Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-06-2017 01 Ran by essemtec (10-06-2017 09:04:13) Running from f:\ Microsoft Windows XP Professional Service Pack 3 (X86) (2014-05-15 07:47:20) Boot Mode: Safe Mode (minimal) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2646437663-3650158834-333150697-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator ASPNET (S-1-5-21-2646437663-3650158834-333150697-1003 - Limited - Enabled) essemtec (S-1-5-21-2646437663-3650158834-333150697-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\essemtec Guest (S-1-5-21-2646437663-3650158834-333150697-501 - Limited - Disabled) HelpAssistant (S-1-5-21-2646437663-3650158834-333150697-1004 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-2646437663-3650158834-333150697-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology) ASUS VGA Driver (Version: 3.0.0.1 - ASUSTek) Hidden ATI AVIVO Codecs (Version: 10.0.0.40103 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{1A28C8F0-5795-999D-A93E-109B01316777}) (Version: 3.0.804.0 - ATI Technologies, Inc.) ccc-core-static (Version: 2010.1125.2142.38865 - ATI) Hidden GoToAssist Customer 3.0.0.1185 (HKLM\...\GoToAssist Express Customer) (Version: 3.0.0.1185 - Citrix Online) HydraVision (Version: 4.2.184.0 - ATI Technologies Inc.) Hidden Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5412 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) LCV System Files (HKLM\...\LCV System Files) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Motion Control API (HKLM\...\{3F94650E-ECCD-469F-A5F2-C7F9353D6AEF}) (Version: 3.4.1.37 - Precision MicroControl Corp.) Motion Control Flash Wizard (HKLM\...\{78017BAA-98B3-40D3-A4AA-B08F4A02B46B}) (Version: 2.1.1.5 - Precision MicroControl Corp.) Motion Integrator (HKLM\...\{5D0DE04B-7416-48B3-A13A-E2589CE457D1}) (Version: 1.4.1.12 - Precision MicroControl Corp.) MSN (HKLM\...\MSNINST) (Version: - ) PGR FlyCapture 1.8 Release 23 (HKLM\...\{1174EB69-ECDD-47D6-BB2B-F25F448FD150}) (Version: 1.08.03.23 - Point Grey Research, Inc.) Placer (HKLM\...\Placer) (Version: 15.9 - Essemtec AG) REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6767 - Realtek Semiconductor Corp.) Skins (Version: 2010.1125.2142.38865 - ATI) Hidden TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.43148 - TeamViewer) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) XML Marker version 1.1 (HKLM\...\XML Marker_is1) (Version: - Symbol Click) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\At1.job => C:\Documents and Settings\essemtec\Templates\Brengkolang.com Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{4A315A59-94E5-49D1-9D9C-3EB9F1D2438B}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\Pick&Place desktop 1280zu1024px.jpg:FS_dl_url [45] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "UseAlternateShell"="1" p" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-04-14 14:00 - 2011-12-13 15:04 - 00000832 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 192.168.3.1 FLXNET-001 192.168.3.2 FLXNET-002 192.168.3.3 FLXNET-003 192.168.3.4 FLXNET-Remote ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2646437663-3650158834-333150697-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\essemtec\Local Settings\Application Data\Microsoft\Wallpaper1.bmp DNS Servers: Media is not connected to internet. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: CTFMON.EXE => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [D:\essemtec\Programs\Placer.exe] => Enabled:SMD Placer StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version7\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007 StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008 StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004 StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005 StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001 StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002 ==================== Restore Points ========================= 13-03-2017 14:52:13 System Checkpoint 03-04-2017 06:59:40 System Checkpoint 19-04-2017 08:28:29 System Checkpoint 06-06-2017 13:36:14 System Checkpoint 08-06-2017 10:07:22 System Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/10/2017 09:03:35 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: with error: This network connection does not exist. Error: (06/10/2017 09:03:35 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/10/2017 09:03:32 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: with error: This network connection does not exist. Error: (06/10/2017 09:03:32 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/10/2017 09:03:32 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: with error: This network connection does not exist. Error: (06/10/2017 09:03:32 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/10/2017 09:03:31 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: with error: The server name or address could not be resolved Error: (06/10/2017 09:03:31 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/10/2017 09:03:31 AM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (06/09/2017 10:22:05 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. System errors: ============= Error: (06/10/2017 08:50:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Error: (06/10/2017 08:50:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. Error: (06/10/2017 08:50:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. Error: (06/10/2017 08:50:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. Error: (06/10/2017 08:50:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. Error: (06/10/2017 08:49:10 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (06/10/2017 08:47:50 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (06/10/2017 08:18:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Error: (06/10/2017 08:18:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. Error: (06/10/2017 08:18:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3225 CPU @ 3.30GHz Percentage of memory in use: 9% Total physical RAM: 3271.88 MB Available physical RAM: 2972.15 MB Total Virtual: 5158.53 MB Available Virtual: 5054.85 MB ==================== Drives ================================ Drive c: (Zapasowy Dysk1) (Fixed) (Total:58.6 GB) (Free:48.62 GB) NTFS ==>[drive with boot components (Windows XP)] Drive d: (Zapasowy Dysk2) (Fixed) (Total:407.15 GB) (Free:406.87 GB) NTFS Drive f: (16GB USB) (Removable) (Total:14.4 GB) (Free:14.4 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 8F67F1C6) Partition 1: (Active) - (Size=58.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=407.2 GB) - (Type=05) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.4 GB) (Disk ID: C2839F9A) Partition 1: (Active) - (Size=14.4 GB) - (Type=0C) ==================== End of Addition.txt ============================