Hello sancld,
Please do your best to follow instructions precisely. Failure to do so can seriously inhibit my abililty to help you. For example, if I post instructions to download a file to your Desktop, please save it there. There are good reasons why we do this.
That said, in your other thread I stated I would post the contents of your logs here for you. Please reply in this thread going forward so we can get you cleaned up as fast as possible.
I will need some time to review your logs and then get back to you here. I have to travel for work myself this coming week, so my responses may be a bit delayed.
Thanks... Dan
=====================
FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by Administrator (administrator) on CS1 on 08-05-2015 23:00:31
Running from H:\Software utility 2015
Loaded Profiles: cs01 & Administrator (Available profiles: cs01 & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) F:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Atheros) F:\WINDOWS\system32\acs.exe
(Microsoft Corporation) F:\WINDOWS\system32\cisvc.exe
(Seiko Epson Corporation) F:\WINDOWS\system32\escsvc.exe
(Microsoft Corporation) F:\WINDOWS\system32\inetsrv\inetinfo.exe
(Microsoft Corporation) F:\WINDOWS\system32\netdde.exe
(NVIDIA Corporation) F:\WINDOWS\system32\nvsvc32.exe
(Intel Corporation) F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Microsoft Corporation) F:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) F:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) F:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Microsoft Corporation) F:\WINDOWS\system32\cidaemon.exe
(Mozilla Corporation) F:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) F:\WINDOWS\system32\cidaemon.exe
(Adobe Systems Inc.) F:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Adobe Systems Incorporated) F:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
() F:\DOCUME~1\cs01\LOCALS~1\Temp\Adobelm_Cleanup.0001
(Adobe Systems) F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
() F:\DOCUME~1\cs01\LOCALS~1\Temp\Adobelm_Cleanup.0001
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelZeroConfig] => F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [802816 2006-08-02] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
HKU\S-1-5-21-839522115-1788223648-1606980848-1003\...\Run: [NokiaSuite.exe] => F:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-839522115-1788223648-1606980848-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> F:\WINDOWS\system32\ssmypics.scr [47104 2008-04-14] (Microsoft Corporation)
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk [2015-02-04]
ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> F:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-839522115-1788223648-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = sn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-839522115-1788223648-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = sn.com/
HKU\S-1-5-21-839522115-1788223648-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?r...opt=0&ocid=iehp
URLSearchHook: [S-1-5-21-839522115-1788223648-1606980848-500] ATTENTION ==> Default URLSearchHook is missing.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "abou" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - F:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - F:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - F:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{733296FC-2256-403D-AC30-199FF5744DF5}: [NameServer] 8.8.8.8,8.8.84.4
FireFox:
========
FF ProfilePath: F:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vynjgxf6.default
FF Plugin: @adobe.com/FlashPlayer -> F:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll [2014-10-10] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> F:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> F:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-18] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> F:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin: @photodex.com/PhotodexPresenter -> F:\Program Files\Photodex Presenter\npPxPlay.dll [2015-03-21] ( )
FF Plugin: @videolan.org/vlc,version=2.1.5 -> F:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> F:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin HKU\S-1-5-21-839522115-1788223648-1606980848-1003: @tools.google.com/Google Update;version=3 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-839522115-1788223648-1606980848-1003: @tools.google.com/Google Update;version=9 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: F:\Program Files\mozilla firefox\plugins\npdivx32.dll [2007-01-03] (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: F:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2007-01-03] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: F:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-12-22]
FF HKU\S-1-5-21-839522115-1788223648-1606980848-1003\...\Firefox\Extensions: [[email protected]] - F:\Program Files\SM\FF
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; F:\WINDOWS\System32\6to4svc.dll [100864 2012-01-12] (Microsoft Corporation)
R2 ACS; F:\WINDOWS\system32\acs.exe [467028 2008-06-27] (Atheros) [File not signed]
R3 Adobe LM Service; F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2014-11-28] (Adobe Systems) [File not signed]
R2 EpsonScanSvc; F:\WINDOWS\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 EvtEng; F:\Program Files\Intel\Wireless\Bin\EvtEng.exe [434176 2006-08-02] (Intel Corporation) [File not signed]
R2 IISADMIN; F:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S4 JavaQuickStarterService; F:\Program Files\Java\jre7\bin\jqs.exe [181664 2014-07-21] (Oracle Corporation)
S3 jswpsapi; F:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [360547 2008-02-27] (Atheros Communications, Inc.) [File not signed]
S4 MBAMService; F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 Motorola Device Manager; F:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 MSFtpsvc; F:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S4 MyEpson Portal Service; F:\Program Files\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
S2 nv4_mini; F:\Program Files\NVIDIA GeForce Go 6600\nv4_mini.exe [32768 2011-08-17] (NVIDIA Corporation) [File not signed]
R2 RegSrvc; F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2006-08-02] (Intel Corporation) [File not signed]
S2 S24EventMonitor; F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [937984 2006-08-02] (Intel Corporation ) [File not signed]
S4 ScsiAccess; F:\Program Files\Photodex\ProShow Gold\ScsiAccess.exe [186760 2015-03-21] ()
S2 SMTPSVC; F:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 W3SVC; F:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AegisP; F:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2014-07-20] (Meetinghouse Data Communications) [File not signed]
R3 ALCXWDM; F:\WINDOWS\System32\drivers\ALCXWDM.SYS [2284864 2005-02-17] (Realtek Semiconductor Corp.)
