01:58:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 5.5.2015.0, faulting module frst.exe, version 5.5.2015.0, fault address 0x0001f09e.
Processing media-specific event for [frst.exe!ws!]
Error: (05/05/2015 01:28:41 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
Error: (05/05/2015 01:28:13 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Error: (05/05/2015 01:28:12 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
Error: (05/05/2015 00:41:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application housecall.bin, version 1.62.0.1087, faulting module hc_core.dll, version 1.62.0.1089, fault address 0x00024d77.
Processing media-specific event for [housecall.bin!ws!]
Error: (05/04/2015 08:50:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application update.fg3, version 1.5.139.1020, faulting module simulation.dll, version 1.200.0.101, fault address 0x00304494.
Processing media-specific event for [update.fg3!ws!]
Error: (05/04/2015 08:50:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application update.fg3, version 1.5.139.1020, faulting module simulation.dll, version 1.200.0.101, fault address 0x00304494.
Processing media-specific event for [update.fg3!ws!]
Error: (05/04/2015 08:47:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application update.fg3, version 1.5.139.1020, faulting module simulation.dll, version 1.200.0.101, fault address 0x00304494.
Processing media-specific event for [update.fg3!ws!]
Error: (05/04/2015 08:44:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application update.fg3, version 1.5.139.1020, faulting module simulation.dll, version 1.200.0.101, fault address 0x00304494.
Processing media-specific event for [update.fg3!ws!]
Error: (05/04/2015 08:42:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application update.fg3, version 1.5.139.1020, faulting module simulation.dll, version 1.200.0.101, fault address 0x00304494.
Processing media-specific event for [update.fg3!ws!]
System errors:
=============
Error: (05/05/2015 01:55:40 PM) (Source: BROWSER) (EventID: 8009) (User: )
Description: The browser was unable to promote itself to master browser. The computer that currently
believes it is the master browser is GEORGE-6CA09241.
Error: (05/05/2015 01:55:40 PM) (Source: 0) (EventID: 4321) (User: )
Description: MSHOME :1d10.0.0.1110.0.0.49
Error: (05/05/2015 01:50:29 PM) (Source: 0) (EventID: 4321) (User: )
Description: MSHOME :1d10.0.0.1110.0.0.49
Error: (05/05/2015 01:42:52 PM) (Source: 0) (EventID: 4321) (User: )
Description: MSHOME :1d10.0.0.1110.0.0.49
Error: (05/05/2015 01:37:42 PM) (Source: 0) (EventID: 4321) (User: )
Description: MSHOME :1d10.0.0.1110.0.0.49
Error: (05/05/2015 01:32:32 PM) (Source: 0) (EventID: 4321) (User: )
Description: MSHOME :1d10.0.0.1110.0.0.49
Error: (05/05/2015 01:31:12 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (05/05/2015 01:28:43 PM) (Source: DCOM) (EventID: 10005) (User: STEVE-BAPC)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (05/05/2015 01:28:43 PM) (Source: DCOM) (EventID: 10005) (User: STEVE-BAPC)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error: (05/05/2015 01:28:36 PM) (Source: DCOM) (EventID: 10005) (User: STEVE-BAPC)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Microsoft Office Sessions:
=========================
Error: (05/05/2015 01:58:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe5.5.2015.0frst.exe5.5.2015.00001f09e
Error: (05/05/2015 01:28:41 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.co...rootseq.txtThe server name or address could not be resolved
Error: (05/05/2015 01:28:13 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.co...ootseq.txtThis network connection does not exist.
Error: (05/05/2015 01:28:12 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.co...rootseq.txtThe server name or address could not be resolved
Error: (05/05/2015 00:41:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: housecall.bin1.62.0.1087hc_core.dll1.62.0.108900024d77
Error: (05/04/2015 08:50:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: update.fg31.5.139.1020simulation.dll1.200.0.10100304494
Error: (05/04/2015 08:50:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: update.fg31.5.139.1020simulation.dll1.200.0.10100304494
Error: (05/04/2015 08:47:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: update.fg31.5.139.1020simulation.dll1.200.0.10100304494
Error: (05/04/2015 08:44:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: update.fg31.5.139.1020simulation.dll1.200.0.10100304494
Error: (05/04/2015 08:42:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: update.fg31.5.139.1020simulation.dll1.200.0.10100304494
==================== Memory info ===========================
Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 26%
Total physical RAM: 3033.88 MB
Available physical RAM: 2240.95 MB
Total Pagefile: 4919 MB
Available Pagefile: 3651.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.21 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.88 GB) (Free:183.82 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 89E189E1)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================