Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015 Ran by Administrator (administrator) on CONSULT on 11-06-2015 15:31:47 Running from C:\Documents and Settings\Administrator\Desktop Loaded Profiles: Administrator (Available Profiles: Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Anglais (États-Unis) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Panasonic Corporation) C:\Program Files\Panasonic\HPLSMAN\HPLSMan.exe (Panasonic Corporation) C:\Program Files\Panasonic\DispRot\IDRot.exe (Panasonic Corporation) C:\Program Files\Panasonic\WSwitch\WSwitch.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Fujitsu Component Limited) C:\WINDOWS\system32\FPapli.exe (Panasonic Corporation) C:\Program Files\Panasonic\WSwitch\WSwitch.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Fujitsu Component Limited) C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.exe (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (Panasonic Corporation) C:\Program Files\Panasonic\DispRot\IDRot.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (SPX Service Solutions) C:\Program Files\Common Files\SAGEM SA\DgIpSvr.exe (Fujitsu Component Ltd.) C:\WINDOWS\system32\RButton.exe () C:\CONSULT-III_plus\System\Middleware\Nissan\VI2 Application Driver\C4BTHelper\C4BTHelper.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\CONSULT-III_plus\System\Middleware\Nissan\VI2 Application Driver\Device Search Application\Device Search Application.exe (NISSAN) C:\CONSULT-III_plus\System\Middleware\Nissan\Uploader\bin\Uploader.exe (Exploremedia) C:\Program Files\Exploremedia\ExploreMedia.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Panasonic Corporation) C:\Program Files\Panasonic\HPLSMAN\HPLSKey.exe (Panasonic Corporation) C:\Program Files\Panasonic\Writing\Writing.exe (UltraVNC) C:\Program Files\UltraVNC\winvnc.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Panasonic Corporation) C:\Program Files\Panasonic\DevUp\devup.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Intel Corporation) C:\WINDOWS\system32\EtmService.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfimon.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Bosch Automotive Service Solutions LLC) C:\SPXDSClient\Bin\SPX.DSWinWebService.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (Bosch Automotive Service Solutions LLC) C:\SPXDSClient\Bin\XMSDCWinService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Bosch Automotive Service Solutions LLC) C:\SPXDSClient\Bin\Spx.PackageAgent.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe () C:\Documents and Settings\Administrator\Desktop\ZHPCleaner.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [scroller] => C:\WINDOWS\system32\fpapli.exe [69780 2006-08-01] (Fujitsu Component Limited) HKLM\...\Run: [Conceal] => C:\Program Files\Panasonic\Conceal\Conceal.exe [104768 2009-07-22] (Panasonic Corporation) HKLM\...\Run: [HPlsKey] => C:\Program Files\Panasonic\HPLSMAN\RunHKey.exe [14728 2010-06-04] (Panasonic Corporation) HKLM\...\Run: [WSwitch] => C:\Program Files\Panasonic\WSwitch\WSwitch.exe [1216384 2010-04-08] (Panasonic Corporation) HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1392640 2010-01-13] (Intel(R) Corporation) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1206544 2010-01-13] (Intel(R) Corporation) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-02-04] () HKLM\...\Run: [FTMSFLT(USB)] => C:\Program Files\FIDTPU\WIN2K\FTMSFLTU.EXE [82074 2009-04-19] (Fujitsu Component Limited) HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-05] (Microsoft Corporation) HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-05] () HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-05] (Microsoft Corporation) HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-05] (Microsoft Corporation) HKLM\...