Running a multi-boot system (W7 32bit, W7 64bit, and W XP 32bit SP3).
Trouble is now with Windows XP.
For some time now, noticed that the CPU load (and CPU fan increases in speed) seems to go up while playing some low load games, when previously this didn't happen. Likewise the CPU load increases while in Safe Mode!? Also seems to take longer to shut down computer via XP.
Speaking of Safe Mode, I'm unable to boot into Safe Mode by changing settings under "msconfig". After changing settings to boot into Safe Mode, the computer always boots into Normal Mode with the following message shown.
The only way I can boot into Safe Mode now is by pressing the F8 key when XP is starting.
Getting odd system restarts due to file errors (I think). Happened again last night while waiting for web page to finish loading and while playing small video to pass the time. Here is screenshot of BlueScreenView of the corresponding system dumps.
Have no problems when running either of the Windows 7 operating systems, which suggests a software issue.
Ran a FRST scan with the following results -
FRST scan log -
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-07-2017
Ran by Peter Bahniuk (administrator) on MINE (27-07-2017 10:22:51)
Running from C:\Documents and Settings\Peter Bahniuk\Desktop
Loaded Profiles: Peter Bahniuk (Available Profiles: Peter Bahniuk & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3, v.3264 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Program Files\Opera\Opera.exe" "%1")
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
() C:\WINDOWS\system32\srvany.exe
() C:\WINDOWS\KMService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Creative Technology Ltd) C:\WINDOWS\system32\Ctxfihlp.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(www.dennisbabkin.com) C:\Compact Tray meter\Compact Tray Meter.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(the sz development) C:\Program Files\RimhillEx\RimhillEx.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTxfispi.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2013-12-23] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [CTxfiHlp] => C:\WINDOWS\system32\CTXFIHLP.EXE [26112 2014-03-01] (Creative Technology Ltd)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2013-12-23] (ATI Technologies Inc.)
HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-12-07] (SUPERAntiSpyware)
HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Run: [Compact Tray Meter] => C:\Compact Tray meter\Compact Tray Meter.exe [3081672 2014-05-31] (www.dennisbabkin.com)
HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4027504 2017-07-15] (Tonec Inc.)
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
ShellExecuteHooks: No Name - {16664848-0E00-11D2-8059-000000000000} - -> No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\Peter Bahniuk\Start Menu\Programs\Startup\RimhillEx.lnk [2016-11-07]
ShortcutTarget: RimhillEx.lnk -> C:\Program Files\RimhillEx\RimhillEx.exe (the sz development)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 13 %windir%\system32\vsocklib.dll => No File
Tcpip\..\Interfaces\{6A394987-A551-40AF-9ADD-BA74B9C7F236}: [NameServer] 203.97.78.43 203.97.78.44
Internet Explorer:
==================
HKU\S-1-5-21-1390067357-606747145-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1390067357-606747145-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2017-07-13] (Internet Download Manager, Tonec Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: nejrxvyi.default
FF ProfilePath: C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default [2017-06-29]
FF Extension: (Status-4-Evar) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\
[email protected] [2016-11-04]
FF Extension: (ColorfulTabs) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2016-11-04]
FF Extension: (Flagfox) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-11-04]
FF Extension: (FlashGot) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-11-12]
