Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

For RKinner

Started by ramaflore , Aug 23 2012 07:14 AM

  • Please log in to reply

#31
RKinner
Posted 24 August 2012 - 10:59 AM

RKinner

    Malware Expert

  • Expert
  • 24,736 posts
  • MVP
Also uninstall nProtect MBR Guard and try the OTL scan again.

Did you get a message that a minidump was created? Can you attach it?

Run VEW again and let's see if there was something written to the event log. Also run VEW and have it pick up the applications events which I still haven't seen.
  • 0

Advertisements

#32
ramaflore
Posted 24 August 2012 - 12:05 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
I uninstalled nProtect MBR Guard and I'm running OTL again.

I don't have a message that a minidump was created.
  • 0

#33
ramaflore
Posted 24 August 2012 - 12:16 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
OTL logfile created on: 24/08/2012 20:04:12 - Run 9
OTL by OldTimer - Version 3.2.54.1 Folder = c:\Users\Flore\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1013,44 Mb Total Physical Memory | 275,25 Mb Available Physical Memory | 27,16% Memory free
2,23 Gb Paging File | 1,53 Gb Available in Paging File | 68,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,84 Gb Total Space | 48,32 Gb Free Space | 71,22% Space Free | Partition Type: NTFS
Drive D: | 43,94 Gb Total Space | 29,25 Gb Free Space | 66,57% Space Free | Partition Type: NTFS

Computer Name: PC-DE-FLORE | User Name: Flore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\DriverMax\drivermax.exe (Innovative Solutions)
PRC - c:\Users\Flore\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
PRC - C:\Program Files\NoAutorun-1.1.2.25\NoAutorun.exe (http://sf.net/projects/noautorun/)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Nitro PDF\Express\NitroPDFExpressDriverService.exe (Nitro PDF Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\DriverMax\sync.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroExpressDriverReadSpool) -- C:\Program Files\Nitro PDF\Express\NitroPDFExpressDriverService.exe (Nitro PDF Software)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz134) -- C:\Users\Flore\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (catchme) -- C:\Users\Flore\AppData\Local\Temp\catchme.sys File not found
DRV - (HWiNFO32) -- C:\Program Files\HWiNFO32\HWiNFO32.SYS (REALiX™)
DRV - (TKDac) -- C:\Windows\System32\tkdacxp.sys (INCA Internet Co., Ltd.)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (flash) -- C:\Windows\System32\drivers\flash.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://fr.yahoo.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/12 14:22:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/12 14:22:44 | 000,000,000 | ---D | M]