S3 BrScnUsb; F:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 DNINDIS5; F:\WINDOWS\system32\DNINDIS5.SYS [17149 2003-07-24] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 DrvAgent32; F:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2014-08-30] (Phoenix Technologies) [File not signed]
R1 HWSCtrl; F:\Program Files\TOSHIBA\TOSHIBA Applet\HWS_IoDispatch.sys [6144 2004-12-11] () [File not signed]
R3 JSWSCIMD; F:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2008-10-01] (Atheros Communications, Inc.)
S3 MBAMProtector; F:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 mv61xxmm; F:\WINDOWS\system32\Drivers\mv61xxmm.sys [13616 2012-01-12] (Marvell Semiconductor Inc.)
R0 mv64xxmm; F:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2012-01-12] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; F:\WINDOWS\system32\Drivers\mvxxmm.sys [13616 2012-01-12] (Marvell Semiconductor Inc.)
S3 nm; F:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
S3 OlyUsbCam; F:\WINDOWS\System32\DRIVERS\OlyUsbCam.sys [21952 2007-01-12] (OLYMPUS IMAGING CORP.)
R0 PxHelp20; F:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-06-06] (Sonic Solutions) [File not signed]
R3 Rasirda; F:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R2 s24trans; F:\WINDOWS\System32\DRIVERS\s24trans.sys [12544 2006-08-02] (Intel Corporation) [File not signed]
R1 SASDIFSV; F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SMCIRDA; F:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)
R0 sptd; F:\WINDOWS\System32\Drivers\sptd.sys [717296 2014-07-28] () [File not signed]
R1 Tcpip6; F:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2012-01-12] (Microsoft Corporation)
U3 TrueSight; F:\WINDOWS\system32\drivers\TrueSight.sys [33512 2014-09-18] ()
R3 w29n51; F:\WINDOWS\System32\DRIVERS\w29n51.sys [2206720 2006-06-29] (Intel® Corporation)
S3 WN111v2; F:\WINDOWS\System32\DRIVERS\WN111v2.sys [601088 2010-04-20] (Atheros Communications, Inc.)
R3 WSIMD; F:\WINDOWS\System32\DRIVERS\wsimd.sys [57408 2007-12-14] (Atheros Communications, Inc.) [File not signed]
R3 yukonwxp; F:\WINDOWS\System32\DRIVERS\yk51x86.sys [224000 2005-02-17] (Marvell)
U3 ag17dxv9; F:\WINDOWS\system32\Drivers\ag17dxv9.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S2 DritekPortIO; \??\D:\fn-esse.temp\DPortIO.sys [X]
S4 IntelIde; No ImagePath
U5 TMUSB; F:\WINDOWS\System32\DRIVERS\TMUSBXP.SYS [49408 2014-03-19] (Seiko Epson Corporation)
U5 Tosrfusb; F:\Windows\System32\Drivers\Tosrfusb.sys [40192 2006-06-09] (TOSHIBA CORPORATION) [File not signed]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVC: # -> No Registry Path.
