Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2013 Ran by SYSTEM on REATOGO on 29-10-2013 23:02:39 Running from F:\ Microsoft Windows XP (X86) OS Language: English(US) Internet Explorer Version 6 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\ime\imjp8_1\imjpmig.exe [208952 2004-08-05] (Microsoft Corporation) HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE [59392 2004-08-05] () HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-05] (Microsoft Corporation) HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-05] (Microsoft Corporation) HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.exe [15961088 2006-01-11] (Realtek Semiconductor Corp.) HKLM\...\Run: [CmUCRRun] - C:\WINDOWS\system32\CmUCREye.exe [241664 2005-10-12] () HKLM\...\Run: [CHotkey] - C:\WINDOWS\mHotkey.exe [550912 2004-12-08] () HKLM\...\Run: [ledpointer] - C:\WINDOWS\CNYHKey.exe [5585408 2005-11-10] (Chicony) HKLM\...\Run: [Showwnd] - C:\WINDOWS\ShowWnd.exe [36864 2003-09-18] () HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [LVCOMSX] - C:\WINDOWS\system32\LVCOMSX.EXE [225280 2005-12-09] (Logitech Inc.) HKLM\...\Run: [PinnacleDriverCheck] - C:\WINDOWS\system32\PSDrvCheck.exe [406016 2004-03-10] () HKLM\...\Run: [Family Tree Builder Update] - C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [222736 2009-11-02] (MyHeritage) HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [ANIWZCS2Service] - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [98304 2009-05-07] (Wireless Service) HKLM\...\Run: [D-Link D-Link Wireless N DWA-140] - C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe [1683456 2009-05-07] (D-Link Corp.) HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.) HKLM\...\Run: [] - [x] HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [395144 2011-05-17] (Ask) HKLM\...\Run: [APSDaemon] - C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.) HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] - nwiz.exe /install HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.) HKLM\...\Run: [PCMService] - C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [143360 2006-02-09] (CyberLink Corp.) HKLM\...\Run: [InstantOn] - C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe [93640 2005-09-22] () HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152 2006-02-18] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [CloneCDTray] - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM\...\Run: [beidsccertprop] - C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe [31768 2012-02-21] (Belgian Government) Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) HKU\Administrateur\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB HKU\Administrateur\...\RunOnce: [avg_spchecker] - "C:\Program Files\AVG\AVG8\Notification\SPChecker.exe" /start HKU\Evena\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2007-07-11] (Google Inc.) HKU\Evena\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2010-11-29] (Apple Inc.) HKU\Evena\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2006-11-03] (Microsoft Corporation) HKU\Evena\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB HKU\Jo Vally\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2007-07-11] (Google Inc.) HKU\Jo Vally\...\Run: [Octoshape Streaming Services] - C:\Documents and Settings\Jo Vally\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [ 2009-01-08] (Octoshape ApS) HKU\Jo Vally\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [ 2013-04-22] (Microsoft Corporation) HKU\Jo Vally\...\Run: [Google Update] - C:\Documents and Settings\Jo Vally\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [ 2011-06-04] (Google Inc.) HKU\Jo Vally\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2011-10-13] (Skype Technologies S.A.) HKU\Jo Vally\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\wmpnscfg.exe [ 2006-11-03] (Microsoft Corporation) HKU\Jo Vally\...\Run: [GoogleChromeAutoLaunch_4AF46351C39F5800A5602CDF9E4FDBC6] - C:\Documents and Settings\Jo Vally\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [ 2013-10-03] (Google Inc.) HKU\Jo Vally\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [ 2011-11-13] (SUPERAntiSpyware.com) HKU\Jo Vally\...\Run: [NBJ] - C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [ 2005-10-11] (Ahead Software AG) HKU\Jo Vally\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation) HKU\Jo Vally\...\Run: [AnyDVD] - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [ 2012-11-12] (SlySoft, Inc.) HKU\Jo Vally\...\Run: [updateMgr] - "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 HKU\Jo Vally\...\Run: [AVG-Secure-Search-Update_0913b] - C:\Documents and Settings\Jo Vally\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 15c0b3ec2b14afcbc4988a0391a63589-985785863abd1cbd7a5bbf857ea9a6834d4042df --CMPID 0913b HKU\Joanna\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2007-07-11] (Google Inc.) HKU\Joanna\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2010-11-29] (Apple Inc.) HKU\Joanna\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB HKU\Joël\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2011-10-13] (Skype Technologies S.A.) HKU\Joël\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2007-07-11] (Google Inc.) HKU\Joël\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB HKU\Joël\...\RunOnce: [avg_spchecker] - "C:\Program Files\AVG\AVG8\Notification\SPChecker.exe" /start HKU\Vally\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2007-07-11] (Google Inc.) SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart ========================== Services (Whitelisted) ================= S2 ANIWConnService; C:\WINDOWS\system32\ANIWConnService.exe [147456 2009-02-26] () S2 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [49152 2007-01-19] (Wireless Service) S2 Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184 2012-08-11] (Apple Inc.) S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.) S2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) S2 CLCapSvc; C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe [266338 2006-02-09] () S2 CLSched; C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [118880 2006-02-09] () S2 CyberLink Media Library Service; C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe [1073152 2006-02-09] (Cyberlink) S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [45816 2009-08-07] (NOS Microsystems Ltd.) S3 HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [81920 2005-05-20] (Hewlett-Packard Company) S3 HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [73728 2004-10-16] (Hewlett-Packard Company) S3 IDriverT; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) S2 LightScribeService; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) S2 LVPrcSrv; c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [81920 2005-12-09] (Logitech Inc.) S2 MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [9158656 2008-12-18] (Microsoft Corporation) S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation) S3 ose; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation) S3 osppsvc; C:\Program Files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation) S2 PinnacleSys.MediaServer; C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe [49152 2006-01-19] (Pinnacle Systems) S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2006-02-09] () S3 SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation) S2 Viewpoint Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [30152 2008-04-04] (Viewpoint Corporation) S2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10) S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== S3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [826752 2005-12-06] (Philips Semiconductors GmbH) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation) S2 713xTVCard; C:\Windows\System32\DRIVERS\SAA713x.sys [277504 2005-03-15] (Philips Semiconductors) S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [19915 2005-10-19] (Meetinghouse Data Communications) S3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) S2 ANIO; C:\WINDOWS\system32\ANIO.SYS [29411 2009-02-09] () S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121248 2012-08-26] (SlySoft, Inc.) S3 ASAPIW2K; C:\Windows\System32\drivers\ASAPIW2k.sys [11264 2005-02-23] (VOB Computersysteme GmbH) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 CMISTOR; C:\Windows\System32\DRIVERS\cmiucr.SYS [72320 2005-10-04] (C-Media Corporation) S3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-15] (SlySoft, Inc.) S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG) S2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation) S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP) S3 Lvckap; C:\WINDOWS\system32\drivers\Lvckap.sys [2174464 2005-12-09] () S3 lvmvdrv; C:\WINDOWS\system32\drivers\lvmvdrv.sys [2400256 2005-12-09] () S3 LVPrcMon; C:\WINDOWS\system32\drivers\LVPrcMon.sys [16768 2005-12-09] () S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [39424 2005-12-05] (Logitech Inc.) S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171008 2005-07-13] (Pinnacle Systems GmbH) S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S1 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [287360 2005-12-05] (Logitech Inc.) S3 RT2500USB; C:\Windows\System32\DRIVERS\rt2500usb.sys [241536 2005-07-14] (Ralink Technology Inc.) S3 RT73; C:\Windows\System32\DRIVERS\Dr71WU.sys [245504 2005-11-03] (Ralink Technology, Corp.) S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-05-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-05-13] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67656 2011-11-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [17792 2005-05-19] (X10 Wireless Technology, Inc.) S1 Avgdiskx; system32\DRIVERS\avgdiskx.sys [x] S1 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [x] S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [x] S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [x] S1 Avgldx86; system32\DRIVERS\avgldx86.sys [x] S0 Avglogx; system32\DRIVERS\avglogx.sys [x] S0 Avgmfx86; system32\DRIVERS\avgmfx86.sys [x] S0 Avgrkx86; system32\DRIVERS\avgrkx86.sys [x] S1 Avgtdix; system32\DRIVERS\avgtdix.sys [x] S2 CertPropSvc; S4 IntelIde; No ImagePath S0 rseb; No ImagePath S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 wanatw; system32\DRIVERS\wanatw4.sys [x] S1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-29 23:02 - 2013-10-29 23:02 - 00000000 ____D C:\FRST 2013-10-27 09:53 - 2013-01-11 13:12 - 00000216 ___SH C:\boot - Copie.ini 2013-10-13 15:21 - 2013-10-13 15:21 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$ 2013-10-13 15:17 - 2013-10-13 15:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$ 2013-10-13 15:16 - 2013-10-13 15:17 - 00127878 _____ C:\Windows\KB2862335.log 2013-10-13 14:39 - 2013-10-13 14:39 - 00000000 __HDC C:\Windows\$NtUninstallKB2868038$ 2013-10-13 14:38 - 2013-10-13 14:39 - 00007905 _____ C:\Windows\KB2868038.log 2013-10-13 14:36 - 2013-10-13 14:36 - 00000000 __HDC C:\Windows\$NtUninstallKB2883150$ 2013-10-13 14:36 - 2013-10-13 14:36 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$ 2013-10-13 14:34 - 2013-10-13 14:34 - 00000000 ____D C:\Windows\LastGood.Tmp 2013-10-10 14:23 - 2013-10-13 15:21 - 00133280 _____ C:\Windows\KB2847311.log 2013-10-10 14:19 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys 2013-10-10 14:19 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys 2013-10-10 14:10 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys 2013-10-10 14:10 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys 2013-10-10 14:08 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbport.sys 2013-10-10 14:08 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbport.sys 2013-10-10 14:08 - 2013-08-08 20:55 - 00032384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbccgp.sys 2013-10-10 14:08 - 2013-08-08 20:55 - 00032384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbccgp.sys 2013-10-10 14:08 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys 2013-10-10 14:08 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys 2013-10-10 14:08 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys 2013-10-10 14:08 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys 2013-10-08 15:17 - 2013-10-08 15:17 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe 2013-10-06 07:40 - 2013-10-06 07:40 - 00000000 ____D C:\Documents and Settings\Jo Vally\Application Data\AVG2014 2013-10-06 07:34 - 2013-10-06 07:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2014 2013-10-06 07:23 - 2013-10-06 09:11 - 00000000 ____D C:\Documents and Settings\Jo Vally\Local Settings\Application Data\Avg2014 ==================== One Month Modified Files and Folders ======= 2013-10-29 23:02 - 2013-10-29 23:02 - 00000000 ____D C:\FRST 2013-10-27 09:57 - 2005-10-19 16:41 - 00000243 ___SH C:\boot.ini 2013-10-13 17:00 - 2010-12-28 05:43 - 00131072 _____ C:\Windows\System32\config\OAlerts.evt 2013-10-13 17:00 - 2006-04-16 18:41 - 00000334 _____ C:\Windows\wiadebug.log 2013-10-13 17:00 - 2006-04-16 18:41 - 00000050 _____ C:\Windows\wiaservc.log 2013-10-13 17:00 - 2006-03-14 12:21 - 01084631 _____ C:\Windows\WindowsUpdate.log 2013-10-13 17:00 - 2006-03-14 12:21 - 00032520 _____ C:\Windows\SchedLgU.Txt 2013-10-13 16:59 - 2006-09-26 16:41 - 00000184 ___SH C:\Documents and Settings\Jo Vally\ntuser.ini 2013-10-13 16:57 - 2006-10-08 15:14 - 00000000 ____D C:\Documents and Settings\Jo Vally\Application Data\Skype 2013-10-13 16:06 - 2005-10-19 11:24 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-13 15:33 - 2010-12-28 05:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help 2013-10-13 15:26 - 2005-10-19 09:48 - 01232506 _____ C:\Windows\System32\PerfStringBackup.INI 2013-10-13 15:21 - 2013-10-13 15:21 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$ 2013-10-13 15:21 - 2013-10-10 14:23 - 00133280 _____ C:\Windows\KB2847311.log 2013-10-13 15:21 - 2009-10-12 17:23 - 00538606 _____ C:\Windows\setupapi.log 2013-10-13 15:21 - 2006-09-15 15:44 - 02970502 _____ C:\Windows\FaxSetup.log 2013-10-13 15:21 - 2006-09-15 15:44 - 01418074 _____ C:\Windows\ocgen.log 2013-10-13 15:21 - 2006-09-15 15:44 - 00824570 _____ C:\Windows\comsetup.log 2013-10-13 15:21 - 2006-09-15 15:44 - 00498625 _____ C:\Windows\ntdtcsetup.log 2013-10-13 15:21 - 2006-09-15 15:44 - 00438236 _____ C:\Windows\updspapi.log 2013-10-13 15:21 - 2006-09-15 15:44 - 00148952 _____ C:\Windows\msgsocm.log 2013-10-13 15:21 - 2006-09-15 15:44 - 00136360 _____ C:\Windows\ocmsn.log 2013-10-13 15:21 - 2006-09-15 15:44 - 00001393 _____ C:\Windows\imsins.log 2013-10-13 15:21 - 2006-03-14 12:56 - 01139440 _____ C:\Windows\tsoc.log 2013-10-13 15:21 - 2006-03-14 12:56 - 00477851 _____ C:\Windows\iis6.log 2013-10-13 15:17 - 2013-10-13 15:17 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$ 2013-10-13 15:17 - 2013-10-13 15:16 - 00127878 _____ C:\Windows\KB2862335.log 2013-10-13 15:17 - 2006-09-15 15:44 - 00001393 _____ C:\Windows\imsins.BAK 2013-10-13 15:08 - 2013-08-28 18:45 - 00000000 ____D C:\Windows\System32\MRT 2013-10-13 14:57 - 2005-10-19 11:27 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-10-13 14:56 - 2009-11-10 15:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-13 14:39 - 2013-10-13 14:39 - 00000000 __HDC C:\Windows\$NtUninstallKB2868038$ 2013-10-13 14:39 - 2013-10-13 14:38 - 00007905 _____ C:\Windows\KB2868038.log 2013-10-13 14:36 - 2013-10-13 14:36 - 00000000 __HDC C:\Windows\$NtUninstallKB2883150$ 2013-10-13 14:36 - 2013-10-13 14:36 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$ 2013-10-13 14:34 - 2013-10-13 14:34 - 00000000 ____D C:\Windows\LastGood.Tmp 2013-10-13 12:27 - 2013-07-21 03:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData 2013-10-13 07:43 - 2006-02-17 11:03 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-10-13 07:38 - 2006-03-14 12:22 - 00099913 _____ C:\Windows\wmsetup.log 2013-10-13 05:18 - 2012-11-18 14:29 - 00000081 ___SH C:\Documents and Settings\All Users\Application Data\.zreglib 2013-10-13 05:18 - 2009-11-10 18:27 - 00000000 ____D C:\Documents and Settings\Jo Vally\Tracing 2013-10-13 05:17 - 2011-03-14 14:21 - 00000007 _____ C:\Windows\System32\ANIWZCSUSERNAME 2013-10-13 05:17 - 2005-10-19 10:12 - 00000000 ____D C:\Windows\System32\Lang 2013-10-12 12:32 - 2006-10-07 07:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DVD Shrink 2013-10-11 14:01 - 2005-10-19 09:48 - 00000000 ____D C:\Documents and Settings\All Users\Bureau 2013-10-11 13:59 - 2013-07-21 03:38 - 00000000 ___HD C:\$AVG 2013-10-08 16:48 - 2006-09-26 16:41 - 00000000 ____D C:\Documents and Settings\Jo Vally\Bureau 2013-10-08 15:17 - 2013-10-08 15:17 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe 2013-10-08 15:17 - 2012-06-13 15:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-10-08 15:17 - 2011-05-18 15:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-10-08 12:49 - 2005-10-19 16:41 - 00002206 _____ C:\Windows\System32\wpa.dbl 2013-10-06 09:11 - 2013-10-06 07:23 - 00000000 ____D C:\Documents and Settings\Jo Vally\Local Settings\Application Data\Avg2014 2013-10-06 07:40 - 2013-10-06 07:40 - 00000000 ____D C:\Documents and Settings\Jo Vally\Application Data\AVG2014 2013-10-06 07:40 - 2008-07-02 18:07 - 00000000 ____D C:\Program Files\AVG 2013-10-06 07:38 - 2013-10-06 07:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2014 2013-10-01 17:38 - 2006-02-17 11:07 - 00000203 _____ C:\Windows\NeroDigital.ini Some content of TEMP: ==================== C:\Documents and Settings\Jo Vally\Local Settings\Temp\AskSLib.dll C:\Documents and Settings\Jo Vally\Local Settings\Temp\CompiledAdapter.dll C:\Documents and Settings\Jo Vally\Local Settings\Temp\FP_PL_PFS_INSTALLER.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\install_reader11_fr_mssd_aaa_aih.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\jre-6u11-windows-i586-p-iftw.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\jre-6u13-windows-i586-p-iftw.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\jre-6u15-windows-i586-iftw.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\jre-6u16-windows-i586-iftw.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\jre-6u24-windows-i586-iftw-rv.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\setup.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\SkypeSetup.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\SSUPDATE.EXE C:\Documents and Settings\Jo Vally\Local Settings\Temp\Stp25_TMP.EXE C:\Documents and Settings\Jo Vally\Local Settings\Temp\UNINSTALL.EXE C:\Documents and Settings\Jo Vally\Local Settings\Temp\_is622.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\_is623.exe C:\Documents and Settings\Jo Vally\Local Settings\Temp\_is628.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe [2005-10-19 16:41] - [2008-04-13 22:34] - 0512000 ____A (Microsoft Corporation) dd73d6b9f6b4cb630cf35b438b540174 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2005-10-19 16:41] - [2008-04-13 22:33] - 0579584 ____A (Microsoft Corporation) e853f84d3ce2faa2a802e33cf89ac023 C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== RP: -> 2013-10-13 14:25 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1809 RP: -> 2013-10-12 15:06 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1808 RP: -> 2013-10-11 15:02 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1807 RP: -> 2013-10-10 14:11 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1806 RP: -> 2013-10-08 14:42 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1805 RP: -> 2013-10-07 13:15 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1804 RP: -> 2013-10-06 07:39 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1803 RP: -> 2013-10-06 07:35 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1802 RP: -> 2013-10-06 07:34 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1801 RP: -> 2013-10-06 07:33 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1800 RP: -> 2013-10-02 16:37 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1799 RP: -> 2013-10-01 14:14 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1798 RP: -> 2013-09-30 14:14 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1797 RP: -> 2013-09-29 12:30 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1796 RP: -> 2013-09-28 12:15 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1795 RP: -> 2013-09-27 12:09 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1794 RP: -> 2013-09-26 11:14 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1793 RP: -> 2013-09-24 17:18 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1792 RP: -> 2013-09-23 15:02 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1791 RP: -> 2013-09-22 14:28 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1790 RP: -> 2013-09-20 18:27 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1789 RP: -> 2013-09-19 17:35 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1788 RP: -> 2013-09-19 16:32 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1787 RP: -> 2013-09-18 16:06 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1786 RP: -> 2013-09-17 11:24 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1785 RP: -> 2013-09-16 10:43 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1784 RP: -> 2013-09-15 03:55 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1783 RP: -> 2013-09-12 13:39 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1782 RP: -> 2013-09-10 15:22 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1781 RP: -> 2013-09-09 14:29 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1780 RP: -> 2013-09-08 14:28 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1779 RP: -> 2013-09-07 12:37 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1778 RP: -> 2013-09-06 12:19 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1777 RP: -> 2013-09-05 12:02 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1776 RP: -> 2013-09-04 08:59 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1775 RP: -> 2013-09-03 08:19 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1774 RP: -> 2013-09-02 08:08 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1773 RP: -> 2013-09-01 07:16 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1772 RP: -> 2013-08-29 19:39 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1771 RP: -> 2013-08-28 18:28 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1770 RP: -> 2013-08-27 09:39 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1769 RP: -> 2013-08-25 17:24 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1768 RP: -> 2013-08-24 16:41 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1767 RP: -> 2013-08-23 16:14 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1766 RP: -> 2013-08-22 15:30 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1765 RP: -> 2013-07-30 16:17 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1764 RP: -> 2013-07-29 15:43 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1763 RP: -> 2013-07-28 06:00 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1762 RP: -> 2013-07-27 05:56 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1761 RP: -> 2013-07-23 13:20 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1760 RP: -> 2013-07-22 12:26 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1759 RP: -> 2013-07-21 11:42 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1758 RP: -> 2013-07-21 06:47 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1757 RP: -> 2013-07-21 03:35 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1756 RP: -> 2013-07-21 03:31 - 028672 _restore{E6C9CA23-D5A3-401C-B9B0-7C9F09E5F657}\RP1755 ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 1021.43 MB Available physical RAM: 779 MB Total Pagefile: 905.81 MB Available Pagefile: 835.7 MB Total Virtual: 2047.88 MB Available Virtual: 1985.56 MB ==================== Drives ================================ Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS Drive c: (BOOT) (Fixed) (Total:116.41 GB) (Free:47.43 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (DATA JO VALLY FAMILLE) (Fixed) (Total:101.81 GB) (Free:67.75 GB) NTFS Drive e: (RECOVER) (Fixed) (Total:14.64 GB) (Free:9.68 GB) FAT32 Drive f: () (Removable) (Total:3.72 GB) (Free:2.74 GB) FAT32 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 233 GB) (Disk ID: BF7FBF7F) Partition 1: (Active) - (Size=116 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=116 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================