Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

For RKinner

Started by ramaflore , Aug 23 2012 07:14 AM

  • Please log in to reply

#16
RKinner
Posted 23 August 2012 - 04:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Now repeat VEW for Applications.
  • 0

Advertisements

#17
ramaflore
Posted 23 August 2012 - 04:26 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Ok, I will do it.

I forgot to tell you that on yesterday, I also performed a clean boot, but this doesn't fix Ksod issue
  • 0

#18
ramaflore
Posted 23 August 2012 - 04:29 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Vino's Event Viewer v01c run on Windows Vista in French
Report run at 24/08/2012 00:28:26

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Erreur Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/08/2012 19:32:04
Type: Erreur Category: 100
Event: 1000 Source: Application Error
Application défaillante Shell.exe, version 0.0.0.0, horodatage 0x00000000, module défaillant CC32100MT.DLL, version 6.0.6002.18541, horodatage 0x4ec3e3d5, code d’exception 0xc0000135, décalage d’erreur 0x00009f5d, ID du processus 0xb08, heure de début de l’application 0x01cd8165ebc1eabe.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Avertissement Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/08/2012 19:02:03
Type: Avertissement Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela. DÉTAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3960516785-660546420-3033704126-1000:
Process 1192 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1000\Software
Process 1192 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1000\Software\Policies
  • 0

#19
ramaflore
Posted 23 August 2012 - 05:16 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
OTL logfile created on: 24/08/2012 00:31:50 - Run 6
OTL by OldTimer - Version 3.2.54.1 Folder = c:\Users\Flore\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1013,44 Mb Total Physical Memory | 158,40 Mb Available Physical Memory | 15,63% Memory free
2,24 Gb Paging File | 0,89 Gb Available in Paging File | 39,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,84 Gb Total Space | 34,76 Gb Free Space | 51,24% Space Free | Partition Type: NTFS
Drive D: | 43,94 Gb Total Space | 29,25 Gb Free Space | 66,57% Space Free | Partition Type: NTFS

Computer Name: PC-DE-FLORE | User Name: Flore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Users\Flore\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRGuard.exe (INCA Internet Co., Ltd.)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardGUI.exe (Blue Ridge Networks)
PRC - C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardAgent.exe (Blue Ridge Networks)
PRC - C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
PRC - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe (Privacyware/PWI, Inc.)
PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
PRC - C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRSvc.exe (INCA Internet Co., Ltd.)
PRC - C:\Program Files\Shadow Defender\DefenderDaemon.exe (SHADOWDEFENDER.COM)
PRC - C:\Program Files\NoAutorun-1.1.2.25\NoAutorun.exe (http://sf.net/projects/noautorun/)
PRC - C:\Program Files\Nitro PDF\Express\NitroPDFExpressDriverService.exe (Nitro PDF Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Blue Ridge Networks\AppGuard\AppGuard.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (BRN_APPGUARD_SERVICE) -- C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardAgent.exe (Blue Ridge Networks)
SRV - (PFNet) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe (Privacyware/PWI, Inc.)
SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (MBRGuardSvc) -- C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRSvc.exe (INCA Internet Co., Ltd.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroExpressDriverReadSpool) -- C:\Program Files\Nitro PDF\Express\NitroPDFExpressDriverService.exe (Nitro PDF Software)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mbr) -- C:\Users\Flore\AppData\Local\Temp\mbr.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz134) -- C:\Users\Flore\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (catchme) -- C:\Users\Flore\AppData\Local\Temp\catchme.sys File not found
DRV - (pwipf6) -- C:\Windows\System32\drivers\pwipf6.sys (Privacyware/PWI, Inc.)
DRV - (HWiNFO32) -- C:\Program Files\HWiNFO32\HWiNFO32.SYS (REALiX™)
DRV - (BrnFileLock) -- C:\Windows\System32\drivers\BrnFileLock.sys (Blue Ridge Networks)
DRV - (TKDac) -- C:\Windows\System32\tkdacxp.sys (INCA Internet Co., Ltd.)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (diskpt) -- C:\Windows\System32\drivers\diskpt.sys (SHADOWDEFENDER.COM)
DRV - (MBRGUARD) -- C:\Windows\System32\drivers\mbrguard.sys (Blue Ridge Networks)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (flash) -- C:\Windows\System32\drivers\flash.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://fr.yahoo.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/12 14:22:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/12 14:22:44 | 000,000,000 | ---D | M]

