Solved unkown device : ROOT\LEGACY_NPF\0000

April 1, 2015 at 08:58:25
Specs: Windows XP pro SP3, 1.81 Hz / 2 GB
Hello.

In "device manager" I see an unknown device with this Id : ROOT\LEGACY_NPF\0000 (plus other references,see next):
http://tinyurl.com/lzgqz2h

And in "information system" :
http://tinyurl.com/l9udv4a

Carefully I desactivated this device.
For now I prefere not uninstall this device because with this desactivation I known where I can find this device and I can still see these features.
This device corresponds to nothing about my installation (hardware and software), so I think.
And with this device disabled my pc run normally as before.

Infection or simple problem ?
Does anyone could help me (with a ZHPDiag or a HiJackThis rapport for exemple) for this problem and if necessary tell me how properly eradicate this unknown device from my PC ?

Some precisions :
My system : windows XP pro - SP3
My antivirus (Comodo), adwcleaner and malwarebytes didn't find anything.
My PC runs well (excepted sometimes for some slowing down but I think this is due to my configuration --> processor : 1,81 Hz / RAM : 2 Go).

Thanks for your support.

message edited by craumt


See More: unkown device : ROOT\LEGACY_NPF\0000

Report •

#1
April 1, 2015 at 10:13:24
Refer to this solved thread, same problem:
http://www.computing.net/answers/se...

Report •

#2
April 1, 2015 at 13:39:16
✔ Best Answer
http://www.computing.net/answers/se...
After finishing the above, I can check these logs.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#3
April 1, 2015 at 14:45:39
Probably too simple but have you tried Uninstalling this errored item from Device Manager then restarting the computer?

Provided you do not let it uninstall "software" (if it should ask) then, if it is a valid device, it will pick up the software anew when you restart. Uninstall in Device Manger does not rip out the software - just breaks the links to it until a device needs it.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

Related Solutions

#4
April 2, 2015 at 01:06:36
Hello Derek

For the moment, don't knowing the type of this device, I prefer to keep it disabled.

Thanks for your attention.

message edited by craumt


Report •

#5
April 2, 2015 at 01:56:15
Hello Johnw

here the HijackThis report :

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 09:36:47, on 02/04/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 36.0.4 (x86 fr)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\--- PETERQUILL\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MiPony\MiPony.exe
D:\--- PETERQUILL\PaperCut NG\server\bin\win\pc-server.exe
D:\--- PETERQUILL\SpeedFan\speedfan.exe
D:\--- PETERQUILL\PaperCut NG\providers\print\win\pc-print.exe
D:\--- PETERQUILL\PaperCut NG\runtime\jre\bin\pc-app.exe
D:\--- PETERQUILL\PaperCut NG\providers\web-print\win\pc-web-print.exe
C:\WINDOWS\system32\svchost.exe
D:\--- PETERQUILL\UPHClean\uphclean.exe
D:\--- PETERQUILL\COMODO\COMODO Internet Security\CisTray.exe
D:\--- PETERQUILL\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\Mozilla Firefox\----foxBoost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\--- PETERQUILL\Winamp\winamp.exe
E:\__SAUVEGARDES DIVERSES\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O4 - HKLM\..\Run: [COMODO Internet Security] D:\--- PETERQUILL\COMODO\COMODO Internet Security\cistray.exe
O4 - HKCU\..\Run: [GUDelayStartup] "D:\--- PETERQUILL\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\Run: [MiponyAutoRun] C:\Program Files\MiPony\MiPony.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: speedfan.lnk = D:\--- PETERQUILL\SpeedFan\speedfan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/p...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2626BD04-D3A6-45CE-93C1-DDB2F7C86B6E}: NameServer = 208.67.222.220,208.67.222.222
O20 - AppInit_DLLs: c:\windows\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - D:\--- PETERQUILL\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - D:\--- PETERQUILL\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\--- PETERQUILL\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PaperCut Application Server (PCAppServer) - Unknown owner - D:\--- PETERQUILL\PaperCut NG\server\bin\win\pc-server.exe
O23 - Service: PaperCut Print Provider (PCPrintProvider) - PaperCut Software International Pty Ltd - D:\--- PETERQUILL\PaperCut NG\providers\print\win\pc-print.exe
O23 - Service: PaperCut Web Print Server (PCWebPrint) - PaperCut Software International Pty Ltd - D:\--- PETERQUILL\PaperCut NG\providers\web-print\win\pc-web-print.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows (R) Codename Longhorn DDK provider - D:\--- PETERQUILL\UPHClean\uphclean.exe