[2011/12/04 21:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flore\AppData\Roaming\mozilla\Extensions
[2012/08/12 14:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions
[2012/08/12 14:30:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/12 14:30:38 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2012/08/12 14:30:35 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\FasterFox_Lite@BigRedBrent
[2012/08/12 14:30:36 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\[email protected]
[2012/01/03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\searchplugins\askcom.xml
[2012/02/18 22:08:44 | 000,002,140 | ---- | M] () -- C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\searchplugins\s-amazon-fr.xml
[2012/08/12 14:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/08/03 02:45:04 | 000,011,890 | ---- | M] () (No name found) -- C:\USERS\FLORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MX75WWM.DEFAULT\EXTENSIONS\[email protected]
[2012/07/14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/14 02:39:12 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/07/14 02:39:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/14 02:39:12 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/07/14 02:39:12 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/07/14 02:39:12 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/07/14 02:39:12 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2012/08/23 20:55:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files\DriverMax\drivermax.exe (Innovative Solutions)
O4 - Startup: C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Windows\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 124
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB5C2E77-49EC-4129-B8EC-493DF5E601FC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/24 16:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\SARDU_2.0.5
[2012/08/24 14:07:03 | 001,801,592 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2012/08/24 14:07:03 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012/08/24 14:07:02 | 001,379,760 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tosade.dll
[2012/08/24 14:07:02 | 000,819,648 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo2.dll
[2012/08/24 14:07:02 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012/08/24 14:07:02 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012/08/24 14:07:02 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012/08/24 14:07:02 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012/08/24 14:07:02 | 000,134,584 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo.dll
[2012/08/24 14:07:02 | 000,058,264 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\System32\TepeqAPO.dll
[2012/08/24 14:07:01 | 000,560,768 | ---- | C] (Sony Corporation) -- C:\Windows\System32\SFSS_APO.dll
[2012/08/24 14:07:01 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2012/08/24 14:07:01 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2012/08/24 14:07:01 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2012/08/24 14:06:59 | 000,090,256 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll
[2012/08/24 14:06:59 | 000,013,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll
[2012/08/24 14:06:58 | 000,658,064 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2012/08/24 14:06:54 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2012/08/24 14:06:54 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2012/08/24 14:06:53 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2012/08/24 14:06:53 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2012/08/24 14:06:52 | 005,915,648 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat
[2012/08/24 14:06:52 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012/08/24 14:06:52 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012/08/24 14:06:51 | 007,161,736 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2012/08/24 14:06:51 | 000,351,112 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2012/08/24 14:06:51 | 000,106,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2012/08/24 14:06:51 | 000,091,528 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2012/08/24 14:06:51 | 000,061,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2012/08/24 14:06:50 | 007,377,272 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2012/08/24 14:06:50 | 001,246,584 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2012/08/24 14:06:50 | 000,349,048 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2012/08/24 14:06:48 | 001,929,592 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012/08/24 14:06:48 | 000,717,176 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2012/08/24 14:06:47 | 002,193,472 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012/08/24 14:06:47 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2012/08/24 14:06:47 | 000,350,072 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2012/08/24 14:06:47 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012/08/24 14:06:47 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012/08/24 14:06:46 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2012/08/24 14:06:46 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2012/08/24 14:06:46 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2012/08/24 14:06:46 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2012/08/24 14:06:46 | 000,421,744 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2012/08/24 14:06:46 | 000,398,192 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2012/08/24 14:06:46 | 000,335,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2012/08/24 14:06:45 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2012/08/24 14:06:45 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2012/08/24 14:06:45 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2012/08/24 14:06:45 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2012/08/24 14:06:45 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2012/08/24 14:06:45 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2012/08/24 14:06:45 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2012/08/24 14:06:44 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2012/08/24 14:06:43 | 000,090,624 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[2012/08/24 14:06:42 | 000,176,736 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2012/08/24 14:06:42 | 000,095,840 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2012/08/24 01:37:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2012/08/24 01:37:03 | 000,385,024 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2012/08/23 20:59:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/23 20:55:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/23 20:38:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/23 19:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2012/08/23 19:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/08/23 00:45:49 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxCoIn_v1930.dll
[2012/08/23 00:45:45 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2012/08/23 00:45:42 | 000,536,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumdx32.dll
[2012/08/22 23:33:05 | 000,000,000 | ---D | C] -- C:\Users\Flore\Documents\My Drivers
[2012/08/22 23:21:27 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Innovative Solutions
[2012/08/22 23:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2012/08/22 23:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\DriverMax
[2012/08/20 23:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
[2012/08/20 23:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2012/08/20 12:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\p95v277.win32
[2012/08/18 20:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO32
[2012/08/15 23:15:09 | 000,000,000 | ---D | C] -- C:\fjdtv6.90
[2012/08/15 11:43:22 | 000,000,000 | ---D | C] -- C:\Users\Flore\Documents\Windows7_Vista_jcgriff2
[2012/08/13 19:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Regenerator
[2012/08/13 19:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\HDD Regenerator
[2012/08/13 19:43:35 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Downloaded Installations
