Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-09-2014 02 Ran by Rupert Legge at 2014-09-29 19:15:01 Running from C:\Documents and Settings\Rupert Legge\My Documents\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) FW: Online Armor Firewall (Disabled) {B797DAA0-7E2E-4711-8BB3-D12744F1922A} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.53.64 - Adobe Systems Incorporated) Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated) Belkin 54g USB Network Adapter (HKLM\...\{38DFF723-C0B1-44AB-A927-62EDB033908F}) (Version: - ) BHODemon 2.0.0.23 (HKLM\...\BHODemon_is1) (Version: - Definitive Solutions, Inc.) BhoScanner 1.8 (HKLM\...\BhoScanner_is1) (Version: - Nsasoft LLC.) BleachBit (HKLM\...\BleachBit) (Version: - BleachBit) Brother HL-2030 (HKLM\...\{6FDBDD16-B82F-46D0-A935-84DCBF62413B}) (Version: 1.00 - Brother) Colasoft Capsa 7 Free (HKLM\...\Colasoft Capsa 7 Free_is1) (Version: 7.4 - Colasoft) Dependency Viewer 1.1.0 (HKLM\...\{BFCBB837-5A78-4123-8188-61BA623ED1E6}) (Version: 1.1.0 - Fox Programming Solutions) DriverEasy 4.7.8 (HKLM\...\DriverEasy_is1) (Version: 4.7.8.0 - Easeware) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro) Local Cooling Setup (Version: 1.0 - InstallAware Software Corporation) Hidden Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation) Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation) Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla) MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation) MWSnap 3 (HKLM\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz) NTREGOPT 1.1j (HKLM\...\NTREGOPT_is1) (Version: - Lars Hederer) Online Armor 5.0 (HKLM\...\OnlineArmor_is1) (Version: 5.0 - Emsi Software GmbH) Panda USB Vaccine 1.0.1.4 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.0 - Frank Heindörfer, Philip Chinery) Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.36 - Realtek Semiconductor Corp.) Roxio Burn Engine (Version: 2.5.0000 - Roxio) Hidden Samsung ML-2010 Series (HKLM\...\Samsung ML-2010 Series) (Version: - ) Skype Integration (HKLM\...\{6EE738C2-0ECE-4917-B62D-D3061A6B29E7}) (Version: 1.53 - Promotion And Display Technology Limited) Speech Redistributables (HKLM\...\{40A2D170-A4EB-4611-8181-63127606BAEF}) (Version: 1.00.0000 - Promotion And Display Technology Limited) TextPad 7 (HKLM\...\{3DE3E4EE-F270-4A31-AB76-475515C661BD}) (Version: 7.4.0 - Helios) TP-LINK Wireless Client Utility (HKLM\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: - TP-LINK) TP-LINK Wireless Client Utility (Version: 7.0 - TP-LINK) Hidden Update for Windows XP (KB894391) (HKLM\...\KB894391) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB896727) (HKLM\...\KB896727) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB900485) (HKLM\...\KB900485) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB908531) (HKLM\...\KB908531) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB910437) (HKLM\...\KB910437) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB912945) (HKLM\...\KB912945) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB916595) (HKLM\...\KB916595) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB920872) (HKLM\...\KB920872) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB922582) (HKLM\...\KB922582) (Version: 1 - Microsoft Corporation) VIA/S3G Display Driver (HKLM\...\VIA/S3G UniChrome Family Win2K/XP/Server2003 Display) (Version: - ) VIA/S3G UniChrome Family Win2K/XP/Server2003 Display (HKLM\...\UChromeP) (Version: - ) VoIPVoice Integration (Version: 1.1 - Promotion And Display Technology Limited) Hidden WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Genuine Advantage Validation Tool (HKLM\...\WGA) (Version: - Microsoft Corporation) Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation) Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation) Windows Installer 3.1 (KB893803) (Version: 3.1 - Microsoft Corporation) Hidden Windows Media Player 10 (HKLM\...\Windows Media Player) (Version: - ) Windows XP Hotfix - KB834707 (HKLM\...\KB834707) (Version: 20040929.110854 - Microsoft Corporation) Windows XP Hotfix - KB867282 (HKLM\...\KB867282) (Version: 20050127.090417 - Microsoft Corporation) Windows XP Hotfix - KB873333 (HKLM\...\KB873333) (Version: 20050114.005213 - Microsoft Corporation) Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation) Windows XP Hotfix - KB885250 (HKLM\...\KB885250) (Version: 20050118.202711 - Microsoft Corporation) Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation) Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation) Windows XP Hotfix - KB885884 (HKLM\...\KB885884) (Version: 20040924.025457 - Microsoft Corporation) Windows XP Hotfix - KB886185 (HKLM\...\KB886185) (Version: 20041021.090540 - Microsoft Corporation) Windows XP Hotfix - KB887472 (HKLM\...