[2011/12/04 21:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flore\AppData\Roaming\mozilla\Extensions
[2012/08/12 14:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions
[2012/08/12 14:30:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/12 14:30:38 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2012/08/12 14:30:35 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\FasterFox_Lite@BigRedBrent
[2012/08/12 14:30:36 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\[email protected]
[2012/01/03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\searchplugins\askcom.xml
[2012/02/18 22:08:44 | 000,002,140 | ---- | M] () -- C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\searchplugins\s-amazon-fr.xml
[2012/08/12 14:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/08/03 02:45:04 | 000,011,890 | ---- | M] () (No name found) -- C:\USERS\FLORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MX75WWM.DEFAULT\EXTENSIONS\[email protected]
[2012/07/14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/14 02:39:12 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/07/14 02:39:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/14 02:39:12 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/07/14 02:39:12 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/07/14 02:39:12 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/07/14 02:39:12 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2012/08/23 20:55:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AppGuardGUI] C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardGUI.exe (Blue Ridge Networks)
O4 - HKLM..\Run: [NpMBRGuard] C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRGuard.exe (INCA Internet Co., Ltd.)
O4 - HKLM..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
O4 - HKLM..\Run: [Shadow Defender Daemon] C:\Program Files\Shadow Defender\DefenderDaemon.exe (SHADOWDEFENDER.COM)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 124
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB6D00A2-B1C0-4845-B099-36B37CE7E9BD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/23 20:59:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/23 20:55:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/23 20:38:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/23 19:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2012/08/23 19:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/08/23 00:45:49 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxCoIn_v1930.dll
[2012/08/23 00:45:49 | 000,059,392 | ---- | C] (Intel Corporation) -- C:\Windows\System32\oemdspif.dll
[2012/08/23 00:45:47 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2012/08/23 00:45:47 | 000,279,040 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2012/08/23 00:45:47 | 000,277,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2012/08/23 00:45:47 | 000,262,656 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2012/08/23 00:45:47 | 000,257,536 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll
[2012/08/23 00:45:47 | 000,051,712 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll
[2012/08/23 00:45:46 | 000,304,640 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2012/08/23 00:45:46 | 000,299,520 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2012/08/23 00:45:46 | 000,294,912 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2012/08/23 00:45:46 | 000,291,328 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2012/08/23 00:45:46 | 000,289,280 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2012/08/23 00:45:46 | 000,287,744 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2012/08/23 00:45:46 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2012/08/23 00:45:46 | 000,280,064 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2012/08/23 00:45:46 | 000,206,848 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2012/08/23 00:45:46 | 000,205,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2012/08/23 00:45:45 | 000,303,616 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2012/08/23 00:45:45 | 000,288,256 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2012/08/23 00:45:45 | 000,281,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2012/08/23 00:45:45 | 000,249,856 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2012/08/23 00:45:44 | 005,702,656 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxress.dll
[2012/08/23 00:45:44 | 000,310,784 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2012/08/23 00:45:44 | 000,303,616 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2012/08/23 00:45:44 | 000,303,104 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxresp.lrc
[2012/08/23 00:45:44 | 000,275,968 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrenu.lrc
[2012/08/23 00:45:43 | 000,672,792 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcfg.exe
[2012/08/23 00:45:43 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2012/08/23 00:45:43 | 000,280,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2012/08/23 00:45:43 | 000,252,416 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2012/08/23 00:45:43 | 000,179,712 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2012/08/23 00:45:43 | 000,178,176 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2012/08/23 00:45:43 | 000,130,048 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2012/08/23 00:45:43 | 000,119,296 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2012/08/23 00:45:43 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll
[2012/08/23 00:45:42 | 000,536,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumdx32.dll
[2012/08/23 00:45:41 | 002,551,808 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igd10umd32.dll
[2012/08/23 00:45:40 | 004,104,192 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ig4icd32.dll
[2012/08/23 00:45:39 | 002,686,976 | ---- | C] (9xxssf Graphics) -- C:\Windows\System32\ig4dev32.dll
[2012/08/22 23:33:05 | 000,000,000 | ---D | C] -- C:\Users\Flore\Documents\My Drivers
[2012/08/22 23:21:27 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Innovative Solutions
[2012/08/22 23:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2012/08/22 23:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\DriverMax
[2012/08/20 23:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
[2012/08/20 23:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2012/08/20 12:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\p95v277.win32
[2012/08/18 20:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO32
[2012/08/15 23:15:09 | 000,000,000 | ---D | C] -- C:\fjdtv6.90
[2012/08/15 11:43:22 | 000,000,000 | ---D | C] -- C:\Users\Flore\Documents\Windows7_Vista_jcgriff2
[2012/08/13 19:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Regenerator
[2012/08/13 19:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\HDD Regenerator
[2012/08/13 19:43:35 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Downloaded Installations
[2012/08/13 15:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/08/13 14:51:46 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/13 14:49:26 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2012/08/13 14:49:25 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012/08/13 14:49:24 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012/08/13 14:47:31 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012/08/13 14:47:27 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012/08/13 14:47:27 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2012/08/13 14:47:27 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012/08/13 14:47:27 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012/08/13 14:47:26 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012/08/13 14:45:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2012/08/13 14:45:49 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2012/08/13 14:45:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2012/08/13 14:45:42 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012/08/13 14:45:42 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012/08/13 14:45:42 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/08/13 14:45:42 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2012/08/13 14:45:42 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2012/08/13 14:45:42 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2012/08/13 14:17:49 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012/08/13 14:17:49 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012/08/13 14:17:49 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/08/13 14:16:50 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012/08/13 14:00:48 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2012/08/13 13:53:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/08/13 13:53:07 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/08/13 13:53:07 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012/08/13 13:53:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/08/13 13:52:49 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2012/08/13 13:52:49 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012/08/13 13:52:48 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/08/13 13:52:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/08/13 13:52:47 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2012/08/13 13:52:46 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2012/08/13 13:52:46 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/08/13 13:52:45 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/08/13 13:52:45 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012/08/13 13:52:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/08/13 13:52:44 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012/08/13 13:52:40 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012/08/13 13:52:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012/08/13 13:52:20 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2012/08/13 13:52:19 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2012/08/13 13:52:19 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2012/08/13 13:52:19 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2012/08/13 13:52:19 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2012/08/13 13:52:19 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2012/08/13 13:52:19 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2012/08/13 13:52:18 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012/08/13 13:50:55 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2012/08/13 13:50:54 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012/08/13 13:50:54 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/08/13 13:50:54 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2012/08/13 13:50:53 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012/08/13 13:50:53 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/08/13 13:50:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2012/08/13 13:50:03 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2012/08/13 13:49:50 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012/08/13 13:49:49 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012/08/13 13:49:49 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012/08/13 13:49:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/08/13 13:49:20 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/08/13 13:49:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/08/13 13:48:26 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2012/08/13 13:48:02 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/08/13 13:47:59 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2012/08/13 13:47:59 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2012/08/13 13:47:59 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2012/08/13 13:47:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2012/08/13 13:47:55 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/08/13 13:47:22 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/08/13 13:47:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/08/13 13:47:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/08/13 13:47:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2012/08/13 13:47:13 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/08/13 13:47:13 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/08/13 13:47:00 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012/08/13 13:46:54 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2012/08/13 13:46:54 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2012/08/13 13:46:50 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2012/08/13 13:46:22 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012/08/13 13:46:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2012/08/13 13:46:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2012/08/13 13:45:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012/08/13 13:45:32 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/08/13 13:45:20 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2012/08/13 13:45:16 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012/08/13 13:45:15 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012/08/13 13:45:14 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012/08/13 13:45:14 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012/08/13 13:45:14 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012/08/13 13:45:13 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012/08/13 13:45:13 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2012/08/13 13:45:13 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012/08/13 13:45:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012/08/13 13:45:02 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/08/13 13:44:43 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012/08/13 13:44:43 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012/08/13 13:44:41 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/08/13 13:44:35 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2012/08/13 13:44:32 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/08/13 13:44:31 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/08/13 13:44:31 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2012/08/13 13:44:29 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012/08/13 13:44:08 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/08/13 13:44:08 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/08/13 13:44:08 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/08/13 13:44:08 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/08/13 13:44:08 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/08/13 13:43:56 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012/08/13 13:43:49 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/08/13 13:43:43 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/08/13 13:43:43 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/08/13 13:43:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012/08/13 13:43:18 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/08/13 13:43:18 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/08/13 13:43:15 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/08/13 13:42:54 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2012/08/13 13:42:38 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2012/08/13 13:42:30 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012/08/13 13:42:17 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/08/13 12:57:34 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2012/08/13 12:57:31 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012/08/13 12:57:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2012/08/13 12:57:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2012/08/13 12:57:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2012/08/13 11:56:43 | 000,000,000 | ---D | C] -- C:\Desktop
[2012/08/12 15:47:43 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/08/12 15:47:42 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/08/12 15:47:21 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/08/12 15:47:21 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/08/12 15:47:21 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/08/12 15:47:16 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/08/12 15:47:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/08/12 15:34:57 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/08/12 15:30:45 | 000,127,568 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\System32\drivers\pwipf6.sys
[2012/08/12 15:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
[2012/08/12 15:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Privacyware
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modèles
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes vidéos
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes images
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Démarrer
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Ma musique
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\Program Files\Fichiers communs
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoris
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Bureau
[2012/08/12 15:04:15 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2012/08/12 15:03:43 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/08/12 15:02:30 | 002,777,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NETw4r32.dll
[2012/08/12 15:02:30 | 002,251,776 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\NETw4v32.sys
[2012/08/12 15:02:30 | 000,745,472 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NETw4c32.dll
[2012/08/12 15:02:26 | 001,095,936 | ---- | C] (Motorola Inc.) -- C:\Windows\System32\drivers\smserial.sys
[2012/08/12 15:02:26 | 000,516,096 | ---- | C] (Motorola Inc.) -- C:\Windows\System32\sm56co85.dll
[2012/08/12 15:02:24 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2012/08/12 15:02:24 | 000,017,768 | ---- | C] (Blue Ridge Networks) -- C:\Windows\System32\drivers\mbrguard.sys
[2012/08/12 15:02:23 | 003,829,760 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll
[2012/08/12 15:02:23 | 000,199,680 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll
[2012/08/12 15:02:23 | 000,170,520 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxzoom.exe
[2012/08/12 15:02:23 | 000,094,208 | ---- | C] (Intel Corporation) -- C:\Windows\System32\hccutils.dll
[2012/08/12 15:02:21 | 000,062,208 | ---- | C] (ENE Technology Inc.) -- C:\Windows\System32\drivers\EMS7SK.sys
[2012/08/12 15:02:20 | 000,042,240 | ---- | C] (ENE Technology Inc.) -- C:\Windows\System32\drivers\ESD7SK.sys
[2012/08/12 15:02:18 | 003,784,704 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2012/08/12 15:02:18 | 001,766,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2012/08/12 15:02:18 | 001,183,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2012/08/12 15:02:18 | 000,532,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2012/08/12 15:02:18 | 000,284,160 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2012/08/12 14:17:46 | 000,000,000 | --SD | C] -- C:\Users\Flore\AppData\Roaming\Microsoft
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Videos
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Saved Games
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Pictures
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Music
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Links
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Favorites
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Downloads
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Documents
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Desktop
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Voisinage réseau
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Voisinage d'impression
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\AppData\Local\Temporary Internet Files
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\SendTo
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Recent
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Modèles
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Documents\Mes vidéos
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Documents\Mes images
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Mes documents
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Menu Démarrer
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Documents\Ma musique
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Local Settings
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\AppData\Local\Historique
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Cookies
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Application Data
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\AppData\Local\Application Data
[2012/08/12 14:17:46 | 000,000,000 | -H-D | C] -- C:\Users\Flore\AppData
[2012/08/12 14:17:46 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Temp
[2012/08/12 14:17:46 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Microsoft
[2012/08/12 14:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2012/08/12 14:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012/08/12 14:11:38 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012/08/12 14:05:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/08/12 00:16:40 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\ImgBurn
[2012/08/11 23:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/08/11 23:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/08/08 11:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/08 01:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData
[2012/08/07 23:19:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/07 23:19:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/07 23:19:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/07 23:14:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/07 10:34:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/08/07 10:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/05 20:06:41 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/05 20:06:41 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/05 19:02:38 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\vlc
[2012/08/05 19:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/08/05 18:51:00 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Daum
[2012/08/05 18:50:57 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\PotPlayerMini
[2012/08/05 18:50:28 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
[2012/08/05 18:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
[2012/08/05 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\Daum
[2012/08/03 20:02:24 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Runscanner.net
[2012/08/01 19:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/01 19:22:36 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/07/30 20:54:57 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Privatefirewall
[2012/07/30 12:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Privacyware
[2012/07/27 19:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2012/07/27 19:08:19 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
[2012/07/25 23:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Ultimate Windows Tweaker v2.2
[2012/07/25 22:08:25 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\blue ridge networks
[2012/07/25 22:08:24 | 000,000,000 | ---D | C] -- C:\Users\Flore\Documents\MyPrivateFolder
[2012/07/25 22:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ridge Networks
[2012/07/25 22:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Blue Ridge Networks
[2012/07/25 22:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Ridge Networks
[2012/07/25 22:02:45 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

