Previously had installed Emsisoft, but trial expired and then it would not let me uninstall. Now installing license, but was blocked. Ran EEK and it found nothing.
Ran the emsisoft cleaner and removed traces of Emsisoft. Re-installed and got to the part whee it tries to start the services and it failed due to access permissions.
Downloaded and ran FRT with this log for Addition
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
Ran by back at 2015-02-16 19:57:16
Running from C:\Documents and Settings\Back\My Documents\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL LLC)
Brilliant Distinctions® Consumer Loyalty Program Desktop Shortcut (HKLM\...\{967FEC46-7050-4416-853F-5F135A1F3538}) (Version: 1.0.0 - Allergan)
Brother MFL-Pro Suite MFC-8910DW (HKLM\...\{37372D85-4945-4B6B-AC87-7BC5D1AB9F5C}) (Version: 2.0.1.0 - Brother Industries, Ltd.)
Canfield Imaging Systems Authorization Service (HKLM\...\{FE5116D0-AC4D-4FB1-B912-F56D797F20CF}) (Version: 1.0.0 - Canfield Imaging Systems)
CareCredit CCware Version 5.0 (HKLM\...\1.0_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-39696910-2898855496-1953257180-1146\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Backup and Recovery Manager (HKLM\...\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}) (Version: 2.5C - Hewlett-Packard Company)
HP Color LaserJet CP2020 Series 1.0 (HKLM\...\{A5F39441-3414-4db2-9A71-0BA8AB3CB16A}) (Version: 1.0 - HP)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
hppFonts (Version: 001.001.00056 - Hewlett-Packard) Hidden
hppManualsCP2020 (Version: 001.000.00112 - Hewlett-Packard) Hidden
hppPQVideoCP2020 (Version: 001.000.00112 - Hewlett-Packard) Hidden
hppQFolderCP2020 (Version: 1.00.0000 - Hewlett-Packard) Hidden
hppTLBXFXCP2020 (Version: 001.012.00091 - Hewlett-Packard) Hidden
hppusgCP2020 (Version: 000.000.00011 - Hewlett-Packard) Hidden
hpzTLBXFX (Version: 004.012.00146 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® Network Connections 13.1.33.0 (HKLM\...\{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}) (Version: 13.1.33.0 - Intel)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.36 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.5.10.36 - InterVideo Inc.) Hidden
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Lexmark Printer Software Uninstall (HKLM\...\Lexmark Printer Software Uninstall) (Version: - )
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{4AB6A079-178B-4144-B21F-4D1AE71666A2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BF251EAF-8697-4E89-BF09-C998F97BBC40}) (Version: 9.00.1399.06 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mirror (HKLM\...\{D2F1E8F2-2D9A-4F9E-9428-0A8E6943DD56}) (Version: 7.3.8.0 - Canfield Imaging Systems)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
NexTech Practice (HKLM\...\{B3E1FDA0-D746-801D-365E-732A2B856611}) (Version: 10.09.0008 - NexTech, Inc)
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.109 - PDF Complete, Inc)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5708 - Realtek Semiconductor Corp.)
ScanSoft PaperPort 11 (HKLM\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
TeleVox ASP Core Components (HKLM\...\TeleVox ASP Core Components) (Version: - TeleVox Software, Inc.)
TeleVox WebPost (.NET Release) (HKLM\...\{36D591A0-E658-4144-84C3-CC66C2D8BD7E}) (Version: 2.0.0.0 - TeleVox Software)
Uninstall AOL Emergency Connect Utility 1.0 (HKLM\...\AOL Emergency Connect Utility 1.0) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (HKLM\...\4C8545EEB6143B6AD3858B5D1E0AEE76040B1435) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) (HKLM\...\6849F67BACD4DA5A5B9D46803E6850D0BE8B3826) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2008-04-14 04:00 - 2008-04-14 04:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{C9F5C61F-0E82-4A86-BE8B-90B1149A05E2}.job => C:\WINDOWS\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) ==============
2008-04-14 04:00 - 2008-04-14 04:00 - 00015360 _____ () C:\WINDOWS\system32\tsd32.dll
2011-08-05 07:52 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2009-10-17 02:55 - 2006-07-10 12:53 - 00872448 _____ () C:\WINDOWS\SMINST\Scheduler.exe
2015-02-05 21:31 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\26969793.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\26969793.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-39696910-2898855496-1953257180-1146\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.10.10.11
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1257380677\ee\AOLSoftware.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Reminder => C:\WINDOWS\Creator\Remind_XP.exe
MSCONFIG\startupreg: SetRefresh => C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: ToolBoxFX => "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
==================== Accounts: =============================
Administrator (S-1-5-21-2670442265-2010055783-3286360342-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2670442265-2010055783-3286360342-1003 - Limited - Enabled)
Guest (S-1-5-21-2670442265-2010055783-3286360342-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2670442265-2010055783-3286360342-1008 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-2670442265-2010055783-3286360342-1002 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/30/2015 10:59:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 40.0.2214.93, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/09/2015 06:25:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x0014c493.