--
End of file - 5836 bytes

--------------

Now the FRST file : http://cjoint.com/?0DclbH45ZDP
and the addition file : http://cjoint.com/?0DclcVrgk2z

Thanks for your attention and your job.

message edited by craumt


Report •

#6
April 2, 2015 at 02:47:51
Thanks craumt, I shall be back in about 20mins.

message edited by Johnw


Report •

#7
April 2, 2015 at 03:48:11
Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
HKU\S-1-5-21-1659004503-484061587-725345543-1004\...\MountPoints2: {18c856c7-833d-11e2-889c-0025221d8554} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup\amd64\Setup.exe
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1659004503-484061587-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1659004503-484061587-725345543-1004 -> {E83DB82C-B968-424F-A808-CE0ECFDA81A4} URL = https://www.google.com/search?q={se...
FF Homepage: https://mail.yahoo.com/;_ylt=A2KLtc... | hxxp://www.meteofrance.com/previsions-meteo-france/toulouse/31000 | hxxp://television.telerama.fr/tele/grille.php | hxxp://www.galys-evaluation-sensorielle.fr/services/planning.aspx
S4 IntelIde; No ImagePath
S0 nhsupbl; System32\drivers\kpntaw.sys [X]
U1 WS2IFSL; No ImagePath
2015-04-02 10:14 - 2012-12-08 02:37 - 00000000 ____D () C:\Documents and Settings\moi6name\Local Settings\Temp
2012-12-08 15:32 - 2015-01-23 00:27 - 0052224 _____ () C:\Documents and Settings\moi6name\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-08 20:08 - 2012-12-08 20:08 - 0000131 _____ () C:\Documents and Settings\moi6name\Local Settings\Application Data\fusioncache.dat
C:\Documents and Settings\moi6name\Local Settings\Temp\ICReinstall_Mipony-Installer.2.2.2.exe
C:\Documents and Settings\moi6name\Local Settings\Temp\ICReinstall_Mipony-Installer.2.2.3.exe
C:\Documents and Settings\moi6name\Local Settings\Temp\sfamcc00001.dll
C:\Documents and Settings\moi6name\Local Settings\Temp\sfareca00001.dll
2015-03-25 22:01 - 2015-04-02 08:14 - 00158720 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\sfareca00001.dll
2015-01-28 19:32 - 2015-04-02 08:14 - 00192512 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\sfamcc00001.dll
2015-04-02 08:27 - 2015-04-02 08:27 - 00011264 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\auth.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00062976 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\burnlib.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00014336 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\dsp_sps.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00009728 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_aacplus.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00006656 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_fhgaac.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_flac.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_flake.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00005632 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_lame.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_vorbis.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_wav.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00006656 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_wma.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00014848 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_classicart.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00007680 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_crasher.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00018944 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_dropbox.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00022016 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_ff.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_find_on_disk.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00010752 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_hotkeys.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00044544 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_jumpex.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00020480 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_ml.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00009216 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_nopro.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00007168 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_orgler.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00011776 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_skinmanager.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00009728 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_timerestore.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00007680 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_tray.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00010752 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_undo.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00005120 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_avi.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00014848 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_cdda.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00007168 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_dshow.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00005632 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_flac.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00003584 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_flv.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_linein.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00020992 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_midi.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004608 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_mkv.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00018432 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_mod.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00022528 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_mp3.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004608 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_mp4.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00011776 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_nsv.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00003584 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_swf.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00011264 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_vorbis.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00006656 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_wav.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00005632 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_wave.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00014848 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_wm.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00003584 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_addons.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00007168 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_autotag.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00005120 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_bookmarks.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00005120 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_dash.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00008192 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_devices.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00047104 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_disc.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00009216 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_downloads.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004608 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_enqplay.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00008192 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_history.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00005120 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_impex.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00053760 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_local.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_nowplaying.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00014848 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_online.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00003584 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_orb.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00012800 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_playlists.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00012800 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_plg.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00041984 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_pmp.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00005120 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_rg.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00007680 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_transcode.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00014336 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_wire.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00010240 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ombrowser.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00006656 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\out_disk.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00016384 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\out_ds.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00007680 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\out_wave.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00003072 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\playlist.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004608 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_activesync.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00011264 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_android.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00006656 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_ipod.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00003584 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_njb.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_p4s.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00010752 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_usb.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00031232 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_wifi.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00006144 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\tagz.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00159232 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\vis_milk2.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00007680 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\vis_nsfs.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00181248 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\winamp.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\winampa.lng
AlternateDataStreams: C:\WINDOWS\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcp100.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCWizard.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\acgenral.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\aclayers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\acspecfc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\acxtrnal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\admin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\admin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\admwprox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\adsiis51.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ahui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\author.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\author.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\certwiz.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\cfgwiz.exe:$CmdTcID

