[sancld]

Good afternoon,

 

I'm writing because I think I have something not ok in my Pc.

as from HIJACK and in the attached files means in the:

 

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)

 

Can someone help me how to clean to the above sections ?

 

They do not wont to be get deleted.

 

I 've tried, tried regedit etc... malwarantibyte; SpyHunter4, but no success

Thank you a lot

 

Claude

Attached Files

•  hijackthis 01-05-2015.log   4.02KB   179 downloads
•  Farbar Addition 1-5-2015.txt   25.77KB   207 downloads
•  FRST.txt   14.28KB   219 downloads

[Advertisements]

Hello and Welcome!

My name is Dan, and I'll be helping you with your issues. If someone else is helping you, either here or at another malware removal assistance site, please let me know so that I may direct my efforts to helping another user.  The Staff at Geeks To Go are ALL volunteers; please keep that in mind if I don’t answer your post as quickly as you’d like. I give what time I can.  PLEASE be patient.

I am currently in training, so there will be another person reviewing my work.  This may cause a bit of a delay in my responses, but on the positive side, you will have two sets of eyes reviewing your logs instead of one...
 

• Please note that you should have Administrator rights to perform any fixes.
   
• Before we proceed, you may wish to print instructions for easy reference during the fix.  Please be aware that many of the required URLs are hyperlinks in the blue names shown on your screen. Part of the fix may require you to be in Safe Mode, which might not allow you to access the internet, or my instructions.
   
• Please understand that malware removal is a complicated, multi-step process.  Therefore please stay with me until I tell you that your system is clean.  
   
• Please do not make any system or program changes, or run any tools unless I specifically ask you to.  Attempting malware removal or clean-up yourself will only extend the time it will take to get your system clean.    If you get stuck or have questions, please stop and ask so I can help you.
   
• Be sure to back up any personal data files you need to keep (documents, photos, etc.) to a USB flash drive or external hard disk.  While every attempt will be made to precisely repair the infections on your computer, due to the complexity and unpredictability of malware clean-up, there is always a risk of data loss.
   
• When posting logs, please Copy & Paste the log file contents into a reply.  Use multiple posts if necessary, but please do not attach them or post them on a file hosting site.

OK, let's get started...

 

 

First I have some questions/comments:

1. When did your computer problems first start happening?
2. What exactly are the symptoms you are having with your system?
3. Make sure to Copy & Paste the full contents of any logs that are requested.

 

Next, I will need to see new, complete logs. 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

• Right click on FRST on your Desktop and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
• Make sure the Addition.txt check-box is checked.
• Press Scan button.
• It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
• Please copy and paste the contents of both of those logs back here.

 

 

[DanoNH]

Hello and Welcome!

My name is Dan, and I'll be helping you with your issues. If someone else is helping you, either here or at another malware removal assistance site, please let me know so that I may direct my efforts to helping another user.  The Staff at Geeks To Go are ALL volunteers; please keep that in mind if I don’t answer your post as quickly as you’d like. I give what time I can.  PLEASE be patient.

I am currently in training, so there will be another person reviewing my work.  This may cause a bit of a delay in my responses, but on the positive side, you will have two sets of eyes reviewing your logs instead of one...
 

• Please note that you should have Administrator rights to perform any fixes.
   
• Before we proceed, you may wish to print instructions for easy reference during the fix.  Please be aware that many of the required URLs are hyperlinks in the blue names shown on your screen. Part of the fix may require you to be in Safe Mode, which might not allow you to access the internet, or my instructions.
   
• Please understand that malware removal is a complicated, multi-step process.  Therefore please stay with me until I tell you that your system is clean.  
   
• Please do not make any system or program changes, or run any tools unless I specifically ask you to.  Attempting malware removal or clean-up yourself will only extend the time it will take to get your system clean.    If you get stuck or have questions, please stop and ask so I can help you.
   
• Be sure to back up any personal data files you need to keep (documents, photos, etc.) to a USB flash drive or external hard disk.  While every attempt will be made to precisely repair the infections on your computer, due to the complexity and unpredictability of malware clean-up, there is always a risk of data loss.
   
• When posting logs, please Copy & Paste the log file contents into a reply.  Use multiple posts if necessary, but please do not attach them or post them on a file hosting site.

OK, let's get started...

 

 

First I have some questions/comments:

1. When did your computer problems first start happening?
2. What exactly are the symptoms you are having with your system?
3. Make sure to Copy & Paste the full contents of any logs that are requested.

 

Next, I will need to see new, complete logs. 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

• Right click on FRST on your Desktop and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
• Make sure the Addition.txt check-box is checked.
• Press Scan button.
• It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
• Please copy and paste the contents of both of those logs back here.

 

 

[sancld]

Hi dear GeekU Senior!

 

thnx a lot 4 u'r feedbck. I'll read your advice and follow.

 

Currently i'm  travellling for job.

 

At the end of the week I'll have abit of more time to update you.

 

thnxx

cheers!

[DanoNH]

Hello sancld,

 

Do you still need assistance?  It has been several days since your last reply.

 

Thanks... Dan

[DanoNH]

Hello sancld,

 

Please do your best to follow instructions precisely.  Failure to do so can seriously inhibit my abililty to help you.  For example, if I post instructions to download a file to your Desktop, please save it there.  There are good reasons why we do this. 

 

That said, in your other thread I stated I would post the contents of your logs here for you.  Please reply in this thread going forward so we can get you cleaned up as fast as possible.

 

I will need some time to review your logs and then get back to you here.  I have to travel for work myself this coming week, so my responses may be a bit delayed.