\KB887472) (Version: 20041014.162858 - Microsoft Corporation) Windows XP Hotfix - KB888113 (HKLM\...\KB888113) (Version: 20041116.131036 - Microsoft Corporation) Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version: 20041207.111426 - Microsoft Corporation) Windows XP Hotfix - KB890047 (HKLM\...\KB890047) (Version: 20041221.124506 - Microsoft Corporation) Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation) Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 - Microsoft Corporation) Windows XP Hotfix - KB890923 (HKLM\...\KB890923) (Version: 1 - Microsoft Corporation) Windows XP Hotfix - KB891220 (HKLM\...\KB891220) (Version: 20041208.154529 - Microsoft Corporation) Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation) Windows XP Hotfix - KB893066 (HKLM\...\KB893066) (Version: 1 - Microsoft Corporation) Windows XP Hotfix - KB893086 (HKLM\...\KB893086) (Version: 1 - Microsoft Corporation) WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WisePixel HandySnap 1.4 (HKLM\...\WisePixel HandySnap_is1) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{013F891C-58A8-42F1-BA17-A3954DDED562}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.)) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{073258F7-8BC6-4A64-A4E7-919E4D32DC63}\InprocServer32 -> C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXACWMA.dll (Roxio, Inc.) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{12897008-A82D-4267-92A3-04D22450D565}\InprocServer32 -> C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXAudioCodec.dll (Roxio, Inc.) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{1C6E0E46-4E5F-492D-B946-44291B931361}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.)) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{2000AA1D-2E7C-4EBA-9893-DAE4EF5E1FE5}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.)) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{403BD5FD-724C-4D96-86ED-B9E3A2ACBD8E}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.)) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Rupert Legge\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{616A7D2A-A222-4083-8FF2-363141AFBC56}\InprocServer32 -> C:\WINDOWS\system32\CDDBUIRoxio.dll (Gracenote) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{8917825A-AFBC-40C1-BC8A-CD0DC7F7A6E2}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.)) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files\TextPad 7\System\shellext32.dll (Helios Software Solutions) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{A0A0888B-8977-45B5-B884-57CC3A164650}\InprocServer32 -> C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXACMP3CTD.dll (Roxio, Inc.) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{AF7C0A6A-3D7C-46DC-AF54-BF1E1C2DDD50}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.)) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{C955DD8E-0167-440B-BE27-DAC0A2E03233}\InprocServer32 -> C:\WINDOWS\system32\CDDBUIRoxio.dll (Gracenote) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{D07DC324-55D5-4DBE-8A41-1F2E13E8D933}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.)) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{D48915E5-268D-4C2A-9146-EE042C6A7CCE}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.)) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{D806C170-3B96-4A54-AD9F-B546E3C21408}\InprocServer32 -> C:\WINDOWS\system32\CDDBUIRoxio.dll (Gracenote) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{DF525519-639E-47AF-9576-330DF39B29FE}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.)) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{FB07A580-07A7-46EE-82A1-EDE5C3AEEC68}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.)) CustomCLSID: HKU\S-1-5-21-1430662889-353329016-294800167-1007_Classes\CLSID\{FF866659-937C-4EFF-9416-BD79B72C7BA1}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.)) ==================== Restore Points ========================= 21-09-2014 08:45:25 17.09.2014 - po czyszczeniu 21-09-2014 09:04:48 avast! Free Antivirus Setup 21-09-2014 09:11:32 avast! Free Antivirus Setup 21-09-2014 10:39:25 Restore Operation 21-09-2014 10:53:27 avast! Free Antivirus Setup 21-09-2014 16:22:02 Installed TextPad 7. 29-09-2014 16:16:31 Installed Realtek AC'97 Audio ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-07-13 02:39 - 2012-12-18 20:58 - 00000058 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 microsoft.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe Task: C:\WINDOWS\Tasks\Express FilesUpdate.job => C:\Program Files\ExpressFiles\EFUpdater.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Go for FilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\SpottyFiles Update.job => C:\Program Files\SpottyFiles\SpottyFilesUpdater.