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#8
April 2, 2015 at 07:52:27
"I prefer to keep it uninstalled"
Yes, I do understand that but as I implied this is quite different to a program uninstall in Programs & Features. In Device Manager it leaves the software in place but simply unhooks the setup for the device - the use of their word Uninstall in this situation is a bit misleading. When you restart it finds this device in the same way as it does for any new device. It then finds the software and sets it up afresh to the device again. Sometimes this sorts things out (if it is a valid device) or it will remove the error if it is false, or it won't help at all and leave you exactly where you were. Just explaining.

Always pop back and let us know the outcome - thanks


Report •

#9
April 3, 2015 at 14:18:45
Hello Derek.

Thanks for your useful precision.

message edited by craumt


Report •

#10
April 3, 2015 at 14:55:22
Hello Johnw .

Sorry for the delay.

Here the Fixlog :

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by moi6name at 2015-04-03 23:20:37 Run:1
Running from E:\__SAUVEGARDES DIVERSES\Desktop
Loaded Profiles: moi6name (Available profiles: moi6name & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
HKU\S-1-5-21-1659004503-484061587-725345543-1004\...\MountPoints2: {18c856c7-833d-11e2-889c-0025221d8554} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup\amd64\Setup.exe
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1659004503-484061587-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1659004503-484061587-725345543-1004 -> {E83DB82C-B968-424F-A808-CE0ECFDA81A4} URL = https://www.google.com/search?q={se...
FF Homepage: https://mail.yahoo.com/;_ylt=A2KLtc... | hxxp://www.meteofrance.com/previsions-meteo-france/toulouse/31000 | hxxp://television.telerama.fr/tele/grille.php | hxxp://www.galys-evaluation-sensorielle.fr/services/planning.aspx
S4 IntelIde; No ImagePath
S0 nhsupbl; System32\drivers\kpntaw.sys [X]
U1 WS2IFSL; No ImagePath
2015-04-02 10:14 - 2012-12-08 02:37 - 00000000 ____D () C:\Documents and Settings\moi6name\Local Settings\Temp
2012-12-08 15:32 - 2015-01-23 00:27 - 0052224 _____ () C:\Documents and Settings\moi6name\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-08 20:08 - 2012-12-08 20:08 - 0000131 _____ () C:\Documents and Settings\moi6name\Local Settings\Application Data\fusioncache.dat
C:\Documents and Settings\moi6name\Local Settings\Temp\ICReinstall_Mipony-Installer.2.2.2.exe
C:\Documents and Settings\moi6name\Local Settings\Temp\ICReinstall_Mipony-Installer.2.2.3.exe
C:\Documents and Settings\moi6name\Local Settings\Temp\sfamcc00001.dll
C:\Documents and Settings\moi6name\Local Settings\Temp\sfareca00001.dll
2015-03-25 22:01 - 2015-04-02 08:14 - 00158720 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\sfareca00001.dll
2015-01-28 19:32 - 2015-04-02 08:14 - 00192512 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\sfamcc00001.dll
2015-04-02 08:27 - 2015-04-02 08:27 - 00011264 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\auth.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00062976 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\burnlib.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00014336 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\dsp_sps.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00009728 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_aacplus.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00006656 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_fhgaac.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_flac.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_flake.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00005632 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_lame.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_vorbis.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_wav.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00006656 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_wma.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00014848 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_classicart.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00007680 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_crasher.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00018944 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_dropbox.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00022016 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_ff.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_find_on_disk.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00010752 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_hotkeys.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00044544 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_jumpex.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00020480 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_ml.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00009216 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_nopro.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00007168 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_orgler.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00011776 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_skinmanager.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00009728 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_timerestore.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00007680 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_tray.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00010752 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_undo.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00005120 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_avi.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00014848 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_cdda.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00007168 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_dshow.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00005632 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_flac.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00003584 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_flv.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_linein.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00020992 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_midi.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004608 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_mkv.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00018432 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_mod.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00022528 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_mp3.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004608 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_mp4.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00011776 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_nsv.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00003584 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_swf.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00011264 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_vorbis.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00006656 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_wav.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00005632 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_wave.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00014848 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_wm.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00003584 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_addons.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00007168 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_autotag.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00005120 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_bookmarks.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00005120 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_dash.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00008192 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_devices.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00047104 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_disc.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00009216 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_downloads.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004608 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_enqplay.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00008192 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_history.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00005120 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_impex.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00053760 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_local.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_nowplaying.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00014848 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_online.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00003584 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_orb.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00012800 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_playlists.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00012800 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_plg.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00041984 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_pmp.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00005120 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_rg.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00007680 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_transcode.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00014336 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_wire.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00010240 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ombrowser.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00006656 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\out_disk.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00016384 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\out_ds.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00007680 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\out_wave.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00003072 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\playlist.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004608 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_activesync.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00011264 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_android.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00006656 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_ipod.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00003584 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_njb.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_p4s.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00010752 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_usb.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00031232 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_wifi.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00006144 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\tagz.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00159232 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\vis_milk2.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00007680 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\vis_nsfs.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00181248 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\winamp.lng