[2012/08/13 15:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/08/13 14:51:46 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/13 14:49:26 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2012/08/13 14:49:25 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012/08/13 14:49:24 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012/08/13 14:47:31 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012/08/13 14:47:27 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012/08/13 14:47:27 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2012/08/13 14:47:27 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012/08/13 14:47:27 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012/08/13 14:47:26 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012/08/13 14:45:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2012/08/13 14:45:49 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2012/08/13 14:45:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2012/08/13 14:45:42 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012/08/13 14:45:42 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012/08/13 14:45:42 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/08/13 14:45:42 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2012/08/13 14:45:42 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2012/08/13 14:45:42 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2012/08/13 14:17:49 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012/08/13 14:17:49 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012/08/13 14:17:49 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/08/13 14:16:50 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012/08/13 14:00:48 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2012/08/13 13:53:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/08/13 13:53:07 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/08/13 13:53:07 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012/08/13 13:53:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/08/13 13:52:49 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2012/08/13 13:52:49 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012/08/13 13:52:48 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/08/13 13:52:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/08/13 13:52:47 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2012/08/13 13:52:46 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2012/08/13 13:52:46 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/08/13 13:52:45 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/08/13 13:52:45 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012/08/13 13:52:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/08/13 13:52:44 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012/08/13 13:52:40 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012/08/13 13:52:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012/08/13 13:52:20 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2012/08/13 13:52:19 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2012/08/13 13:52:19 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2012/08/13 13:52:19 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2012/08/13 13:52:19 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2012/08/13 13:52:19 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2012/08/13 13:52:19 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2012/08/13 13:52:18 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012/08/13 13:50:55 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2012/08/13 13:50:54 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012/08/13 13:50:54 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/08/13 13:50:54 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2012/08/13 13:50:53 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012/08/13 13:50:53 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/08/13 13:50:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2012/08/13 13:50:03 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2012/08/13 13:49:50 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012/08/13 13:49:49 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012/08/13 13:49:49 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012/08/13 13:49:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/08/13 13:49:20 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/08/13 13:49:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/08/13 13:48:26 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2012/08/13 13:48:02 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/08/13 13:47:59 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2012/08/13 13:47:59 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2012/08/13 13:47:59 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2012/08/13 13:47:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2012/08/13 13:47:55 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/08/13 13:47:22 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/08/13 13:47:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/08/13 13:47:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/08/13 13:47:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2012/08/13 13:47:13 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/08/13 13:47:13 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/08/13 13:47:00 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012/08/13 13:46:54 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2012/08/13 13:46:54 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2012/08/13 13:46:50 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2012/08/13 13:46:22 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012/08/13 13:46:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2012/08/13 13:46:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2012/08/13 13:45:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012/08/13 13:45:32 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/08/13 13:45:20 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2012/08/13 13:45:16 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012/08/13 13:45:15 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012/08/13 13:45:14 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012/08/13 13:45:14 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012/08/13 13:45:14 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012/08/13 13:45:13 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012/08/13 13:45:13 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2012/08/13 13:45:13 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012/08/13 13:45:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012/08/13 13:45:02 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/08/13 13:44:43 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012/08/13 13:44:43 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012/08/13 13:44:41 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/08/13 13:44:35 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2012/08/13 13:44:32 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/08/13 13:44:31 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/08/13 13:44:31 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2012/08/13 13:44:29 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012/08/13 13:44:08 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/08/13 13:44:08 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/08/13 13:44:08 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/08/13 13:44:08 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/08/13 13:44:08 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/08/13 13:43:56 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012/08/13 13:43:49 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/08/13 13:43:43 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/08/13 13:43:43 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/08/13 13:43:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012/08/13 13:43:18 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/08/13 13:43:18 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/08/13 13:43:15 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/08/13 13:42:54 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2012/08/13 13:42:38 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2012/08/13 13:42:30 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012/08/13 13:42:17 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/08/13 12:57:34 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2012/08/13 12:57:31 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012/08/13 12:57:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2012/08/13 12:57:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2012/08/13 12:57:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2012/08/13 11:56:43 | 000,000,000 | ---D | C] -- C:\Desktop