FF Extension: (RightToClick) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-11-04]
FF Extension: (Adblock Plus) - C:\Documents and Settings\Peter Bahniuk\Application Data\Mozilla\Firefox\Profiles\nejrxvyi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-04]
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF ProfilePath: C:\Documents and Settings\Peter Bahniuk\Application Data\K-Meleon\lvu8bvvw.default [2017-06-29]
FF user.js: detected! => C:\Documents and Settings\Peter Bahniuk\Application Data\K-Meleon\lvu8bvvw.default\user.js [2006-04-07]
FF Extension: (NewsFox) - C:\Program Files\K-Meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2015-03-13] [not signed]
FF HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\SeaMonkey\Extensions: [
[email protected]] - C:\Documents and Settings\Peter Bahniuk\Application Data\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Documents and Settings\Peter Bahniuk\Application Data\IDM\idmmzcc5 [2017-07-26] [not signed]
FF HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\SeaMonkey\Extensions: [
[email protected]] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-29] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-07-15]
CHR HKLM\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - C:\Program Files\Offline Explorer\mpoe.crx <not found>
Opera:
=======
OPR Extension: (EagleGet Free Downloader) - C:\Documents and Settings\Peter Bahniuk\Application Data\Opera Software\Opera Stable\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2017-02-20]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [643072 2013-12-23] (ATI Technologies Inc.) [File not signed]
S4 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-10-09] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 KMService; C:\WINDOWS\system32\srvany.exe [8192 2016-10-08] () [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [6852096 2013-12-23] (ATI Technologies Inc.) [File not signed]
R3 EtronHub3; C:\WINDOWS\System32\Drivers\EtronHub3.sys [46848 2012-02-19] (Etron Technology Inc)
R3 EtronXHCI; C:\WINDOWS\System32\Drivers\EtronXHCI.sys [68352 2012-02-19] (Etron Technology Inc)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2016-11-16] (REALiX)
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [142144 2017-07-15] (Tonec Inc.)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2016-10-24] (VSO Software) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-25] (Elaborate Bytes AG) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-27 10:22 - 2017-07-27 10:23 - 00010733 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\FRST.txt
2017-07-27 10:22 - 2017-07-27 10:22 - 01778176 _____ (Farbar) C:\Documents and Settings\Peter Bahniuk\Desktop\FRST.exe
2017-07-27 10:22 - 2017-07-27 10:22 - 00000000 ____D C:\FRST
2017-07-27 02:45 - 2017-07-27 02:47 - 00000000 ____D C:\Tweaking.com - Windows Repair
2017-07-27 02:34 - 2017-07-27 02:36 - 00000000 ____D C:\Documents and Settings\Peter Bahniuk\Desktop\Tweaking.com - Windows Repair
2017-07-27 01:57 - 2017-07-27 01:57 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Foxit Software
2017-07-27 01:16 - 2017-07-27 01:16 - 00094208 _____ C:\WINDOWS\Minidump\Mini072717-02.dmp
2017-07-27 01:05 - 2017-07-27 01:05 - 00094208 _____ C:\WINDOWS\Minidump\Mini072717-01.dmp
2017-07-27 00:56 - 2017-07-27 00:58 - 00000000 ____D C:\Documents and Settings\Peter Bahniuk\Application Data\Foxit Software
2017-07-27 00:56 - 2017-07-27 00:56 - 00000000 ____D C:\Documents and Settings\Peter Bahniuk\Application Data\Foxit AgentInformation
2017-07-27 00:56 - 2017-07-27 00:56 - 00000000 ____D C:\Documents and Settings\All Users\Foxit Software
2017-07-27 00:56 - 2017-07-27 00:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Foxit ContentPlatform
2017-07-26 20:16 - 2017-07-26 20:16 - 00000696 _____ C:\Documents and Settings\Peter Bahniuk\Desktop\Internet Download Manager.lnk