 

Thanks... Dan

 

=====================

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by Administrator (administrator) on CS1 on 08-05-2015 23:00:31
Running from H:\Software utility 2015
Loaded Profiles: cs01 & Administrator (Available profiles: cs01 & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) F:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Atheros) F:\WINDOWS\system32\acs.exe
(Microsoft Corporation) F:\WINDOWS\system32\cisvc.exe
(Seiko Epson Corporation) F:\WINDOWS\system32\escsvc.exe
(Microsoft Corporation) F:\WINDOWS\system32\inetsrv\inetinfo.exe
(Microsoft Corporation) F:\WINDOWS\system32\netdde.exe
(NVIDIA Corporation) F:\WINDOWS\system32\nvsvc32.exe
(Intel Corporation) F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Microsoft Corporation) F:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) F:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) F:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Microsoft Corporation) F:\WINDOWS\system32\cidaemon.exe
(Mozilla Corporation) F:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) F:\WINDOWS\system32\cidaemon.exe
(Adobe Systems Inc.) F:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Adobe Systems Incorporated) F:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
() F:\DOCUME~1\cs01\LOCALS~1\Temp\Adobelm_Cleanup.0001
(Adobe Systems) F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
() F:\DOCUME~1\cs01\LOCALS~1\Temp\Adobelm_Cleanup.0001


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelZeroConfig] => F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [802816 2006-08-02] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
HKU\S-1-5-21-839522115-1788223648-1606980848-1003\...\Run: [NokiaSuite.exe] => F:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-839522115-1788223648-1606980848-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> F:\WINDOWS\system32\ssmypics.scr [47104 2008-04-14] (Microsoft Corporation)
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk [2015-02-04]
ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> F:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-839522115-1788223648-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = sn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-839522115-1788223648-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = sn.com/
HKU\S-1-5-21-839522115-1788223648-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?r...opt=0&ocid=iehp
URLSearchHook: [S-1-5-21-839522115-1788223648-1606980848-500] ATTENTION ==> Default URLSearchHook is missing.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "abou" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - F:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - F:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - F:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{733296FC-2256-403D-AC30-199FF5744DF5}: [NameServer] 8.8.8.8,8.8.84.4

FireFox:
========
FF ProfilePath: F:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vynjgxf6.default
FF Plugin: @adobe.com/FlashPlayer -> F:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll [2014-10-10] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> F:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> F:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-18] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> F:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin: @photodex.com/PhotodexPresenter -> F:\Program Files\Photodex Presenter\npPxPlay.dll [2015-03-21] ( )
FF Plugin: @videolan.org/vlc,version=2.1.5 -> F:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> F:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin HKU\S-1-5-21-839522115-1788223648-1606980848-1003: @tools.google.com/Google Update;version=3 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-839522115-1788223648-1606980848-1003: @tools.google.com/Google Update;version=9 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: F:\Program Files\mozilla firefox\plugins\npdivx32.dll [2007-01-03] (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: F:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2007-01-03] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: F:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-12-22]
FF HKU\S-1-5-21-839522115-1788223648-1606980848-1003\...\Firefox\Extensions: [[email protected]] - F:\Program Files\SM\FF