\Run: [IDRot] => C:\Program Files\Panasonic\DispRot\IDRot.exe [263560 2010-05-28] (Panasonic Corporation) HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [ServeurIPAsde] => C:\Program Files\Common Files\sagem SA\DgIpSvr.exe [315492 2010-11-19] (SPX Service Solutions) HKLM\...\Run: [C4BTHelper] => C:\CONSULT-III_plus\System\Middleware\Nissan\VI2 Application Driver\C4BTHelper\C4BTHelper.exe [168016 2015-03-10] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\Run: [] => [X] HKLM\...\Run: [wapp] => C:\CONSULT-III_plus\System\Middleware\Nissan\VI2 Application Driver\Device Search Application\Device Search Application.exe [1562112 2015-03-10] () HKLM\...\Run: [Uploader.exe] => C:\CONSULT-III_plus\System\Middleware\NISSAN\Uploader\bin\Uploader.exe [102912 2015-03-11] (NISSAN) HKLM\...\Run: [Exploremedia] => C:\Program Files\Exploremedia\Exploremedia.exe [3186176 2015-06-03] (Exploremedia) Winlogon\Notify\HPLSNTF: C:\WINDOWS\system32\HPLSNtf.dll [2010-06-04] (Panasonic Corporation) HKU\S-1-5-21-2715326490-2429948101-7986123-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-2715326490-2429948101-7986123-500\...\MountPoints2: {5080734e-db1f-11df-bb12-001bd3177df3} - D:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe HKU\S-1-5-21-2715326490-2429948101-7986123-500\...\MountPoints2: {50807353-db1f-11df-bb12-001bd3177df3} - D:\LaunchEDS2.exe HKU\S-1-5-21-2715326490-2429948101-7986123-500\...\MountPoints2: {6b051070-ddb4-11df-89de-001bd3177df3} - E:\LaunchEDS2.exe HKU\S-1-5-21-2715326490-2429948101-7986123-500\...\MountPoints2: {6d24fd55-3acf-11e1-ba9e-000b972dd788} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif HKU\S-1-5-21-2715326490-2429948101-7986123-500\...\MountPoints2: {6d24fd56-3acf-11e1-ba9e-000b972dd788} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif HKU\S-1-5-21-2715326490-2429948101-7986123-500\...\MountPoints2: {9bb12a8f-99a3-11e1-baab-0006f59497ff} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif HKU\S-1-5-21-2715326490-2429948101-7986123-500\...\MountPoints2: {a94ae136-cfdd-11e0-ba8d-0006f59497ff} - E:\LaunchU3.exe -a HKU\S-1-5-21-2715326490-2429948101-7986123-500\...\MountPoints2: {a94ae137-cfdd-11e0-ba8d-0006f59497ff} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2011-04-27] ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\winvnc.lnk [2011-04-20] ShortcutTarget: winvnc.lnk -> C:\Program Files\UltraVNC\winvnc.exe (UltraVNC) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2010-09-16] ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hand Writing Utility.lnk [2010-06-18] ShortcutTarget: Hand Writing Utility.lnk -> C:\Program Files\Panasonic\Writing\Writing.exe (Panasonic Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk [2012-06-12] ShortcutTarget: Lancement rapide d'Adobe Reader.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://panasonic.net/avc/toughbook/landing.html HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://panasonic.net/avc/toughbook/landing.html HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://panasonic.net/avc/toughbook/landing.html HKU\S-1-5-21-2715326490-2429948101-7986123-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2715326490-2429948101-7986123-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/fr-fr/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2715326490-2429948101-7986123-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-15] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-15] (Oracle Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 200.8.55.14 Tcpip\..