========== Files - Modified Within 30 Days ==========

[2012/08/23 23:35:27 | 000,005,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/23 23:35:27 | 000,005,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/23 20:55:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/23 19:51:48 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/08/23 15:35:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/23 12:52:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/08/23 12:08:29 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/08/23 01:56:02 | 000,000,943 | ---- | M] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/22 23:21:27 | 000,000,816 | ---- | M] () -- C:\Users\Flore\Desktop\DriverMax.lnk
[2012/08/22 18:44:31 | 000,681,752 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/08/22 18:44:31 | 000,599,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/22 18:44:31 | 000,127,574 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/08/22 18:44:31 | 000,105,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/21 00:19:57 | 000,000,210 | ---- | M] () -- C:\Users\Flore\AppData\Roaming\burnaware.ini
[2012/08/21 00:19:52 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/08/21 00:19:52 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/08/20 23:47:27 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2012/08/20 17:20:31 | 000,006,656 | ---- | M] () -- C:\Windows\System32\lpcio.dll
[2012/08/20 01:50:43 | 000,004,608 | ---- | M] () -- C:\Users\Flore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/19 16:48:18 | 000,005,680 | ---- | M] () -- C:\Users\Flore\AppData\Local\Temp5.html
[2012/08/19 16:47:37 | 000,001,955 | ---- | M] () -- C:\Users\Flore\AppData\Local\Temp1.html
[2012/08/16 00:37:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/08/15 22:53:05 | 000,063,545 | ---- | M] () -- C:\fjdtv6.90.zip
[2012/08/15 12:16:03 | 000,287,056 | ---- | M] () -- C:\Users\Flore\Documents\Windows7_Vista_jcgriff2.zip
[2012/08/15 12:01:17 | 002,574,808 | ---- | M] () -- C:\Users\Flore\Documents\Perfmon.html
[2012/08/13 19:43:51 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\HDD Regenerator.lnk
[2012/08/13 15:29:46 | 000,231,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/12 15:34:42 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2012/08/12 15:30:40 | 000,000,146 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/08/12 15:12:01 | 000,000,438 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/12 15:03:28 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/08/12 15:01:13 | 000,383,601 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/08/12 14:40:28 | 000,021,668 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2012/08/11 23:56:00 | 000,001,650 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/08/10 05:34:39 | 000,139,640 | ---- | M] () -- C:\Windows\System32\p
[2012/08/08 11:19:00 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/08 11:19:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/07 10:34:36 | 000,000,642 | ---- | M] () -- C:\Users\Flore\Desktop\ERUNT.lnk
[2012/08/06 20:55:56 | 000,001,455 | ---- | M] () -- C:\Windows\System\p
[2012/08/06 20:55:17 | 000,005,572 | ---- | M] () -- C:\Windows\p
[2012/08/05 20:03:39 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/08/05 19:02:23 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/08/05 18:50:42 | 000,000,967 | ---- | M] () -- C:\Users\Flore\Desktop\PotPlayer.lnk
[2012/08/01 19:37:49 | 000,000,870 | ---- | M] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/01 19:37:48 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/01 19:22:37 | 000,001,057 | ---- | M] () -- C:\Users\Flore\Desktop\Revo Uninstaller.lnk
[2012/07/27 19:21:42 | 000,001,832 | ---- | M] () -- C:\Users\Flore\Desktop\VirusTotal Uploader 2.0.lnk
[2012/07/25 22:05:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_mbrguard_01009.Wdf
[2012/07/25 22:05:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/07/25 22:03:53 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\AppGuard.lnk

========== Files Created - No Company Name ==========

[2012/08/23 19:51:48 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/08/23 12:08:09 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/08/23 00:45:49 | 000,060,015 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2012/08/23 00:45:49 | 000,039,440 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2012/08/23 00:45:48 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2012/08/23 00:45:48 | 001,921,265 | ---- | C] () -- C:\Windows\System32\iglhxa32.cpa
[2012/08/23 00:45:48 | 000,060,254 | ---- | C] () -- C:\Windows\System32\iglhxg32.vp
[2012/08/23 00:45:48 | 000,060,226 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
[2012/08/23 00:45:48 | 000,001,090 | ---- | C] () -- C:\Windows\System32\iglhxa32.vp
[2012/08/22 23:21:27 | 000,000,816 | ---- | C] () -- C:\Users\Flore\Desktop\DriverMax.lnk
[2012/08/20 23:48:21 | 000,000,210 | ---- | C] () -- C:\Users\Flore\AppData\Roaming\burnaware.ini
[2012/08/20 23:47:27 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2012/08/19 16:48:18 | 000,005,680 | ---- | C] () -- C:\Users\Flore\AppData\Local\Temp5.html
[2012/08/19 16:47:37 | 000,001,955 | ---- | C] () -- C:\Users\Flore\AppData\Local\Temp1.html
[2012/08/16 00:37:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/08/15 22:53:04 | 000,063,545 | ---- | C] () -- C:\fjdtv6.90.zip
[2012/08/15 12:16:02 | 000,287,056 | ---- | C] () -- C:\Users\Flore\Documents\Windows7_Vista_jcgriff2.zip
[2012/08/15 12:04:08 | 002,574,808 | ---- | C] () -- C:\Users\Flore\Documents\Perfmon.html
[2012/08/14 00:58:29 | 000,008,064 | ---- | C] () -- C:\Windows\System32\drivers\flash.sys
[2012/08/13 19:43:51 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\HDD Regenerator.lnk
[2012/08/13 13:47:59 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012/08/13 13:43:52 | 000,006,656 | ---- | C] () -- C:\Windows\System32\lpcio.dll
[2012/08/12 15:35:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012/08/12 15:34:42 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2012/08/12 15:20:56 | 000,004,608 | ---- | C] () -- C:\Users\Flore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/12 15:18:27 | 000,000,949 | ---- | C] () -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/12 15:18:23 | 000,000,944 | ---- | C] () -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/08/12 15:02:23 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2012/08/12 14:40:28 | 000,021,668 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2012/08/12 14:17:46 | 000,000,258 | ---- | C] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/12 14:17:46 | 000,000,240 | ---- | C] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/12 14:16:20 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2012/08/11 23:56:00 | 000,001,662 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/08/11 23:56:00 | 000,001,650 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/08/10 05:34:39 | 000,139,640 | ---- | C] () -- C:\Windows\System32\p
[2012/08/07 23:19:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/07 23:19:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/07 23:19:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/07 23:19:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/07 23:19:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/07 10:34:36 | 000,000,642 | ---- | C] () -- C:\Users\Flore\Desktop\ERUNT.lnk
[2012/08/06 20:55:56 | 000,001,455 | ---- | C] () -- C:\Windows\System\p
[2012/08/06 20:54:51 | 000,005,572 | ---- | C] () -- C:\Windows\p
[2012/08/05 19:02:23 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/08/05 18:50:42 | 000,000,967 | ---- | C] () -- C:\Users\Flore\Desktop\PotPlayer.lnk
[2012/08/01 19:37:49 | 000,000,870 | ---- | C] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/01 19:37:48 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/01 19:37:48 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/30 12:53:48 | 000,000,146 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/27 19:08:19 | 000,001,832 | ---- | C] () -- C:\Users\Flore\Desktop\VirusTotal Uploader 2.0.lnk
[2012/07/25 22:05:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_mbrguard_01009.Wdf
[2012/07/25 22:05:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/07/25 22:03:53 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\AppGuard.lnk
[2012/07/18 00:05:34 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/07/15 01:34:13 | 001,472,131 | ---- | C] () -- C:\Program Files\vba32arkit.zip
[2012/06/28 01:14:43 | 000,826,230 | ---- | C] () -- C:\Program Files\JPEGView_1_0_26.zip
[2012/05/27 03:13:40 | 000,000,004 | ---- | C] () -- C:\Windows\60139727.dat
[2012/05/26 02:53:38 | 000,000,004 | ---- | C] () -- C:\Windows\11290197.dat
[2012/05/25 16:30:01 | 000,000,004 | ---- | C] () -- C:\Windows\16305630.dat
[2012/05/25 02:27:02 | 000,000,004 | ---- | C] () -- C:\Windows\52562384.dat
[2012/05/24 02:29:58 | 000,000,130 | ---- | C] () -- C:\Windows\9218894.dat
[2012/05/21 13:50:06 | 000,000,418 | ---- | C] () -- C:\Users\Flore\.swfinfo
[2012/05/11 00:07:55 | 000,001,004 | ---- | C] () -- C:\Windows\diskpt0.dat
[2012/05/01 15:19:52 | 000,088,656 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/04/30 20:22:52 | 000,000,000 | ---- | C] () -- C:\Windows\diskpt.dat
[2011/12/14 03:41:02 | 000,000,324 | ---- | C] () -- C:\Windows\12812112.dat
[2011/12/04 22:54:49 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/12/04 21:30:11 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2011/12/04 21:26:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2011/12/04 00:51:53 | 000,000,438 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/03 22:07:27 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\erdnt\cache\atapi.sys
[2009/04/11 15:19:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 15:19:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 15:19:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: BOOTVID.DLL >
[2008/01/21 04:24:53 | 000,024,120 | ---- | M] (Microsoft Corporation) MD5=F0821E18CAFC7135CCF6DE3D306E97CD -- C:\Windows\System32\BOOTVID.DLL
[2008/01/21 04:24:53 | 000,024,120 | ---- | M] (Microsoft Corporation) MD5=F0821E18CAFC7135CCF6DE3D306E97CD -- C:\Windows\winsxs\x86_microsoft-windows-bootvid_31bf3856ad364e35_6.0.6001.18000_none_38797b7986345c9b\BOOTVID.DLL