[2012/08/12 15:47:43 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/08/12 15:47:42 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/08/12 15:47:21 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/08/12 15:47:21 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/08/12 15:47:21 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/08/12 15:47:16 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/08/12 15:47:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/08/12 15:34:57 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modčles
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes vidéos
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes images
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Démarrer
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Ma musique
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\Program Files\Fichiers communs
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoris
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Bureau
[2012/08/12 15:04:15 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2012/08/12 15:03:43 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/08/12 15:02:30 | 002,777,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NETw4r32.dll
[2012/08/12 15:02:30 | 002,251,776 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\NETw4v32.sys
[2012/08/12 15:02:30 | 000,745,472 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NETw4c32.dll
[2012/08/12 15:02:26 | 001,095,936 | ---- | C] (Motorola Inc.) -- C:\Windows\System32\drivers\smserial.sys
[2012/08/12 15:02:26 | 000,516,096 | ---- | C] (Motorola Inc.) -- C:\Windows\System32\sm56co85.dll
[2012/08/12 15:02:24 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2012/08/12 15:02:24 | 000,017,768 | ---- | C] (Blue Ridge Networks) -- C:\Windows\System32\drivers\mbrguard.sys
[2012/08/12 15:02:21 | 000,062,208 | ---- | C] (ENE Technology Inc.) -- C:\Windows\System32\drivers\EMS7SK.sys
[2012/08/12 15:02:20 | 000,042,240 | ---- | C] (ENE Technology Inc.) -- C:\Windows\System32\drivers\ESD7SK.sys
[2012/08/12 15:02:18 | 003,784,704 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2012/08/12 15:02:18 | 001,766,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2012/08/12 15:02:18 | 001,183,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2012/08/12 15:02:18 | 000,532,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2012/08/12 15:02:18 | 000,284,160 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2012/08/12 14:17:46 | 000,000,000 | --SD | C] -- C:\Users\Flore\AppData\Roaming\Microsoft
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Videos
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Saved Games
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Pictures
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Music
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Links
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Favorites
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Downloads
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Documents
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Desktop
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Voisinage réseau
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Voisinage d'impression
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\AppData\Local\Temporary Internet Files
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\SendTo
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Recent
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Modčles
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Documents\Mes vidéos
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Documents\Mes images
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Mes documents
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Menu Démarrer
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Documents\Ma musique
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Local Settings
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\AppData\Local\Historique
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Cookies
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Application Data
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\AppData\Local\Application Data
[2012/08/12 14:17:46 | 000,000,000 | -H-D | C] -- C:\Users\Flore\AppData
[2012/08/12 14:17:46 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Temp
[2012/08/12 14:17:46 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Microsoft
[2012/08/12 14:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2012/08/12 14:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012/08/12 14:11:38 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012/08/12 14:05:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/08/12 00:16:40 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\ImgBurn
[2012/08/11 23:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/08/11 23:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/08/08 11:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/08 01:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData
[2012/08/07 23:19:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/07 23:19:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/07 23:19:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/07 23:14:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/07 10:34:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/08/07 10:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/05 20:06:41 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/05 20:06:41 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/05 19:02:38 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\vlc
[2012/08/05 19:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/08/05 18:51:00 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Daum
[2012/08/05 18:50:57 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\PotPlayerMini
[2012/08/05 18:50:28 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
[2012/08/05 18:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
[2012/08/05 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\Daum
[2012/08/03 20:02:24 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Runscanner.net
[2012/08/01 19:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/01 19:22:36 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/07/30 12:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Privacyware
[2012/07/27 19:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2012/07/27 19:08:19 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
[2012/07/25 23:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Ultimate Windows Tweaker v2.2
[2012/07/25 22:08:25 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\blue ridge networks
[2012/07/25 22:08:24 | 000,000,000 | ---D | C] -- C:\Users\Flore\Documents\MyPrivateFolder
[2012/07/25 22:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Blue Ridge Networks
[2012/07/25 22:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Ridge Networks
[2012/07/25 22:02:45 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/24 20:02:23 | 000,005,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/24 20:02:23 | 000,005,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/24 20:02:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/24 20:01:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/08/24 16:32:11 | 000,681,752 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/08/24 16:32:11 | 000,599,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/24 16:32:11 | 000,127,574 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/08/24 16:32:11 | 000,105,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/24 16:21:50 | 014,261,768 | ---- | M] () -- C:\Program Files\SARDU_2.0.5.zip
[2012/08/24 14:49:45 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\DeskUpdate.lnk
[2012/08/24 12:16:59 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/08/24 02:03:15 | 000,016,082 | ---- | M] () -- C:\Windows\System32\results.xml
[2012/08/24 01:24:07 | 000,000,680 | ---- | M] () -- C:\Users\Flore\AppData\Local\d3d9caps.dat
[2012/08/23 20:55:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/23 19:51:48 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/08/23 12:08:29 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/08/23 01:56:02 | 000,000,943 | ---- | M] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/22 23:21:27 | 000,000,816 | ---- | M] () -- C:\Users\Flore\Desktop\DriverMax.lnk
[2012/08/21 00:19:57 | 000,000,210 | ---- | M] () -- C:\Users\Flore\AppData\Roaming\burnaware.ini
[2012/08/21 00:19:52 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/08/21 00:19:52 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/08/20 23:47:27 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2012/08/20 17:20:31 | 000,006,656 | ---- | M] () -- C:\Windows\System32\lpcio.dll
[2012/08/20 01:50:43 | 000,004,608 | ---- | M] () -- C:\Users\Flore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/19 16:48:18 | 000,005,680 | ---- | M] () -- C:\Users\Flore\AppData\Local\Temp5.html
