Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Leroy (2012-07-26 23:17:16)
Running from C:\Users\Leroy\Desktop
Windows 8 Pro (X64) (2012-07-27 02:46:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3366028494-1151452966-969855788-500 - Administrator - Disabled)
Guest (S-1-5-21-3366028494-1151452966-969855788-501 - Limited - Disabled)
Leroy (S-1-5-21-3366028494-1151452966-969855788-1001 - Administrator - Enabled) => C:\Users\Leroy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {616AA0CF-F6B0-466A-8742-940893DE6189} - System32\Tasks\{EB37EB4D-A5ED-452F-9F26-1D7A93531BBC} => pcalua.exe -a E:\Hewlett-Packard\Drivers\HP_Win8.1_Recovery.exe -d E:\Hewlett-Packard\Drivers
Task: {9F1578F2-3470-4928-BC4F-310518E1E9D8} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2012-07-26 22:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3366028494-1151452966-969855788-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

==================== Restore Points =========================

26-07-2012 22:32:45 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: UBUNTU-SIFT
Description: Nano Pro II     
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Imation 
Service: WUDFWpdFs
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: FLASH DRIVE
Description: Nano Pro II     
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Imation 
Service: WUDFWpdFs
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2012 11:16:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.
.

Error: (07/26/2012 11:16:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.
.

Error: (07/26/2012 11:16:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.
.

Error: (07/26/2012 10:50:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.
.

Error: (07/26/2012 10:50:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.
.

Error: (07/26/2012 10:50:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Invalid algorithm specified.
.

Error: (07/26/2012 10:47:29 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072F8F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/26/2012 10:47:28 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072F8F
Sku Id=0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7

Error: (07/26/2012 10:47:28 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0x80072F8F

Error: (07/26/2012 10:47:27 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072F8F
Sku Id=0cdc4d08-6df6-4eb4-b5b4-a373c3e351e7


System errors:
=============
Error: (07/26/2012 11:17:12 PM) (Source: DCOM) (EventID: 10010) (User: ESET-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (07/26/2012 11:16:42 PM) (Source: DCOM) (EventID: 10010) (User: ESET-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (07/26/2012 11:12:00 PM) (Source: DCOM) (EventID: 10010) (User: ESET-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (07/26/2012 11:11:30 PM) (Source: DCOM) (EventID: 10010) (User: ESET-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (07/26/2012 10:57:32 PM) (Source: DCOM) (EventID: 10010) (User: ESET-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (07/26/2012 10:57:02 PM) (Source: DCOM) (EventID: 10010) (User: ESET-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (07/26/2012 10:56:32 PM) (Source: DCOM) (EventID: 10010) (User: ESET-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (07/26/2012 10:56:02 PM) (Source: DCOM) (EventID: 10010) (User: ESET-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (07/26/2012 10:55:32 PM) (Source: DCOM) (EventID: 10010) (User: ESET-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (07/26/2012 10:55:02 PM) (Source: DCOM) (EventID: 10010) (User: ESET-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


CodeIntegrity:
===================================
  Date: 2012-07-26 22:36:39.679
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU G870 @ 3.10GHz
Percentage of memory in use: 36%
Total physical RAM: 3978.83 MB
Available physical RAM: 2519.45 MB
Total Virtual: 7562.83 MB
Available Virtual: 6296.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.54 GB) (Free:202.51 GB) NTFS
Drive d: (HRM_CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:3.34 GB) (Free:0 GB) UDF
Drive e: (FLASH DRIVE) (Removable) (Total:29.86 GB) (Free:17.32 GB) FAT32
Drive f: (UBUNTU-SIFT) (Removable) (Total:29.87 GB) (Free:20.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E511398A)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 29.9 GB) (Disk ID: 41B85A98)
Partition 1: (Not Active) - (Size=29.9 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 29.9 GB) (Disk ID: 0010F527)
Partition 1: (Active) - (Size=29.9 GB) - (Type=0C)

==================== End of Addition.txt ============================