Processing media-specific event for [iexplore.exe!ws!]
Error: (01/07/2015 01:11:32 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.
Error: (01/07/2015 08:49:13 AM) (Source: MsiInstaller) (EventID: 11500) (User: DOMAIN)
Description: Product: Microsoft Office Standard 2010 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)
Error: (01/07/2015 08:43:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Setup.exe, version 14.0.7011.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/07/2015 04:33:49 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.
Error: (01/07/2015 04:29:47 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.
Error: (01/07/2015 01:06:43 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.
Error: (01/06/2015 09:18:30 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STMON BrtSTMON: [2015/01/06 21:18:30.052]: [00000564]: Error : ExecMonitor()
Error: (01/06/2015 09:16:30 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STMON BrtSTMON: [2015/01/06 21:16:30.037]: [00000564]: Error : ExecMonitor()
System errors:
=============
Error: (02/16/2015 07:50:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Restore Service service terminated with the following error:
%%2
Error: (02/16/2015 07:49:15 PM) (Source: SRService) (EventID: 104) (User: )
Description: The System Restore initialization process failed.
Error: (02/16/2015 07:44:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Restore Service service terminated with the following error:
%%2
Error: (02/16/2015 07:43:27 PM) (Source: SRService) (EventID: 104) (User: )
Description: The System Restore initialization process failed.
Error: (02/16/2015 07:39:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Restore Service service terminated with the following error:
%%2
Error: (02/16/2015 07:38:06 PM) (Source: SRService) (EventID: 104) (User: )
Description: The System Restore initialization process failed.
Error: (02/16/2015 07:34:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Restore Service service terminated with the following error:
%%2
Error: (02/16/2015 07:33:34 PM) (Source: SRService) (EventID: 104) (User: )
Description: The System Restore initialization process failed.
Error: (02/16/2015 06:53:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Restore Service service terminated with the following error:
%%2
Error: (02/16/2015 06:52:40 PM) (Source: SRService) (EventID: 104) (User: )
Description: The System Restore initialization process failed.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 28%
Total physical RAM: 2013.1 MB
Available physical RAM: 1434.79 MB
Total Pagefile: 3905.5 MB
Available Pagefile: 3472.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1929.19 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:133.04 GB) (Free:102.82 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Network) (Total:926.11 GB) (Free:347.78 GB)
Drive y: (HP_RECOVERY) (Fixed) (Total:16 GB) (Free:11.98 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 3B2B3B2B)
Partition 1: (Active) - (Size=133 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
and FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by back (administrator) on HP-DX7500 on 16-02-2015 19:56:34
Running from C:\Documents and Settings\Back\My Documents\Downloads
Loaded Profiles: back (Available profiles: Administrator & front & back & Exam & Doc & student & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SafeNet Inc.) C:\windows\system32\hasplms.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\windows\system32\rdpclip.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist\896\g2aprocessfactory.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
() C:\windows\SMINST\Scheduler.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HPPQVideo] => C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CP2020 Series\bin\hppschlnch.exe [106496 2007-05-07] (Hewlett-Packard)
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [Scheduler] => C:\WINDOWS\SMINST\Scheduler.exe [872448 2006-07-10] ()
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
HKLM\...\Run: [emsisoft anti-malware] => C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
HKLM Group Policy restriction on software: C:\Program Files\Emsisoft Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-39696910-2898855496-1953257180-1146\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-04] (Google Inc.)