[2012/08/19 16:47:37 | 000,001,955 | ---- | M] () -- C:\Users\Flore\AppData\Local\Temp1.html
[2012/08/16 00:37:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/08/15 22:53:05 | 000,063,545 | ---- | M] () -- C:\fjdtv6.90.zip
[2012/08/15 12:16:03 | 000,287,056 | ---- | M] () -- C:\Users\Flore\Documents\Windows7_Vista_jcgriff2.zip
[2012/08/15 12:01:17 | 002,574,808 | ---- | M] () -- C:\Users\Flore\Documents\Perfmon.html
[2012/08/13 19:43:51 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\HDD Regenerator.lnk
[2012/08/13 15:29:46 | 000,231,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/12 15:34:42 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2012/08/12 15:12:01 | 000,000,438 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/12 15:03:28 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/08/12 15:01:13 | 000,383,601 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/08/12 14:40:28 | 000,021,668 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2012/08/11 23:56:00 | 000,001,650 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/08/10 05:34:39 | 000,139,640 | ---- | M] () -- C:\Windows\System32\p
[2012/08/08 11:19:00 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/08 11:19:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/07 10:34:44 | 000,000,841 | ---- | M] () -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/07 10:34:36 | 000,000,642 | ---- | M] () -- C:\Users\Flore\Desktop\ERUNT.lnk
[2012/08/06 20:55:56 | 000,001,455 | ---- | M] () -- C:\Windows\System\p
[2012/08/06 20:55:17 | 000,005,572 | ---- | M] () -- C:\Windows\p
[2012/08/05 20:03:39 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/08/05 19:02:23 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/08/05 18:50:42 | 000,000,967 | ---- | M] () -- C:\Users\Flore\Desktop\PotPlayer.lnk
[2012/08/01 19:37:49 | 000,000,870 | ---- | M] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/01 19:37:48 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/01 19:22:37 | 000,001,057 | ---- | M] () -- C:\Users\Flore\Desktop\Revo Uninstaller.lnk
[2012/07/31 10:42:14 | 005,915,648 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat
[2012/07/31 10:14:56 | 000,326,245 | ---- | M] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/07/27 19:21:42 | 000,001,832 | ---- | M] () -- C:\Users\Flore\Desktop\VirusTotal Uploader 2.0.lnk
[2012/07/26 11:28:44 | 000,090,256 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll
[2012/07/25 22:05:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_mbrguard_01009.Wdf
[2012/07/25 22:05:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/24 16:32:51 | 014,261,768 | ---- | C] () -- C:\Program Files\SARDU_2.0.5.zip
[2012/08/24 14:49:15 | 000,951,608 | ---- | C] () -- C:\Program Files\FTSDeskUpdate.exe
[2012/08/24 14:06:53 | 000,326,245 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/08/24 13:02:46 | 000,000,841 | ---- | C] () -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/24 02:03:15 | 000,016,082 | ---- | C] () -- C:\Windows\System32\results.xml
[2012/08/24 01:35:26 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\DeskUpdate.lnk
[2012/08/24 01:24:07 | 000,000,680 | ---- | C] () -- C:\Users\Flore\AppData\Local\d3d9caps.dat
[2012/08/23 19:51:48 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/08/23 12:08:09 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/08/23 00:45:49 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2012/08/23 00:45:48 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
[2012/08/22 23:21:27 | 000,000,816 | ---- | C] () -- C:\Users\Flore\Desktop\DriverMax.lnk
[2012/08/20 23:48:21 | 000,000,210 | ---- | C] () -- C:\Users\Flore\AppData\Roaming\burnaware.ini
[2012/08/20 23:47:27 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2012/08/19 16:48:18 | 000,005,680 | ---- | C] () -- C:\Users\Flore\AppData\Local\Temp5.html
[2012/08/19 16:47:37 | 000,001,955 | ---- | C] () -- C:\Users\Flore\AppData\Local\Temp1.html
[2012/08/16 00:37:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/08/15 22:53:04 | 000,063,545 | ---- | C] () -- C:\fjdtv6.90.zip
[2012/08/15 12:16:02 | 000,287,056 | ---- | C] () -- C:\Users\Flore\Documents\Windows7_Vista_jcgriff2.zip
[2012/08/15 12:04:08 | 002,574,808 | ---- | C] () -- C:\Users\Flore\Documents\Perfmon.html
[2012/08/14 00:58:29 | 000,008,064 | ---- | C] () -- C:\Windows\System32\drivers\flash.sys
[2012/08/13 19:43:51 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\HDD Regenerator.lnk
[2012/08/13 13:47:59 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012/08/13 13:43:52 | 000,006,656 | ---- | C] () -- C:\Windows\System32\lpcio.dll
[2012/08/12 15:35:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012/08/12 15:34:42 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2012/08/12 15:20:56 | 000,004,608 | ---- | C] () -- C:\Users\Flore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/12 15:18:27 | 000,000,949 | ---- | C] () -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/12 15:18:23 | 000,000,944 | ---- | C] () -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/08/12 14:40:28 | 000,021,668 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2012/08/12 14:17:46 | 000,000,258 | ---- | C] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/12 14:17:46 | 000,000,240 | ---- | C] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/12 14:16:20 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2012/08/11 23:56:00 | 000,001,662 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/08/11 23:56:00 | 000,001,650 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/08/10 05:34:39 | 000,139,640 | ---- | C] () -- C:\Windows\System32\p
[2012/08/07 23:19:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/07 23:19:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/07 23:19:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/07 23:19:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/07 23:19:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/07 10:34:36 | 000,000,642 | ---- | C] () -- C:\Users\Flore\Desktop\ERUNT.lnk
[2012/08/06 20:55:56 | 000,001,455 | ---- | C] () -- C:\Windows\System\p
[2012/08/06 20:54:51 | 000,005,572 | ---- | C] () -- C:\Windows\p
[2012/08/05 19:02:23 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/08/05 18:50:42 | 000,000,967 | ---- | C] () -- C:\Users\Flore\Desktop\PotPlayer.lnk
[2012/08/01 19:37:49 | 000,000,870 | ---- | C] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/01 19:37:48 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/01 19:37:48 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/30 12:53:48 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/27 19:08:19 | 000,001,832 | ---- | C] () -- C:\Users\Flore\Desktop\VirusTotal Uploader 2.0.lnk
[2012/07/25 22:05:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_mbrguard_01009.Wdf
[2012/07/25 22:05:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/07/18 00:05:34 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/07/15 01:34:13 | 001,472,131 | ---- | C] () -- C:\Program Files\vba32arkit.zip
[2012/06/28 01:14:43 | 000,826,230 | ---- | C] () -- C:\Program Files\JPEGView_1_0_26.zip
[2012/05/27 03:13:40 | 000,000,004 | ---- | C] () -- C:\Windows\60139727.dat
[2012/05/26 02:53:38 | 000,000,004 | ---- | C] () -- C:\Windows\11290197.dat
[2012/05/25 16:30:01 | 000,000,004 | ---- | C] () -- C:\Windows\16305630.dat
[2012/05/25 02:27:02 | 000,000,004 | ---- | C] () -- C:\Windows\52562384.dat
[2012/05/24 02:29:58 | 000,000,130 | ---- | C] () -- C:\Windows\9218894.dat
[2012/05/21 13:50:06 | 000,000,418 | ---- | C] () -- C:\Users\Flore\.swfinfo
[2012/05/01 15:19:52 | 000,088,656 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/12/14 03:41:02 | 000,000,324 | ---- | C] () -- C:\Windows\12812112.dat
[2011/12/04 22:54:49 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/12/04 21:30:11 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2011/12/04 21:26:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2011/12/04 00:51:53 | 000,000,438 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/03 22:07:27 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\erdnt\cache\atapi.sys
[2009/04/11 15:19:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 15:19:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 15:19:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: BOOTVID.DLL >
[2008/01/21 04:24:53 | 000,024,120 | ---- | M] (Microsoft Corporation) MD5=F0821E18CAFC7135CCF6DE3D306E97CD -- C:\Windows\System32\BOOTVID.DLL
[2008/01/21 04:24:53 | 000,024,120 | ---- | M] (Microsoft Corporation) MD5=F0821E18CAFC7135CCF6DE3D306E97CD -- C:\Windows\winsxs\x86_microsoft-windows-bootvid_31bf3856ad364e35_6.0.6001.18000_none_38797b7986345c9b\BOOTVID.DLL