\Interfaces\{5BBF52BB-BEB8-4E81-8CD4-AC4C4E2EFEA3}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 Tcpip\..\Interfaces\{6911A71F-E0F2-4165-B819-A8D6B4CD8EA6}: [NameServer] 200.8.55.14,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 Tcpip\..\Interfaces\{8D7C5A6B-F76B-422E-9DA1-05C49C1A4A73}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-15] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-15] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-18] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 DevUp; C:\Program Files\Panasonic\DevUp\DevUp.exe [162184 2010-05-12] (Panasonic Corporation) R2 ETMService; C:\WINDOWS\system32\EtmService.exe [207384 2009-11-12] (Intel Corporation) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-15] (Oracle Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [954368 2010-01-13] (Intel(R) Corporation) [File not signed] R2 SPX DSWinWebService; C:\SPXDSClient\Bin\SPX.DSWinWebService.exe [41472 2014-11-14] (Bosch Automotive Service Solutions LLC) [File not signed] R2 XMSDCWinService; C:\SPXDSClient\Bin\XMSDCWinService.exe [92672 2014-06-06] (Bosch Automotive Service Solutions LLC) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AVEOFilterDriver; C:\WINDOWS\System32\DRIVERS\aveofilter.sys [114944 2009-03-24] (AVEO Technology Corp.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [1766968 2010-02-04] (Conexant Systems Inc.) R3 e1kexpress; C:\WINDOWS\System32\DRIVERS\e1k5132.sys [167080 2009-12-09] (Intel Corporation) R3 EtmDevDram; C:\WINDOWS\System32\DRIVERS\EtmDevDram.sys [56832 2009-10-20] (Intel Corporation) R3 EtmDevGen; C:\WINDOWS\System32\DRIVERS\EtmDevGen.sys [46080 2009-10-20] (Intel Corporation) R3 EtmDevPch; C:\WINDOWS\System32\DRIVERS\EtmDevPch.sys [51200 2009-10-20] (Intel Corporation) R3 EtmDrvMgr; C:\WINDOWS\System32\DRIVERS\EtmDrvMgr.sys [120320 2009-10-20] (Intel Corporation) R3 FIDMOU; C:\WINDOWS\System32\DRIVERS\Fidmou.sys [23463 2005-07-26] (Fujitsu Component Limited) R3 FIDTPU; C:\WINDOWS\System32\DRIVERS\FIDTPU.sys [27525 2010-03-05] (Fujitsu Component Limited) R3 HOTKEY; C:\WINDOWS\System32\DRIVERS\hotkey.sys [24640 2009-03-09] (Panasonic Corporation) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-19] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-19] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-19] (HP) R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210304 2008-12-08] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985856 2008-12-08] (Conexant Systems, Inc.) R3 HTKPLUS; C:\WINDOWS\System32\DRIVERS\HTKPLUS.SYS [13416 2008-08-21] (Panasonic Corporation) S3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2007-12-17] (Infineon Technologies AG) R3 IOAtaFlt; C:\WINDOWS\System32\DRIVERS\IOAtaFlt.sys [7296 2011-08-03] (Renesas Technology Corp.) [File not signed] R3 IOXMCADP; C:\WINDOWS\System32\DRIVERS\IOAtaXMC.sys [15232 2011-08-03] (Renesas Technology Corp.) [File not signed] S3 Jcae04_USBw32; C:\WINDOWS\System32\Drivers\Jcae04_USBw32.sys [30938 2011-12-01] (JCAE) [File not signed] S3 LAN9500; C:\WINDOWS\System32\DRIVERS\lan9500-x86-n51f.sys [57344 2009-02-06] (SMSC) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-11] (Malwarebytes Corporation) S3 MOSUMAC; C:\WINDOWS\System32\DRIVERS\MOSUMAC.SYS [40960 2009-08-03] (--) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [5977216 2009-09-15] (Intel Corporation) R3 NewMisc; C:\WINDOWS\System32\DRIVERS\newmisc.sys [31496 2010-02-05] (Panasonic