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-08 22:58 - 2015-05-08 22:58 - 00001071 _____ () F:\WINDOWS\setupapi.log
2015-05-08 21:18 - 2015-05-08 21:19 - 00001431 _____ () F:\WINDOWS\wmsetup.log
2015-05-01 18:55 - 2015-05-08 20:05 - 00000159 _____ () F:\WINDOWS\wiadebug.log
2015-05-01 18:55 - 2015-05-08 20:05 - 00000050 _____ () F:\WINDOWS\wiaservc.log
2015-05-01 18:55 - 2015-05-08 19:21 - 00032396 _____ () F:\WINDOWS\SchedLgU.Txt
2015-05-01 18:55 - 2015-05-04 23:32 - 00000000 _____ () F:\WINDOWS\Sti_Trace.log
2015-05-01 18:47 - 2015-05-08 20:06 - 00138548 _____ () F:\WINDOWS\WindowsUpdate.log
2015-05-01 17:22 - 2015-05-01 17:42 - 00000000 ____D () F:\Program Files\ophcrack
2015-05-01 17:22 - 2015-05-01 17:41 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\ophcrack
2015-05-01 16:40 - 2015-05-08 23:00 - 00000000 ____D () F:\FRST
2015-04-29 21:22 - 2015-04-29 21:22 - 00000000 ____D () F:\Documents and Settings\Administrator\Application Data\Mozilla
2015-04-29 21:16 - 2015-04-29 21:16 - 00000000 __SHD () F:\WINDOWS\CSC
2015-04-21 22:04 - 2015-04-21 22:04 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\ClubSanDisk
2015-04-13 21:43 - 2015-04-13 21:43 - 00000816 _____ () F:\Documents and Settings\All Users\Desktop\MyEpson Portal.lnk
2015-04-13 21:43 - 2015-04-13 21:43 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Epson Software
2015-04-10 22:19 - 2015-04-18 16:40 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\aTube Catcher
2015-04-10 22:19 - 2015-04-10 22:19 - 00000000 ____D () F:\Program Files\DsNET Corp1
2015-04-10 22:12 - 2015-04-18 16:41 - 00000049 _____ () F:\WINDOWS\system32\ScrRecX.log
2015-04-10 14:25 - 2015-04-10 14:25 - 00000767 _____ () F:\Documents and Settings\All Users\Start Menu\Programs\GIMP 2.lnk
2015-04-10 14:21 - 2015-04-10 14:25 - 00000000 ____D () F:\Program Files\GIMP 2
2015-04-09 12:58 - 2015-04-09 12:58 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
2015-04-09 12:40 - 2015-05-04 23:29 - 00000000 ____D () F:\Program Files\Trend Micro
2015-04-09 12:33 - 2015-04-09 12:33 - 00000104 _____ () F:\Documents and Settings\Administrator\Desktop\Shortcut to &Run....lnk
2015-04-09 12:28 - 2015-04-09 13:03 - 00000000 ____D () F:\Documents and Settings\Administrator\Desktop\New Folder
2015-04-08 23:26 - 2015-04-08 23:26 - 00000000 ____D () F:\Program Files\AVIcodec
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-08 22:36 - 2015-02-14 00:36 - 00000917 _____ () F:\WINDOWS\Tasks\EPSON WF-2630 Series Update {444695D3-F9DF-4246-84FF-64E6048E24CB}.job
2015-05-08 22:12 - 2014-11-28 20:03 - 00002315 _____ () F:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
2015-05-08 20:56 - 2014-07-04 18:18 - 00000000 ____D () F:\aggiorna
2015-05-08 20:55 - 2014-07-04 18:36 - 00000000 ____D () F:\temp
2015-05-08 20:25 - 2014-07-04 15:13 - 00000000 ____D () F:\WINDOWS\system32\inetsrv
2015-05-08 20:06 - 2005-01-27 00:07 - 00018880 _____ () F:\WINDOWS\system32\nvapps.xml
2015-05-08 20:05 - 2014-07-04 13:43 - 00000006 ____H () F:\WINDOWS\Tasks\SA.DAT
2015-05-08 19:21 - 2014-07-20 15:29 - 00524288 _____ () F:\WINDOWS\system32\config\ACS.evt
2015-05-07 22:03 - 2008-04-14 13:00 - 00002206 _____ () F:\WINDOWS\system32\wpa.dbl
2015-05-04 23:33 - 2014-07-21 19:15 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-05-04 23:32 - 2014-07-04 13:45 - 00000000 ____D () F:\Documents and Settings\cs01
2015-05-04 21:04 - 2014-07-23 23:53 - 00000202 _____ () F:\WINDOWS\NeroDigital.ini
2015-05-04 20:04 - 2014-07-04 15:20 - 00963852 _____ () F:\WINDOWS\system32\PerfStringBackup.INI
2015-05-01 18:45 - 2015-01-23 20:19 - 00000000 ____D () F:\Documents and Settings\Administrator
2015-04-29 21:23 - 2014-07-26 09:06 - 00000000 ____D () F:\Program Files\Mozilla Firefox
2015-04-29 17:23 - 2014-07-04 18:28 - 00000000 ____D () F:\c -steinberg
2015-04-28 10:07 - 2014-11-27 12:30 - 00000664 _____ () F:\WINDOWS\system32\d3d9caps.dat
2015-04-27 22:33 - 2008-04-14 13:00 - 00000647 _____ () F:\WINDOWS\win.ini