2017-07-26 20:15 - 2017-07-26 20:16 - 00000000 ____D C:\Documents and Settings\Peter Bahniuk\Start Menu\Programs\Internet Download Manager
2017-07-26 20:15 - 2017-07-26 20:16 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Internet Download Manager
2017-07-15 05:18 - 2017-07-15 05:13 - 00142144 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmtdi.sys
2017-06-29 21:42 - 2013-08-28 13:09 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-29 21:38 - 2011-10-04 02:32 - 00005120 ____N (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-29 21:36 - 2013-08-12 15:24 - 00003072 ____N (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-29 21:32 - 2016-10-12 13:43 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-06-29 21:21 - 2016-09-27 18:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsp.dll
2017-06-29 21:16 - 2016-10-02 11:07 - 00003072 ____N (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-security-sddl-l1-1-0.dll
2017-06-29 20:46 - 2016-12-08 15:24 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-06-29 16:16 - 2017-06-29 16:16 - 00000000 ____D C:\Program Files\PFFEditor
2017-06-29 16:16 - 2017-06-29 16:16 - 00000000 ____D C:\Dependency Walker
2017-06-29 16:12 - 2016-12-05 14:59 - 00401484 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrtd.dll
2017-06-29 16:12 - 2016-12-05 14:36 - 01393152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42d.dll
2017-06-29 14:07 - 2017-06-29 14:07 - 00000000 _____ C:\av.mof
2017-06-29 14:00 - 2017-06-29 14:00 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2017-06-29 13:59 - 2017-06-29 13:59 - 00000000 ____D C:\RegBackup
2017-06-29 13:56 - 2017-07-27 02:47 - 00044496 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2017-06-29 13:55 - 2017-07-27 02:49 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-06-29 13:55 - 2017-07-27 02:47 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2017-06-29 13:55 - 2017-06-29 13:55 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2017-06-29 13:55 - 2017-06-29 13:55 - 00000000 ____D C:\Documents and Settings\Administrator
2017-06-29 13:55 - 2016-11-12 16:38 - 00001697 _____ C:\Documents and Settings\Administrator\Desktop\Offline Explorer.lnk
2017-06-29 13:55 - 2016-11-12 16:38 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\MetaProducts Offline Explorer
2017-06-29 13:55 - 2016-10-08 18:41 - 00001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2017-06-29 13:55 - 2016-10-08 18:41 - 00000792 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2017-06-29 13:54 - 2017-07-27 02:40 - 00313954 _____ C:\WINDOWS\ntbtlog.txt
2017-06-29 13:54 - 2017-06-29 13:54 - 00000000 __SHD C:\WINDOWS\CSC
2017-06-29 13:39 - 2017-07-27 10:03 - 00000550 _____ C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2017-06-29 13:39 - 2017-06-29 13:46 - 00000000 ____D C:\WINDOWS\pss
2017-06-29 13:39 - 2017-06-29 13:39 - 00183676 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2017-06-29 13:39 - 2017-06-29 13:39 - 00000000 ____D C:\Program Files\Tweaking.com
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-27 10:23 - 2016-10-08 18:44 - 00000000 ____D C:\Documents and Settings\Peter Bahniuk\Local Settings\Temp
2017-07-27 10:07 - 2016-10-09 06:30 - 00005196 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-27 10:04 - 2016-10-08 19:02 - 00007288 _____ C:\WINDOWS\ModemLog_LSI PCI-SV92PP Soft Modem.txt
2017-07-27 10:03 - 2016-11-05 16:23 - 00000408 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1478319800.job
2017-07-27 10:03 - 2016-10-08 18:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-27 10:01 - 2016-10-09 06:23 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2017-07-27 09:58 - 2016-10-09 19:22 - 00054760 _____ C:\WINDOWS\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-27 09:58 - 2016-10-09 19:22 - 00054760 _____ C:\WINDOWS\system32\BMXState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-27 09:58 - 2016-10-09 19:22 - 00000788 _____ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000005-00311102}.rfx