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; F:\WINDOWS\System32\6to4svc.dll [100864 2012-01-12] (Microsoft Corporation)
R2 ACS; F:\WINDOWS\system32\acs.exe [467028 2008-06-27] (Atheros) [File not signed]
R3 Adobe LM Service; F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2014-11-28] (Adobe Systems) [File not signed]
R2 EpsonScanSvc; F:\WINDOWS\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 EvtEng; F:\Program Files\Intel\Wireless\Bin\EvtEng.exe [434176 2006-08-02] (Intel Corporation) [File not signed]
R2 IISADMIN; F:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S4 JavaQuickStarterService; F:\Program Files\Java\jre7\bin\jqs.exe [181664 2014-07-21] (Oracle Corporation)
S3 jswpsapi; F:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [360547 2008-02-27] (Atheros Communications, Inc.) [File not signed]
S4 MBAMService; F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 Motorola Device Manager; F:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 MSFtpsvc; F:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S4 MyEpson Portal Service; F:\Program Files\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
S2 nv4_mini; F:\Program Files\NVIDIA GeForce Go 6600\nv4_mini.exe [32768 2011-08-17] (NVIDIA Corporation) [File not signed]
R2 RegSrvc; F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2006-08-02] (Intel Corporation) [File not signed]
S2 S24EventMonitor; F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [937984 2006-08-02] (Intel Corporation ) [File not signed]
S4 ScsiAccess; F:\Program Files\Photodex\ProShow Gold\ScsiAccess.exe [186760 2015-03-21] ()
S2 SMTPSVC; F:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 W3SVC; F:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; F:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2014-07-20] (Meetinghouse Data Communications) [File not signed]
R3 ALCXWDM; F:\WINDOWS\System32\drivers\ALCXWDM.SYS [2284864 2005-02-17] (Realtek Semiconductor Corp.)
S3 BrScnUsb; F:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 DNINDIS5; F:\WINDOWS\system32\DNINDIS5.SYS [17149 2003-07-24] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 DrvAgent32; F:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2014-08-30] (Phoenix Technologies) [File not signed]
R1 HWSCtrl; F:\Program Files\TOSHIBA\TOSHIBA Applet\HWS_IoDispatch.sys [6144 2004-12-11] () [File not signed]
R3 JSWSCIMD; F:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2008-10-01] (Atheros Communications, Inc.)
S3 MBAMProtector; F:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 mv61xxmm; F:\WINDOWS\system32\Drivers\mv61xxmm.sys [13616 2012-01-12] (Marvell Semiconductor Inc.)
R0 mv64xxmm; F:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2012-01-12] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; F:\WINDOWS\system32\Drivers\mvxxmm.sys [13616 2012-01-12] (Marvell Semiconductor Inc.)
S3 nm; F:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
S3 OlyUsbCam; F:\WINDOWS\System32\DRIVERS\OlyUsbCam.sys [21952 2007-01-12] (OLYMPUS IMAGING CORP.)
R0 PxHelp20; F:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-06-06] (Sonic Solutions) [File not signed]
R3 Rasirda; F:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R2 s24trans; F:\WINDOWS\System32\DRIVERS\s24trans.sys [12544 2006-08-02] (Intel Corporation) [File not signed]
R1 SASDIFSV; F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SMCIRDA; F:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)
R0 sptd; F:\WINDOWS\System32\Drivers\sptd.sys [717296 2014-07-28] () [File not signed]
R1 Tcpip6; F:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2012-01-12] (Microsoft Corporation)
U3 TrueSight; F:\WINDOWS\system32\drivers\TrueSight.sys [33512 2014-09-18] ()
R3 w29n51; F:\WINDOWS\System32\DRIVERS\w29n51.sys [2206720 2006-06-29] (Intel® Corporation)
S3 WN111v2; F:\WINDOWS\System32\DRIVERS\WN111v2.sys [601088 2010-04-20] (Atheros Communications, Inc.)
R3 WSIMD; F:\WINDOWS\System32\DRIVERS\wsimd.sys [57408 2007-12-14] (Atheros Communications, Inc.) [File not signed]
R3 yukonwxp; F:\WINDOWS\System32\DRIVERS\yk51x86.sys [224000 2005-02-17] (Marvell)
U3 ag17dxv9; F:\WINDOWS\system32\Drivers\ag17dxv9.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S2 DritekPortIO; \??\D:\fn-esse.temp\DPortIO.sys [X]
S4 IntelIde; No ImagePath
U5 TMUSB; F:\WINDOWS\System32\DRIVERS\TMUSBXP.SYS [49408 2014-03-19] (Seiko Epson Corporation)
U5 Tosrfusb; F:\Windows\System32\Drivers\Tosrfusb.sys [40192 2006-06-09] (TOSHIBA CORPORATION) [File not signed]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: # -> No Registry Path.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 22:58 - 2015-05-08 22:58 - 00001071 _____ () F:\WINDOWS\setupapi.log
2015-05-08 21:18 - 2015-05-08 21:19 - 00001431 _____ () F:\WINDOWS\wmsetup.log
2015-05-01 18:55 - 2015-05-08 20:05 - 00000159 _____ () F:\WINDOWS\wiadebug.log
2015-05-01 18:55 - 2015-05-08 20:05 - 00000050 _____ () F:\WINDOWS\wiaservc.log
2015-05-01 18:55 - 2015-05-08 19:21 - 00032396 _____ () F:\WINDOWS\SchedLgU.Txt
2015-05-01 18:55 - 2015-05-04 23:32 - 00000000 _____ () F:\WINDOWS\Sti_Trace.log
2015-05-01 18:47 - 2015-05-08 20:06 - 00138548 _____ () F:\WINDOWS\WindowsUpdate.log
2015-05-01 17:22 - 2015-05-01 17:42 - 00000000 ____D () F:\Program Files\ophcrack
2015-05-01 17:22 - 2015-05-01 17:41 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\ophcrack
2015-05-01 16:40 - 2015-05-08 23:00 - 00000000 ____D () F:\FRST
2015-04-29 21:22 - 2015-04-29 21:22 - 00000000 ____D () F:\Documents and Settings\Administrator\Application Data\Mozilla
2015-04-29 21:16 - 2015-04-29 21:16 - 00000000 __SHD () F:\WINDOWS\CSC
2015-04-21 22:04 - 2015-04-21 22:04 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\ClubSanDisk
2015-04-13 21:43 - 2015-04-13 21:43 - 00000816 _____ () F:\Documents and Settings\All Users\Desktop\MyEpson Portal.lnk
2015-04-13 21:43 - 2015-04-13 21:43 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Epson Software
2015-04-10 22:19 - 2015-04-18 16:40 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\aTube Catcher
2015-04-10 22:19 - 2015-04-10 22:19 - 00000000 ____D () F:\Program Files\DsNET Corp1
2015-04-10 22:12 - 2015-04-18 16:41 - 00000049 _____ () F:\WINDOWS\system32\ScrRecX.log
2015-04-10 14:25 - 2015-04-10 14:25 - 00000767 _____ () F:\Documents and Settings\All Users\Start Menu\Programs\GIMP 2.lnk
2015-04-10 14:21 - 2015-04-10 14:25 - 00000000 ____D () F:\Program Files\GIMP 2
2015-04-09 12:58 - 2015-04-09 12:58 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
2015-04-09 12:40 - 2015-05-04 23:29 - 00000000 ____D () F:\Program Files\Trend Micro
2015-04-09 12:33 - 2015-04-09 12:33 - 00000104 _____ () F:\Documents and Settings\Administrator\Desktop\Shortcut to &Run....lnk
2015-04-09 12:28 - 2015-04-09 13:03 - 00000000 ____D () F:\Documents and Settings\Administrator\Desktop\New Folder
2015-04-08 23:26 - 2015-04-08 23:26 - 00000000 ____D () F:\Program Files\AVIcodec

