Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-08-2015 02 Ran by Administrator (2015-08-26 10:58:21) Running from C:\Documents and Settings\Administrator\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1608687927-1122366059-4076173488-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator ASPNET (S-1-5-21-1608687927-1122366059-4076173488-1003 - Limited - Enabled) Guest (S-1-5-21-1608687927-1122366059-4076173488-501 - Limited - Disabled) HelpAssistant (S-1-5-21-1608687927-1122366059-4076173488-1004 - Limited - Disabled) IUSR_IPU (S-1-5-21-1608687927-1122366059-4076173488-1007 - Limited - Enabled) IWAM_IPU (S-1-5-21-1608687927-1122366059-4076173488-1008 - Limited - Enabled) SUPPORT_388945a0 (S-1-5-21-1608687927-1122366059-4076173488-1002 - Limited - Disabled) sysmex (S-1-5-21-1608687927-1122366059-4076173488-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\sysmex ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Endpoint Antivirus 5.0 (Enabled - Out of date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ActivClient 6.1 x86 (Version: 6.1.100 - ActivIdentity) Hidden Adobe Reader 8.1.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated) CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform) CPUID CPU-Z 1.72.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) ESET Endpoint Antivirus (HKLM\...\{67D577E9-06CD-4603-9087-772149332CA3}) (Version: 5.0.2126.3 - ESET, spol. s r.o.) High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation) HP Help and Support (HKLM\...\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}) (Version: 4.2.0010 - HPQ) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) Intel(R) Network Connections 13.1.33.0 (HKLM\...\{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}) (Version: 13.1.33.0 - Intel) Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Bootvis (HKLM\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation) SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5830 - Analog Devices) Sybase SQL Anywhere 5.0 (HKLM\...\Sybase SQL Anywhere 5.0) (Version: - ) Sysmex Service Controller (HKLM\...\{1322086E-A8D5-4B4D-A36D-E5B4848DA453}) (Version: 1.18.00.00 - Sysmex Europe GmbH) TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.45862 - TeamViewer) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) XE-2100 (HKLM\...\XE-2100) (Version: - ) Xerox Phaser 3250 (HKLM\...\Xerox Phaser 3250) (Version: - ) XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 25-08-2015 20:59:08 Software Distribution Service 3.0 25-08-2015 21:53:56 Printer Driver Microsoft XPS Document Writer Installed 25-08-2015 22:37:51 Software Distribution Service 3.0 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-12-10 19:41 - 2006-02-28 09:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Opera N Saturday.job => C:\Program Files\Opera\launcher.exe Task: C:\WINDOWS\Tasks\Opera N Sunday.job => C:\Program Files\Opera\launcher.exe ==================== Loaded Modules (Whitelisted) ============== 2007-11-28 03:41 - 2007-11-28 03:41 - 00114688 _____ () C:\WINDOWS\system32\aicext.dll 2013-05-15 17:21 - 2007-11-12 04:00 - 00022723 _____ () C:\WINDOWS\system32\sxp2ml3.dll 2004-08-04 09:56 - 2013-01-02 08:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll 2004-08-04 09:56 - 2008-04-14 02:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2004-08-04 09:56 - 2008-04-14 02:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2015-04-01 21:51 - 2015-04-01 21:51 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll 2015-08-24 20:28 - 2015-08-24 20:28 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1045.dll 2013-05-15 15:59 - 2007-11-23 05:16 - 00114688 _____ () C:\Program Files\Sysmex\IPU\remoteprt.exe 2013-05-15 16:01 - 2007-11-23 05:15 - 00086016 _____ () C:\WINDOWS\SHXCOMMON.dll 2013-05-15 16:01 - 2007-11-23 05:16 - 00073728 _____ () C:\WINDOWS\SHXDATE.dll 2013-05-15 16:01 - 2007-11-23 05:16 - 00081920 _____ () C:\WINDOWS\SHXFIO.dll 2013-05-15 16:01 - 2007-11-23 05:16 - 00090112 _____ () C:\WINDOWS\shxmstset.dll 2013-05-15 16:01 - 2007-11-23 05:15 - 00126976 _____ () C:\WINDOWS\shxMVC.dll 2013-05-15 16:01 - 2007-11-23 05:16 - 00036864 _____ () C:\WINDOWS\shxNumber.dll 2013-05-15 16:01 - 2007-11-23 05:15 - 00045056 _____ () C:\WINDOWS\ShxGraphCtrl.dll 2013-05-15 16:01 - 2007-11-23 05:16 - 00036864 _____ () C:\WINDOWS\shxrpt.dll 2013-05-15 16:01 - 2007-11-23 05:15 - 00024576 _____ () C:\WINDOWS\shxCaptureWindow.dll 2013-05-15 16:10 - 2003-06-17 11:50 - 00028672 _____ () C:\Program Files\Sysmex\IPU\SysmexDLL\XE_pro\XE_pro\ENU\XE_proLicense.Dll 2013-05-15 16:01 - 2007-11-09 07:12 - 00200704 _____ () C:\Program Files\Sysmex\IPU\SysmexDLL\XE_pro\XE_pro\ENU\GPReportSetting.dll 2013-05-15 16:01 - 2007-11-09 07:12 - 00061440 _____ () C:\Program Files\Sysmex\IPU\SysmexDLL\XE_pro\XE_pro\ENU\ReagtAmt.dll 2013-05-15 16:01 - 2007-11-09 07:12 - 00090112 _____ () C:\Program Files\Sysmex\IPU\SysmexDLL\XE_pro\XE_pro\ENU\ReagtLog.dll 2013-05-15 15:52 - 1997-10-01 18:00 - 00097816 _____ () c:\sqlany50\win32\dbl50t.dll 2013-05-15 15:52 - 1997-10-01 18:00 - 00136216 _____ () c:\sqlany50\win32\wod50t.dll 2013-05-15 15:52 - 1997-10-01 18:00 - 00275480 _____ () c:\sqlany50\win32\wl50ent.dll 2013-05-15 15:52 - 1997-10-01 18:00 - 01036824 _____ () c:\sqlany50\win32\dbsrv50.