HKU\S-1-5-21-39696910-2898855496-1953257180-1146\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-39696910-2898855496-1953257180-1146\...\Policies\Explorer: [EditLevel] 0
HKU\S-1-5-21-39696910-2898855496-1953257180-1146\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-39696910-2898855496-1953257180-1146\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-39696910-2898855496-1953257180-1146\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-39696910-2898855496-1953257180-1146\...\MountPoints2: F - F:\LaunchU3.exe -a
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-39696910-2898855496-1953257180-1146\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM - (No Name) - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://toolbar.aol.com/browserpages/newtab-aol-ie-en-us.html"<======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-39696910-2898855496-1953257180-1146 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
Toolbar: HKU\S-1-5-21-39696910-2898855496-1953257180-1146 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
DPF: {378A9604-2EBB-4A7E-8266-72F87CFB4197} https://www-atl.mytelevox.com/housecalls/cabs/ctlListView.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257371157078
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257371212046
DPF: {845C260B-A44B-49A3-86A6-71430B3000A0} https://www.mytelevox.com/labcalls/cabs/TeleVoxAudioPlayer.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} https://techinline.net/Client/TIClient.cab?7373
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://agnmeetings.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 10.10.10.11
FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-39696910-2898855496-1953257180-1146: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Back\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-04]
FF HKU\S-1-5-21-39696910-2898855496-1953257180-1146\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files\SiteAdvisor\6173\FF
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Documents and Settings\Back\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Back\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Documents and Settings\Back\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-18]
CHR Extension: (Google Search) - C:\Documents and Settings\Back\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Back\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Documents and Settings\Back\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-26]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 Canfield Imaging Systems Authorization Service; C:\Program Files\Common Files\Canfield Shared\HaspService\HaspService.exe [823296 2013-04-02] (Canfield Clinical Systems) [File not signed]
S4 GoToAssist; C:\Program Files\Citrix\GoToAssist\896\g2aservice.exe [13720 2013-06-27] (Citrix Online, a division of Citrix Systems, Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [364544 2006-06-13] (SoftThinks) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S4 adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [105472 2002-05-08] (Adaptec, Inc.) [File not signed]
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [243856 2008-06-13] (Intel Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [605128 2012-09-27] (SafeNet Inc.)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2008-04-13] (Intel® Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2008-04-13] (Intel® Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2008-04-13] (Intel® Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2008-04-13] (Intel® Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2008-04-13] (Intel® Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2008-04-13] (Intel® Corporation)
S3 iAimFP5; C:\WINDOWS\System32\DRIVERS\wADV07nt.sys [11807 2008-04-13] (Intel® Corporation)
S3 iAimFP6; C:\WINDOWS\System32\DRIVERS\wADV08nt.sys [11295 2008-04-13] (Intel® Corporation)
S3 iAimFP7; C:\WINDOWS\System32\DRIVERS\wADV09nt.sys [11871 2008-04-13] (Intel® Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2008-04-13] (Intel® Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2008-04-13] (Intel® Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2008-04-13] (Intel® Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2008-04-13] (Intel® Corporation)
S3 iAimTV5; C:\WINDOWS\System32\DRIVERS\wATV10nt.sys [25471 2008-04-13] (Intel® Corporation)
S3 iAimTV6; C:\WINDOWS\System32\DRIVERS\wATV06nt.sys [22271 2008-04-13] (Intel® Corporation)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [10368 2005-09-20] (InterVideo, Inc.) [File not signed]
S3 MfeAVFK; C:\WINDOWS\System32\drivers\MfeAVFK.sys [79816 2009-05-15] (McAfee, Inc.)
S3 MfeBOPK; C:\WINDOWS\System32\drivers\MfeBOPK.sys [35272 2009-05-15] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [214024 2009-05-15] (McAfee, Inc.)
S3 MfeRKDK; C:\WINDOWS\System32\drivers\MfeRKDK.sys [34248 2009-05-15] (McAfee, Inc.)
R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [55336 2009-05-15] (McAfee, Inc.)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30816 2008-05-23] (Intel Corporation )
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
S4 Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [28416 2002-04-04] (LSI Logic) [File not signed]
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-16 19:56 - 2015-02-16 19:56 - 00000000 ____D () C:\FRST
2015-02-16 19:49 - 2015-02-16 19:49 - 00118784 _____ (SoftThinks) C:\WINDOWS\system32\chg.exe
2015-02-16 19:41 - 2015-02-16 19:46 - 00000766 _____ () C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
2015-02-16 19:40 - 2015-02-16 19:46 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2015-02-16 19:37 - 2015-02-16 19:37 - 00136763 _____ () C:\Documents and Settings\Back\Desktop\EmsiClean_2015.02.16_19.37.05.txt
2015-02-16 19:34 - 2015-02-16 19:34 - 00000420 _____ () C:\WINDOWS\regopt.log
2015-02-16 19:30 - 2015-02-16 18:44 - 175435216 _____ (Emsisoft Ltd. ) C:\Documents and Settings\Back\Desktop\EmsisoftAntiMalwareSetup.exe
2015-02-16 19:25 - 2015-02-16 19:25 - 00000000 ____D () C:\Support
2015-02-09 14:56 - 2015-02-09 14:58 - 00031907 _____ () C:\Documents and Settings\Back\Desktop\ac1.htm
2015-02-09 14:56 - 2015-02-09 14:57 - 00000000 ____D () C:\Documents and Settings\Back\Desktop\ac3_files
2015-02-09 14:56 - 2015-02-09 14:56 - 00052459 _____ () C:\Documents and Settings\Back\Desktop\ac2.htm
2015-02-09 14:56 - 2015-02-09 14:56 - 00052450 _____ () C:\Documents and Settings\Back\Desktop\ac3.htm
2015-02-09 14:56 - 2015-02-09 14:56 - 00000000 ____D () C:\Documents and Settings\Back\Desktop\ac2_files
2015-02-09 14:56 - 2015-02-09 14:56 - 00000000 ____D () C:\Documents and Settings\Back\Desktop\ac1_files
2015-01-22 10:10 - 2015-01-22 10:10 - 00010545 _____ () C:\Documents and Settings\Back\Desktop\lotus.htm
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-16 19:57 - 2009-11-04 16:44 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{C9F5C61F-0E82-4A86-BE8B-90B1149A05E2}.job
2015-02-16 19:56 - 2009-11-06 13:38 - 00000000 ____D () C:\Documents and Settings\Back\Local Settings\Temp
2015-02-16 19:52 - 2014-03-10 07:01 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-02-16 19:52 - 2010-03-25 11:11 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 19:52 - 2009-10-17 02:55 - 00000000 ____D () C:\WINDOWS\SMINST
2015-02-16 19:52 - 2009-04-06 09:55 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-16 19:50 - 2009-04-06 10:00 - 01155342 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-16 19:49 - 2009-11-06 13:35 - 00000120 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2015-02-16 19:49 - 2009-04-06 10:00 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 19:49 - 2009-04-06 02:29 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-16 19:49 - 2009-04-06 02:29 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-16 19:48 - 2009-11-06 13:38 - 00000178 ___SH () C:\Documents and Settings\Back\ntuser.ini
2015-02-16 19:48 - 2009-04-06 10:00 - 00032486 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-16 19:47 - 2009-04-06 09:41 - 00000645 _____ () C:\WINDOWS\win.ini
2015-02-16 19:47 - 2009-04-06 09:31 - 00000211 __RSH () C:\boot.ini
2015-02-16 19:47 - 2009-04-06 02:26 - 00000227 _____ () C:\WINDOWS\system.ini
2015-02-16 19:46 - 2014-12-30 10:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
2015-02-16 19:35 - 2013-06-27 07:37 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-16 19:34 - 2009-04-06 02:24 - 00001024 ____H () C:\WINDOWS\system32\config\userdiff.LOG
2015-02-16 19:30 - 2010-03-25 11:11 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 18:42 - 2010-09-21 10:59 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-02-16 18:42 - 2009-10-17 02:29 - 00000000 ____D () C:\WINDOWS\security
2015-02-13 04:38 - 2009-10-17 02:34 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-02-12 03:09 - 2013-08-14 02:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 03:04 - 2009-11-04 19:18 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-12 03:04 - 2009-10-17 02:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-02-11 07:45 - 2009-11-06 13:36 - 00000000 __SHD () C:\WINDOWS\CSC
2015-02-11 00:18 - 2009-10-17 02:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PDFC
2015-02-10 15:45 - 2009-11-06 13:38 - 00000000 ____D () C:\Documents and Settings\Back
2015-02-09 07:51 - 2014-03-10 07:01 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-02-05 21:31 - 2011-08-26 09:00 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2014-01-23 13:38 - 2014-01-23 13:38 - 0000000 _____ () C:\Documents and Settings\Back\Application Data\SharedSettings.ccs
2011-04-15 11:08 - 2011-04-15 11:08 - 0000127 _____ () C:\Documents and Settings\Back\Local Settings\Application Data\fusioncache.dat
2014-01-23 13:39 - 2014-01-23 13:39 - 0067992 _____ () C:\Documents and Settings\Back\Local Settings\Application Data\lxngicmv
2014-01-23 13:40 - 2014-01-23 13:40 - 0012326 _____ () C:\Documents and Settings\Back\Local Settings\Application Data\npckvkul
2009-11-06 13:38 - 2008-02-05 15:28 - 0000051 _____ () C:\Documents and Settings\Back\Local Settings\Application Data\setup.txt
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\AcsInstall.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\SHFOLDER.DLL
C:\Documents and Settings\Back\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\Back\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Back\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\student\Local Settings\Temp\contentDATs.exe
C:\Documents and Settings\student\Local Settings\Temp\SecurityScan_Release.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Next step?
==================== End Of Log ============================