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-09 19:54 - 2011-04-11 06:26 - 00024064 _____ () C:\WINDOWS\system32\spd__l.dll 2011-12-16 01:00 - 2010-05-21 14:55 - 00561263 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe 2011-12-16 01:00 - 2010-05-21 14:55 - 00422000 _____ () C:\WINDOWS\system32\wgapi.dll 2011-12-16 01:00 - 2010-05-21 14:55 - 00077824 _____ () C:\WINDOWS\system32\wgapiloc.dll 2011-12-16 01:00 - 2010-05-21 14:55 - 00278528 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCUloc.dll 2011-12-16 01:00 - 2010-05-21 14:55 - 00163840 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\oemresloc.dll 2006-10-19 21:01 - 2004-03-29 16:08 - 00049152 _____ () C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe 2006-10-19 21:01 - 2005-06-13 15:45 - 00827392 _____ () C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe 2006-10-19 21:01 - 2002-10-03 11:57 - 00110592 _____ () C:\Program Files\Belkin\Belkin Wireless Network Utility\PINGDLL.dll 2006-10-19 21:01 - 2003-06-30 15:37 - 00036864 _____ () C:\Program Files\Belkin\Belkin Wireless Network Utility\ProcNICs.dll 2006-10-19 21:01 - 2002-04-09 07:49 - 00110592 _____ () C:\Program Files\Belkin\Belkin Wireless Network Utility\GEMWEP.DLL 2006-10-19 21:01 - 2005-08-10 15:36 - 00045056 _____ () C:\Program Files\Belkin\Belkin Wireless Network Utility\Security.dll 2006-10-19 21:01 - 2003-10-08 11:23 - 00040960 _____ () C:\Program Files\Belkin\Belkin Wireless Network Utility\RM_DEV_CODE.dll 2014-09-01 01:33 - 2014-08-31 10:55 - 01274880 _____ () C:\Documents and Settings\Rupert Legge\My Documents\Downloads\firemin_2086\firemin_2086\Firemin.exe.exe 2014-09-24 20:19 - 2014-09-24 20:19 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch(2).lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch(2).lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^Rupert Legge^Start Menu^Programs^Startup^BHODemon 2.0.lnk => C:\WINDOWS\pss\BHODemon 2.0.lnkStartup MSCONFIG\startupfolder: C:^Documents and Settings^Rupert Legge^Start Menu^Programs^Startup^bleachbit.lnk => C:\WINDOWS\pss\bleachbit.lnkStartup MSCONFIG\startupfolder: C:^Documents and Settings^Rupert Legge^Start Menu^Programs^Startup^PandaUSBVaccine(2).lnk => C:\WINDOWS\pss\PandaUSBVaccine(2).lnkStartup MSCONFIG\startupfolder: C:^Documents and Settings^Rupert Legge^Start Menu^Programs^Startup^Shortcut to Chase(2).lnk => C:\WINDOWS\pss\Shortcut to Chase(2).lnkStartup MSCONFIG\startupfolder: C:^Documents and Settings^Rupert Legge^Start Menu^Programs^Startup^Shortcut to hdi.lnk => C:\WINDOWS\pss\Shortcut to hdi.lnkStartup MSCONFIG\startupfolder: C:^Documents and Settings^Rupert Legge^Start Menu^Programs^Startup^Shortcut to StartClock.lnk => C:\WINDOWS\pss\Shortcut to StartClock.lnkStartup MSCONFIG\startupfolder: C:^Documents and Settings^Rupert Legge^Start Menu^Programs^Startup^Startup Guard.lnk => C:\WINDOWS\pss\Startup Guard.lnkStartup MSCONFIG\startupreg: AutoStartNPSAgent => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe MSCONFIG\startupreg: CookieWall => C:\Program Files\AnalogX\CookieWall\cookie.exe MSCONFIG\startupreg: DriverMax => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agent MSCONFIG\startupreg: DriverMax_RESTART => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -RESTART MSCONFIG\startupreg: FlashCookieCleanerSheduler => C:\Program Files\ConsumerSoft\Flash Cookie Cleaner\FlashCookieCleaner.exe a MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k MSCONFIG\startupreg: MrIP => C:\Program Files\MrIP\MrIP.exe MSCONFIG\startupreg: NPSStartup => MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray MSCONFIG\startupreg: Samsung PanelMgr => C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun MSCONFIG\startupreg: Samurai => "C:\Documents and Settings\Rupert Legge\My Documents\Downloads\Samurai\Samurai.exe" samurai.dat MSCONFIG\startupreg: SlimDrivers => "C:\Program Files\SlimDrivers\SlimDrivers.exe" -boot MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe MSCONFIG\startupreg: uTorrent => "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: VTTimer => VTTimer.exe MSCONFIG\startupreg: WiFiSiStr => C:\Program Files\DNsoft.be\DNsoft.be WiFi SiStr\WiFi SiStr.exe ========================= Accounts: ========================== Administrator (S-1-5-21-1430662889-353329016-294800167-500 - Administrator - Enabled) ASPNET (S-1-5-21-1430662889-353329016-294800167-1004 - Limited - Enabled) Guest (S-1-5-21-1430662889-353329016-294800167-501 - Limited - Disabled) HelpAssistant (S-1-5-21-1430662889-353329016-294800167-1006 - Limited - Disabled) Rupert Legge (S-1-5-21-1430662889-353329016-294800167-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Rupert Legge SUPPORT_388945a0 (S-1-5-21-1430662889-353329016-294800167-1002 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/29/2014 06:20:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application