2017-07-27 09:57 - 2016-10-09 06:28 - 00000229 __RSH C:\boot.ini
2017-07-27 09:57 - 2016-10-08 18:57 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2017-07-27 09:57 - 2016-10-08 18:44 - 00000178 ___SH C:\Documents and Settings\Peter Bahniuk\ntuser.ini
2017-07-27 09:57 - 2016-10-08 18:43 - 00032634 _____ C:\WINDOWS\SchedLgU.Txt
2017-07-27 09:57 - 2006-03-01 00:00 - 00000477 _____ C:\WINDOWS\win.ini
2017-07-27 09:57 - 2006-03-01 00:00 - 00000227 _____ C:\WINDOWS\system.ini
2017-07-27 01:16 - 2016-11-24 11:02 - 00000000 ____D C:\WINDOWS\Minidump
2017-07-27 00:56 - 2016-10-09 06:29 - 00000000 ____D C:\Documents and Settings\All Users
2017-07-27 00:43 - 2016-10-10 10:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2017-07-26 22:33 - 2016-10-21 15:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Zoom Player
2017-07-26 20:50 - 2016-10-16 13:35 - 00000000 ____D C:\Program Files\VideoLAN
2017-07-26 20:16 - 2016-10-09 16:00 - 00000000 ____D C:\Documents and Settings\Peter Bahniuk\Application Data\IDM
2017-07-26 20:16 - 2016-10-09 15:56 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-07-26 20:16 - 2016-10-09 06:23 - 00000000 ___HD C:\WINDOWS\inf
2017-07-26 20:11 - 2006-03-01 00:00 - 00012984 _____ C:\WINDOWS\system32\wpa.dbl
2017-07-01 13:09 - 2016-10-09 06:29 - 00000000 ___HD C:\Documents and Settings\Default User
2017-06-29 16:17 - 2017-06-25 15:11 - 00000095 _____ C:\WINDOWS\Settings.ini
2017-06-29 14:17 - 2016-10-09 06:29 - 00187408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-29 14:17 - 2016-10-08 18:57 - 00044496 _____ C:\Documents and Settings\Peter Bahniuk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2017-06-29 14:08 - 2016-10-08 18:41 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2017-06-29 14:08 - 2016-10-08 18:41 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2017-06-29 14:07 - 2016-10-08 18:43 - 00000000 __SHD C:\Documents and Settings\LocalService
2017-06-29 13:55 - 2016-10-09 06:29 - 00000000 ____D C:\Documents and Settings
2017-06-27 17:16 - 2016-10-08 18:44 - 00000000 ____D C:\Documents and Settings\Peter Bahniuk
2017-06-27 17:16 - 2016-10-08 18:43 - 00000000 __SHD C:\Documents and Settings\NetworkService
==================== Files in the root of some directories =======
2016-10-24 21:04 - 2016-10-24 21:04 - 0087608 _____ () C:\Documents and Settings\Peter Bahniuk\Application Data\inst.exe
2016-10-09 21:03 - 2017-03-02 20:03 - 0000651 _____ () C:\Documents and Settings\Peter Bahniuk\Application Data\pacemaker.ini
2016-10-09 21:03 - 2016-10-09 21:03 - 0000010 _____ () C:\Documents and Settings\Peter Bahniuk\Application Data\pacemaker_songparams.txt
2016-10-24 21:04 - 2016-10-24 21:04 - 0007887 _____ () C:\Documents and Settings\Peter Bahniuk\Application Data\pcouffin.cat
2016-10-24 21:04 - 2016-10-24 21:04 - 0001144 _____ () C:\Documents and Settings\Peter Bahniuk\Application Data\pcouffin.inf
2016-10-24 21:04 - 2016-10-24 21:04 - 0000034 _____ () C:\Documents and Settings\Peter Bahniuk\Application Data\pcouffin.log
2016-10-24 21:04 - 2016-10-24 21:04 - 0047360 _____ (VSO Software) C:\Documents and Settings\Peter Bahniuk\Application Data\pcouffin.sys
2016-11-14 19:23 - 2016-11-14 19:23 - 0003584 _____ () C:\Documents and Settings\Peter Bahniuk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
2017-07-27 01:57 - 2017-06-29 11:43 - 3700288 _____ (Foxit Corporation) C:\Documents and Settings\Administrator\Local Settings\Temp\FoxitUpdater.exe
2017-07-26 20:45 - 2017-07-27 02:32 - 0000000 _____ () C:\Documents and Settings\Peter Bahniuk\Local Settings\Temp\parctmp.exe
2016-10-10 10:50 - 2006-05-25 05:10 - 0455600 ____R (Macrovision Corporation) C:\Documents and Settings\Peter Bahniuk\Local Settings\Temp\_is1.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
FRST Addition log -
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-07-2017