< MD5 for: CSRSS.EXE >
[2008/01/21 04:25:20 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/21 04:25:20 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/11 15:19:56 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 15:19:56 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

< MD5 for: EXPSRV.DLL >
[2006/11/02 11:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) MD5=254C64B570A99F10952ACA71F24A2236 -- C:\Windows\System32\expsrv.dll
[2006/11/02 11:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) MD5=254C64B570A99F10952ACA71F24A2236 -- C:\Windows\winsxs\x86_microsoft-windows-m..s-components-jetvba_31bf3856ad364e35_6.0.6000.16386_none_735b8f8d953639a8\expsrv.dll

< MD5 for: HAL.DLL >
[2009/04/11 15:19:25 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: MSWSOCK.DLL >
[2009/04/11 00:28:24 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\erdnt\cache\mswsock.dll
[2009/04/11 15:19:45 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 15:19:45 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/21 04:24:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/21 04:24:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/21 04:24:11 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/21 04:24:11 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll

< MD5 for: NTDLL.DLL >
[2009/04/11 15:20:16 | 001,202,168 | ---- | M] (Microsoft Corporation) MD5=40DB2EBA3CD1433D1C90BD262ECE1543 -- C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18005_none_5ac2574df94f7762\ntdll.dll
[2011/11/18 22:23:34 | 001,205,576 | ---- | M] (Microsoft Corporation) MD5=B9940B8D1B0BC5F675A99E6D1E2F0835 -- C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.22742_none_5b1dbeef129029d5\ntdll.dll
[2011/11/18 22:23:34 | 001,205,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntdll.dll
[2011/11/18 22:23:34 | 001,205,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18541_none_5a931ff3f973738d\ntdll.dll

< MD5 for: NTOSKRNL.EXE >
[2009/04/11 15:20:07 | 003,549,672 | ---- | M] (Microsoft Corporation) MD5=6798DBF3F25721637AEF5B6C69911C9C -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18005_none_6e1bdaacb144ddb4\ntoskrnl.exe
[2012/04/03 10:16:12 | 003,552,640 | ---- | M] (Microsoft Corporation) MD5=B9907DD4BE7B1B39573BF66554AB224E -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22831_none_6e8113d5ca7e5806\ntoskrnl.exe
[2012/04/03 10:16:11 | 003,550,080 | ---- | M] (Microsoft Corporation) MD5=BA4C485548914034B471EB6FC2B50082 -- C:\Windows\erdnt\cache\ntoskrnl.exe
[2012/04/03 10:16:11 | 003,550,080 | ---- | M] (Microsoft Corporation) MD5=BA4C485548914034B471EB6FC2B50082 -- C:\Windows\System32\ntoskrnl.exe
[2012/04/03 10:16:11 | 003,550,080 | ---- | M] (Microsoft Corporation) MD5=BA4C485548914034B471EB6FC2B50082 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18607_none_6e1de6a4b142ff4c\ntoskrnl.exe
[2012/03/06 08:39:00 | 003,550,080 | ---- | M] (Microsoft Corporation) MD5=D960F9E1FCA0C86387E806D9AED319FB -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18595_none_6dba94deb18dcaf0\ntoskrnl.exe
[2012/03/06 08:39:00 | 003,552,640 | ---- | M] (Microsoft Corporation) MD5=FEA4425645424D66DCCC6CD3F417A40D -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22811_none_6e96b3adca6e2024\ntoskrnl.exe

< MD5 for: PNRPNSP.DLL >
[2008/01/21 04:25:49 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/21 04:25:49 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2009/04/11 00:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009/04/11 15:20:11 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 15:20:11 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/21 04:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 04:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USER32.DLL >
[2009/04/11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\erdnt\cache\user32.dll
[2009/04/11 15:19:54 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009/04/11 15:19:54 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

< MD5 for: USERINIT.EXE >
[2008/01/19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 04:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/11 15:20:12 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 15:20:12 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/04/11 15:19:34 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/11 15:19:34 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 11:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 11:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 11:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< End of report >
  • 0

#34
ramaflore
Posted 24 August 2012 - 12:18 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
OTL Extras logfile created on: 24/08/2012 20:04:12 - Run 9
OTL by OldTimer - Version 3.2.54.1 Folder = c:\Users\Flore\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1013,44 Mb Total Physical Memory | 275,25 Mb Available Physical Memory | 27,16% Memory free
2,23 Gb Paging File | 1,53 Gb Available in Paging File | 68,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,84 Gb Total Space | 48,32 Gb Free Space | 71,22% Space Free | Partition Type: NTFS
Drive D: | 43,94 Gb Total Space | 29,25 Gb Free Space | 66,57% Space Free | Partition Type: NTFS

Computer Name: PC-DE-FLORE | User Name: Flore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe" = C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe" = C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4C6FEC38-E332-483E-B369-F13814582341}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{CF9ACEB2-6F37-42BB-82A4-D8284D11AC61}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"TCP Query User{28F976C5-B62D-47B1-A068-C10083330A03}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{3B892A90-0C40-480C-AC7B-7359C31AC653}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{50272F8E-E0F5-4C3A-86EB-99FE9C98A4CC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{685C5DB0-C2CF-4CEC-BD7E-62407B3506E0}F:\a voir\simpletv 0.4.6 r (vlc 2.0.1)\tv\tv.exe" = protocol=6 | dir=in | app=f:\a voir\simpletv 0.4.6 r (vlc 2.0.1)\tv\tv.exe |
"TCP Query User{C7DD4930-B3D1-4E13-842E-346129CCAAA2}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{1921D901-4F96-4686-9494-B8B5AC2474C0}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{76EC7485-29AD-4D17-80D0-2B0C17B2D10F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9A013F88-AF7D-4B6C-95D1-4DB222C72EA9}F:\a voir\simpletv 0.4.6 r (vlc 2.0.1)\tv\tv.exe" = protocol=17 | dir=in | app=f:\a voir\simpletv 0.4.6 r (vlc 2.0.1)\tv\tv.exe |
"UDP Query User{E332CAD0-1863-4D94-AFB4-A3594897674D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F8088F69-8D8F-4B69-A6BF-87D894A30C40}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{23157413-FB7F-404D-B558-F33B9827F579}" = Minimem
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.2.4902
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{37565633-908E-435A-ADB0-DED2A9707CCF}" = Nitro PDF Express
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{97A39919-9FEA-48B7-AB2B-4F99212D1E98}" = HDD Regenerator
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6CBC979-E613-49E6-A37B-3C342DE35235}_is1" = PDF to Word
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BurnAware Free_is1" = BurnAware Free 5.1
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DMX5_is1" = DriverMax 6
"doPDF 7 printer_is1" = doPDF 7.3 printer
"ERUNT_is1" = ERUNT 1.1j
"FuturixImager6" = FuturixImager
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro36" = HitmanPro 3.6
"ImgBurn" = ImgBurn
"MAXA Cookie Manager_is1" = MAXA Cookie Manager Pro 5.3
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Mozilla Firefox 14.0.1 (x86 fr)" = Mozilla Firefox 14.0.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PotPlayer" = Daum PotPlayer 1.5.33948
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"Replay Video Capture6.0.3" = Replay Video Capture 6
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.2004)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.4.8
"Speccy" = Speccy
"SumatraPDF" = SumatraPDF
"Veetle TV" = Veetle TV
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 2.0.3
"WhoCrashed_is1" = WhoCrashed 3.04