2015-04-27 22:33 - 2008-04-14 13:00 - 00000227 _____ () F:\WINDOWS\system.ini
2015-04-27 14:23 - 2014-12-04 14:27 - 00000000 ____D () F:\Vviu
2015-04-26 16:47 - 2014-07-04 19:06 - 00000000 ____D () F:\Program Files\eMule
2015-04-24 16:49 - 2014-07-04 18:17 - 00000000 ____D () F:\-- IMAGES --
2015-04-23 15:18 - 2015-03-06 13:37 - 00000000 ____D () F:\WINDOWS\Minidump
2015-04-15 22:48 - 2014-10-13 17:54 - 00000000 ____D () F:\Program Files\PanoramaStudio2Pro_new 264
2015-04-14 22:18 - 2014-07-20 15:46 - 00000000 ____D () F:\WINDOWS\system32\MRT
2015-04-14 22:17 - 2012-01-12 16:05 - 125832184 _____ (Microsoft Corporation) F:\WINDOWS\system32\mrt.exe
2015-04-14 18:13 - 2014-07-07 19:32 - 00000000 ____D () F:\Documents and Settings\not Utente Toshiba bye bye
2015-04-14 11:09 - 2015-02-11 20:41 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\EPSON
2015-04-13 22:20 - 2015-03-13 21:53 - 00000665 _____ () F:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
2015-04-13 21:43 - 2015-03-13 21:53 - 00000000 ____D () F:\Program Files\epson
2015-04-13 21:43 - 2015-02-07 19:45 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\EPSON
2015-04-13 21:42 - 2015-02-07 19:45 - 00000000 ____D () F:\Program Files\Epson Software
2015-04-13 21:42 - 2014-07-20 12:34 - 00000000 ___HD () F:\Program Files\InstallShield Installation Information
2015-04-13 12:48 - 2014-07-23 02:21 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Nokia
2015-04-13 12:48 - 2014-02-20 19:52 - 00001776 _____ () F:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk
2015-04-13 11:47 - 2014-07-04 15:13 - 00000000 ____D () F:\WINDOWS\Help
2015-04-09 12:58 - 2014-07-04 19:03 - 00000000 ____D () F:\Program Files\Spybot - Search & Destroy
2015-04-09 12:36 - 2014-07-04 19:03 - 00000000 ____D () F:\Program Files\RegCleaner
2015-04-09 12:34 - 2014-07-04 18:47 - 00000000 ____D () F:\Program Files\CCleaner
==================== Files in the root of some directories =======
2013-04-18 23:26 - 2001-01-22 12:38 - 0328704 _____ (Fusion) F:\Program Files\CDCheck.exe
2013-08-29 15:13 - 2013-08-29 15:20 - 0000242 _____ () F:\Program Files\CDCheck.ini
2015-04-09 12:33 - 2015-04-09 12:34 - 0005120 _____ () F:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Files to move or delete:
====================
F:\Documents and Settings\not Utente Toshiba bye bye\TempWmicBatchFile.bat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
F:\WINDOWS\explorer.exe => File is digitally signed
F:\WINDOWS\system32\winlogon.exe => File is digitally signed
F:\WINDOWS\system32\svchost.exe => File is digitally signed
F:\WINDOWS\system32\services.exe => File is digitally signed
F:\WINDOWS\system32\User32.dll => File is digitally signed
F:\WINDOWS\system32\userinit.exe => File is digitally signed
F:\WINDOWS\system32\rpcss.dll => File is digitally signed
F:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Addition log:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-05-2015 01
Ran by Administrator at 2015-05-08 23:02:02
Running from H:\Software utility 2015
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-839522115-1788223648-1606980848-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-839522115-1788223648-1606980848-1004 - Limited - Enabled)
cs01 (S-1-5-21-839522115-1788223648-1606980848-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\cs01
Guest (S-1-5-21-839522115-1788223648-1606980848-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-839522115-1788223648-1606980848-1000 - Limited - Disabled)
IUSR_CS1 (S-1-5-21-839522115-1788223648-1606980848-1007 - Limited - Enabled)
IWAM_CS1 (S-1-5-21-839522115-1788223648-1606980848-1008 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-839522115-1788223648-1606980848-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 8.0 Professional Edition (HKLM\...\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 8.00.706.4601 - ABBYY Software House)
Actify 3D Studio Importer (HKLM\...\{069E3FC0-7B8B-4D91-A930-5BE69FF85565}) (Version: 10.0.1014.1014 - Actify Inc.)