Ran by Peter Bahniuk (27-07-2017 10:23:21)
Running from C:\Documents and Settings\Peter Bahniuk\Desktop
Microsoft Windows XP Professional Service Pack 3, v.3264 (X86) (2016-10-08 06:42:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1390067357-606747145-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1390067357-606747145-725345543-1004 - Limited - Enabled)
Guest (S-1-5-21-1390067357-606747145-725345543-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1390067357-606747145-725345543-1000 - Limited - Disabled)
Peter Bahniuk (S-1-5-21-1390067357-606747145-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Peter Bahniuk
SUPPORT_388945a0 (S-1-5-21-1390067357-606747145-725345543-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.00 (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{33C731E7-B72A-1587-A3EF-054FCC011A3C}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Auslogics Disk Defrag Professional (HKLM\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.3.4.0 - Auslogics Software Pty Ltd)
Auslogics Registry Cleaner (HKLM\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 3.4.0.0 - Auslogics Labs Pty Ltd)
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version: - )
Blue Cat's Stereo Flanger VST 2.62 (HKLM\...\{0F0B0627-3CC7-4C3D-B246-D84FD3B30488}) (Version: 2.62 - Blue Cat Audio)
Corel PaintShop Pro X6 (HKLM\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.1.0.48 - Corel Corporation)
Corel PaintShop Pro X6 (HKLM\...\{161AB62E-65D6-46E5-B3D8-2AC15D3B920B}) (Version: 16.1.0.48 - Corel Corporation) Hidden
Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Delta Force Task Force Dagger (HKLM\...\Delta Force Task Force Dagger) (Version: - )
DirectVobSub (remove only) (HKLM\...\DirectVobSub) (Version: - )
EasyBCD 2.2 (HKLM\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Etron USB3.0 Host Controller (HKLM\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology) Hidden
Etron USB3.0 Host Controller (HKLM\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.109 - Etron Technology)
GetDiz (HKLM\...\GetDiz) (Version: 4.91 - Outertech)
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
HL-3150CDN (HKLM\...\{C6580DE1-F539-4700-ADD2-3185121E51A8}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HWiNFO32 Version 5.38 (HKLM\...\HWiNFO32_is1) (Version: 5.38 - Martin Malík - REALiX)
ICA (HKLM\...\{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.1.0.48 - Corel Corporation) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
IPM_PSP_COM (HKLM\...\{164D34E1-0271-4960-8A26-E8990A302DB1}) (Version: 16.1.0.48 - Corel Corporation) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
K-Meleon 75.0 (x86 en-US) (HKLM\...\K-Meleon 75.0 (x86 en-US)) (Version: 75.0 - kmeleonbrowser.org)
LAV Filters 0.68.1 (HKLM\...\lavfilters_is1) (Version: 0.68.1 - Hendrik Leppkes)
LSI PCI-SV92PP Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
MadVR (remove only) (HKLM\...\MadVR) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Nero 11 DiscSpeed (HKLM\...\{B8B03F99-F600-4D96-ADBD-2F384240FB9C}) (Version: 11.0.00400 - Nero AG)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version: - )
nLite 1.4.9.3 (HKLM\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
OpenAL (HKLM\...\OpenAL) (Version: - )
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 36.0.2130.65 (HKLM\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
Opti Drive Control 1.70 (HKLM\...\{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1) (Version: - Erik Deppe)
PaceMaker plug-in for Winamp and MediaMonkey (HKLM\...\PaceMaker plug-in) (Version: 2.7 - PaceMaker plug-inc.)
PFF Editor 1.2.9 (HKLM\...\PFF Editor_is1) (Version: - Dfzone.be)
PotPlayer (HKLM\...\PotPlayer) (Version: - Kakao Corp.)
PowerArchiver 2016 (HKLM\...\{A18ABA31-100B-4650-A221-0C13B08AD585}) (Version: 16.10.07 - ConeXware, Inc.) Hidden
PowerArchiver 2016 (HKLM\...\PowerArchiver 2016 16.10.07) (Version: 16.10.07 - ConeXware, Inc.)
PSPPContent (HKLM\...\{162BD2D6-6C63-41A7-8151-93188450D36A}) (Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPHelp (HKLM\...\{16346B2A-87BC-407C-9D6B-72A4D21ABF03}) (Version: 16.1.0.48 - Corel Corporation) Hidden
Quake II (HKLM\...\Quake2UninstallKey) (Version: - )
RimhillEx 1.08 (HKU\S-1-5-21-1390067357-606747145-725345543-1003\...\RimhillEx_is1) (Version: - the sz development)
Setup (HKLM\...\{16006EE1-DDB7-4E5F-8696-9FEF32C0151A}) (Version: 16.1.0.48 - Corel Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TMPGEnc Plus 2.5 (HKLM\...\{2A1E27FF-BE53-45B4-950F-060236E98E3D}) (Version: 2.524.63.181 - Pegasys Inc.) Hidden
TMPGEnc Plus 2.5 (HKLM\...\InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}) (Version: 2.524.63.181 - Pegasys Inc.)
Vivaldi (HKLM\...\Vivaldi) (Version: 1.0.435.46 - Vivaldi)
VSO Inspector 2.0.2 (HKLM\...\VSO Inspector_is1) (Version: - VSO-Software SARL)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version: 12.7 - Inmatrix LTD)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2017-06-24] (Tonec Inc.)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers01: [Corel PaintShop Pro X6] -> {8D7FD0F0-C023-4451-B68B-CD054993F53D} => c:\Program Files\Corel\Corel PaintShop Pro X6\PSPContextMenu.dll [2013-10-17] (Corel Software, Inc.)
ContextMenuHandlers01: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
ContextMenuHandlers02: [Corel PaintShop Pro X6] -> {8D7FD0F0-C023-4451-B68B-CD054993F53D} => c:\Program Files\Corel\Corel PaintShop Pro X6\PSPContextMenu.dll [2013-10-17] (Corel Software, Inc.)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers04: [Corel PaintShop Pro X6] -> {8D7FD0F0-C023-4451-B68B-CD054993F53D} => c:\Program Files\Corel\Corel PaintShop Pro X6\PSPContextMenu.dll [2013-10-17] (Corel Software, Inc.)
ContextMenuHandlers04: [ZPShellExt] -> {ABE00001-0123-ABED-1248-0248ADFA1909} => C:\Program Files\Zoom Player\zpshlext.dll [2008-08-12] ()
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2013-12-23] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers06: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2016-04-11] (ConeXware, Inc.)
==================== Scheduled Tasks=============================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1478319800.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Buy or Upgrade Zoom Player.lnk -> hxxp://inmatrix.com/shop_relay/buyshortcut.shtm
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Download Skins.lnk -> hxxp://skins.inmatrix.com
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Video Tutorials.lnk -> hxxp://inmatrix.com/tutorial_redir.htm
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Forum.lnk -> hxxp://forum.inmatrix.com
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Frequently Asked Questions.lnk -> hxxp://www.inmatrix.com/zplayer/fa
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Home Page.lnk -> hxxp://www.inmatrix.com
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Online Help.lnk -> hxxp://www.inmatrix.com/zplaye
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player\Help\Usage Guides.lnk -> hxxp://www.inmatrix.com/articles.shtm
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\NeoSmart Technologies\EasyBCD\Online Documentation.lnk -> hxxp://neosmart.net/wiki/display/EBCD
==================== Loaded Modules (Whitelisted) ==============
2016-10-08 23:49 - 2016-10-08 23:48 - 00008192 _____ () C:\WINDOWS\system32\srvany.exe
2016-10-08 23:49 - 2016-10-08 23:48 - 00151552 _____ () C:\WINDOWS\KMService.exe
2014-03-01 00:20 - 2014-03-01 00:20 - 00002560 _____ () C:\WINDOWS\CTXFIRES.DLL
2010-03-16 11:22 - 2010-03-16 11:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2014-01-07 10:28 - 2014-01-07 10:28 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-12-23 02:15 - 2013-12-23 02:15 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Documents and Settings\Peter Bahniuk\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 [368]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-03-01 00:00 - 2017-06-29 14:09 - 00000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1390067357-606747145-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 203.97.78.43 - 203.97.78.44
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
DomainProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
DomainProfile\AuthorizedApplications: [C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe] => Enabled:PotPlayer (32-Bit)
StandardProfile\AuthorizedApplications: [C:\Program Files\Opera\opera.exe] => Enabled:Opera Internet Browser
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Winamp\winamp.exe] => Enabled:Winamp
StandardProfile\AuthorizedApplications: [C:\Program Files\Vivaldi\Application\vivaldi.exe] => Enabled:Vivaldi
StandardProfile\AuthorizedApplications: [C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe] => Enabled:PotPlayer (32-Bit)
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
==================== Restore Points =========================
29-06-2017 13:48:09 System Checkpoint
26-07-2017 21:52:52 System Checkpoint
27-07-2017 00:43:14 Removed Adobe Reader XI.
27-07-2017 00:56:24 Printer Driver Foxit Reader PDF Printer Driver Installed
==================== Faulty Device Manager Devices =============
Name: PCI Device
Description: PCI Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Video Controller
Description: Video Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/27/2017 10:07:43 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.
Error: (07/27/2017 10:07:43 AM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.
Error: (06/29/2017 02:14:47 PM) (Source: COM+) (EventID: 4689) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in d:\xpsp\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed
Error: (06/29/2017 02:14:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.
Error: (06/29/2017 02:14:46 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of f:\xpsp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Error: (06/29/2017 02:14:46 PM) (Source: VSS) (EventID: 4101) (User: )
Description: Volume Shadow Copy Service error: Cannot obtain the collection 'Applications' from the COM+ catalog [0x8007043c].
Error: (06/29/2017 02:14:35 PM) (Source: COM+) (EventID: 4689) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in d:\xpsp\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007043c: InitEventCollector failed
Error: (06/29/2017 02:14:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.
Error: (06/29/2017 02:14:34 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of f:\xpsp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Error: (06/29/2017 02:14:34 PM) (Source: VSS) (EventID: 4101) (User: )
Description: Volume Shadow Copy Service error: Cannot obtain the collection 'Applications' from the COM+ catalog [0x8007043c].
System errors:
=============
Error: (07/27/2017 10:03:58 AM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311
Error: (07/27/2017 10:03:35 AM) (Source: DCOM) (EventID: 10005) (User: MINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service BrYNSvc with arguments ""
in order to run the server:
{F2189AE3-E432-427F-93B6-38D1C6F5E8D4}
Error: (07/27/2017 10:03:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
Error: (07/27/2017 10:03:34 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (07/27/2017 10:03:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
Error: (07/27/2017 09:59:17 AM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311
Error: (07/27/2017 09:58:52 AM) (Source: DCOM) (EventID: 10005) (User: MINE)
Description: DCOM got error "%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." attempting to start the service BrYNSvc with arguments ""
in order to run the server:
{F2189AE3-E432-427F-93B6-38D1C6F5E8D4}
Error: (07/27/2017 09:58:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
Error: (07/27/2017 09:58:51 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (07/27/2017 09:58:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
==================== Memory info ===========================
Processor: Intel® Core i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 14%
Total physical RAM: 2966.07 MB
Available physical RAM: 2522.79 MB
Total Virtual: 4852.79 MB
Available Virtual: 4516.61 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.76 GB) (Free:79.93 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:119.73 GB) (Free:13.84 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: () (Fixed) (Total:353.01 GB) (Free:226.22 GB) NTFS
Drive f: () (Fixed) (Total:14.99 GB) (Free:10.93 GB) NTFS
Drive g: () (Fixed) (Total:310 GB) (Free:16.81 GB) NTFS
Drive h: () (Fixed) (Total:35.91 GB) (Free:14.81 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 66CD451A)
Partition 1: (Active) - (Size=119.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=35.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4B19BE7B)
Partition 1: (Active) - (Size=97.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================
Not sure about the KMService.exe, but otherwise everything else seems OK(?)
Haven't as yet run any anti-malware/anti-virus, waiting for your comments first.
Thanks!
Edited by brispuss, 26 July 2017 - 04:58 PM.