2015-04-02 08:27 - 2015-04-02 08:27 - 00004096 _____ () C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\winampa.lng
AlternateDataStreams: C:\WINDOWS\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcp100.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCWizard.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\aaclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\acgenral.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\aclayers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\acspecfc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\acxtrnal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\admin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\admin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\admwprox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\adsiis51.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ahui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\author.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\author.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\certwiz.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\cfgwiz.exe:$CmdTcID
*****************

Processes closed successfully.
"HKU\S-1-5-21-1659004503-484061587-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18c856c7-833d-11e2-889c-0025221d8554}" => Key deleted successfully.
HKCR\CLSID\{18c856c7-833d-11e2-889c-0025221d8554} => Key not found.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1659004503-484061587-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1659004503-484061587-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E83DB82C-B968-424F-A808-CE0ECFDA81A4}" => Key deleted successfully.
HKCR\CLSID\{E83DB82C-B968-424F-A808-CE0ECFDA81A4} => Key not found.
Firefox homepage deleted successfully.
IntelIde => Service deleted successfully.
nhsupbl => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\Documents and Settings\moi6name\Local Settings\Temp => Moved successfully.
C:\Documents and Settings\moi6name\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Documents and Settings\moi6name\Local Settings\Application Data\fusioncache.dat => Moved successfully.
"C:\Documents and Settings\moi6name\Local Settings\Temp\ICReinstall_Mipony-Installer.2.2.2.exe" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\ICReinstall_Mipony-Installer.2.2.3.exe" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\sfamcc00001.dll" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\sfareca00001.dll" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\sfareca00001.dll" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\sfamcc00001.dll" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\auth.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\burnlib.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\dsp_sps.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_aacplus.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_fhgaac.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_flac.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_flake.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_lame.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_vorbis.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_wav.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\enc_wma.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_classicart.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_crasher.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_dropbox.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_ff.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_find_on_disk.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_hotkeys.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_jumpex.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_ml.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_nopro.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_orgler.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_skinmanager.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_timerestore.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_tray.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\gen_undo.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_avi.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_cdda.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_dshow.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_flac.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_flv.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_linein.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_midi.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_mkv.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_mod.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_mp3.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_mp4.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_nsv.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_swf.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_vorbis.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_wav.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_wave.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\in_wm.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_addons.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_autotag.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_bookmarks.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_dash.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_devices.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_disc.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_downloads.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_enqplay.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_history.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_impex.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_local.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_nowplaying.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_online.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_orb.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_playlists.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_plg.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_pmp.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_rg.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_transcode.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ml_wire.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\ombrowser.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\out_disk.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\out_ds.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\out_wave.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\playlist.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_activesync.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_android.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_ipod.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_njb.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_p4s.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_usb.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\pmp_wifi.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\tagz.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\vis_milk2.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\vis_nsfs.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\winamp.lng" => File/Directory not found.
"C:\Documents and Settings\moi6name\Local Settings\Temp\WLZD22A.tmp\winampa.lng" => File/Directory not found.
"C:\WINDOWS\system32\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\MRT.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\msvcp100.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\PCWizard.cpl" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\aaclient.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\acgenral.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\aclayers.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\acspecfc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\acxtrnal.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\admin.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\admin.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\admwprox.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\adsiis51.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\ahui.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\apphelp.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\asycfilt.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\atmlib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\author.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\author.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\azroles.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\bitsprx4.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\certwiz.ocx" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\cfgmgr32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\dllcache\cfgwiz.exe" => ":$CmdTcID" ADS not found.
EmptyTemp: => Removed 3.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog 23:20:53 ====