< MD5 for: CSRSS.EXE >
[2008/01/21 04:25:20 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/21 04:25:20 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/11 15:19:56 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 15:19:56 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

< MD5 for: EXPSRV.DLL >
[2006/11/02 11:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\expsrv.dll
[2006/11/02 11:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-m..s-components-jetvba_31bf3856ad364e35_6.0.6000.16386_none_735b8f8d953639a8\expsrv.dll

< MD5 for: HAL.DLL >
[2009/04/11 15:19:25 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: MSWSOCK.DLL >
[2009/04/11 00:28:24 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\erdnt\cache\mswsock.dll
[2009/04/11 15:19:45 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 15:19:45 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/21 04:24:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/21 04:24:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/21 04:24:11 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/21 04:24:11 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll

< MD5 for: NTDLL.DLL >
[2009/04/11 15:20:16 | 001,202,168 | ---- | M] (Microsoft Corporation) MD5=40DB2EBA3CD1433D1C90BD262ECE1543 -- C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18005_none_5ac2574df94f7762\ntdll.dll
[2011/11/18 22:23:34 | 001,205,576 | ---- | M] (Microsoft Corporation) MD5=B9940B8D1B0BC5F675A99E6D1E2F0835 -- C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.22742_none_5b1dbeef129029d5\ntdll.dll
[2011/11/18 22:23:34 | 001,205,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntdll.dll
[2011/11/18 22:23:34 | 001,205,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18541_none_5a931ff3f973738d\ntdll.dll

< MD5 for: NTOSKRNL.EXE >
[2009/04/11 15:20:07 | 003,549,672 | ---- | M] (Microsoft Corporation) MD5=6798DBF3F25721637AEF5B6C69911C9C -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18005_none_6e1bdaacb144ddb4\ntoskrnl.exe
[2012/04/03 10:16:12 | 003,552,640 | ---- | M] (Microsoft Corporation) MD5=B9907DD4BE7B1B39573BF66554AB224E -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22831_none_6e8113d5ca7e5806\ntoskrnl.exe
[2012/04/03 10:16:11 | 003,550,080 | ---- | M] (Microsoft Corporation) MD5=BA4C485548914034B471EB6FC2B50082 -- C:\Windows\erdnt\cache\ntoskrnl.exe
[2012/04/03 10:16:11 | 003,550,080 | ---- | M] (Microsoft Corporation) MD5=BA4C485548914034B471EB6FC2B50082 -- C:\Windows\System32\ntoskrnl.exe
[2012/04/03 10:16:11 | 003,550,080 | ---- | M] (Microsoft Corporation) MD5=BA4C485548914034B471EB6FC2B50082 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18607_none_6e1de6a4b142ff4c\ntoskrnl.exe
[2012/03/06 08:39:00 | 003,550,080 | ---- | M] (Microsoft Corporation) MD5=D960F9E1FCA0C86387E806D9AED319FB -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18595_none_6dba94deb18dcaf0\ntoskrnl.exe
[2012/03/06 08:39:00 | 003,552,640 | ---- | M] (Microsoft Corporation) MD5=FEA4425645424D66DCCC6CD3F417A40D -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22811_none_6e96b3adca6e2024\ntoskrnl.exe

< MD5 for: PNRPNSP.DLL >
[2008/01/21 04:25:49 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/21 04:25:49 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2009/04/11 00:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009/04/11 15:20:11 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 15:20:11 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/21 04:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 04:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USER32.DLL >
[2009/04/11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\erdnt\cache\user32.dll
[2009/04/11 15:19:54 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009/04/11 15:19:54 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

< MD5 for: USERINIT.EXE >
[2008/01/19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/11 15:20:12 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 15:20:12 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/04/11 15:19:34 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/11 15:19:34 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 11:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 11:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 11:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< End of report >
  • 0

#20
ramaflore
Posted 23 August 2012 - 05:16 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
OTL Extras logfile created on: 24/08/2012 00:31:50 - Run 6
OTL by OldTimer - Version 3.2.54.1 Folder = c:\Users\Flore\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1013,44 Mb Total Physical Memory | 158,40 Mb Available Physical Memory | 15,63% Memory free
2,24 Gb Paging File | 0,89 Gb Available in Paging File | 39,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,84 Gb Total Space | 34,76 Gb Free Space | 51,24% Space Free | Partition Type: NTFS
Drive D: | 43,94 Gb Total Space | 29,25 Gb Free Space | 66,57% Space Free | Partition Type: NTFS

Computer Name: PC-DE-FLORE | User Name: Flore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe" = C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe" = C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4C6FEC38-E332-483E-B369-F13814582341}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{CF9ACEB2-6F37-42BB-82A4-D8284D11AC61}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"TCP Query User{28F976C5-B62D-47B1-A068-C10083330A03}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{3B892A90-0C40-480C-AC7B-7359C31AC653}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{50272F8E-E0F5-4C3A-86EB-99FE9C98A4CC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{685C5DB0-C2CF-4CEC-BD7E-62407B3506E0}F:\a voir\simpletv 0.4.6 r (vlc 2.0.1)\tv\tv.exe" = protocol=6 | dir=in | app=f:\a voir\simpletv 0.4.6 r (vlc 2.0.1)\tv\tv.exe |
"TCP Query User{C7DD4930-B3D1-4E13-842E-346129CCAAA2}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{1921D901-4F96-4686-9494-B8B5AC2474C0}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{76EC7485-29AD-4D17-80D0-2B0C17B2D10F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9A013F88-AF7D-4B6C-95D1-4DB222C72EA9}F:\a voir\simpletv 0.4.6 r (vlc 2.0.1)\tv\tv.exe" = protocol=17 | dir=in | app=f:\a voir\simpletv 0.4.6 r (vlc 2.0.1)\tv\tv.exe |
"UDP Query User{E332CAD0-1863-4D94-AFB4-A3594897674D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F8088F69-8D8F-4B69-A6BF-87D894A30C40}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{23157413-FB7F-404D-B558-F33B9827F579}" = Minimem
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.2.4902
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2C9B1E69-DD05-40F5-8378-056A117028F9}" = Blue Ridge Networks AppGuard ® Consumer
"{37565633-908E-435A-ADB0-DED2A9707CCF}" = Nitro PDF Express
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{93A07A0D-454E-43d1-86A9-5DE9C5F4411A}" = Shadow Defender
"{97A39919-9FEA-48B7-AB2B-4F99212D1E98}" = HDD Regenerator
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = Auslogics Registry Defrag
"{E6CBC979-E613-49E6-A37B-3C342DE35235}_is1" = PDF to Word
"{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}" = Privatefirewall 7.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BleachBit" = BleachBit
"BurnAware Free_is1" = BurnAware Free 5.1
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DMX5_is1" = DriverMax 6
"doPDF 7 printer_is1" = doPDF 7.3 printer
"ERUNT_is1" = ERUNT 1.1j
"FuturixImager6" = FuturixImager
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro36" = HitmanPro 3.6
"ImgBurn" = ImgBurn
"MAXA Cookie Manager_is1" = MAXA Cookie Manager Pro 5.3
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Mozilla Firefox 14.0.1 (x86 fr)" = Mozilla Firefox 14.0.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"nProtect MBR Guard" = nProtect MBR Guard
"PotPlayer" = Daum PotPlayer 1.5.33948
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"Replay Video Capture6.0.3" = Replay Video Capture 6
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.2004)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.4.8
"Speccy" = Speccy
"SumatraPDF" = SumatraPDF
"Veetle TV" = Veetle TV
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 2.0.3
"WhoCrashed_is1" = WhoCrashed 3.04

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/08/2012 15:32:04 | Computer Name = PC-de-Flore | Source = Application Error | ID = 1000
Description = Application défaillante Shell.exe, version 0.0.0.0, horodatage 0x00000000,
module défaillant CC32100MT.DLL, version 6.0.6002.18541, horodatage 0x4ec3e3d5,
code d’exception 0xc0000135, décalage d’erreur 0x00009f5d, ID du processus 0xb08,
heure de début de l’application 0x01cd8165ebc1eabe.