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 22:36 - 2015-02-14 00:36 - 00000917 _____ () F:\WINDOWS\Tasks\EPSON WF-2630 Series Update {444695D3-F9DF-4246-84FF-64E6048E24CB}.job
2015-05-08 22:12 - 2014-11-28 20:03 - 00002315 _____ () F:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
2015-05-08 20:56 - 2014-07-04 18:18 - 00000000 ____D () F:\aggiorna
2015-05-08 20:55 - 2014-07-04 18:36 - 00000000 ____D () F:\temp
2015-05-08 20:25 - 2014-07-04 15:13 - 00000000 ____D () F:\WINDOWS\system32\inetsrv
2015-05-08 20:06 - 2005-01-27 00:07 - 00018880 _____ () F:\WINDOWS\system32\nvapps.xml
2015-05-08 20:05 - 2014-07-04 13:43 - 00000006 ____H () F:\WINDOWS\Tasks\SA.DAT
2015-05-08 19:21 - 2014-07-20 15:29 - 00524288 _____ () F:\WINDOWS\system32\config\ACS.evt
2015-05-07 22:03 - 2008-04-14 13:00 - 00002206 _____ () F:\WINDOWS\system32\wpa.dbl
2015-05-04 23:33 - 2014-07-21 19:15 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-05-04 23:32 - 2014-07-04 13:45 - 00000000 ____D () F:\Documents and Settings\cs01
2015-05-04 21:04 - 2014-07-23 23:53 - 00000202 _____ () F:\WINDOWS\NeroDigital.ini
2015-05-04 20:04 - 2014-07-04 15:20 - 00963852 _____ () F:\WINDOWS\system32\PerfStringBackup.INI
2015-05-01 18:45 - 2015-01-23 20:19 - 00000000 ____D () F:\Documents and Settings\Administrator
2015-04-29 21:23 - 2014-07-26 09:06 - 00000000 ____D () F:\Program Files\Mozilla Firefox
2015-04-29 17:23 - 2014-07-04 18:28 - 00000000 ____D () F:\c -steinberg
2015-04-28 10:07 - 2014-11-27 12:30 - 00000664 _____ () F:\WINDOWS\system32\d3d9caps.dat
2015-04-27 22:33 - 2008-04-14 13:00 - 00000647 _____ () F:\WINDOWS\win.ini
2015-04-27 22:33 - 2008-04-14 13:00 - 00000227 _____ () F:\WINDOWS\system.ini
2015-04-27 14:23 - 2014-12-04 14:27 - 00000000 ____D () F:\Vviu
2015-04-26 16:47 - 2014-07-04 19:06 - 00000000 ____D () F:\Program Files\eMule
2015-04-24 16:49 - 2014-07-04 18:17 - 00000000 ____D () F:\-- IMAGES --
2015-04-23 15:18 - 2015-03-06 13:37 - 00000000 ____D () F:\WINDOWS\Minidump
2015-04-15 22:48 - 2014-10-13 17:54 - 00000000 ____D () F:\Program Files\PanoramaStudio2Pro_new 264
2015-04-14 22:18 - 2014-07-20 15:46 - 00000000 ____D () F:\WINDOWS\system32\MRT
2015-04-14 22:17 - 2012-01-12 16:05 - 125832184 _____ (Microsoft Corporation) F:\WINDOWS\system32\mrt.exe
2015-04-14 18:13 - 2014-07-07 19:32 - 00000000 ____D () F:\Documents and Settings\not Utente Toshiba bye bye
2015-04-14 11:09 - 2015-02-11 20:41 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\EPSON
2015-04-13 22:20 - 2015-03-13 21:53 - 00000665 _____ () F:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
2015-04-13 21:43 - 2015-03-13 21:53 - 00000000 ____D () F:\Program Files\epson
2015-04-13 21:43 - 2015-02-07 19:45 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\EPSON
2015-04-13 21:42 - 2015-02-07 19:45 - 00000000 ____D () F:\Program Files\Epson Software
2015-04-13 21:42 - 2014-07-20 12:34 - 00000000 ___HD () F:\Program Files\InstallShield Installation Information
2015-04-13 12:48 - 2014-07-23 02:21 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Nokia
2015-04-13 12:48 - 2014-02-20 19:52 - 00001776 _____ () F:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk
2015-04-13 11:47 - 2014-07-04 15:13 - 00000000 ____D () F:\WINDOWS\Help
2015-04-09 12:58 - 2014-07-04 19:03 - 00000000 ____D () F:\Program Files\Spybot - Search & Destroy
2015-04-09 12:36 - 2014-07-04 19:03 - 00000000 ____D () F:\Program Files\RegCleaner
2015-04-09 12:34 - 2014-07-04 18:47 - 00000000 ____D () F:\Program Files\CCleaner

==================== Files in the root of some directories =======

2013-04-18 23:26 - 2001-01-22 12:38 - 0328704 _____ (Fusion) F:\Program Files\CDCheck.exe
2013-08-29 15:13 - 2013-08-29 15:20 - 0000242 _____ () F:\Program Files\CDCheck.ini
2015-04-09 12:33 - 2015-04-09 12:34 - 0005120 _____ () F:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
F:\Documents and Settings\not Utente Toshiba bye bye\TempWmicBatchFile.bat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