One question : 3 services have been deleted (IntelIde, nhsupbl, WS2IFSL), is it dangerous for my pc ?
I precise my pc, up to now, runs perfectly.


Report •

#11
April 3, 2015 at 15:39:39
"One question : 3 services have been deleted (IntelIde, nhsupbl, WS2IFSL), is it dangerous for my pc ?"
No idea, any problems you get, we can fix.

Run CCleaner.
Follow these SS (screenshot) steps.
http://i.imgur.com/M9vk9yD.gif
http://i.imgur.com/OT28avu.gif
http://i.imgur.com/Jp2RAp7.gif
http://i.imgur.com/DMvKRE2.gif
http://i.imgur.com/k1XAHoO.gif
http://i.imgur.com/HbOGSq4.gif

Do you still have this issue? > unkown device : ROOT\LEGACY_NPF\0000


Report •

#12
April 4, 2015 at 10:45:33
Hello Johnw.

Yes I still have " unkown device : ROOT\LEGACY_NPF\0000".
And it is still disabled.
Do you want me trying to uninstall this device ?

Thanks


Report •

#13
April 4, 2015 at 10:55:08
Hello Derek.

I do a little mistake in my fourth message : I wrote I prefer to keep it uninstalled but in real my device is disabled.
I edited my message for the correction.

Thanks for your attention


Report •

#14
April 4, 2015 at 15:41:23
"Yes I still have " unkown device : ROOT\LEGACY_NPF\0000".
And it is still disabled.
Do you want me trying to uninstall this device ?"
Yes please.

Next step.
Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#15
April 5, 2015 at 04:12:29
I uninstalled the device without problem and it didn't come back with the next boot.

Here the JRT log :


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Microsoft Windows XP x86
Ran by moi6name on 05/04/2015 at 11:58:57,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/04/2015 at 12:12:45,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Is wininit.ini not a important file for the proper functioning of windows ?


Report •

#16
April 5, 2015 at 05:14:29
"Is wininit.ini not a important file for the proper functioning of windows ?"
wininit.exe is the important one.

If you haven't got any problems, that is all you have to worry about.

Do you have any issues?


Report •

#17
April 5, 2015 at 05:48:28
Next step.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Anything that is not checked, leave it unchecked.
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

#18
April 5, 2015 at 10:35:33
Hello Johnw.

1) No, my Pc don't have any issues (it's a good job !)