[ System Events ]
Error - 23/08/2012 14:41:41 | Computer Name = PC-de-Flore | Source = Service Control Manager | ID = 7030
Description =

Error - 23/08/2012 14:48:27 | Computer Name = PC-de-Flore | Source = Service Control Manager | ID = 7030
Description =

Error - 23/08/2012 14:55:43 | Computer Name = PC-de-Flore | Source = Service Control Manager | ID = 7030
Description =

Error - 23/08/2012 14:59:46 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >
  • 0

#21
RKinner
Posted 23 August 2012 - 06:00 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Do you realize that you may be looking at two different problems and there is no way to know when the second problem started? You had an overheating issue which could have caused KSODs and you have a second problem which is also causing a KSOD. If you refuse to do as I ask then there is no way to isolate the problem. So far the only things we have found that do not look right are the locked files.

[2011/11/18 22:23:34 | 001,205,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntdll.dll
[2011/11/18 22:23:34 | 001,205,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18541_none_5a931ff3f973738d\ntdll.dll

[2009/04/11 15:19:54 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009/04/11 15:19:54 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

These are critical system files so could easily play a part in the problem.

We could try replacing the locked files and see what happens but I don't trust your security stuff not to mess it up and it may not be necessary if they are what is locking the files. It's odd that I don't see any sign of a KSOD in your logs. Go into Control panel, System, Advanced System Settings and click on Settings under Startup and Recovery (it's the last of the three areas just above the Environmental Variables button.) and make sure that you have the same options checked as in the picture:



That way if there is another KSOD then we will be sure to get something in the event log and a minidump.

Let's try a diagnostic boot.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after the line:
msconfig

Click Diagnostic Startup (second button on the General tab) then OK and reboot.

Cancel the msconfig warning and window. Do you get your KSOD? If not try rebooting several times. If you get a KSOD then create an AVG rescue disk and boot from it:

http://www.geekstogo...ystem-tutorial/

Do step one (you will need to go back into msconfig and change it back to Normal Boot then reboot). Boot from the AVG disk and let it run a scan. Then shut it down. Do you get a KSOD from booting to the AVG disk?
  • 0

#22
ramaflore
Posted 23 August 2012 - 06:11 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Overheating issue ? This was already fixed with rshaffer. I didn't see any overheating on regards of Speccy scanner.

I'm under Vista 32 bits and not Win7, so that, I don't have 'Startup and Recovery' window

Edited by ramaflore, 23 August 2012 - 06:15 PM.

  • 0

#23
RKinner
Posted 23 August 2012 - 07:41 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
When I suggest removing something you say it can't be involved because the KSOD started years ago. You did not fix the overheat issue until last week or so. Overheat can cause KSOD so how do we know when the current problem actually started? It may look like the same problem but you can't know that for sure. If you won't do what I ask you to do then there is little point in continuing.

Every PC since Windows 2000 and maybe NT has the Startup and Recovery options under the Advanced tab in System. Vista is no different. Just checked on my Vista box to make sure. I don't know what they call it in French which is why I showed you the picture since I expect the layout won't change even if they call it something else. And yes the window on my Vista looks just like the one on Win 7.
  • 0

#24
ramaflore
Posted 24 August 2012 - 04:18 AM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Ron,

I've just uninstalled all those programs you told me My link

I will run again OTL as you said on that post ;)

Edited by ramaflore, 24 August 2012 - 04:36 AM.

  • 0

#25
ramaflore
Posted 24 August 2012 - 04:32 AM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
OTL logfile created on: 24/08/2012 12:22:39 - Run 8
OTL by OldTimer - Version 3.2.54.1 Folder = c:\Users\Flore\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1013,44 Mb Total Physical Memory | 315,49 Mb Available Physical Memory | 31,13% Memory free
2,24 Gb Paging File | 1,54 Gb Available in Paging File | 68,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,84 Gb Total Space | 48,98 Gb Free Space | 72,19% Space Free | Partition Type: NTFS
Drive D: | 43,94 Gb Total Space | 29,25 Gb Free Space | 66,57% Space Free | Partition Type: NTFS

Computer Name: PC-DE-FLORE | User Name: Flore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Users\Flore\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRGuard.exe (INCA Internet Co., Ltd.)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
PRC - C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRSvc.exe (INCA Internet Co., Ltd.)
PRC - C:\Program Files\NoAutorun-1.1.2.25\NoAutorun.exe (http://sf.net/projects/noautorun/)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Nitro PDF\Express\NitroPDFExpressDriverService.exe (Nitro PDF Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\hccutils.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (MBRGuardSvc) -- C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRSvc.exe (INCA Internet Co., Ltd.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroExpressDriverReadSpool) -- C:\Program Files\Nitro PDF\Express\NitroPDFExpressDriverService.exe (Nitro PDF Software)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz134) -- C:\Users\Flore\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (catchme) -- C:\Users\Flore\AppData\Local\Temp\catchme.sys File not found
DRV - (HWiNFO32) -- C:\Program Files\HWiNFO32\HWiNFO32.SYS (REALiX™)
DRV - (TKDac) -- C:\Windows\System32\tkdacxp.sys (INCA Internet Co., Ltd.)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (flash) -- C:\Windows\System32\drivers\flash.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://fr.yahoo.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/12 14:22:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/12 14:22:44 | 000,000,000 | ---D | M]