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1608687927-1122366059-4076173488-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Bliss.bmp DNS Servers: 10.244.153.167 - 10.244.153.15 Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: PDF Complete => C:\Program Files\PDF Complete\pdfsty.exe MSCONFIG\startupreg: SoundMAX => "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe MSCONFIG\startupreg: Xerox PanelMgr => C:\WINDOWS\Xerox\PanelMgr\SSMMgr.exe /autorun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service StandardProfile\GloballyOpenPorts: [8626:TCP] => Enabled:jrmnf ==================== Faulty Device Manager Devices ============= Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (08/26/2015 10:57:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application frst.exe, version 25.8.2015.2, faulting module frst.exe, version 25.8.2015.2, fault address 0x0002105e. Processing media-specific event for [frst.exe!ws!] Error: (08/26/2015 12:59:34 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (08/25/2015 10:01:25 PM) (Source: Ci) (EventID: 4127) (User: ) Description: Content index on c:\system volume information\catalog.wci could not be initialized. Error 3221225529. Error: (08/25/2015 09:53:55 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (08/25/2015 05:02:21 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (08/25/2015 05:02:21 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (08/25/2015 05:01:36 PM) (Source: Ci) (EventID: 4128) (User: ) Description: Error 3221225529 detected in content index on c:\inetpub\catalog.wci. Error: (08/25/2015 05:01:34 PM) (Source: Ci) (EventID: 4128) (User: ) Description: Error 3221225529 detected in content index on c:\system volume information\catalog.wci. Error: (08/15/2015 06:49:49 AM) (Source: Ci) (EventID: 4126) (User: ) Description: Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will be automatically restored by refiltering all documents. Error: (08/15/2015 06:49:49 AM) (Source: Ci) (EventID: 4124) (User: ) Description: Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart the Indexing Service (cisvc). System errors: ============= Error: (08/26/2015 08:33:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (08/26/2015 08:33:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SSPORT service failed to start due to the following error: %%2 Error: (08/26/2015 08:33:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The DgiVecp service failed to start due to the following error: %%2 Error: (08/26/2015 08:20:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (08/26/2015 08:19:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SSPORT service failed to start due to the following error: %%2 Error: (08/26/2015 08:19:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The DgiVecp service failed to start due to the following error: %%2 Error: (08/26/2015 02:55:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (08/26/2015 02:53:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SSPORT service failed to start due to the following error: %%2 Error: (08/26/2015 02:53:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The DgiVecp service failed to start due to the following error: %%2 Error: (08/26/2015 12:59:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Microsoft Office: ========================= Error: (08/26/2015 10:57:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: frst.exe25.8.2015.2frst.exe25.8.2015.20002105e Error: (08/26/2015 12:59:34 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (08/25/2015 10:01:25 PM) (Source: Ci) (EventID: 4127) (User: ) Description: c:\system volume information\catalog.wci3221225529 Error: (08/25/2015 09:53:55 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (08/25/2015 05:02:21 PM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (08/25/2015 05:02:21 PM) (Source: crypt32) (EventID: 11) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (08/25/2015 05:01:36 PM) (Source: Ci) (EventID: 4128) (User: ) Description: 3221225529c:\inetpub\catalog.wci Error: (08/25/2015 05:01:34 PM) (Source: Ci) (EventID: 4128) (User: ) Description: 3221225529c:\system volume information\catalog.wci Error: (08/15/2015 06:49:49 AM) (Source: Ci) (EventID: 4126) (User: ) Description: c:\system volume information\catalog.wci Error: (08/15/2015 06:49:49 AM) (Source: Ci) (EventID: 4124) (User: ) Description: c:\system volume information\catalog.wci ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz Percentage of memory in use: 19% Total physical RAM: 3519.17 MB Available physical RAM: 2823.39 MB Total Virtual: 5401.27 MB Available Virtual: 4829.5 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:37.4 GB) (Free:23.28 GB) NTFS ==>[drive with boot components (Windows XP)] Drive d: () (Fixed) (Total:37.13 GB) (Free:36.8 GB) NTFS