Corporation) R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2009-08-10] (Intel Corporation) S3 SCR24X2K; C:\WINDOWS\System32\DRIVERS\SCR24X2K.sys [36608 2007-08-23] (SCM Microsystems Inc.) S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) S3 toshidpt; C:\WINDOWS\System32\drivers\Toshidpt.sys [3712 2005-07-12] (TOSHIBA Corporation.) [File not signed] R3 tosporte; C:\WINDOWS\System32\DRIVERS\tosporte.sys [47488 2006-02-10] (TOSHIBA Corporation) [File not signed] R3 tosrfbd; C:\WINDOWS\System32\DRIVERS\tosrfbd.sys [108928 2006-04-14] (TOSHIBA CORPORATION) [File not signed] R3 tosrfbnp; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [37632 2006-03-16] (TOSHIBA Corporation) [File not signed] R1 Tosrfcom; C:\WINDOWS\System32\Drivers\tosrfcom.sys [64896 2005-08-02] (TOSHIBA Corporation) [File not signed] R3 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [62848 2006-02-09] (TOSHIBA Corporation.) [File not signed] R3 tosrfnds; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [18612 2005-01-06] (TOSHIBA Corporation.) [File not signed] S3 TosRfSnd; C:\WINDOWS\System32\drivers\tosrfsnd.sys [52864 2006-03-15] (TOSHIBA Corporation) [File not signed] R3 Tosrfusb; C:\WINDOWS\System32\DRIVERS\tosrfusb.sys [40192 2006-02-24] (TOSHIBA CORPORATION) [File not signed] S2 VI2DrvXP; C:\WINDOWS\System32\Drivers\VI2DrvXP.sys [9984 2015-03-10] () [File not signed] R2 vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [6016 2004-06-26] (RDV Soft) [File not signed] R3 vncdrv; C:\WINDOWS\System32\DRIVERS\vncdrv.sys [4736 2004-06-26] (RDV Soft) [File not signed] U2 CertPropSvc; No ImagePath S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 15:31 - 2015-06-11 15:32 - 00020855 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt 2015-06-11 15:31 - 2015-06-11 15:32 - 00000000 ____D C:\FRST 2015-06-11 15:31 - 2015-06-11 15:29 - 01147904 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe 2015-06-11 15:25 - 2015-06-11 15:25 - 01843200 _____ C:\Documents and Settings\Administrator\ZHPCleaner.exe 2015-06-11 15:10 - 2015-06-11 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MovieDeaConfig 2015-06-11 14:36 - 2015-06-11 14:36 - 00001548 _____ C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk 2015-06-11 14:36 - 2015-06-11 14:36 - 00000000 ____D C:\Program Files\Yahoo! 2015-06-11 14:36 - 2015-06-11 14:36 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\CCleaner 2015-06-11 14:36 - 2015-06-11 14:36 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Yahoo! 2015-06-11 14:35 - 2015-06-11 14:36 - 00000000 ____D C:\Program Files\CCleaner 2015-06-11 14:35 - 2010-06-09 16:34 - 03387040 _____ (Piriform Ltd) C:\Documents and Settings\Administrator\Desktop\ccsetup232.exe 2015-06-11 10:49 - 2015-06-11 15:07 - 00065536 _____ C:\WINDOWS\system32\config\Reason.evt 2015-06-11 10:49 - 2015-06-11 15:03 - 00000000 ____D C:\Program Files\Reason 2015-06-11 10:49 - 2015-06-11 10:47 - 04151848 _____ (Reason Software Company Inc.) C:\Documents and Settings\Administrator\Desktop\reason-core-security-setup.exe 2015-06-11 10:26 - 2015-06-11 10:31 - 00000480 _____ C:\WINDOWS\Tasks\NissanInventoryDefault.pak_Once.job 2015-06-11 10:26 - 2015-06-11 10:26 - 00000740 _____ C:\Documents and Settings\All Users\Desktop\XMS Agent.lnk 2015-06-11 10:26 - 2015-06-11 10:26 - 00000686 _____ C:\Documents and Settings\All Users\Desktop\STA.lnk 2015-06-10 21:44 - 2015-06-10 22:25 - 00065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt 2015-06-10 21:44 - 2015-06-10 22:15 - 00000000 ____D C:\Documents and Settings\Administrator\Doctor Web 2015-06-10 17:46 - 2015-06-10 17:46 - 00002042 _____ C:\Documents