F:\WINDOWS\explorer.exe => File is digitally signed
F:\WINDOWS\system32\winlogon.exe => File is digitally signed
F:\WINDOWS\system32\svchost.exe => File is digitally signed
F:\WINDOWS\system32\services.exe => File is digitally signed
F:\WINDOWS\system32\User32.dll => File is digitally signed
F:\WINDOWS\system32\userinit.exe => File is digitally signed
F:\WINDOWS\system32\rpcss.dll => File is digitally signed
F:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-05-2015 01
Ran by Administrator at 2015-05-08 23:02:02
Running from H:\Software utility 2015
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-839522115-1788223648-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-839522115-1788223648-1606980848-1004 - Limited - Enabled)
cs01 (S-1-5-21-839522115-1788223648-1606980848-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\cs01
Guest (S-1-5-21-839522115-1788223648-1606980848-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-839522115-1788223648-1606980848-1000 - Limited - Disabled)
IUSR_CS1 (S-1-5-21-839522115-1788223648-1606980848-1007 - Limited - Enabled)
IWAM_CS1 (S-1-5-21-839522115-1788223648-1606980848-1008 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-839522115-1788223648-1606980848-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 8.0 Professional Edition (HKLM\...\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 8.00.706.4601 - ABBYY Software House)
Actify 3D Studio Importer (HKLM\...\{069E3FC0-7B8B-4D91-A930-5BE69FF85565}) (Version: 10.0.1014.1014 - Actify Inc.)
Actify AutoCAD™ Importer (HKLM\...\{7516DA6E-7C32-465F-8267-5E03B89B6891}) (Version: 10.0.1131.1131 - Actify Inc.)
Actify Catia V4 3D/2D Importer (HKLM\...\{BF0356CB-2E17-4948-ADE7-FF0B0EF2CFDE}) (Version: 10.0.1132.1132 - Actify Inc.)
Actify Catia V5 3D/2D Importer (HKLM\...\{D523AA9D-A881-4EBA-B5D7-2F14BA7A71A3}) (Version: 10.0.1138.1138 - Actify Inc.)
Actify HPGL Importer (HKLM\...\Actify HPGL Importer) (Version:  - )
Actify Iges & VDA Importer (HKLM\...\{B7E50732-ED0F-4B9D-AF64-9BFDF7135EF0}) (Version: 10.0.1110.1110 - Actify Inc.)
Actify SpinFire Professional 8.3 (HKLM\...\{4CCA5CC4-2E59-4782-865B-886C0D248E6F}) (Version: 10.3.1212.1212 - Actify Inc.)
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update (HKLM\...\{AC76BA86-0000-7EC8-7489-000000000702}) (Version: 7.0.2 - Adobe Systems)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Advanced Fix 2014 version 2.1.3.85 (HKLM\...\{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1) (Version: 2.1.3.85 - Advanced Fix, Inc.)
Arles Image Web Page Creator 8.3.1 (HKLM\...\Arles Image Web Page Creator_is1) (Version:  - )
Atheros Wireless LAN MiniPCI card Driver (HKLM\...\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}) (Version:  - )
aTube Catcher version 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
AVIcodec (remove only) (HKLM\...\AVIcodec) (Version:  - )
BitTorrent (HKU\S-1-5-21-839522115-1788223648-1606980848-1003\...\BitTorrent) (Version: 7.9.2.32241 - BitTorrent Inc.)
Bluetooth Monitor 2 (HKLM\...\{61539202-097E-487E-9237-B291AB56D54C}) (Version: 4.02.000 - TOSHIBA)
Brother MFL-Pro Suite (HKLM\...\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}) (Version: 1.00 - Brother Industries, Ltd.)
BurnAware Professional 3.4 (HKLM\...\BurnAware Professional_is1) (Version:  - Burnaware Technologies)
CatiaV4 (HKLM\...\{3B21B5BC-0CBF-4AFC-B6B1-08CA54BDD8A1}) (Version: 11.0.1641.3 - Actify, Inc.)
CatiaV5 (HKLM\...\{E3D76F6E-C645-46EC-A0A2-DDDCE0A0F915}) (Version: 11.0.1642.4 - Actify, Inc.)
ClearProg 1.6.1 Beta 8 (HKLM\...\ClearProg) (Version: 1.6.1 Beta 8 - Sven Hoffman)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Toolbar (HKLM\...\DAEMON Tools Toolbar) (Version: 1.0.0.2 - DT Soft Ltd) <==== ATTENTION
Directory Printer 4.1 (HKLM\...\Directory Printer_is1) (Version:  - )
Dolphin Futures XPS Viewer version 1.1.0 (HKLM\...\{75480068-162F-4D6B-B38E-76606A4E5320}_is1) (Version: 1.1.0 - Dolphin Futures Limited)
EasyRecovery Professional (HKLM\...\InstallShield_{A8BB9906-E618-406A-B161-7383AFF46C39}) (Version: 6.03.04 - Ontrack Data International, Inc.)
EasyRecovery Professional (Version: 6.03.04 - Ontrack Data International, Inc.) Hidden
eMule Shell Extension (HKLM\...\{F32652D2-7A93-4769-B88F-504DA9AE50C5}) (Version: 1.0.3 - http://emule-project.net)
EncSpot Pro 2.1 beta 1 (HKLM\...\EncSpot Professional_is1) (Version:  - GuerillaSoft)
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2630 Series Printer Uninstall (HKLM\...\EPSON WF-2630 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Config V4 (HKLM\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.5.0 - SEIKO EPSON CORPORATION)
ExifCleaner 1.8 (HKLM\...\ExifCleaner) (Version: 1.8 - SuperUtils.com Software)
Faxalo v2.3 (HKLM\...\Faxalo) (Version: v2.3 - Faxalo)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKU\S-1-5-21-839522115-1788223648-1606980848-1003\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM\...\{CC016F21-3970-11DE-B878-005056806466}) (Version: 5.0.11733.9347 - Google)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)
Hugin 2013.0.0 (HKLM\...\Hugin) (Version: 2013.0.0 hg_0d404a7088e6 - The Hugin Development Team)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
IsoBuster 3.5 (HKLM\...\IsoBuster_is1) (Version: 3.5 - Smart Projects)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kolev RAW R14 (HKLM\...\Kolev RAW_is1) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