2) About Run RogueKiller :
- I don't know if it's important but only the old GUI from Run RogueKiller can run (it is the same version as the latest update for this program).
- For your info, at the end ("scan finished") I didn't have any checked lines but I have 5 orange lines :
http://img15.hostingpics.net/pics/9...
- And the Run RogueKiller report :

RogueKiller V10.5.8.0 [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/fr/logiciels/...
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : moi6name [Admin rights]
Started from : E:\__SAUVEGARDES DIVERSES\Desktop\RogueKiller_old.exe
Mode : Remove -- Date : 04/05/2015 19:13:39

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} (C:\WINDOWS\system32\AudFile.dll) -> NOT SELECTED
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 (\??\D:\---

PETERQUILL\Unlocker\UnlockerDriver5.sys) -> NOT SELECTED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1659004503-484061587-725345543-1004

\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> NOT SELECTED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1659004503-484061587-725345543-1004

\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> NOT SELECTED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1659004503-484061587-725345543-1004

\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> NOT SELECTED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1659004503-484061587-725345543-1004

\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> NOT SELECTED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1659004503-484061587-725345543-1004

\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> NOT SELECTED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1659004503-484061587-725345543-1004

\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2 -> NOT SELECTED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1659004503-484061587-725345543-1004

\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel |

{20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\Cdrom @ \Device\CdRom1 (ftdisk.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\Cdrom @ \Device\CdRom0 (ftdisk.sys)

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] qyhk2xa0.default : user_pref("browser.startup.homepage",

"https://mail.yahoo.com/;_ylt=A2KLtcjlgoxUrYgAN3Q8pax_?.src=ym&.intl=fr | http://www.meteofrance.com/previsio...

france/toulouse/31000 | http://television.telerama.fr/tele/... | http://www.galys-evaluation-

sensorielle.fr/services/planning.aspx"); -> NOT SELECTED

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD800JB-00JJC0 +++++
--- User ---
[MBR] 49596aa134301df82a00b1061ea34675
[BSP] 05b6805f1ee7c395735d8e0388acc6e4 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 76316 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Maxtor 6L160P0 +++++
--- User ---
[MBR] 05889a8a36becf1df6c838302960e359
[BSP] ea3c69e7a8b079042a6bd35f9094ed0f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 156327 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD10 EADS-00L5B1 SCSI Disk Device +++++
--- User ---
[MBR] ab68fbcb09f0bc11bd84ca3673bbd9e1
[BSP] 4682cc863150e32b65fc86e768de808c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive3: ST2000DM 001-1CH164 SCSI Disk Device +++++
--- User ---
[MBR] cdf595b91f47457bf023b46ff5ff886c
[BSP] 00c76be910cd77b0ce196fec1ac46a97 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )


============================================
RKreport_SCN_04052015_190342.log

And thanks again for your specific job.

message edited by craumt


Report •

#19
April 5, 2015 at 14:51:09
"- For your info, at the end ("scan finished") I didn't have any checked lines but I have 5 orange lines : "
Thanks craumt, thats Ok.

Update & run Malwarebytes again please.
Copy & Paste the contents of the log in your reply please.


Report •

#20
April 5, 2015 at 18:55:07
Here the malwarebytes log (it seems good, isn't it ?):

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 06/04/2015
Scan Time: 02:27:58
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.06.01
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: moi6name

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348235
Time Elapsed: 32 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#21
April 5, 2015 at 19:26:42
"(it seems good, isn't it ?)"
Correct.

Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
It's compatible with Windows XP, Vista, 7, 8 in 32 & 64 bits.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

message edited by Johnw


Report •

#22
April 6, 2015 at 07:57:27
Here the delfix report :