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/08/2012 15:32:04 | Computer Name = PC-de-Flore | Source = Application Error | ID = 1000
Description = Application défaillante Shell.exe, version 0.0.0.0, horodatage 0x00000000,
module défaillant CC32100MT.DLL, version 6.0.6002.18541, horodatage 0x4ec3e3d5,
code d’exception 0xc0000135, décalage d’erreur 0x00009f5d, ID du processus 0xb08,
heure de début de l’application 0x01cd8165ebc1eabe.

Error - 23/08/2012 19:17:50 | Computer Name = PC-de-Flore | Source = Perflib | ID = 1008
Description =

Error - 23/08/2012 19:17:50 | Computer Name = PC-de-Flore | Source = Perflib | ID = 1010
Description =

Error - 23/08/2012 19:25:02 | Computer Name = PC-de-Flore | Source = Perflib | ID = 1008
Description =

Error - 24/08/2012 08:10:16 | Computer Name = PC-de-Flore | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 24/08/2012 07:06:36 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 08:12:31 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 08:22:40 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 08:34:29 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 08:39:36 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 08:39:48 | Computer Name = PC-de-Flore | Source = Service Control Manager | ID = 7034
Description =

Error - 24/08/2012 08:53:16 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 10:27:52 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 13:54:03 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 14:02:56 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >
  • 0

#35
ramaflore
Posted 24 August 2012 - 12:20 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
VEW System :

Vino's Event Viewer v01c run on Windows Vista in French
Report run at 24/08/2012 20:19:10

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Erreur Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/08/2012 18:02:56
Type: Erreur Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
L’initialisation de l’application a échoué. Derničre erreur : 0x80070032

Log: 'System' Date/Time: 24/08/2012 17:54:03
Type: Erreur Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
L’initialisation de l’application a échoué. Derničre erreur : 0x80070032

Log: 'System' Date/Time: 24/08/2012 14:27:52
Type: Erreur Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
L’initialisation de l’application a échoué. Derničre erreur : 0x80070032

Log: 'System' Date/Time: 24/08/2012 12:53:16
Type: Erreur Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
L’initialisation de l’application a échoué. Derničre erreur : 0x80070032

Log: 'System' Date/Time: 24/08/2012 12:39:48
Type: Erreur Category: 0
Event: 7034 Source: Service Control Manager
Le service HitmanPro Scheduler s'est terminé de façon inattendue pour la 1čme fois.

Log: 'System' Date/Time: 24/08/2012 12:39:36
Type: Erreur Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
L’initialisation de l’application a échoué. Derničre erreur : 0x80070032

Log: 'System' Date/Time: 24/08/2012 12:34:29
Type: Erreur Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
L’initialisation de l’application a échoué. Derničre erreur : 0x80070032

Log: 'System' Date/Time: 24/08/2012 12:22:40
Type: Erreur Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
L’initialisation de l’application a échoué. Derničre erreur : 0x80070032

Log: 'System' Date/Time: 24/08/2012 12:12:31
Type: Erreur Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
L’initialisation de l’application a échoué. Derničre erreur : 0x80070032

Log: 'System' Date/Time: 24/08/2012 11:06:36
Type: Erreur Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
L’initialisation de l’application a échoué. Derničre erreur : 0x80070032

Log: 'System' Date/Time: 24/08/2012 11:03:59
Type: Erreur Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
L’initialisation de l’application a échoué. Derničre erreur : 0x80070032

Log: 'System' Date/Time: 24/08/2012 10:20:44
Type: Erreur Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
L’initialisation de l’application a échoué. Derničre erreur : 0x80070032

Log: 'System' Date/Time: 24/08/2012 09:51:45
Type: Erreur Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
L’initialisation de l’application a échoué. Derničre erreur : 0x80070032

Log: 'System' Date/Time: 23/08/2012 23:41:46
Type: Erreur Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
L’initialisation de l’application a échoué. Derničre erreur : 0x80070032

Log: 'System' Date/Time: 23/08/2012 23:25:01
Type: Erreur Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
L’initialisation de l’application a échoué. Derničre erreur : 0x80070032

Log: 'System' Date/Time: 23/08/2012 18:59:46
Type: Erreur Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
L’initialisation de l’application a échoué. Derničre erreur : 0x80070032

Log: 'System' Date/Time: 23/08/2012 18:55:43
Type: Erreur Category: 0
Event: 7030 Source: Service Control Manager
Le service PEVSystemStart est marqué comme étant interactif. Cependant, le systčme est configuré pour ne pas autoriser les services interactifs. Ce service peut ne pas fonctionner correctement.