mCore (Version: 7.05.0000 - Intel Corporation) Hidden
mDrWiFi (Version: 7.05.0000 - Intel Corporation) Hidden
mHelp (Version: 7.05.0000 - Intel) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2003 - Componenti Web (HKLM\...\{90A40410-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2003 Proofing Tools (HKLM\...\{901F0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110410-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mIWA (Version: 7.05.0000 - Intel Corporation) Hidden
mLogView (Version: 7.05.0000 - Intel Corporation) Hidden
mMHouse (Version: 7.05.0000 - Intel Corporation) Hidden
mobile PhoneTools (HKLM\...\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}) (Version: 3.25b 4/8/2005 - BVRP Software)
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MP3-Check (v1.0.41.0) (HKLM\...\MP3-Check_is1) (Version: 1.0.41.0 - AudioMoves)
MP3Test (HKLM\...\{BE802A6E-7F0D-4333-B45E-80F06C4DC59C}}_is1) (Version: 1.6.0.161 - Markus Stein)
mPfMgr (Version: 7.05.0000 - Intel Corporation) Hidden
mPfWiz (Version: 7.05.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
mWlsSafe (Version: 7.05.0000 - Intel) Hidden
mXML (Version: 7.05.0000 - Intel Corporation) Hidden
MyEpson Portal (HKLM\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
mZConfig (Version: 7.05.0000 - Intel Corporation) Hidden
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
ODT Viewer version 1.0 (HKLM\...\{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1) (Version: 1.0 - odtviewer.com)
OLYMPUS Digital Camera Updater (HKLM\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Raw Codec (HKLM\...\{5EA05D7F-5645-4068-A60F-0DCF8FBFD267}) (Version: 1.3.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Studio 2 (HKLM\...\{A4671483-7CAF-4375-A9C9-9A68A640ED75}) (Version: 1.0.7 - OLYMPUS IMAGING CORP.)
Opanda IExif 2.3 (HKLM\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)
Opanda PowerExif 1.2 Professional Trial (HKLM\...\Opanda PowerExif Professional Trial_is1) (Version: 1.2 - Opanda Studio)
ophcrack 3.6.0 (HKLM\...\ophcrack) (Version: 3.6.0 - OS Objectif Sécurité SA)
Pacchetto di compatibilità per Office System 2007 (HKLM\...\{90120000-0020-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
PaperPort (HKLM\...\{71C97545-E547-4A8B-B0C8-61FF853270AC}) (Version: 9.02.0827 - ScanSoft, Inc.)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Photodex Presenter (HKLM\...\Photodex Presenter) (Version:  - Photodex Corporation)
ProShow Gold (HKLM\...\ProShow Gold) (Version:  - Photodex Corporation)
ProShow Producer (HKLM\...\ProShow Producer) (Version:  - Photodex Corporation)
RangeMax Wireless-N USB Adapter WN111v2 (HKLM\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 3.0.0.5 - NETGEAR)
RAR Password Recovery Magic v6.1.1.393 (HKLM\...\RAR Password Recovery Magic_is1) (Version:  - Password Recovery Magic Studio Ltd.)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Software Intel® PROSet/Wireless (HKLM\...\ProInst) (Version: 10.50.0000 - Intel Corporation)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Step (HKLM\...\{B3AF3EF1-065E-4420-B385-A5CA530D6A9A}) (Version: 11.0.1641.3 - Actify, Inc.)
Texas Instruments PCIxx21/x515 drivers. (HKLM\...\InstallShield_{73B2BC65-F997-4208-AEE5-CF8B809A3A71}) (Version: 1.15.0000 - Texas Instruments Inc.)
TIxx21/x515 (Version: 1.15.0000 - Texas Instruments Inc.) Hidden
TOSHIBA Fn-esse (HKLM\...\Fn-esse) (Version: 1.0.18.1227C - )
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.28.0.19C - TOSHIBA)
TweakNow RegCleaner Professional (HKLM\...\TweakNow RegCleaner Professional_is1) (Version: v3.8 - TweakNow.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WaveLab 6 (HKLM\...\WaveLabPro) (Version: 6.1.0.340 - Steinberg)
Wavpack4Wavelab6 (HKLM\...\{AB5668B8-1428-460F-AE02-999A598D6883}) (Version: 1.0.1 - RIL)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Driver Package - OLYMPUS IMAGING CORP. (OlyFirCam) OlyFirCam  (06/28/2007 2.2.0.0) (HKLM\...\2CFDDBA03CBE225A1FA2032FE06674F0AF0549D0) (Version: 06/28/2007 2.2.0.0 - OLYMPUS IMAGING CORP.)
Windows Driver Package - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam  (12/28/2006 1.0.0.0) (HKLM\...\1A6754C019F3AE544C346226BB63AC9BC7DACCDE) (Version: 12/28/2006 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows Support Tools (HKLM\...\{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}) (Version: 5.1.2600.5512 - Microsoft Corporation)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WN111v2 (Version: 3.0.0.5 - NETGEAR) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\GoogleUpdateO (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\GoogleUpdateO (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\GoogleUpdateO (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Chrome\Application\36.0.1985. (the data entry has 33 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{5F081689-CE7D-43E7-8B11-DAD99A4A96D6}\InprocServer32 -> F:\Program Files\eMule\eMuleShellExt.dll (http://emule-project.net)
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\npGoogleUpdate (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\npGoogleUpdate (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\GoogleUpdateO (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\psuser.dll No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}\InprocServer32 -> F:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll (ABBYY Software)