[2011/12/04 21:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flore\AppData\Roaming\mozilla\Extensions
[2012/08/12 14:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions
[2012/08/12 14:30:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/12 14:30:38 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2012/08/12 14:30:35 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\FasterFox_Lite@BigRedBrent
[2012/08/12 14:30:36 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\[email protected]
[2012/01/03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\searchplugins\askcom.xml
[2012/02/18 22:08:44 | 000,002,140 | ---- | M] () -- C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\searchplugins\s-amazon-fr.xml
[2012/08/12 14:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/08/03 02:45:04 | 000,011,890 | ---- | M] () (No name found) -- C:\USERS\FLORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MX75WWM.DEFAULT\EXTENSIONS\[email protected]
[2012/07/14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/14 02:39:12 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/07/14 02:39:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/14 02:39:12 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/07/14 02:39:12 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/07/14 02:39:12 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/07/14 02:39:12 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2012/08/23 20:55:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [NpMBRGuard] C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRGuard.exe (INCA Internet Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 124
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB6D00A2-B1C0-4845-B099-36B37CE7E9BD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/24 01:37:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2012/08/24 01:37:03 | 000,385,024 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2012/08/23 20:59:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/23 20:55:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/23 20:38:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/23 19:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2012/08/23 19:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/08/23 00:45:49 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxCoIn_v1930.dll
[2012/08/23 00:45:45 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2012/08/23 00:45:42 | 000,536,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumdx32.dll
[2012/08/22 23:33:05 | 000,000,000 | ---D | C] -- C:\Users\Flore\Documents\My Drivers
[2012/08/22 23:21:27 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Innovative Solutions
[2012/08/22 23:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2012/08/22 23:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\DriverMax
[2012/08/20 23:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
[2012/08/20 23:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2012/08/20 12:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\p95v277.win32
[2012/08/18 20:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO32
[2012/08/15 23:15:09 | 000,000,000 | ---D | C] -- C:\fjdtv6.90
[2012/08/15 11:43:22 | 000,000,000 | ---D | C] -- C:\Users\Flore\Documents\Windows7_Vista_jcgriff2
[2012/08/13 19:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Regenerator
[2012/08/13 19:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\HDD Regenerator
[2012/08/13 19:43:35 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Downloaded Installations
[2012/08/13 15:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/08/13 14:51:46 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/13 14:49:26 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2012/08/13 14:49:25 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012/08/13 14:49:24 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012/08/13 14:47:31 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012/08/13 14:47:27 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012/08/13 14:47:27 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2012/08/13 14:47:27 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012/08/13 14:47:27 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012/08/13 14:47:26 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012/08/13 14:45:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2012/08/13 14:45:49 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2012/08/13 14:45:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2012/08/13 14:45:42 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012/08/13 14:45:42 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012/08/13 14:45:42 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/08/13 14:45:42 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2012/08/13 14:45:42 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2012/08/13 14:45:42 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2012/08/13 14:17:49 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012/08/13 14:17:49 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012/08/13 14:17:49 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/08/13 14:16:50 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012/08/13 14:00:48 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2012/08/13 13:53:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/08/13 13:53:07 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/08/13 13:53:07 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012/08/13 13:53:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/08/13 13:52:49 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2012/08/13 13:52:49 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012/08/13 13:52:48 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/08/13 13:52:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/08/13 13:52:47 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2012/08/13 13:52:46 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2012/08/13 13:52:46 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/08/13 13:52:45 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/08/13 13:52:45 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012/08/13 13:52:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/08/13 13:52:44 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012/08/13 13:52:40 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012/08/13 13:52:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012/08/13 13:52:20 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2012/08/13 13:52:19 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2012/08/13 13:52:19 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2012/08/13 13:52:19 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2012/08/13 13:52:19 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2012/08/13 13:52:19 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2012/08/13 13:52:19 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2012/08/13 13:52:18 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012/08/13 13:50:55 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2012/08/13 13:50:54 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012/08/13 13:50:54 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/08/13 13:50:54 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2012/08/13 13:50:53 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012/08/13 13:50:53 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/08/13 13:50:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2012/08/13 13:50:03 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2012/08/13 13:49:50 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012/08/13 13:49:49 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012/08/13 13:49:49 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012/08/13 13:49:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/08/13 13:49:20 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/08/13 13:49:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/08/13 13:48:26 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2012/08/13 13:48:02 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/08/13 13:47:59 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2012/08/13 13:47:59 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2012/08/13 13:47:59 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2012/08/13 13:47:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2012/08/13 13:47:55 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/08/13 13:47:22 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/08/13 13:47:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/08/13 13:47:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/08/13 13:47:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2012/08/13 13:47:13 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/08/13 13:47:13 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/08/13 13:47:00 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012/08/13 13:46:54 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2012/08/13 13:46:54 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2012/08/13 13:46:50 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2012/08/13 13:46:22 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012/08/13 13:46:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2012/08/13 13:46:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2012/08/13 13:45:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012/08/13 13:45:32 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/08/13 13:45:20 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2012/08/13 13:45:16 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012/08/13 13:45:15 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012/08/13 13:45:14 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012/08/13 13:45:14 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012/08/13 13:45:14 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012/08/13 13:45:13 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012/08/13 13:45:13 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2012/08/13 13:45:13 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012/08/13 13:45:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012/08/13 13:45:02 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/08/13 13:44:43 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012/08/13 13:44:43 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012/08/13 13:44:41 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/08/13 13:44:35 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2012/08/13 13:44:32 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/08/13 13:44:31 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/08/13 13:44:31 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2012/08/13 13:44:29 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012/08/13 13:44:08 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/08/13 13:44:08 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/08/13 13:44:08 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/08/13 13:44:08 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/08/13 13:44:08 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/08/13 13:43:56 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012/08/13 13:43:49 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/08/13 13:43:43 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/08/13 13:43:43 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/08/13 13:43:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012/08/13 13:43:18 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/08/13 13:43:18 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/08/13 13:43:15 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/08/13 13:42:54 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2012/08/13 13:42:38 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2012/08/13 13:42:30 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012/08/13 13:42:17 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/08/13 12:57:34 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2012/08/13 12:57:31 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012/08/13 12:57:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2012/08/13 12:57:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2012/08/13 12:57:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2012/08/13 11:56:43 | 000,000,000 | ---D | C] -- C:\Desktop
[2012/08/12 15:47:43 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/08/12 15:47:42 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/08/12 15:47:21 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/08/12 15:47:21 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/08/12 15:47:21 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/08/12 15:47:16 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/08/12 15:47:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/08/12 15:34:57 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modèles
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes vidéos
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes images
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Démarrer
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Ma musique
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\Program Files\Fichiers communs
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoris
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Bureau
[2012/08/12 15:04:15 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2012/08/12 15:03:43 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/08/12 15:02:30 | 002,777,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NETw4r32.dll
[2012/08/12 15:02:30 | 002,251,776 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\NETw4v32.sys
[2012/08/12 15:02:30 | 000,745,472 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NETw4c32.dll
[2012/08/12 15:02:26 | 001,095,936 | ---- | C] (Motorola Inc.) -- C:\Windows\System32\drivers\smserial.sys
[2012/08/12 15:02:26 | 000,516,096 | ---- | C] (Motorola Inc.) -- C:\Windows\System32\sm56co85.dll
[2012/08/12 15:02:24 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2012/08/12 15:02:24 | 000,017,768 | ---- | C] (Blue Ridge Networks) -- C:\Windows\System32\drivers\mbrguard.sys
[2012/08/12 15:02:21 | 000,062,208 | ---- | C] (ENE Technology Inc.) -- C:\Windows\System32\drivers\EMS7SK.sys
[2012/08/12 15:02:20 | 000,042,240 | ---- | C] (ENE Technology Inc.) -- C:\Windows\System32\drivers\ESD7SK.sys