and Settings\Administrator\Desktop\sc-cleaner.txt 2015-06-10 17:19 - 2015-06-10 17:19 - 00000000 __SHD C:\Documents and Settings\Administrator\IECompatCache 2015-06-10 14:22 - 2015-06-10 14:22 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Administrator\Desktop\SpyHunter-Installer.exe 2015-06-10 14:00 - 2015-06-10 14:00 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2015-06-10 11:12 - 2015-06-10 11:12 - 00070880 _____ C:\WINDOWS\system32\.crusader 2015-06-10 10:54 - 2015-06-10 11:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro 2015-06-10 10:40 - 2015-06-10 10:47 - 10105736 _____ (SurfRight B.V.) C:\Documents and Settings\Administrator\Desktop\HitmanPro.exe 2015-06-09 16:45 - 2015-06-10 11:30 - 00000000 ____D C:\Program Files\ZHPFix 2015-06-09 16:21 - 2015-06-09 15:45 - 02231296 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner-4-206-multi-win.exe 2015-06-09 15:51 - 2015-06-09 15:44 - 01842688 _____ C:\Documents and Settings\Administrator\Desktop\ZHPCleaner.exe 2015-06-09 11:02 - 2015-06-09 16:52 - 00001683 _____ C:\Documents and Settings\Administrator\Desktop\ZHPCleaner.txt 2015-06-09 10:06 - 2015-06-11 15:25 - 00000608 _____ C:\Documents and Settings\Administrator\Desktop\ZHPCleaner.lnk 2015-06-09 10:06 - 2015-06-11 15:25 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\ZHP 2015-06-09 08:05 - 2015-06-09 08:05 - 00000000 ____D C:\WINDOWS\CSC 2015-06-08 17:20 - 2015-06-11 15:10 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-06-08 17:19 - 2015-06-08 17:55 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-08 17:19 - 2015-06-08 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-08 17:18 - 2015-06-08 17:55 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-06-08 17:18 - 2015-06-08 17:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2015-06-08 17:18 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-06-08 17:18 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-06-08 16:09 - 2015-06-08 16:12 - 00000000 ____D C:\Malwareanti 2015-06-08 10:55 - 2015-06-09 19:44 - 00000000 ____D C:\Program Files\Exploremedia 2015-06-06 10:03 - 2015-06-06 10:03 - 00000819 _____ C:\Documents and Settings\Default User\Start Menu\Programs\Internet Explorer.lnk 2015-06-05 15:00 - 2015-06-08 22:21 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\1507 2015-06-05 14:59 - 2015-06-05 15:04 - 00000902 _____ C:\Documents and Settings\Administrator\${LOGFILE} 2015-06-05 11:16 - 2015-06-05 11:16 - 00000000 ____D C:\WINDOWS\system32\Flash 2015-06-05 10:32 - 2015-06-05 14:37 - 00000000 _____ C:\WINDOWS\system32\TempWmicBatchFile.bat 2015-06-05 10:30 - 2015-06-05 10:30 - 00000000 _____ C:\WINDOWS\system32\Number of results 2015-06-05 10:21 - 2015-06-08 12:17 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7 2015-06-05 10:14 - 2015-06-05 10:14 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Company 2015-06-05 10:01 - 2015-06-11 14:01 - 00000588 _____ C:\WINDOWS\Tasks\MFVUHQJDVL.job 2015-06-05 09:58 - 2004-08-04 07:00 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-06-01 06:00 - 2015-06-01 06:00 - 00233472 _____ (SafeApp Software, LLC) C:\WINDOWS\system32\SafeAppLM.ocx 2015-05-28 16:24 - 2015-05-28 16:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8 Host 2015-05-28 16:03 - 2015-05-28 16:03 - 00000000 ____D C:\Program Files\TeamViewer 2015-05-28 15:12 - 2015-05-28 15:12 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Nero 2015-05-28 14:53 - 2015-06-11 09:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Nero 2015-05-28 14:40 - 2015-05-28 14:40 - 00000000 ____D C:\Program Files\Microsoft.NET 2015-05-28 