==================== Restore Points  =========================

25-04-2015 12:37:38 System Checkpoint
26-04-2015 13:38:02 System Checkpoint
27-04-2015 14:42:54 System Checkpoint
28-04-2015 16:35:31 System Checkpoint
29-04-2015 18:41:03 System Checkpoint
01-05-2015 12:03:42 System Checkpoint
02-05-2015 13:26:06 System Checkpoint
03-05-2015 13:35:53 System Checkpoint
08-05-2015 20:25:27 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 13:00 - 2015-04-10 17:18 - 00000768 ____A F:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: F:\WINDOWS\Tasks\EPSON WF-2630 Series Update {444695D3-F9DF-4246-84FF-64E6048E24CB}.job => F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TTSMDE.EXE:/EXE:{444695D3-F9DF-4246-84FF-64E6048E24CB} /F:UpdateSYSTEM
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Loaded Modules (whitelisted) ==============

2006-08-02 00:24 - 2006-08-02 00:24 - 00348160 _____ () F:\Program Files\Intel\Wireless\Bin\IntStngs.dll
2014-07-27 03:52 - 2002-11-26 14:43 - 00106496 _____ () F:\WINDOWS\system32\BrMuSNMP.dll
2006-08-02 00:24 - 2006-08-02 00:24 - 00348160 _____ () F:\Program Files\Intel\Wireless\bin\IntStngs.dll
2014-07-26 09:06 - 2014-07-26 09:07 - 03800688 _____ () F:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: F:\.DS_Store:AFP_AfpInfo
AlternateDataStreams: F:\Documents and Settings\All Users\Application Data\TEMP:24C8262A
AlternateDataStreams: F:\Documents and Settings\not Utente Toshiba bye bye\Application Data\TEMP:24C8262A

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7841 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-839522115-1788223648-1606980848-1003\Control Panel\Desktop\\Wallpaper -> F:\Documents and Settings\cs01\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
DNS Servers: 8.8.8.8 - 8.8.84.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BrMfcWnd => F:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => F:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: HWSetup => F:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
MSCONFIG\startupreg: IntelWireless => "F:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
MSCONFIG\startupreg: MSConfig => F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

StandardProfile\AuthorizedApplications: [F:\Program Files\eMule\emule.exe] => Enabled:eMule
StandardProfile\AuthorizedApplications: [F:\DOCUME~1\cs01\LOCALS~1\Temp\svchost.exe] => Enabled:736201524A4FAB70
StandardProfile\AuthorizedApplications: [F:\Program Files\BitTorrent\bittorrent.exe] => Enabled:BitTorrent
StandardProfile\AuthorizedApplications: [F:\Program Files\VideoLAN\VLC\vlc.exe] => Disabled:VLC media player 2.1.5
StandardProfile\AuthorizedApplications: [F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [F:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [F:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE] => Enabled:OUTLOOK.EXE
StandardProfile\AuthorizedApplications: [F:\Program Files\Epson Software\ECPrinterSetup\ENPApp.exe] => Enabled:Epson Connect Printer Setup
StandardProfile\AuthorizedApplications: [F:\Program Files\EpsonNet\EpsonNet Config V4\ENConfig.exe] => Enabled:EpsonNet Config
StandardProfile\AuthorizedApplications: [C:\SkypePortable\App\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [F:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [F:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe] => Enabled:aTube Catcher
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [3389:TCP] => Disabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [4662:TCP] => Enabled:emule 1
StandardProfile\GloballyOpenPorts: [4672:UDP] => Enabled:emule 0

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Nokia N95
Description: Nokia N95
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2015 10:56:12 PM) (Source: Userenv) (EventID: 1505) (User: CS1)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.


DETAIL - Access is denied.

Error: (05/02/2015 08:59:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (05/02/2015 08:59:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 31.0.0.5310, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/01/2015 10:47:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (05/01/2015 10:47:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 31.0.0.5310, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/01/2015 06:39:11 PM) (Source: Userenv) (EventID: 1505) (User: CS1)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.


DETAIL - Access is denied.

Error: (05/01/2015 05:31:22 PM) (Source: Userenv) (EventID: 1505) (User: CS1)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.


DETAIL - Access is denied.

Error: (04/30/2015 00:44:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (04/30/2015 00:44:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 31.0.0.5310, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/29/2015 09:17:43 PM) (Source: Userenv) (EventID: 1505) (User: CS1)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.


DETAIL - Access is denied.


System errors:
=============
Error: (05/08/2015 08:07:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/08/2015 08:06:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/08/2015 08:06:35 PM) (Source: DCOM) (EventID: 10005) (User: CS1)
Description: DCOM got error "%%1058" attempting to start the service ServiceLayer with arguments ""
in order to run the server:
{ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error: (05/08/2015 08:06:30 PM) (Source: DCOM) (EventID: 10005) (User: CS1)
Description: DCOM got error "%%1058" attempting to start the service ServiceLayer with arguments ""
in order to run the server:
{ACF50018-41F8-476D-85FD-CD953DAE4A49}

Error: (05/08/2015 08:06:12 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for F:\WINDOWS\system32\alsndmgr.cpl.
Reference error message: The operation completed successfully.
.

