Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2015 01 Ran by Administrator (administrator) on CS1 on 01-05-2015 17:41:03 Running from F:\Documents and Settings\cs01\Desktop Loaded Profiles: cs01 & Administrator (Available profiles: cs01 & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) F:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Atheros) F:\WINDOWS\system32\acs.exe (Microsoft Corporation) F:\WINDOWS\system32\cisvc.exe (Seiko Epson Corporation) F:\WINDOWS\system32\escsvc.exe (Microsoft Corporation) F:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) F:\WINDOWS\system32\netdde.exe (NVIDIA Corporation) F:\WINDOWS\system32\nvsvc32.exe (Intel Corporation) F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Microsoft Corporation) F:\WINDOWS\system32\snmp.exe (Microsoft Corporation) F:\WINDOWS\system32\wscntfy.exe (Intel Corporation) F:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (NETGEAR) F:\Program Files\NETGEAR\WN111v2\WN111V2.exe (Mozilla Corporation) F:\Program Files\Mozilla Firefox\firefox.exe (Atheros Communications, Inc.) F:\Program Files\NETGEAR\WN111v2\jswpsapi.exe (Mozilla Corporation) F:\Program Files\Mozilla Firefox\plugin-container.exe (Microsoft Corporation) F:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) F:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation) F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE () H:\Software utility 2015\ophcrack-win32-installer-3.6.0.exe (Farbar) F:\Documents and Settings\cs01\Desktop\diagnostic FRST.exe (Adobe Systems Inc.) F:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Incorporated) F:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe (Adobe Systems) F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IntelZeroConfig] => F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [802816 2006-08-02] (Intel Corporation) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup HKU\S-1-5-21-839522115-1788223648-1606980848-1003\...\Run: [NokiaSuite.exe] => F:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia) SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk [2015-02-04] ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> F:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-839522115-1788223648-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = sn.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-839522115-1788223648-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = sn.com/ HKU\S-1-5-21-839522115-1788223648-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?rd=1&ucc=IT&dcc=IT&opt=0&ocid=iehp URLSearchHook: [S-1-5-21-839522115-1788223648-1606980848-500] ATTENTION ==> Default URLSearchHook is missing. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "abou" <======= ATTENTION SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - F:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - F:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - F:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{733296FC-2256-403D-AC30-199FF5744DF5}: [NameServer] 8.8.8.8,8.8.84.4 FireFox: ======== FF ProfilePath: F:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vynjgxf6.default FF Plugin: @adobe.com/FlashPlayer -> F:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll [2014-10-10] () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> F:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-18] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> F:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-18] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin -> F:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( ) FF Plugin: @photodex.com/PhotodexPresenter -> F:\Program Files\Photodex Presenter\npPxPlay.dll [2015-03-21] ( ) FF Plugin: @videolan.org/vlc,version=2.1.5 -> F:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> F:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin HKU\S-1-5-21-839522115-1788223648-1606980848-1003: @tools.google.com/Google Update;version=3 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-02-13] (Google Inc.) FF Plugin HKU\S-1-5-21-839522115-1788223648-1606980848-1003: @tools.google.com/Google Update;version=9 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-02-13] (Google Inc.) FF Plugin ProgramFiles/Appdata: F:\Program Files\mozilla firefox\plugins\npdivx32.dll [2007-01-03] (DivX,Inc.) FF Plugin ProgramFiles/Appdata: F:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2007-01-03] (DivX, Inc) FF Plugin ProgramFiles/Appdata: F:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-12-22] FF HKU\S-1-5-21-839522115-1788223648-1606980848-1003\...\Firefox\Extensions: [Subscription@helper.com] - F:\Program Files\SM\FF ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 6to4; F:\WINDOWS\System32\6to4svc.dll [100864 2012-01-12] (Microsoft Corporation) R2 ACS; F:\WINDOWS\system32\acs.exe [467028 2008-06-27] (Atheros) [File not signed] R3 Adobe LM Service; F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2014-11-28] (Adobe Systems) [File not signed] R2 EpsonScanSvc; F:\WINDOWS\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation) R2 EvtEng; F:\Program Files\Intel\Wireless\Bin\EvtEng.exe [434176 2006-08-02] (Intel Corporation) [File not signed] R2 IISADMIN; F:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation) S4 JavaQuickStarterService; F:\Program Files\Java\jre7\bin\jqs.exe [181664 2014-07-21] (Oracle Corporation) R3 jswpsapi; F:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [360547 2008-02-27] (Atheros Communications, Inc.) [File not signed] S4 MBAMService; F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S4 Motorola Device Manager; F:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) S2 MSFtpsvc; F:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation) S4 MyEpson Portal Service; F:\Program Files\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION) S2 nv4_mini; F:\Program Files\NVIDIA GeForce Go 6600\nv4_mini.exe [32768 2011-08-17] (NVIDIA Corporation) [File not signed] R2 RegSrvc; F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2006-08-02] (Intel Corporation) [File not signed] S2 S24EventMonitor; F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [937984 2006-08-02] (Intel Corporation ) [File not signed] S4 ScsiAccess; F:\Program Files\Photodex\ProShow Gold\ScsiAccess.exe [186760 2015-03-21] () S2 SMTPSVC; F:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation) R2 W3SVC; F:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; F:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2014-07-20] (Meetinghouse Data Communications) [File not signed] R3 ALCXWDM; F:\WINDOWS\System32\drivers\ALCXWDM.SYS [2284864 2005-02-17] (Realtek Semiconductor Corp.) S3 BrScnUsb; F:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) R3 DNINDIS5; F:\WINDOWS\system32\DNINDIS5.SYS [17149 2003-07-24] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 DrvAgent32; F:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2014-08-30] (Phoenix Technologies) [File not signed] R1 HWSCtrl; F:\Program Files\TOSHIBA\TOSHIBA Applet\HWS_IoDispatch.sys [6144 2004-12-11] () [File not signed] R3 JSWSCIMD; F:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2008-10-01] (Atheros Communications, Inc.) S3 MBAMProtector; F:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R0 mv61xxmm; F:\WINDOWS\system32\Drivers\mv61xxmm.sys [13616 2012-01-12] (Marvell Semiconductor Inc.) R0 mv64xxmm; F:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2012-01-12] (Marvell Semiconductor Inc.) [File not signed] R0 mvxxmm; F:\WINDOWS\system32\Drivers\mvxxmm.sys [13616 2012-01-12] (Marvell Semiconductor Inc.) S3 nm; F:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation) S3 OlyUsbCam; F:\WINDOWS\System32\DRIVERS\OlyUsbCam.sys [21952 2007-01-12] (OLYMPUS IMAGING CORP.) R0 PxHelp20; F:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-06-06] (Sonic Solutions) [File not signed] R3 Rasirda; F:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) R2 s24trans; F:\WINDOWS\System32\DRIVERS\s24trans.sys [12544 2006-08-02] (Intel Corporation) [File not signed] R1 SASDIFSV; F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SMCIRDA; F:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC) R0 sptd; F:\WINDOWS\System32\Drivers\sptd.sys [717296 2014-07-28] () [File not signed] R1 Tcpip6; F:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2012-01-12] (Microsoft Corporation) U3 TrueSight; F:\WINDOWS\system32\drivers\TrueSight.sys [33512 2014-09-18] () R3 w29n51; F:\WINDOWS\System32\DRIVERS\w29n51.sys [2206720 2006-06-29] (Intel® Corporation) R3 WN111v2; F:\WINDOWS\System32\DRIVERS\WN111v2.sys [601088 2010-04-20] (Atheros Communications, Inc.) R3 WSIMD; F:\WINDOWS\System32\DRIVERS\wsimd.sys [57408 2007-12-14] (Atheros Communications, Inc.) [File not signed] R3 yukonwxp; F:\WINDOWS\System32\DRIVERS\yk51x86.sys [224000 2005-02-17] (Marvell) U3 az80cug7; F:\WINDOWS\system32\Drivers\az80cug7.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) S2 DritekPortIO; \??\D:\fn-esse.temp\DPortIO.sys [X] S4 IntelIde; No ImagePath U5 TMUSB; F:\WINDOWS\System32\DRIVERS\TMUSBXP.SYS [49408 2014-03-19] (Seiko Epson Corporation) U5 Tosrfusb; F:\Windows\System32\Drivers\Tosrfusb.sys [40192 2006-06-09] (TOSHIBA CORPORATION) [File not signed] S3 USBAAPL; System32\Drivers\usbaapl.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) NETSVC: # -> No Registry Path. ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-01 17:34 - 2015-05-01 17:34 - 00001125 _____ () F:\WINDOWS\setupapi.log 2015-05-01 17:22 - 2015-05-01 17:41 - 00000000 ____D () F:\Program Files\ophcrack 2015-05-01 17:22 - 2015-05-01 17:41 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\ophcrack 2015-05-01 17:22 - 2015-05-01 17:22 - 00000713 _____ () F:\Documents and Settings\All Users\Desktop\ophcrack.lnk 2015-05-01 16:44 - 2015-05-01 16:46 - 00035756 _____ () F:\Documents and Settings\cs01\Desktop\Addition.txt 2015-05-01 16:43 - 2015-05-01 17:42 - 00013605 _____ () F:\Documents and Settings\cs01\Desktop\FRST.txt 2015-05-01 16:42 - 2015-05-01 16:40 - 01140736 _____ (Farbar) F:\Documents and Settings\cs01\Desktop\diagnostic FRST.exe 2015-05-01 16:40 - 2015-05-01 17:41 - 00000000 ____D () F:\FRST 2015-04-29 22:55 - 2015-04-29 22:55 - 00032196 _____ () F:\RootRepeal report 04-29-15 (22-55-16).txt 2015-04-29 21:22 - 2015-04-29 21:22 - 00000000 ____D () F:\Documents and Settings\Administrator\Application Data\Mozilla 2015-04-29 21:16 - 2015-04-29 21:16 - 00000000 ____D () F:\WINDOWS\CSC 2015-04-29 21:02 - 2015-04-30 16:17 - 00000159 _____ () F:\WINDOWS\wiadebug.log 2015-04-29 21:02 - 2015-04-30 