Actify AutoCAD Importer (HKLM\...\{7516DA6E-7C32-465F-8267-5E03B89B6891}) (Version: 10.0.1131.1131 - Actify Inc.)
Actify Catia V4 3D/2D Importer (HKLM\...\{BF0356CB-2E17-4948-ADE7-FF0B0EF2CFDE}) (Version: 10.0.1132.1132 - Actify Inc.)
Actify Catia V5 3D/2D Importer (HKLM\...\{D523AA9D-A881-4EBA-B5D7-2F14BA7A71A3}) (Version: 10.0.1138.1138 - Actify Inc.)
Actify HPGL Importer (HKLM\...\Actify HPGL Importer) (Version: - )
Actify Iges & VDA Importer (HKLM\...\{B7E50732-ED0F-4B9D-AF64-9BFDF7135EF0}) (Version: 10.0.1110.1110 - Actify Inc.)
Actify SpinFire Professional 8.3 (HKLM\...\{4CCA5CC4-2E59-4782-865B-886C0D248E6F}) (Version: 10.3.1212.1212 - Actify Inc.)
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update (HKLM\...\{AC76BA86-0000-7EC8-7489-000000000702}) (Version: 7.0.2 - Adobe Systems)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Advanced Fix 2014 version 2.1.3.85 (HKLM\...\{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1) (Version: 2.1.3.85 - Advanced Fix, Inc.)
Arles Image Web Page Creator 8.3.1 (HKLM\...\Arles Image Web Page Creator_is1) (Version: - )
Atheros Wireless LAN MiniPCI card Driver (HKLM\...\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}) (Version: - )
aTube Catcher version 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
AVIcodec (remove only) (HKLM\...\AVIcodec) (Version: - )
BitTorrent (HKU\S-1-5-21-839522115-1788223648-1606980848-1003\...\BitTorrent) (Version: 7.9.2.32241 - BitTorrent Inc.)
Bluetooth Monitor 2 (HKLM\...\{61539202-097E-487E-9237-B291AB56D54C}) (Version: 4.02.000 - TOSHIBA)
Brother MFL-Pro Suite (HKLM\...\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}) (Version: 1.00 - Brother Industries, Ltd.)
BurnAware Professional 3.4 (HKLM\...\BurnAware Professional_is1) (Version: - Burnaware Technologies)
CatiaV4 (HKLM\...\{3B21B5BC-0CBF-4AFC-B6B1-08CA54BDD8A1}) (Version: 11.0.1641.3 - Actify, Inc.)
CatiaV5 (HKLM\...\{E3D76F6E-C645-46EC-A0A2-DDDCE0A0F915}) (Version: 11.0.1642.4 - Actify, Inc.)
ClearProg 1.6.1 Beta 8 (HKLM\...\ClearProg) (Version: 1.6.1 Beta 8 - Sven Hoffman)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
DAEMON Tools Toolbar (HKLM\...\DAEMON Tools Toolbar) (Version: 1.0.0.2 - DT Soft Ltd) <==== ATTENTION
Directory Printer 4.1 (HKLM\...\Directory Printer_is1) (Version: - )
Dolphin Futures XPS Viewer version 1.1.0 (HKLM\...\{75480068-162F-4D6B-B38E-76606A4E5320}_is1) (Version: 1.1.0 - Dolphin Futures Limited)
EasyRecovery Professional (HKLM\...\InstallShield_{A8BB9906-E618-406A-B161-7383AFF46C39}) (Version: 6.03.04 - Ontrack Data International, Inc.)
EasyRecovery Professional (Version: 6.03.04 - Ontrack Data International, Inc.) Hidden
eMule Shell Extension (HKLM\...\{F32652D2-7A93-4769-B88F-504DA9AE50C5}) (Version: 1.0.3 - http://emule-project.net)
EncSpot Pro 2.1 beta 1 (HKLM\...\EncSpot Professional_is1) (Version: - GuerillaSoft)
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-2630 Series Printer Uninstall (HKLM\...\EPSON WF-2630 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Config V4 (HKLM\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.5.0 - SEIKO EPSON CORPORATION)
ExifCleaner 1.8 (HKLM\...\ExifCleaner) (Version: 1.8 - SuperUtils.com Software)
Faxalo v2.3 (HKLM\...\Faxalo) (Version: v2.3 - Faxalo)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKU\S-1-5-21-839522115-1788223648-1606980848-1003\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM\...\{CC016F21-3970-11DE-B878-005056806466}) (Version: 5.0.11733.9347 - Google)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)
Hugin 2013.0.0 (HKLM\...\Hugin) (Version: 2013.0.0 hg_0d404a7088e6 - The Hugin Development Team)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
IsoBuster 3.5 (HKLM\...\IsoBuster_is1) (Version: 3.5 - Smart Projects)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kolev RAW R14 (HKLM\...\Kolev RAW_is1) (Version: - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
mCore (Version: 7.05.0000 - Intel Corporation) Hidden
mDrWiFi (Version: 7.05.0000 - Intel Corporation) Hidden
mHelp (Version: 7.05.0000 - Intel) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2003 - Componenti Web (HKLM\...\{90A40410-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2003 Proofing Tools (HKLM\...\{901F0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110410-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mIWA (Version: 7.05.0000 - Intel Corporation) Hidden
mLogView (Version: 7.05.0000 - Intel Corporation) Hidden
mMHouse (Version: 7.05.0000 - Intel Corporation) Hidden
mobile PhoneTools (HKLM\...\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}) (Version: 3.25b 4/8/2005 - BVRP Software)
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MP3-Check (v1.0.41.0) (HKLM\...\MP3-Check_is1) (Version: 1.0.41.0 - AudioMoves)
MP3Test (HKLM\...\{BE802A6E-7F0D-4333-B45E-80F06C4DC59C}}_is1) (Version: 1.6.0.161 - Markus Stein)
mPfMgr (Version: 7.05.0000 - Intel Corporation) Hidden
mPfWiz (Version: 7.05.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
mWlsSafe (Version: 7.05.0000 - Intel) Hidden
mXML (Version: 7.05.0000 - Intel Corporation) Hidden
MyEpson Portal (HKLM\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
MyEpson Portal (Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
mZConfig (Version: 7.05.0000 - Intel Corporation) Hidden
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
ODT Viewer version 1.0 (HKLM\...\{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1) (Version: 1.0 - odtviewer.com)
OLYMPUS Digital Camera Updater (HKLM\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Raw Codec (HKLM\...\{5EA05D7F-5645-4068-A60F-0DCF8FBFD267}) (Version: 1.3.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Studio 2 (HKLM\...\{A4671483-7CAF-4375-A9C9-9A68A640ED75}) (Version: 1.0.7 - OLYMPUS IMAGING CORP.)
Opanda IExif 2.3 (HKLM\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)
Opanda PowerExif 1.2 Professional Trial (HKLM\...\Opanda PowerExif Professional Trial_is1) (Version: 1.2 - Opanda Studio)
ophcrack 3.6.0 (HKLM\...\ophcrack) (Version: 3.6.0 - OS Objectif Sécurité SA)
Pacchetto di compatibilità per Office System 2007 (HKLM\...\{90120000-0020-0410-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
PaperPort (HKLM\...\{71C97545-E547-4A8B-B0C8-61FF853270AC}) (Version: 9.02.0827 - ScanSoft, Inc.)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Photodex Presenter (HKLM\...\Photodex Presenter) (Version: - Photodex Corporation)
ProShow Gold (HKLM\...\ProShow Gold) (Version: - Photodex Corporation)
ProShow Producer (HKLM\...\ProShow Producer) (Version: - Photodex Corporation)
RangeMax Wireless-N USB Adapter WN111v2 (HKLM\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 3.0.0.5 - NETGEAR)
RAR Password Recovery Magic v6.1.1.393 (HKLM\...\RAR Password Recovery Magic_is1) (Version: - Password Recovery Magic Studio Ltd.)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Software Intel® PROSet/Wireless (HKLM\...\ProInst) (Version: 10.50.0000 - Intel Corporation)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Step (HKLM\...\{B3AF3EF1-065E-4420-B385-A5CA530D6A9A}) (Version: 11.0.1641.3 - Actify, Inc.)
Texas Instruments PCIxx21/x515 drivers. (HKLM\...\InstallShield_{73B2BC65-F997-4208-AEE5-CF8B809A3A71}) (Version: 1.15.0000 - Texas Instruments Inc.)
TIxx21/x515 (Version: 1.15.0000 - Texas Instruments Inc.) Hidden
TOSHIBA Fn-esse (HKLM\...\Fn-esse) (Version: 1.0.18.1227C - )
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.28.0.19C - TOSHIBA)
TweakNow RegCleaner Professional (HKLM\...\TweakNow RegCleaner Professional_is1) (Version: v3.8 - TweakNow.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WaveLab 6 (HKLM\...\WaveLabPro) (Version: 6.1.0.340 - Steinberg)
Wavpack4Wavelab6 (HKLM\...\{AB5668B8-1428-460F-AE02-999A598D6883}) (Version: 1.0.1 - RIL)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Driver Package - OLYMPUS IMAGING CORP. (OlyFirCam) OlyFirCam (06/28/2007 2.2.0.0) (HKLM\...\2CFDDBA03CBE225A1FA2032FE06674F0AF0549D0) (Version: 06/28/2007 2.2.0.0 - OLYMPUS IMAGING CORP.)