14:36 - 2015-05-28 14:36 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\dnl 2015-05-28 14:30 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll 2015-05-28 14:30 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll 2015-05-28 14:30 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll 2015-05-28 14:30 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2015-05-28 14:29 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2015-05-28 11:23 - 2015-05-28 11:23 - 271995248 _____ (Nero AG) C:\Documents and Settings\Administrator\My Documents\nero-2015_16-0-03000_fr_45172.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-11 15:32 - 2010-06-18 23:00 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp 2015-06-11 15:25 - 2010-06-18 23:00 - 00000000 ____D C:\Documents and Settings\Administrator 2015-06-11 15:24 - 2010-06-18 22:55 - 01111956 _____ C:\WINDOWS\WindowsUpdate.log 2015-06-11 15:19 - 2011-10-10 17:23 - 00000000 ____D C:\tempNissan 2015-06-11 15:14 - 2013-12-18 15:16 - 00000374 _____ C:\WINDOWS\Tasks\NissanDDCInventory.job 2015-06-11 15:10 - 2010-06-18 15:52 - 00000259 _____ C:\WINDOWS\wiadebug.log 2015-06-11 15:10 - 2010-06-18 14:26 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl 2015-06-11 15:08 - 2010-06-18 23:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-06-11 15:08 - 2010-06-18 15:52 - 00000050 _____ C:\WINDOWS\wiaservc.log 2015-06-11 15:07 - 2011-10-06 14:11 - 00524288 _____ C:\WINDOWS\system32\config\SpxPkgAg.evt 2015-06-11 15:07 - 2011-10-06 14:11 - 00524288 _____ C:\WINDOWS\system32\config\SpxPacka.evt 2015-06-11 15:07 - 2011-10-01 09:06 - 15728640 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt 2015-06-11 15:07 - 2011-09-26 15:04 - 00524288 _____ C:\WINDOWS\system32\config\SPXDSCli.evt 2015-06-11 15:07 - 2010-06-18 23:00 - 00032596 _____ C:\WINDOWS\SchedLgU.Txt 2015-06-11 15:07 - 2010-06-18 23:00 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2015-06-11 15:03 - 2013-01-23 21:41 - 00000382 _____ C:\WINDOWS\Tasks\NissanInventoryDefault.job 2015-06-11 14:51 - 2015-03-31 11:57 - 00000000 ____D C:\AdwCleaner 2015-06-11 14:44 - 2013-10-07 20:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache 2015-06-11 14:43 - 2013-09-20 01:30 - 00524288 _____ C:\WINDOWS\system32\config\XMSDCCli.evt 2015-06-11 14:43 - 2011-09-26 15:04 - 00065536 _____ C:\WINDOWS\system32\config\SPXDSCon.evt 2015-06-11 14:42 - 2011-10-06 15:13 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat 2015-06-11 14:37 - 2012-03-05 08:00 - 00000000 ____D C:\WINDOWS\Minidump 2015-06-11 13:11 - 2011-09-26 15:03 - 00000000 ____D C:\Temp 2015-06-11 10:31 - 2013-10-07 20:57 - 00000486 _____ C:\WINDOWS\Tasks\NISSANROWInventoryDefault.pak_Once.job 2015-06-11 10:26 - 2013-10-07 20:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\XMS DS Client 2015-06-10 14:03 - 2010-06-18 23:01 - 00000000 ____D C:\Program Files\Panasonic 2015-06-10 11:28 - 2010-06-18 23:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Panasonic 2015-06-10 11:28 - 2010-06-18 23:01 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-06-10 08:27 - 2011-10-01 09:36 - 00000000 _____ C:\AppPluginScrLog.log 2015-06-09 20:45 - 2010-06-18 22:57 - 00001599 _____ C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk 2015-06-09 20:45 - 2010-06-18 22:57 - 00001563 _____ C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk 2015-06-09 20:43 - 2010-06-18 23:00 - 00001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk 2015-06-09 20:34 - 2012-01-13 17:03 - 00001350 _____ C:\Documents and Settings\Administrator\Desktop\Transfert Atelier.lnk 2015-06-09 16:24 - 2012-04-30 09:20 - 00000000 ____D C:\WINDOWS\system32\Adobe 2015-06-09 16:24 - 2012-04-30 09:20 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-06-09 09:39 - 2010-06-18 23:29 - 00000761 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk 2015-06-09 09:12 - 2010-06-18 15:45 - 00000000 ____D C:\WINDOWS\ime 2015-06-09 08:06 - 2010-06-18 15:12 - 00000213 __RSH C:\boot.ini 2015-06-08 22:25 - 2012-06-12 17:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB960803$ 2015-06-08 18:35 - 2010-06-18 14:25 - 00000579 _____ C:\WINDOWS\win.ini 2015-06-08 09:35 - 2012-04-30 17:10 - 00000045 _____ C:\user.js 2015-06-06 10:37 - 2013-02-13 12:47 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\NON UTILISEE 2015-06-05 12:01 - 2010-06-18 23:00 - 00000000 __SHD C:\Documents and Settings\NetworkService 2015-06-05 10:14 - 2010-06-18 23:00 - 00000000 __SHD C:\Documents and Settings\LocalService 2015-05-28 16:12 - 2013-12-18 15:21 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\dnl 2015-05-28 15:00 - 2010-06-18 15:45 - 00000000 ____D C:\WINDOWS\Cursors 2015-05-28 14:48 - 2010-06-18 23:30 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2015-05-28 14:44 - 2010-06-18 15:50 - 00566914 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-05-28 14:30 - 2010-06-18 22:55 - 00000000 ____D C:\WINDOWS\system32\DirectX 2015-05-27 08:26 - 2011-03-17 20:09 - 00000000 ____D C:\CONSULT-III_plus 2015-05-27 08:21 - 2012-02-22 12:53 - 00000000 ____D C:\ReproProgramming 2015-05-13 10:44 - 2011-04-16 12:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Consult3 ==================== Files in the root of some directories ======= 2011-10-12 15:17 - 2012-03-29 16:54 - 0005632 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-25 09:08 - 2013-09-25 09:08 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat Files to move or delete: ==================== C:\Documents and Settings\Administrator\ZHPCleaner.exe Some files in TEMP: ==================== C:\Documents and Settings\Administrator\Local Settings\Temp\aacbmeni.dll C:\Documents and Settings\Administrator\Local Settings\Temp\HitmanPro.exe C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u33-windows-i586-iftw.exe C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe C:\Documents and Settings\Administrator\Local Settings\Temp\jre-6u39-windows-i586-iftw.exe C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u60-windows-i586-iftw.exe C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe C:\Documents and Settings\Administrator\Local Settings\Temp\parctmp.exe C:\Documents and Settings\Administrator\Local Settings\Temp\patchbeam.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe C:\Documents and Settings\Administrator\Local Settings\Temp\rscp_setup.exe C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll C:\Documents and Settings\Administrator\Local Settings\Temp\System.Data.SQLite.dll C:\Documents and Settings\Administrator\Local Settings\Temp\System.Data.SQLite658c8034-e43e-4a6f-ba29-b4be5ee319e0.dll C:\Documents and Settings\Administrator\Local Settings\Temp\taz2zrqz.dll C:\Documents and Settings\Administrator\Local Settings\Temp\_is1.exe C:\Documents and Settings\Administrator\Local Settings\Temp\_is100.exe C:\Documents and Settings\Administrator\Local Settings\Temp\_is16.exe C:\Documents and Settings\Administrator\Local Settings\Temp\_is2.exe C:\Documents and Settings\Administrator\Local Settings\Temp\_is3.exe C:\Documents and Settings\Administrator\Local Settings\Temp\_isEF.exe C:\Documents and Settings\Administrator\Local Settings\Temp\_isF0.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================