16:17 - 00000050 _____ () F:\WINDOWS\wiaservc.log 2015-04-29 21:02 - 2015-04-30 00:48 - 00006044 _____ () F:\WINDOWS\SchedLgU.Txt 2015-04-29 21:02 - 2015-04-29 22:04 - 00000000 _____ () F:\WINDOWS\Sti_Trace.log 2015-04-29 20:46 - 2015-05-01 17:15 - 00048813 _____ () F:\WINDOWS\WindowsUpdate.log 2015-04-21 23:27 - 2015-04-21 23:27 - 00000000 ____D () F:\Documents and Settings\cs01\Application Data\OpenOffice.org 2015-04-21 22:04 - 2015-04-21 22:04 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\ClubSanDisk 2015-04-13 21:43 - 2015-04-13 21:43 - 00000816 _____ () F:\Documents and Settings\All Users\Desktop\MyEpson Portal.lnk 2015-04-13 21:43 - 2015-04-13 21:43 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Epson Software 2015-04-10 22:19 - 2015-04-18 16:40 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\aTube Catcher 2015-04-10 22:19 - 2015-04-10 22:19 - 00000000 ____D () F:\Program Files\DsNET Corp1 2015-04-10 22:12 - 2015-04-18 16:41 - 00000049 _____ () F:\WINDOWS\system32\ScrRecX.log 2015-04-10 21:33 - 2015-04-10 21:33 - 00000671 _____ () F:\Documents and Settings\cs01\Desktop\Shortcut to Temp.lnk 2015-04-10 14:26 - 2015-04-10 14:48 - 00000000 ____D () F:\Documents and Settings\cs01\.gimp-2.8 2015-04-10 14:25 - 2015-04-10 14:25 - 00000767 _____ () F:\Documents and Settings\All Users\Start Menu\Programs\GIMP 2.lnk 2015-04-10 14:21 - 2015-04-10 14:25 - 00000000 ____D () F:\Program Files\GIMP 2 2015-04-09 12:58 - 2015-04-09 12:58 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2015-04-09 12:40 - 2015-05-01 16:34 - 00000000 ____D () F:\Program Files\Trend Micro 2015-04-09 12:33 - 2015-04-09 12:33 - 00000104 _____ () F:\Documents and Settings\Administrator\Desktop\Shortcut to &Run....lnk 2015-04-09 12:28 - 2015-04-09 13:03 - 00000000 ____D () F:\Documents and Settings\Administrator\Desktop\New Folder 2015-04-08 23:26 - 2015-04-08 23:26 - 00000000 ____D () F:\Program Files\AVIcodec 2015-04-08 23:26 - 2015-04-08 23:26 - 00000000 ____D () F:\Documents and Settings\cs01\Start Menu\Programs\AVIcodec 2015-04-06 21:48 - 2015-04-27 21:17 - 00000000 ____D () F:\Documents and Settings\cs01\Application Data\vlc 2015-04-03 21:40 - 2015-04-03 21:40 - 00000000 ____D () F:\Documents and Settings\cs01\Application Data\Faxalo 2015-04-03 21:39 - 2015-04-03 21:40 - 00000000 ____D () F:\Program Files\Faxalo 2015-04-03 21:39 - 2015-04-03 21:40 - 00000000 ____D () F:\Documents and Settings\cs01\Start Menu\Programs\Faxalo 2015-04-03 21:39 - 2014-08-25 18:35 - 00083490 _____ () F:\WINDOWS\system32\zlib1.dll 2015-04-03 21:39 - 2007-07-25 21:53 - 01382356 _____ (Ibadov Tariel (itk@bk.ru)) F:\WINDOWS\system32\imgport.dll 2015-04-03 21:39 - 2007-07-13 19:19 - 00040448 _____ (Popesco) F:\WINDOWS\system32\PopFaxLocalMon.dll 2015-04-03 21:39 - 2007-06-27 19:38 - 00016896 _____ (Popesco) F:\WINDOWS\system32\PopFaxLocalUI.dll 2015-04-03 21:39 - 2006-03-28 20:51 - 00036352 _____ (GnuWin32 ) F:\WINDOWS\system32\tiffcp.exe 2015-04-03 21:39 - 2006-03-28 20:50 - 00376832 _____ (GnuWin32 ) F:\WINDOWS\system32\libtiff3.dll 2015-04-03 21:39 - 2005-05-16 00:08 - 00127488 _____ (Independent JPEG Group ) F:\WINDOWS\system32\jpeg62.dll 2015-04-03 17:22 - 2015-04-03 17:22 - 00000000 ____D () F:\Program Files\Hugin 2015-04-02 21:02 - 2015-04-02 21:02 - 00000000 ____D () F:\Documents and Settings\cs01\Application Data\Adobe Mini Bridge CS5.1 2015-04-01 17:40 - 2015-04-01 17:42 - 00000000 ____D () F:\Program Files\BurnAware Professional 2015-04-01 17:40 - 2015-04-01 17:40 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\BurnAware