Windows Driver Package - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam (12/28/2006 1.0.0.0) (HKLM\...\1A6754C019F3AE544C346226BB63AC9BC7DACCDE) (Version: 12/28/2006 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows Support Tools (HKLM\...\{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}) (Version: 5.1.2600.5512 - Microsoft Corporation)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WN111v2 (Version: 3.0.0.5 - NETGEAR) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\GoogleUpdateO (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\GoogleUpdateO (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\GoogleUpdateO (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Chrome\Application\36.0.1985. (the data entry has 33 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{5F081689-CE7D-43E7-8B11-DAD99A4A96D6}\InprocServer32 -> F:\Program Files\eMule\eMuleShellExt.dll (http://emule-project.net)
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\npGoogleUpdate (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\npGoogleUpdate (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\GoogleUpdateO (the data entry has 20 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Update\1.3.26.7\psuser.dll No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-839522115-1788223648-1606980848-1003_Classes\CLSID\{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}\InprocServer32 -> F:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll (ABBYY Software)
==================== Restore Points =========================
25-04-2015 12:37:38 System Checkpoint
26-04-2015 13:38:02 System Checkpoint
27-04-2015 14:42:54 System Checkpoint
28-04-2015 16:35:31 System Checkpoint
29-04-2015 18:41:03 System Checkpoint
01-05-2015 12:03:42 System Checkpoint
02-05-2015 13:26:06 System Checkpoint
03-05-2015 13:35:53 System Checkpoint
08-05-2015 20:25:27 System Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2008-04-14 13:00 - 2015-04-10 17:18 - 00000768 ____A F:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: F:\WINDOWS\Tasks\EPSON WF-2630 Series Update {444695D3-F9DF-4246-84FF-64E6048E24CB}.job => F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TTSMDE.EXE:/EXE:{444695D3-F9DF-4246-84FF-64E6048E24CB} /F:UpdateSYSTEM
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Loaded Modules (whitelisted) ==============
2006-08-02 00:24 - 2006-08-02 00:24 - 00348160 _____ () F:\Program Files\Intel\Wireless\Bin\IntStngs.dll
2014-07-27 03:52 - 2002-11-26 14:43 - 00106496 _____ () F:\WINDOWS\system32\BrMuSNMP.dll
2006-08-02 00:24 - 2006-08-02 00:24 - 00348160 _____ () F:\Program Files\Intel\Wireless\bin\IntStngs.dll
2014-07-26 09:06 - 2014-07-26 09:07 - 03800688 _____ () F:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: F:\.DS_Store:AFP_AfpInfo
AlternateDataStreams: F:\Documents and Settings\All Users\Application Data\TEMP:24C8262A
AlternateDataStreams: F:\Documents and Settings\not Utente Toshiba bye bye\Application Data\TEMP:24C8262A
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7841 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-839522115-1788223648-1606980848-1003\Control Panel\Desktop\\Wallpaper -> F:\Documents and Settings\cs01\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
DNS Servers: 8.8.8.8 - 8.8.84.4
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: BrMfcWnd => F:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => F:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: HWSetup => F:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
MSCONFIG\startupreg: IntelWireless => "F:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
MSCONFIG\startupreg: MSConfig => F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
StandardProfile\AuthorizedApplications: [F:\Program Files\eMule\emule.exe] => Enabled:eMule
StandardProfile\AuthorizedApplications: [F:\DOCUME~1\cs01\LOCALS~1\Temp\svchost.exe] => Enabled:736201524A4FAB70
StandardProfile\AuthorizedApplications: [F:\Program Files\BitTorrent\bittorrent.exe] => Enabled:BitTorrent
StandardProfile\AuthorizedApplications: [F:\Program Files\VideoLAN\VLC\vlc.exe] => Disabled:VLC media player 2.1.5
StandardProfile\AuthorizedApplications: [F:\Documents and Settings\cs01\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [F:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [F:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE] => Enabled:OUTLOOK.EXE
StandardProfile\AuthorizedApplications: [F:\Program Files\Epson Software\ECPrinterSetup\ENPApp.exe] => Enabled:Epson Connect Printer Setup
StandardProfile\AuthorizedApplications: [F:\Program Files\EpsonNet\EpsonNet Config V4\ENConfig.exe] => Enabled:EpsonNet Config
StandardProfile\AuthorizedApplications: [C:\SkypePortable\App\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [F:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [F:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe] => Enabled:aTube Catcher
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [3389:TCP] => Disabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [4662:TCP] => Enabled:emule 1
StandardProfile\GloballyOpenPorts: [4672:UDP] => Enabled:emule 0
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Nokia N95
Description: Nokia N95
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/08/2015 10:56:12 PM) (Source: Userenv) (EventID: 1505) (User: CS1)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.