Error: (05/08/2015 08:06:12 PM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "Manifest Parse Error : An Invalid character was found in text content.
1" on line Manifest Parse Error : An Invalid character was found in text content.
2.

Error: (05/08/2015 08:06:09 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for F:\WINDOWS\system32\alsndmgr.cpl.
Reference error message: The operation completed successfully.
.

Error: (05/08/2015 08:06:09 PM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "Manifest Parse Error : An Invalid character was found in text content.
1" on line Manifest Parse Error : An Invalid character was found in text content.
2.

Error: (05/08/2015 08:05:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Simple Mail Transfer Protocol (SMTP) service terminated with the following error:
%%3

Error: (05/08/2015 08:05:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The FTP Publishing service terminated with the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (05/08/2015 10:56:12 PM) (Source: Userenv) (EventID: 1505) (User: CS1)
Description: Access is denied.

Error: (05/02/2015 08:59:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.5310mozalloc.dll31.0.0.53100000141b

Error: (05/02/2015 08:59:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe31.0.0.5310hungapp0.0.0.000000000

Error: (05/01/2015 10:47:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.5310mozalloc.dll31.0.0.53100000141b

Error: (05/01/2015 10:47:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe31.0.0.5310hungapp0.0.0.000000000

Error: (05/01/2015 06:39:11 PM) (Source: Userenv) (EventID: 1505) (User: CS1)
Description: Access is denied.

Error: (05/01/2015 05:31:22 PM) (Source: Userenv) (EventID: 1505) (User: CS1)
Description: Access is denied.

Error: (04/30/2015 00:44:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.5310mozalloc.dll31.0.0.53100000141b

Error: (04/30/2015 00:44:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe31.0.0.5310hungapp0.0.0.000000000

Error: (04/29/2015 09:17:43 PM) (Source: Userenv) (EventID: 1505) (User: CS1)
Description: Access is denied.


==================== Memory info ===========================

Processor:  Intel® Pentium® M processor 1.73GHz
Percentage of memory in use: 75%
Total physical RAM: 1022.42 MB
Available physical RAM: 254.58 MB
Total Pagefile: 2462.05 MB
Available Pagefile: 1915.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.06 MB

==================== Drives ================================

Drive d: (copy 5-2013) (CDROM) (Total:3.19 GB) (Free:0 GB) CDFS
Drive f: () (Fixed) (Total:124.33 GB) (Free:43.7 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive h: ([email protected]) (Fixed) (Total:24.72 GB) (Free:4.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: CE86A13E)
Partition 1: (Active) - (Size=124.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=24.7 GB) - (Type=05)

==================== End Of Log ============================

[sancld]

Hello dear Dan,

 

thank you al ot for your prompt reply.

 

Now that I've received your advices in order to find the way to solve the forwarded issues what should i do?

 

thnxx Claude

[DanoNH]

Hello sancld,

 

Thank you for being patient. 

I now have some steps for you to follow. Please take care to follow them exactly, and if you are not sure about anything, or have questions, please stop and ask!

Here we go...

First
P2P Software Warning:
It seems you have BitTorrent and eMule P2P software installed. While this software may have been intentionally installed on the system, and the program itself may be safe, the files shared with these programs often carry an unknown malware payload.

Besides installing malware, the use of these programs can expose sensitive information belonging to you or your employer to the Internet, make your system vulnerable to unwanted attacks by exploiting known security issues, block your Internet access, and can possibly subject you to copyright infringement prosecution.

If you do decide to keep any P2P programs, please uninstall them or disable and keep from using them until after we've finished and your system is declared clean.

You can read more about the risks of using P2P software at these links:

• US Gov. CERT: Risks of File Sharing Technology
• 2010: The Year of P2P Vulnerabilities
• Risks of P2P file sharing
• File sharing infects 500,000 computers

Second
Please uninstall the following programs:

• DAEMON Tools Toolbar (this can interfere with our cleaning process)
• ophcrack 3.6.0 (Windows password cracker)
• RegCleaner
• Spybot - Search & Destroy
• TweakNow RegCleaner Professional

Third
Run a FRST Fix

• Download the attached fixlist.txt file and save it to the Desktop.
   fixlist.txt   3.8KB   225 downloads
  (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
  
  Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
• Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

Fourth
Run Junkware Removal Tool:

Please download Junkware Removal Tool to your Desktop.

• Shut down your protection software now to avoid potential conflicts. See here for more information.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Fifth
AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
• Do not click the Cleaning button.
• Click the Logfile button to get the log.
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Finally
In your next reply, please copy/paste the contents of the following logs:

• FRST fixlog.txt
• JRT log
• AdwCleaner log

[sancld]

Hi DanoNH!

 

And thank u a lot 4 u'r hints.

(Because currently I'm a bit busy)

In the next days I'll follow u'r instruction and keep u updated.

 

have a nice day

thnxx !!

Claude
 

[DanoNH]

Thanks for the update.

 

Please note in my instructions above, I not like you to uninstall Spybot, but instead keep it installed. 

 

Everything else should stay the same.

[DanoNH]

Sorry I have a typo in my last post there.

 

To clarify:   Please keep Spybot Search & Destroy installed and do all the other steps in Post #7 above.

 

Thanks.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.