Professional 2015-04-01 12:56 - 2015-04-12 15:17 - 00000600 _____ () F:\Documents and Settings\cs01\Application Data\burnaware.ini ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-01 17:36 - 2015-02-14 00:36 - 00000917 _____ () F:\WINDOWS\Tasks\EPSON WF-2630 Series Update {444695D3-F9DF-4246-84FF-64E6048E24CB}.job 2015-05-01 17:33 - 2014-11-28 20:03 - 00002315 _____ () F:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk 2015-05-01 12:03 - 2014-07-04 15:13 - 00000000 ____D () F:\WINDOWS\system32\inetsrv 2015-04-30 16:17 - 2014-07-04 13:43 - 00000006 ____H () F:\WINDOWS\Tasks\SA.DAT 2015-04-30 16:17 - 2005-01-27 00:07 - 00018880 _____ () F:\WINDOWS\system32\nvapps.xml 2015-04-30 00:48 - 2014-07-20 15:29 - 00524288 _____ () F:\WINDOWS\system32\config\ACS.evt 2015-04-30 00:48 - 2014-07-04 13:45 - 00000278 ___SH () F:\Documents and Settings\cs01\ntuser.ini 2015-04-30 00:43 - 2014-07-07 19:46 - 00000000 ____D () F:\Documents and Settings\cs01\Desktop\MIA 2015-04-29 22:04 - 2014-07-04 13:45 - 00000000 ____D () F:\Documents and Settings\cs01 2015-04-29 21:59 - 2014-08-13 12:59 - 00000000 ____D () F:\Documents and Settings\cs01\Application Data\BitTorrent 2015-04-29 21:23 - 2014-07-26 09:06 - 00000000 ____D () F:\Program Files\Mozilla Firefox 2015-04-29 21:07 - 2014-07-21 19:15 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2015-04-29 20:36 - 2015-01-23 20:19 - 00000000 ____D () F:\Documents and Settings\Administrator 2015-04-29 19:21 - 2008-04-14 13:00 - 00002206 _____ () F:\WINDOWS\system32\wpa.dbl 2015-04-29 17:35 - 2014-07-22 15:09 - 00000000 ____D () F:\Documents and Settings\cs01\Application Data\Skype 2015-04-29 17:23 - 2014-07-04 18:28 - 00000000 ____D () F:\c -steinberg 2015-04-29 01:08 - 2014-07-04 18:18 - 00000000 ____D () F:\aggiorna 2015-04-28 16:55 - 2014-07-23 23:53 - 00000202 _____ () F:\WINDOWS\NeroDigital.ini 2015-04-28 10:07 - 2014-11-27 12:30 - 00000664 _____ () F:\WINDOWS\system32\d3d9caps.dat 2015-04-27 22:33 - 2008-04-14 13:00 - 00000647 _____ () F:\WINDOWS\win.ini 2015-04-27 22:33 - 2008-04-14 13:00 - 00000227 _____ () F:\WINDOWS\system.ini 2015-04-27 14:23 - 2014-12-04 14:27 - 00000000 ____D () F:\Vviu 2015-04-26 16:47 - 2014-07-04 19:06 - 00000000 ____D () F:\Program Files\eMule 2015-04-26 15:43 - 2014-07-04 18:36 - 00000000 ____D () F:\temp 2015-04-24 16:49 - 2014-07-04 18:17 - 00000000 ____D () F:\-- IMAGES -- 2015-04-23 15:18 - 2015-03-06 13:37 - 00000000 ____D () F:\WINDOWS\Minidump 2015-04-22 16:17 - 2015-02-10 23:04 - 00001478 _____ () F:\Documents and Settings\cs01\Desktop\cazzen.txt 2015-04-21 12:51 - 2014-11-29 17:57 - 00000012 _____ () F:\Documents and Settings\cs01\intlname.ols 2015-04-20 21:44 - 2015-01-16 18:28 - 00005694 _____ () F:\Documents and Settings\cs01\Desktop\1- DU Claudio darfst.txt 2015-04-17 15:01 - 2014-01-23 16:56 - 00051712 _____ () F:\Documents and Settings\cs01\Desktop\Passa 2014 old.xls 2015-04-17 09:26 - 2014-07-07 19:46 - 00000000 ____D () F:\Documents and Settings\cs01\Desktop\passaggio 2015-04-17 09:23 - 2015-03-18 14:30 - 68499883 _____ () F:\Documents and Settings\cs01\Desktop\ProShow Slideshow.pxc 2015-04-15 22:48 - 2014-10-13 17:54 - 00000000 ____D () F:\Program Files\PanoramaStudio2Pro_new 264 2015-04-15 22:48 - 2014-10-10 17:45 - 00000000 ____D () F:\Documents and Settings\cs01\Application Data\PanoramaStudio2Pro 2015-04-14 22:18 - 2014-07-20 15:46 - 00000000 ____D () F:\WINDOWS\system32\MRT 2015-04-14 22:17 - 2012-01-12 16:05 - 125832184 _____ (Microsoft Corporation) F:\WINDOWS\system32\mrt.exe 2015-04-14 18:13 - 2014-07-07 19:32 - 00000000 ____D () F:\Documents and Settings\not Utente Toshiba bye bye 2015-04-14 11:25 - 2015-02-25 15:57 - 00002341 _____ () F:\Documents and Settings\cs01\Start Menu\Programs\eMule Shell Extension.lnk 2015-04-14 11:09 - 2015-03-13 21:46 - 00000000 ____D () F:\Documents and Settings\cs01\Application Data\Epson 2015-04-14 11:09 - 2015-02-11 20:41 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\EPSON 2015-04-13 22:20 - 2015-03-13 21:53 - 00000665 _____ () F:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk 2015-04-13 21:43 - 2015-03-13 21:53 - 00000000 ____D () F:\Program Files\epson 2015-04-13 21:43 - 2015-02-07 19:45 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\EPSON 2015-04-13 21:42 - 2015-02-07 19:45 - 00000000 ____D () F:\Program Files\Epson Software 2015-04-13 21:42 - 2014-07-20 12:34 - 00000000 ___HD () F:\Program Files\InstallShield Installation Information 2015-04-13 13:00 - 2014-07-23 11:55 - 00000000 ____D () F:\Documents and Settings\cs01\Application Data\Nokia Suite 2015-04-13 12:48 - 2014-07-23 02:21 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Nokia 2015-04-13 12:48 - 2014-02-20 19:52 - 00001776 _____ () F:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk 2015-04-13 12:33 - 2014-07-04 15:20 - 00963852 _____ () F:\WINDOWS\system32\PerfStringBackup.INI 2015-04-13 11:47 - 2014-07-04 15:13 - 00000000 ____D () F:\WINDOWS\Help 2015-04-09 12:58 - 2014-07-04 19:03 - 00000000 ____D () F:\Program Files\Spybot - Search & Destroy 2015-04-09 12:36 - 2014-07-04 19:03 - 00000000 ____D () F:\Program Files\RegCleaner 2015-04-09 12:34 - 2014-07-04 18:47 - 00000000 ____D () F:\Program Files\CCleaner 2015-04-06 19:37 - 2014-07-04 18:17 - 00000000 ____D () F:\123 RAW 2015-04-05 19:08 - 2014-07-04 19:00 - 00000000 ____D () F:\Program Files\OLYMPUS 2015-04-03 17:22 - 2014-10-27 01:25 - 00000000 ____D () F:\Documents and Settings\cs01\Start Menu\Programs\Hugin 2015-04-03 16:45 - 2015-03-22 20:24 - 00000000 ____D () F:\Program Files\HitmanPro 2015-04-03 12:21 - 2014-11-28 20:03 - 00002363 _____ () F:\Documents and Settings\All Users\Start Menu\Programs\Adobe Designer 7.0.lnk 2015-04-03 12:20 - 2014-11-28 20:03 - 00002331 _____ () F:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 7.0.lnk 2015-04-02 21:17 - 2014-07-20 15:17 - 00000000 ____D () F:\Documents and Settings\cs01\Application Data\Adobe 2015-04-01 14:32 - 2014-07-07 19:46 - 00000000 ____D () F:\Documents and Settings\cs01\Desktop\trovolavoro ==================== Files in the root of some directories ======= 2013-04-18 23:26 - 2001-01-22 12:38 - 0328704 _____ (Fusion) F:\Program Files\CDCheck.exe 2013-08-29 15:13 - 2013-08-29 15:20 - 0000242 _____ () F:\Program Files\CDCheck.ini 2015-04-09 12:33 - 2015-04-09 12:34 - 0005120 _____ () F:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Files to move or delete: ==================== F:\Documents and Settings\not Utente Toshiba bye bye\TempWmicBatchFile.bat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) F:\WINDOWS\explorer.exe => File is digitally signed F:\WINDOWS\system32\winlogon.exe => File is digitally signed F:\WINDOWS\system32\svchost.exe => File is digitally signed F:\WINDOWS\system32\services.exe => File is digitally signed F:\WINDOWS\system32\User32.dll => File is digitally signed F:\WINDOWS\system32\userinit.exe => File is digitally signed F:\WINDOWS\system32\rpcss.dll => File is digitally signed F:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================