[2012/08/12 15:02:18 | 003,784,704 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2012/08/12 15:02:18 | 001,766,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2012/08/12 15:02:18 | 001,183,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2012/08/12 15:02:18 | 000,532,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2012/08/12 15:02:18 | 000,284,160 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2012/08/12 14:17:46 | 000,000,000 | --SD | C] -- C:\Users\Flore\AppData\Roaming\Microsoft
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Videos
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Saved Games
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Pictures
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Music
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Links
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Favorites
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Downloads
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Documents
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Desktop
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Voisinage réseau
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Voisinage d'impression
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\AppData\Local\Temporary Internet Files
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\SendTo
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Recent
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Modèles
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Documents\Mes vidéos
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Documents\Mes images
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Mes documents
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Menu Démarrer
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Documents\Ma musique
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Local Settings
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\AppData\Local\Historique
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Cookies
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Application Data
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\AppData\Local\Application Data
[2012/08/12 14:17:46 | 000,000,000 | -H-D | C] -- C:\Users\Flore\AppData
[2012/08/12 14:17:46 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Temp
[2012/08/12 14:17:46 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Microsoft
[2012/08/12 14:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2012/08/12 14:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012/08/12 14:11:38 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012/08/12 14:05:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/08/12 00:16:40 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\ImgBurn
[2012/08/11 23:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/08/11 23:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/08/08 11:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/08 01:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData
[2012/08/07 23:19:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/07 23:19:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/07 23:19:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/07 23:14:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/07 10:34:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/08/07 10:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/05 20:06:41 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/05 20:06:41 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/05 19:02:38 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\vlc
[2012/08/05 19:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/08/05 18:51:00 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Daum
[2012/08/05 18:50:57 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\PotPlayerMini
[2012/08/05 18:50:28 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
[2012/08/05 18:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
[2012/08/05 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\Daum
[2012/08/03 20:02:24 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Runscanner.net
[2012/08/01 19:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/01 19:22:36 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/07/30 12:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Privacyware
[2012/07/27 19:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2012/07/27 19:08:19 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
[2012/07/25 23:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Ultimate Windows Tweaker v2.2
[2012/07/25 22:08:25 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\blue ridge networks
[2012/07/25 22:08:24 | 000,000,000 | ---D | C] -- C:\Users\Flore\Documents\MyPrivateFolder
[2012/07/25 22:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Blue Ridge Networks
[2012/07/25 22:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Ridge Networks
[2012/07/25 22:02:45 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/24 12:26:32 | 000,681,752 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/08/24 12:26:32 | 000,599,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/24 12:26:32 | 000,127,574 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/08/24 12:26:32 | 000,105,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/24 12:20:11 | 000,005,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/24 12:20:11 | 000,005,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/24 12:20:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/24 12:19:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/08/24 12:16:59 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/08/24 02:03:15 | 000,016,082 | ---- | M] () -- C:\Windows\System32\results.xml
[2012/08/24 01:35:26 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\DeskUpdate.lnk
[2012/08/24 01:24:07 | 000,000,680 | ---- | M] () -- C:\Users\Flore\AppData\Local\d3d9caps.dat
[2012/08/23 20:55:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/23 19:51:48 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/08/23 12:08:29 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/08/23 01:56:02 | 000,000,943 | ---- | M] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/22 23:21:27 | 000,000,816 | ---- | M] () -- C:\Users\Flore\Desktop\DriverMax.lnk
[2012/08/21 00:19:57 | 000,000,210 | ---- | M] () -- C:\Users\Flore\AppData\Roaming\burnaware.ini
[2012/08/21 00:19:52 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/08/21 00:19:52 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/08/20 23:47:27 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2012/08/20 17:20:31 | 000,006,656 | ---- | M] () -- C:\Windows\System32\lpcio.dll
[2012/08/20 01:50:43 | 000,004,608 | ---- | M] () -- C:\Users\Flore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/19 16:48:18 | 000,005,680 | ---- | M] () -- C:\Users\Flore\AppData\Local\Temp5.html
[2012/08/19 16:47:37 | 000,001,955 | ---- | M] () -- C:\Users\Flore\AppData\Local\Temp1.html
[2012/08/16 00:37:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/08/15 22:53:05 | 000,063,545 | ---- | M] () -- C:\fjdtv6.90.zip
[2012/08/15 12:16:03 | 000,287,056 | ---- | M] () -- C:\Users\Flore\Documents\Windows7_Vista_jcgriff2.zip
[2012/08/15 12:01:17 | 002,574,808 | ---- | M] () -- C:\Users\Flore\Documents\Perfmon.html
[2012/08/13 19:43:51 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\HDD Regenerator.lnk
[2012/08/13 15:29:46 | 000,231,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/12 15:34:42 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2012/08/12 15:12:01 | 000,000,438 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/12 15:03:28 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/08/12 15:01:13 | 000,383,601 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/08/12 14:40:28 | 000,021,668 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2012/08/11 23:56:00 | 000,001,650 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/08/10 05:34:39 | 000,139,640 | ---- | M] () -- C:\Windows\System32\p
[2012/08/08 11:19:00 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/08 11:19:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/07 10:34:36 | 000,000,642 | ---- | M] () -- C:\Users\Flore\Desktop\ERUNT.lnk
[2012/08/06 20:55:56 | 000,001,455 | ---- | M] () -- C:\Windows\System\p
[2012/08/06 20:55:17 | 000,005,572 | ---- | M] () -- C:\Windows\p
[2012/08/05 20:03:39 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/08/05 19:02:23 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/08/05 18:50:42 | 000,000,967 | ---- | M] () -- C:\Users\Flore\Desktop\PotPlayer.lnk
[2012/08/01 19:37:49 | 000,000,870 | ---- | M] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/01 19:37:48 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/01 19:22:37 | 000,001,057 | ---- | M] () -- C:\Users\Flore\Desktop\Revo Uninstaller.lnk
[2012/07/27 19:21:42 | 000,001,832 | ---- | M] () -- C:\Users\Flore\Desktop\VirusTotal Uploader 2.0.lnk
[2012/07/25 22:05:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_mbrguard_01009.Wdf
[2012/07/25 22:05:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/24 02:03:15 | 000,016,082 | ---- | C] () -- C:\Windows\System32\results.xml
[2012/08/24 01:35:26 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\DeskUpdate.lnk
[2012/08/24 01:24:07 | 000,000,680 | ---- | C] () -- C:\Users\Flore\AppData\Local\d3d9caps.dat
[2012/08/23 19:51:48 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/08/23 12:08:09 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/08/23 00:45:49 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2012/08/23 00:45:48 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
[2012/08/22 23:21:27 | 000,000,816 | ---- | C] () -- C:\Users\Flore\Desktop\DriverMax.lnk
[2012/08/20 23:48:21 | 000,000,210 | ---- | C] () -- C:\Users\Flore\AppData\Roaming\burnaware.ini
[2012/08/20 23:47:27 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2012/08/19 16:48:18 | 000,005,680 | ---- | C] () -- C:\Users\Flore\AppData\Local\Temp5.html
[2012/08/19 16:47:37 | 000,001,955 | ---- | C] () -- C:\Users\Flore\AppData\Local\Temp1.html
[2012/08/16 00:37:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/08/15 22:53:04 | 000,063,545 | ---- | C] () -- C:\fjdtv6.90.zip
[2012/08/15 12:16:02 | 000,287,056 | ---- | C] () -- C:\Users\Flore\Documents\Windows7_Vista_jcgriff2.zip
[2012/08/15 12:04:08 | 002,574,808 | ---- | C] () -- C:\Users\Flore\Documents\Perfmon.html
[2012/08/14 00:58:29 | 000,008,064 | ---- | C] () -- C:\Windows\System32\drivers\flash.sys
[2012/08/13 19:43:51 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\HDD Regenerator.lnk
[2012/08/13 13:47:59 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012/08/13 13:43:52 | 000,006,656 | ---- | C] () -- C:\Windows\System32\lpcio.dll
[2012/08/12 15:35:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012/08/12 15:34:42 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2012/08/12 15:20:56 | 000,004,608 | ---- | C] () -- C:\Users\Flore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/12 15:18:27 | 000,000,949 | ---- | C] () -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/12 15:18:23 | 000,000,944 | ---- | C] () -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/08/12 14:40:28 | 000,021,668 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2012/08/12 14:17:46 | 000,000,258 | ---- | C] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/12 14:17:46 | 000,000,240 | ---- | C] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/12 14:16:20 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2012/08/11 23:56:00 | 000,001,662 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/08/11 23:56:00 | 000,001,650 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/08/10 05:34:39 | 000,139,640 | ---- | C] () -- C:\Windows\System32\p
[2012/08/07 23:19:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/07 23:19:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/07 23:19:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/07 23:19:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/07 23:19:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/07 10:34:36 | 000,000,642 | ---- | C] () -- C:\Users\Flore\Desktop\ERUNT.lnk
[2012/08/06 20:55:56 | 000,001,455 | ---- | C] () -- C:\Windows\System\p
[2012/08/06 20:54:51 | 000,005,572 | ---- | C] () -- C:\Windows\p
[2012/08/05 19:02:23 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/08/05 18:50:42 | 000,000,967 | ---- | C] () -- C:\Users\Flore\Desktop\PotPlayer.lnk
[2012/08/01 19:37:49 | 000,000,870 | ---- | C] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/01 19:37:48 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/01 19:37:48 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/30 12:53:48 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/27 19:08:19 | 000,001,832 | ---- | C] () -- C:\Users\Flore\Desktop\VirusTotal Uploader 2.0.lnk
[2012/07/25 22:05:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_mbrguard_01009.Wdf
[2012/07/25 22:05:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/07/18 00:05:34 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/07/15 01:34:13 | 001,472,131 | ---- | C] () -- C:\Program Files\vba32arkit.zip
[2012/06/28 01:14:43 | 000,826,230 | ---- | C] () -- C:\Program Files\JPEGView_1_0_26.zip
[2012/05/27 03:13:40 | 000,000,004 | ---- | C] () -- C:\Windows\60139727.dat
[2012/05/26 02:53:38 | 000,000,004 | ---- | C] () -- C:\Windows\11290197.dat
[2012/05/25 16:30:01 | 000,000,004 | ---- | C] () -- C:\Windows\16305630.dat
[2012/05/25 02:27:02 | 000,000,004 | ---- | C] () -- C:\Windows\52562384.dat
[2012/05/24 02:29:58 | 000,000,130 | ---- | C] () -- C:\Windows\9218894.dat
[2012/05/21 13:50:06 | 000,000,418 | ---- | C] () -- C:\Users\Flore\.swfinfo
[2012/05/01 15:19:52 | 000,088,656 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/12/14 03:41:02 | 000,000,324 | ---- | C] () -- C:\Windows\12812112.dat
[2011/12/04 22:54:49 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/12/04 21:30:11 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2011/12/04 21:26:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2011/12/04 00:51:53 | 000,000,438 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/03 22:07:27 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\erdnt\cache\atapi.sys
[2009/04/11 15:19:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 15:19:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 15:19:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: BOOTVID.DLL >
[2008/01/21 04:24:53 | 000,024,120 | ---- | M] (Microsoft Corporation) MD5=F0821E18CAFC7135CCF6DE3D306E97CD -- C:\Windows\System32\BOOTVID.DLL
[2008/01/21 04:24:53 | 000,024,120 | ---- | M] (Microsoft Corporation) MD5=F0821E18CAFC7135CCF6DE3D306E97CD -- C:\Windows\winsxs\x86_microsoft-windows-bootvid_31bf3856ad364e35_6.0.6001.18000_none_38797b7986345c9b\BOOTVID.DLL