frst.exe, version 28.9.2014.2, faulting module frst.exe, version 28.9.2014.2, fault address 0x0001f3de. Processing media-specific event for [frst.exe!ws!] Error: (09/21/2014 00:10:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea. Processing media-specific event for [iexplore.exe!ws!] Error: (09/20/2014 07:33:12 PM) (Source: LoadPerf) (EventID: 3001) (User: ) Description: The performance counter name string value in the registry is incorrectly formatted. The bogus string is 4438, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error: (09/20/2014 07:33:08 PM) (Source: LoadPerf) (EventID: 3011) (User: ) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section. Error: (09/20/2014 07:33:08 PM) (Source: LoadPerf) (EventID: 3001) (User: ) Description: The performance counter name string value in the registry is incorrectly formatted. The bogus string is 4438, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section. Error: (09/20/2014 07:18:36 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (09/20/2014 07:18:34 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (09/20/2014 06:49:27 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (09/20/2014 06:49:27 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/23/2013 09:04:10 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. System errors: ============= Error: (09/29/2014 05:19:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Routing and Remote Access service terminated with service-specific error 711 (0x2C7). Error: (09/29/2014 05:19:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SSPORT service failed to start due to the following error: %%2 Error: (09/29/2014 05:03:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Online Armor service terminated unexpectedly. It has done this 1 time(s). Error: (09/29/2014 04:15:17 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Routing and Remote Access service terminated with service-specific error 711 (0x2C7). Error: (09/29/2014 04:15:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SSPORT service failed to start due to the following error: %%2 Error: (09/28/2014 00:17:05 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Routing and Remote Access service terminated with service-specific error 711 (0x2C7). Error: (09/28/2014 00:17:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SSPORT service failed to start due to the following error: %%2 Error: (09/25/2014 04:44:57 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Routing and Remote Access service terminated with service-specific error 711 (0x2C7). Error: (09/25/2014 04:44:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SSPORT service failed to start due to the following error: %%2 Error: (09/24/2014 08:55:00 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Microsoft Office Sessions: ========================= Error: (09/29/2014 06:20:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: frst.exe28.9.2014.2frst.exe28.9.2014.20001f3de Error: (09/21/2014 00:10:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe6.0.2900.2180ntdll.dll5.1.2600.218000018fea Error: (09/20/2014 07:33:12 PM) (Source: LoadPerf) (EventID: 3001) (User: ) Description: 4438 Error: (09/20/2014 07:33:08 PM) (Source: LoadPerf) (EventID: 3011) (User: ) Description: WmiApRplWmiApRpl Error: (09/20/2014 07:33:08 PM) (Source: LoadPerf) (EventID: 3001) (User: ) Description: 4438 Error: (09/20/2014 07:18:36 PM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (09/20/2014 07:18:34 PM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (09/20/2014 06:49:27 PM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (09/20/2014 06:49:27 PM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/23/2013 09:04:10 PM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU 3.06GHz Percentage of memory in use: 23% Total physical RAM: 2014.48 MB Available physical RAM: 1548.23 MB Total Pagefile: 2536.16 MB Available Pagefile: 1985.39 MB Total Virtual: 2047.88 MB Available Virtual: 1940.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:70.22 GB) (Free:59.18 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive e: (HDD) (Fixed) (Total:180.29 GB) (Free:180 GB) NTFS Drive g: (USB20FD) (Removable) (Total:30.46 GB) (Free:4.57 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 74.5 GB) (Disk ID: 00180017) Partition 1: (Active) - (Size=70.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=4.3 GB) - (Type=12) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 186.3 GB) (Disk ID: ACE22E9E) Partition 1: (Not Active) - (Size=6 GB) - (Type=1B) Partition 2: (Active) - (Size=180.3 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 30.5 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=30.5 GB) - (Type=0C) ==================== End Of Log ============================