Fix result of Farbar Recovery Scan Tool (x86) Version:13-04-2016 Ran by Lorenzo (2016-04-16 11:35:40) Run:2 Running from C:\Users\Lorenzo\Desktop Loaded Profiles: Lorenzo (Available Profiles: Lorenzo) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorepoint: CloseProcesses: HKU\S-1-5-21-876290123-1069262905-1525467173-1001\...\MountPoints2: {ee9cc711-6faf-11e5-a25b-806e6f6e6963} - D:\setup.exe FF HKU\S-1-5-21-876290123-1069262905-1525467173-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => not found S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-04-15] () S4 eapihdrv; \??\C:\Users\Lorenzo\AppData\Local\Temp\ehdrv.sys [X] C:\Windows\system32\Drivers\EsgScanner.sys C:\Users\Lorenzo\AppData\Local\Temp\ehdrv.sys C:\Users\Lorenzo\Downloads\[opensource] IDM trial reset.rar C:\Kill'em C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Users\Lorenzo\AppData\Local\Temp\* reg: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install" /s cmd: ipconfig /flushdns cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on cmd: bitsadmin /reset /allusers cmd: del /f /q /s "C:\*-!RecOveR!-*.*" RemoveProxy: Emptytemp: ***************** Restore point was successfully created. Processes closed successfully. HKU\S-1-5-21-876290123-1069262905-1525467173-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee9cc711-6faf-11e5-a25b-806e6f6e6963} => key not found. HKCR\CLSID\{ee9cc711-6faf-11e5-a25b-806e6f6e6963} => key not found. HKU\S-1-5-21-876290123-1069262905-1525467173-1001\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc2@internetdownloadmanager.com => value not found. EsgScanner => service not found. eapihdrv => service not found. "C:\Windows\system32\Drivers\EsgScanner.sys" => not found. "C:\Users\Lorenzo\AppData\Local\Temp\ehdrv.sys" => not found. "C:\Users\Lorenzo\Downloads\[opensource] IDM trial reset.rar" => not found. "C:\Kill'em" => not found. "C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat" => not found. =========== "C:\Users\Lorenzo\AppData\Local\Temp\*" ========== Could not move "C:\Users\Lorenzo\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot. ========= End -> "C:\Users\Lorenzo\AppData\Local\Temp\*" ======== ========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install LastSuccessTime REG_SZ 2015-10-11 01:02:33 LastError REG_DWORD 0x0 ========= End of Reg: ========= ========= ipconfig /flushdns ========= Configuration IP de Windows Cache de r‚solution DNS vid‚. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state on ========= Ok. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= ========= del /f /q /s "C:\*-!RecOveR!-*.*" ========= Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\-!RecOveR!-cvuxo++.Htm Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\-!RecOveR!-cvuxo++.Png Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\-!RecOveR!-dwjrf++.Htm Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\-!RecOveR!-dwjrf++.Png Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\-!RecOveR!-npnwl++.Htm Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\-!RecOveR!-npnwl++.Png Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\-!RecOveR!-vryss++.Htm Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\-!RecOveR!-vryss++.Png Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\-!RecOveR!-yuidg++.Htm Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\-!RecOveR!-yuidg++.Png Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\-!RecOveR!-cvuxo++.Htm Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\-!RecOveR!-cvuxo++.Png Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\-!RecOveR!-dwjrf++.Htm Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\-!RecOveR!-dwjrf++.Png Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\-!RecOveR!-npnwl++.Htm Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\-!RecOveR!-npnwl++.Png Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\-!RecOveR!-vryss++.Htm Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\-!RecOveR!-vryss++.Png Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\-!RecOveR!-yuidg++.Htm Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\-!RecOveR!-yuidg++.Png Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\-!RecOveR!-cvuxo++.Htm Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\-!RecOveR!-cvuxo++.Png Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\-!RecOveR!-dwjrf++.Htm Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\-!RecOveR!-dwjrf++.Png Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\-!RecOveR!-npnwl++.Htm Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\-!RecOveR!-npnwl++.Png Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\-!RecOveR!-vryss++.Htm Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\-!RecOveR!-vryss++.Png Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\-!RecOveR!-yuidg++.Htm Fichier supprim‚ - C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\-!RecOveR!-yuidg++.Png ========= End of CMD: ========= ========= RemoveProxy: ========= HKU\S-1-5-21-876290123-1069262905-1525467173-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully. HKU\S-1-5-21-876290123-1069262905-1525467173-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully. ========= End of RemoveProxy: ========= EmptyTemp: => 1.6 GB temporary data Removed. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-16 11:38:58) C:\Users\Lorenzo\AppData\Local\Temp\FXSAPIDebugLogFile.txt => is moved successfully ==== End of Fixlog 11:38:58 ====