< MD5 for: CSRSS.EXE >
[2008/01/21 04:25:20 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/21 04:25:20 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/11 15:19:56 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 15:19:56 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

< MD5 for: EXPSRV.DLL >
[2006/11/02 11:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) MD5=254C64B570A99F10952ACA71F24A2236 -- C:\Windows\System32\expsrv.dll
[2006/11/02 11:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) MD5=254C64B570A99F10952ACA71F24A2236 -- C:\Windows\winsxs\x86_microsoft-windows-m..s-components-jetvba_31bf3856ad364e35_6.0.6000.16386_none_735b8f8d953639a8\expsrv.dll

< MD5 for: HAL.DLL >
[2009/04/11 15:19:25 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: MSWSOCK.DLL >
[2009/04/11 00:28:24 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\erdnt\cache\mswsock.dll
[2009/04/11 15:19:45 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 15:19:45 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/21 04:24:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/21 04:24:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/21 04:24:11 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/21 04:24:11 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll

< MD5 for: NTDLL.DLL >
[2009/04/11 15:20:16 | 001,202,168 | ---- | M] (Microsoft Corporation) MD5=40DB2EBA3CD1433D1C90BD262ECE1543 -- C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18005_none_5ac2574df94f7762\ntdll.dll
[2011/11/18 22:23:34 | 001,205,576 | ---- | M] (Microsoft Corporation) MD5=B9940B8D1B0BC5F675A99E6D1E2F0835 -- C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.22742_none_5b1dbeef129029d5\ntdll.dll
[2011/11/18 22:23:34 | 001,205,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntdll.dll
[2011/11/18 22:23:34 | 001,205,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18541_none_5a931ff3f973738d\ntdll.dll

< MD5 for: NTOSKRNL.EXE >
[2009/04/11 15:20:07 | 003,549,672 | ---- | M] (Microsoft Corporation) MD5=6798DBF3F25721637AEF5B6C69911C9C -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18005_none_6e1bdaacb144ddb4\ntoskrnl.exe
[2012/04/03 10:16:12 | 003,552,640 | ---- | M] (Microsoft Corporation) MD5=B9907DD4BE7B1B39573BF66554AB224E -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22831_none_6e8113d5ca7e5806\ntoskrnl.exe
[2012/04/03 10:16:11 | 003,550,080 | ---- | M] (Microsoft Corporation) MD5=BA4C485548914034B471EB6FC2B50082 -- C:\Windows\erdnt\cache\ntoskrnl.exe
[2012/04/03 10:16:11 | 003,550,080 | ---- | M] (Microsoft Corporation) MD5=BA4C485548914034B471EB6FC2B50082 -- C:\Windows\System32\ntoskrnl.exe
[2012/04/03 10:16:11 | 003,550,080 | ---- | M] (Microsoft Corporation) MD5=BA4C485548914034B471EB6FC2B50082 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18607_none_6e1de6a4b142ff4c\ntoskrnl.exe
[2012/03/06 08:39:00 | 003,550,080 | ---- | M] (Microsoft Corporation) MD5=D960F9E1FCA0C86387E806D9AED319FB -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18595_none_6dba94deb18dcaf0\ntoskrnl.exe
[2012/03/06 08:39:00 | 003,552,640 | ---- | M] (Microsoft Corporation) MD5=FEA4425645424D66DCCC6CD3F417A40D -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22811_none_6e96b3adca6e2024\ntoskrnl.exe

< MD5 for: PNRPNSP.DLL >
[2008/01/21 04:25:49 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/21 04:25:49 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2009/04/11 00:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009/04/11 15:20:11 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 15:20:11 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/21 04:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 04:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USER32.DLL >
[2009/04/11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\erdnt\cache\user32.dll
[2009/04/11 15:19:54 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009/04/11 15:19:54 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

< MD5 for: USERINIT.EXE >
[2008/01/19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/11 15:20:12 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 15:20:12 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/04/11 15:19:34 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/11 15:19:34 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 11:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 11:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 11:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< End of report >
  • 0

Advertisements

#26
ramaflore
Posted 24 August 2012 - 04:33 AM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
OTL Extras logfile created on: 24/08/2012 12:22:39 - Run 8
OTL by OldTimer - Version 3.2.54.1 Folder = c:\Users\Flore\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1013,44 Mb Total Physical Memory | 315,49 Mb Available Physical Memory | 31,13% Memory free
2,24 Gb Paging File | 1,54 Gb Available in Paging File | 68,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,84 Gb Total Space | 48,98 Gb Free Space | 72,19% Space Free | Partition Type: NTFS
Drive D: | 43,94 Gb Total Space | 29,25 Gb Free Space | 66,57% Space Free | Partition Type: NTFS

Computer Name: PC-DE-FLORE | User Name: Flore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe" = C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe" = C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4C6FEC38-E332-483E-B369-F13814582341}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{CF9ACEB2-6F37-42BB-82A4-D8284D11AC61}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"TCP Query User{28F976C5-B62D-47B1-A068-C10083330A03}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{3B892A90-0C40-480C-AC7B-7359C31AC653}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{50272F8E-E0F5-4C3A-86EB-99FE9C98A4CC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{685C5DB0-C2CF-4CEC-BD7E-62407B3506E0}F:\a voir\simpletv 0.4.6 r (vlc 2.0.1)\tv\tv.exe" = protocol=6 | dir=in | app=f:\a voir\simpletv 0.4.6 r (vlc 2.0.1)\tv\tv.exe |
"TCP Query User{C7DD4930-B3D1-4E13-842E-346129CCAAA2}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{1921D901-4F96-4686-9494-B8B5AC2474C0}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{76EC7485-29AD-4D17-80D0-2B0C17B2D10F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9A013F88-AF7D-4B6C-95D1-4DB222C72EA9}F:\a voir\simpletv 0.4.6 r (vlc 2.0.1)\tv\tv.exe" = protocol=17 | dir=in | app=f:\a voir\simpletv 0.4.6 r (vlc 2.0.1)\tv\tv.exe |
"UDP Query User{E332CAD0-1863-4D94-AFB4-A3594897674D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F8088F69-8D8F-4B69-A6BF-87D894A30C40}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{23157413-FB7F-404D-B558-F33B9827F579}" = Minimem
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.2.4902
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{37565633-908E-435A-ADB0-DED2A9707CCF}" = Nitro PDF Express
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{97A39919-9FEA-48B7-AB2B-4F99212D1E98}" = HDD Regenerator
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6CBC979-E613-49E6-A37B-3C342DE35235}_is1" = PDF to Word
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BurnAware Free_is1" = BurnAware Free 5.1
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DMX5_is1" = DriverMax 6
"doPDF 7 printer_is1" = doPDF 7.3 printer
"ERUNT_is1" = ERUNT 1.1j
"FuturixImager6" = FuturixImager
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro36" = HitmanPro 3.6
"ImgBurn" = ImgBurn
"MAXA Cookie Manager_is1" = MAXA Cookie Manager Pro 5.3
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Mozilla Firefox 14.0.1 (x86 fr)" = Mozilla Firefox 14.0.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"nProtect MBR Guard" = nProtect MBR Guard
"PotPlayer" = Daum PotPlayer 1.5.33948
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"Replay Video Capture6.0.3" = Replay Video Capture 6
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.2004)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.4.8
"Speccy" = Speccy
"SumatraPDF" = SumatraPDF
"Veetle TV" = Veetle TV
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 2.0.3
"WhoCrashed_is1" = WhoCrashed 3.04

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/08/2012 15:32:04 | Computer Name = PC-de-Flore | Source = Application Error | ID = 1000
Description = Application défaillante Shell.exe, version 0.0.0.0, horodatage 0x00000000,
module défaillant CC32100MT.DLL, version 6.0.6002.18541, horodatage 0x4ec3e3d5,
code d’exception 0xc0000135, décalage d’erreur 0x00009f5d, ID du processus 0xb08,
heure de début de l’application 0x01cd8165ebc1eabe.

Error - 23/08/2012 19:17:50 | Computer Name = PC-de-Flore | Source = Perflib | ID = 1008
Description =

Error - 23/08/2012 19:17:50 | Computer Name = PC-de-Flore | Source = Perflib | ID = 1010
Description =

Error - 23/08/2012 19:25:02 | Computer Name = PC-de-Flore | Source = Perflib | ID = 1008
Description =

[ System Events ]
Error - 23/08/2012 14:41:41 | Computer Name = PC-de-Flore | Source = Service Control Manager | ID = 7030
Description =

Error - 23/08/2012 14:48:27 | Computer Name = PC-de-Flore | Source = Service Control Manager | ID = 7030
Description =

Error - 23/08/2012 14:55:43 | Computer Name = PC-de-Flore | Source = Service Control Manager | ID = 7030
Description =

Error - 23/08/2012 14:59:46 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 23/08/2012 19:25:01 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 23/08/2012 19:41:46 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 05:51:45 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 06:20:44 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >
  • 0

#27
ramaflore
Posted 24 August 2012 - 04:48 AM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
This is what I had :

Attached Thumbnails

  • Advanced Settings.jpg

Edited by ramaflore, 24 August 2012 - 04:50 AM.

  • 0

#28
ramaflore
Posted 24 August 2012 - 04:53 AM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
I've just changed to your settingsMy link
  • 0

#29
ramaflore
Posted 24 August 2012 - 05:15 AM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
I performed a Diagnostic Startup and I still have the KSods.
  • 0

#30
ramaflore
Posted 24 August 2012 - 08:16 AM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
What's next ?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP