Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2015 01 Ran by cs01 (administrator) on CS1 on 01-05-2015 16:40:39 Running from H:\Software utility 2015 Loaded Profiles: cs01 (Available profiles: cs01 & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) F:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Atheros) F:\WINDOWS\system32\acs.exe (Microsoft Corporation) F:\WINDOWS\system32\cisvc.exe (Seiko Epson Corporation) F:\WINDOWS\system32\escsvc.exe (Microsoft Corporation) F:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) F:\WINDOWS\system32\netdde.exe (NVIDIA Corporation) F:\WINDOWS\system32\nvsvc32.exe (Intel Corporation) F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Microsoft Corporation) F:\WINDOWS\system32\snmp.exe (Microsoft Corporation) F:\WINDOWS\system32\wscntfy.exe (Intel Corporation) F:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (NETGEAR) F:\Program Files\NETGEAR\WN111v2\WN111V2.exe (Mozilla Corporation) F:\Program Files\Mozilla Firefox\firefox.exe (Atheros Communications, Inc.) F:\Program Files\NETGEAR\WN111v2\jswpsapi.exe (Mozilla Corporation) F:\Program Files\Mozilla Firefox\plugin-container.exe (Microsoft Corporation) F:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation) F:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Farbar) H:\Software utility 2015\diagnostic FRST.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IntelZeroConfig] => F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [802816 2006-08-02] (Intel Corporation) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup HKU\S-1-5-21-839522115-1788223648-1606980848-1003\...\Run: [NokiaSuite.exe] => F:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia) SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk [2015-02-04] ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> F:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-839522115-1788223648-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = sn.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-839522115-1788223648-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = sn.com/ HKU\S-1-5-21-839522115-1788223648-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?rd=1&ucc=IT&dcc=IT&opt=0&ocid=iehp HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "abou" <======= ATTENTION SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - F:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - F:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - F:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{733296FC-2256-403D-AC30-199FF5744DF5}: [NameServer] 8.8.8.8,8.8.84.4 FireFox: ======== FF ProfilePath: F:\Documents and Settings\cs01\Application Data\Mozilla\Firefox\Profiles\ubjnxy4p.default FF DefaultSearchEngine: Custom search FF SelectedSearchEngine: Custom search FF Homepage: www.google.com FF Keyword.URL: hxxp://www.starwebsearch.com/results.php?q= FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer -> F:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll [2014-10-10] () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> F:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-18] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> F:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-18] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin -> F:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( ) FF Plugin: @photodex.com/PhotodexPresenter -> F:\Program Files\Photodex Presenter\npPxPlay.dll [2015-03-21] ( ) FF Plugin: @videolan.org/vlc,version=2.1.5 -> F:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> F:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin HKU\S-1-5-21-839522115-1788223648-1606980848-1003: @tools.google.com/Google Update;version=3 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-02-13] (Google Inc.) FF Plugin HKU\S-1-5-21-839522115-1788223648-1606980848-1003: @tools.google.com/Google Update;version=9 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\npGoogleUpdate3.dll [2015-02-13] (Google Inc.) FF Plugin ProgramFiles/Appdata: F:\Program Files\mozilla firefox\plugins\npdivx32.dll [2007-01-03] (DivX,Inc.) FF Plugin ProgramFiles/Appdata: F:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2007-01-03] (DivX, Inc) FF Plugin ProgramFiles/Appdata: F:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation) FF SearchPlugin: F:\Documents and Settings\cs01\Application Data\Mozilla\Firefox\Profiles\ubjnxy4p.default\searchplugins\GoogleFeed.xml [2014-12-22] FF SearchPlugin: F:\Documents and Settings\cs01\Application Data\Mozilla\Firefox\Profiles\ubjnxy4p.default\searchplugins\sideload-search.xml [2015-04-10] FF Extension: Firefox Synchronisation Extension - F:\Documents and Settings\cs01\Application Data\Mozilla\Firefox\Profiles\ubjnxy4p.default\Extensions\synchronize@nokia.suite [2015-03-01] FF Extension: DownloadHelper - F:\Documents and Settings\cs01\Application Data\Mozilla\Firefox\Profiles\ubjnxy4p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-04-10] FF Extension: FullRip.net Youtube Video Converter - F:\Documents and Settings\cs01\Application Data\Mozilla\Firefox\Profiles\ubjnxy4p.default\Extensions\admin@fullrip.net.xpi [2014-12-22] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-12-22] FF HKU\S-1-5-21-839522115-1788223648-1606980848-1003\...\Firefox\Extensions: [Subscription@helper.com] - F:\Program Files\SM\FF Chrome: ======= CHR Profile: F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-04-29] CHR Extension: (Google Wallet) - F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-29] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 6to4; F:\WINDOWS\System32\6to4svc.dll [100864 2012-01-12] (Microsoft Corporation) R2 ACS; F:\WINDOWS\system32\acs.exe [467028 2008-06-27] (Atheros) [File not signed] S3 Adobe LM Service; F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2014-11-28] (Adobe Systems) [File not signed] R2 EpsonScanSvc; F:\WINDOWS\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation) R2 EvtEng; F:\Program Files\Intel\Wireless\Bin\EvtEng.exe [434176 2006-08-02] (Intel Corporation) [File not signed] R2 IISADMIN; F:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation) S4 JavaQuickStarterService; F:\Program Files\Java\jre7\bin\jqs.exe [181664 2014-07-21] (Oracle Corporation) R3 jswpsapi; F:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [360547 2008-02-27] (Atheros Communications, Inc.) [File not signed] S4 MBAMService; F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S4 Motorola Device Manager; F:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) S2 MSFtpsvc; F:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation) S4 MyEpson Portal Service; F:\Program Files\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION) S2 nv4_mini; F:\Program Files\NVIDIA GeForce Go 6600\nv4_mini.exe [32768 2011-08-17] (NVIDIA Corporation) [File not signed] R2 RegSrvc; F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2006-08-02] (Intel Corporation) [File not signed] S2 S24EventMonitor; F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [937984 2006-08-02] (Intel Corporation ) [File not signed] S4 ScsiAccess; F:\Program Files\Photodex\ProShow Gold\ScsiAccess.exe [186760 2015-03-21] () S2 SMTPSVC; F:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation) R2 W3SVC; F:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; F:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2014-07-20] (Meetinghouse Data Communications) [File not signed] R3 ALCXWDM; F:\WINDOWS\System32\drivers\ALCXWDM.SYS [2284864 2005-02-17] (Realtek Semiconductor Corp.) S3 BrScnUsb; F:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) R3 DNINDIS5; F:\WINDOWS\system32\DNINDIS5.SYS [17149 2003-07-24] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 DrvAgent32; F:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2014-08-30] (Phoenix Technologies) [File not signed] R1 HWSCtrl; F:\Program Files\TOSHIBA\TOSHIBA Applet\HWS_IoDispatch.sys [6144 2004-12-11] () [File not signed] R3 JSWSCIMD; F:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2008-10-01] (Atheros Communications, Inc.) S3 MBAMProtector; F:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R0 mv61xxmm; F:\WINDOWS\system32\Drivers\mv61xxmm.sys [13616 2012-01-12] (Marvell Semiconductor Inc.) R0 mv64xxmm; F:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2012-01-12] (Marvell Semiconductor Inc.) [File not signed] R0 mvxxmm; F:\WINDOWS\system32\Drivers\mvxxmm.sys [13616 2012-01-12] (Marvell Semiconductor Inc.) S3 nm; F:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation) S3 OlyUsbCam; F:\WINDOWS\System32\DRIVERS\OlyUsbCam.sys [21952 2007-01-12] (OLYMPUS IMAGING CORP.) R0 PxHelp20; F:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-06-06] (Sonic Solutions) [File not signed] R3 Rasirda; F:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) R2 s24trans; F:\WINDOWS\System32\DRIVERS\s24trans.sys [12544 2006-08-02] (Intel Corporation) [File not signed] R1 SASDIFSV; F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SMCIRDA; F:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC) R0 sptd; F:\WINDOWS\System32\Drivers\sptd.sys [717296 2014-07-28] () [File not signed] R1 Tcpip6; F:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2012-01-12] (Microsoft Corporation) U3 TrueSight; F:\WINDOWS\system32\drivers\TrueSight.sys [33512 2014-09-18] () R3 w29n51; F:\WINDOWS\System32\DRIVERS\w29n51.sys [2206720 2006-06-29] (Intel® Corporation) R3 WN111v2; F:\WINDOWS\System32\DRIVERS\WN111v2.sys [601088 2010-04-20] (Atheros Communications, Inc.) R3 WSIMD; F:\WINDOWS\System32\DRIVERS\wsimd.sys [57408 2007-12-14] (Atheros Communications, Inc.) [File not signed] R3 yukonwxp; F:\WINDOWS\System32\DRIVERS\yk51x86.sys [224000 2005-02-17] (Marvell) U3 az80cug7; F:\WINDOWS\system32\Drivers\az80cug7.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) S2 DritekPortIO; \??\D:\fn-esse.temp\DPortIO.sys [X] S4 IntelIde; No ImagePath U5 TMUSB; F:\WINDOWS\System32\DRIVERS\TMUSBXP.SYS [49408 2014-03-19] (Seiko Epson Corporation) U5 Tosrfusb; F:\Windows\System32\Drivers\Tosrfusb.sys [40192 2006-06-09] (TOSHIBA CORPORATION) [File not signed] S3 USBAAPL; System32\Drivers\usbaapl.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) NETSVC: # -> No Registry Path.