DETAIL - Access is denied.
Error: (05/02/2015 08:59:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (05/02/2015 08:59:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 31.0.0.5310, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (05/01/2015 10:47:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (05/01/2015 10:47:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 31.0.0.5310, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (05/01/2015 06:39:11 PM) (Source: Userenv) (EventID: 1505) (User: CS1)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.
DETAIL - Access is denied.
Error: (05/01/2015 05:31:22 PM) (Source: Userenv) (EventID: 1505) (User: CS1)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.
DETAIL - Access is denied.
Error: (04/30/2015 00:44:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (04/30/2015 00:44:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 31.0.0.5310, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (04/29/2015 09:17:43 PM) (Source: Userenv) (EventID: 1505) (User: CS1)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.
DETAIL - Access is denied.
System errors:
=============
Error: (05/08/2015 08:07:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
Error: (05/08/2015 08:06:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/08/2015 08:06:35 PM) (Source: DCOM) (EventID: 10005) (User: CS1)
Description: DCOM got error "%%1058" attempting to start the service ServiceLayer with arguments ""
in order to run the server:
{ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error: (05/08/2015 08:06:30 PM) (Source: DCOM) (EventID: 10005) (User: CS1)
Description: DCOM got error "%%1058" attempting to start the service ServiceLayer with arguments ""
in order to run the server:
{ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error: (05/08/2015 08:06:12 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for F:\WINDOWS\system32\alsndmgr.cpl.
Reference error message: The operation completed successfully.
.
Error: (05/08/2015 08:06:12 PM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "Manifest Parse Error : An Invalid character was found in text content.
1" on line Manifest Parse Error : An Invalid character was found in text content.
2.
Error: (05/08/2015 08:06:09 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for F:\WINDOWS\system32\alsndmgr.cpl.
Reference error message: The operation completed successfully.
.
Error: (05/08/2015 08:06:09 PM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "Manifest Parse Error : An Invalid character was found in text content.
1" on line Manifest Parse Error : An Invalid character was found in text content.
2.
Error: (05/08/2015 08:05:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Simple Mail Transfer Protocol (SMTP) service terminated with the following error:
%%3
Error: (05/08/2015 08:05:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The FTP Publishing service terminated with the following error:
%%3
Microsoft Office Sessions:
=========================
Error: (05/08/2015 10:56:12 PM) (Source: Userenv) (EventID: 1505) (User: CS1)
Description: Access is denied.
Error: (05/02/2015 08:59:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.5310mozalloc.dll31.0.0.53100000141b
Error: (05/02/2015 08:59:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe31.0.0.5310hungapp0.0.0.000000000
Error: (05/01/2015 10:47:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.5310mozalloc.dll31.0.0.53100000141b
Error: (05/01/2015 10:47:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe31.0.0.5310hungapp0.0.0.000000000
Error: (05/01/2015 06:39:11 PM) (Source: Userenv) (EventID: 1505) (User: CS1)
Description: Access is denied.
Error: (05/01/2015 05:31:22 PM) (Source: Userenv) (EventID: 1505) (User: CS1)
Description: Access is denied.
Error: (04/30/2015 00:44:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.5310mozalloc.dll31.0.0.53100000141b
Error: (04/30/2015 00:44:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe31.0.0.5310hungapp0.0.0.000000000
Error: (04/29/2015 09:17:43 PM) (Source: Userenv) (EventID: 1505) (User: CS1)
Description: Access is denied.
==================== Memory info ===========================
Processor: Intel® Pentium® M processor 1.73GHz
Percentage of memory in use: 75%
Total physical RAM: 1022.42 MB
Available physical RAM: 254.58 MB
Total Pagefile: 2462.05 MB
Available Pagefile: 1915.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.06 MB
==================== Drives ================================
Drive d: (copy 5-2013) (CDROM) (Total:3.19 GB) (Free:0 GB) CDFS
Drive f: () (Fixed) (Total:124.33 GB) (Free:43.7 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive h: ([email protected]) (Fixed) (Total:24.72 GB) (Free:4.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: CE86A13E)
Partition 1: (Active) - (Size=124.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=24.7 GB) - (Type=05)
==================== End Of Log ============================