# DelFix v10.9 - Logfile created 06/04/2015 at 16:28:15
# Updated 27/02/2015 by Xplode
# Username : moi6name - MOI6NAME-F634C5
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\ZHP
Deleted : C:\Program Files\ZHPDiag
Deleted : C:\AdwCleaner[R1].txt
Deleted : C:\AdwCleaner[R2].txt
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\AdwCleaner[S2].txt
Deleted : C:\PhysicalDisk0_MBR.bin
Deleted : C:\rapport.txt
Deleted : E:\__SAUVEGARDES DIVERSES\Desktop\Fixlog.txt
Deleted : E:\__SAUVEGARDES DIVERSES\Desktop\FRST.exe
Deleted : E:\__SAUVEGARDES DIVERSES\Desktop\JRT.1.txt
Deleted : E:\__SAUVEGARDES DIVERSES\Desktop\JRT.exe
Deleted : E:\__SAUVEGARDES DIVERSES\Desktop\HijackThis.exe
Deleted : E:\__SAUVEGARDES DIVERSES\Desktop\RKreport_DEL_04052015_191338.log
Deleted : E:\__SAUVEGARDES DIVERSES\Desktop\RogueKiller_old.exe
Deleted : C:\WINDOWS\system32\404Fix.exe
Deleted : C:\WINDOWS\system32\o4Patch.exe
Deleted : C:\WINDOWS\system32\VACFix.exe
Deleted : C:\WINDOWS\system32\VCCLSID.exe
Deleted : C:\WINDOWS\system32\IEDFix.exe
Deleted : C:\WINDOWS\system32\IEDFix.C.exe
Deleted : C:\WINDOWS\system32\Agent.OMZ.Fix.exe
Deleted : C:\WINDOWS\system32\WS2Fix.exe
Deleted : C:\WINDOWS\system32\Process.exe
Deleted : C:\WINDOWS\system32\SWReg.exe
Deleted : C:\WINDOWS\system32\SWSC.exe
Deleted : C:\WINDOWS\system32\SWXCacls.exe
Deleted : C:\WINDOWS\system32\SrchSTS.exe
Deleted : C:\WINDOWS\system32\Dumphive.exe
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ZHP
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #213 [avant FRST | 04/02/2015 19:38:46]
Deleted : RP #214 [avant FRSTexe BIS | 04/03/2015 21:14:41]
Deleted : RP #215 [System Checkpoint | 04/05/2015 01:19:12]
Deleted : RP #216 [System Checkpoint | 04/06/2015 12:45:48]
Deleted : RP #217 [avant delfix | 04/06/2015 14:27:34]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

All is good !

Thanks a lot Johnw !


Report •

#23
April 6, 2015 at 14:38:13
"Here the delfix report :"
Good one craumt, you now have removed all the nasties out of system restore.

This should finish off our help.

You can disable Rootkits: Enabled in Malwarebytes.
Why is scan for rootkit off by default?
https://helpdesk.malwarebytes.org/h...

Extract from the fixlist log.
"EmptyTemp: => Removed 3.2 GB temporary data"
Way, way to much, even for gaming.
Set all browsers to 50mb ( that's MB, not GB ) temp files.
Chrome is not as straight forward.

How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.

If still using Java, set that to 100mb.

A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
http://i.imgur.com/rqSpp1e.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#24
April 6, 2015 at 15:30:58
Good to see you are OK now, and some undesirables have bitten the dust too.

Always pop back and let us know the outcome - thanks


Report •

#25
April 6, 2015 at 18:35:03
Hello Johnw.

About the rootkits enabled in malwarebytes : I disabled it.
About the 3.2 GB temporary data I don't know the reason because I set my firefox for 300 MB (cache disk capacity).
After some previous tests it's the best setting for me.
And my others settings seem ok for me :
http://img11.hostingpics.net/pics/7...
But it's not very important (I will have to run ccleaner more often)

Thanks for your precious job (and thanks to the community too).
And yes Derek : another one bites the dust (like the Queen song).

So the case is solved.

message edited by craumt


Report •

#26
April 6, 2015 at 18:44:50
"About the 3.2 GB temporary data I don't know the reason"
Maybe your Java setting is to high.
It's done via Control Panel.

Report •

#27
April 6, 2015 at 18:59:18
I don't use Java since 2 years.


message edited by craumt


Report •

#28
April 6, 2015 at 19:06:22
Your logs show remnants.

Use JavaRa.

To remove old and redundant versions of the Java Runtime Environment:
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/JavaRa...
http://www.freewarefiles.com/screen...
http://singularlabs.com/software/ja...


Report •

#29
April 6, 2015 at 19:42:51
Job with JavaRa is done.
17 elements ejected.

Report •

#30
April 6, 2015 at 19:45:43
All finished then, well done.

Report •

#31
April 6, 2015 at 20:33:18
And finally how can I write [solved] in the title ?
It's surely very simple but I didn't find the method.

Report •

#32
April 6, 2015 at 20:43:18
Yep, refer this SS.
http://i.imgur.com/L1etugr.gif


Report •

Ask Question