Log: 'System' Date/Time: 23/08/2012 18:48:27
Type: Erreur Category: 0
Event: 7030 Source: Service Control Manager
Le service PEVSystemStart est marqué comme étant interactif. Cependant, le systčme est configuré pour ne pas autoriser les services interactifs. Ce service peut ne pas fonctionner correctement.

Log: 'System' Date/Time: 23/08/2012 18:41:41
Type: Erreur Category: 0
Event: 7030 Source: Service Control Manager
Le service PEVSystemStart est marqué comme étant interactif. Cependant, le systčme est configuré pour ne pas autoriser les services interactifs. Ce service peut ne pas fonctionner correctement.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Avertissement Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/08/2012 18:01:37
Type: Avertissement Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
Le Service d’autoconfiguration WLAN s’est arręté correctement.

Log: 'System' Date/Time: 24/08/2012 14:25:48
Type: Avertissement Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
Le Service d’autoconfiguration WLAN s’est arręté correctement.

Log: 'System' Date/Time: 24/08/2012 12:51:36
Type: Avertissement Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
Le Service d’autoconfiguration WLAN s’est arręté correctement.

Log: 'System' Date/Time: 24/08/2012 12:37:22
Type: Avertissement Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
Le Service d’autoconfiguration WLAN s’est arręté correctement.

Log: 'System' Date/Time: 24/08/2012 12:33:03
Type: Avertissement Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
Le Service d’autoconfiguration WLAN s’est arręté correctement.

Log: 'System' Date/Time: 24/08/2012 12:21:03
Type: Avertissement Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
Le Service d’autoconfiguration WLAN s’est arręté correctement.

Log: 'System' Date/Time: 24/08/2012 12:10:43
Type: Avertissement Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
Le Service d’autoconfiguration WLAN s’est arręté correctement.

Log: 'System' Date/Time: 24/08/2012 12:06:16
Type: Avertissement Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Votre ordinateur n'a pas pu renouveler son adresse ŕ partir du réseau (ŕ partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 0016D363EF36. Il s'est produit l'erreur suivante : L'opération a été annulée par l'utilisateur.. Votre ordinateur va continuer ŕ essayer d'obtenir sa propre adresse auprčs du serveur d'adresse réseau (DHCP).

Log: 'System' Date/Time: 24/08/2012 11:19:26
Type: Avertissement Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Votre ordinateur n'a pas pu renouveler son adresse ŕ partir du réseau (ŕ partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 0016D363EF36. Il s'est produit l'erreur suivante : L'opération a été annulée par l'utilisateur.. Votre ordinateur va continuer ŕ essayer d'obtenir sa propre adresse auprčs du serveur d'adresse réseau (DHCP).

Log: 'System' Date/Time: 24/08/2012 11:05:30
Type: Avertissement Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
Le Service d’autoconfiguration WLAN s’est arręté correctement.

Log: 'System' Date/Time: 24/08/2012 10:19:16
Type: Avertissement Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
Le Service d’autoconfiguration WLAN s’est arręté correctement.

Log: 'System' Date/Time: 23/08/2012 23:39:36
Type: Avertissement Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
Le Service d’autoconfiguration WLAN s’est arręté correctement.

Log: 'System' Date/Time: 23/08/2012 23:22:49
Type: Avertissement Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
Le Service d’autoconfiguration WLAN s’est arręté correctement.
  • 0

#36
ramaflore
Posted 24 August 2012 - 12:21 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
VEW Application :

Vino's Event Viewer v01c run on Windows Vista in French
Report run at 24/08/2012 20:21:06

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Erreur Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/08/2012 12:10:16
Type: Erreur Category: 16
Event: 4621 Source: Microsoft-Windows-EventSystem
Le systčme d'événements de COM+ n'a pas pu supprimer l'objet EventSystem.EventSubscription {346ED0A2-FEA9-4C5A-9599-C56B4829A19E}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. HRESULT : 80070005.

Log: 'Application' Date/Time: 23/08/2012 23:25:02
Type: Erreur Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
Échec de la procédure d’ouverture pour le service « PNRPsvc » dans la DLL « C:\Windows\system32\pnrpperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur.

Log: 'Application' Date/Time: 23/08/2012 23:17:50
Type: Erreur Category: 0
Event: 1010 Source: Microsoft-Windows-Perflib
La procédure de ramassage pour le service « EmdCache » dans la DLL « C:\Windows\system32\emdmgmt.dll » a généré une exception ou retourné un état non valide. Les données de performance retournées par la DLL de compteur ne seront pas renvoyées dans le bloc de données Perf. Le premier mot (DWORD) de la section Données contient le code d’exception ou le code d’état.

Log: 'Application' Date/Time: 23/08/2012 23:17:50
Type: Erreur Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\system32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur.

Log: 'Application' Date/Time: 23/08/2012 19:32:04
Type: Erreur Category: 100
Event: 1000 Source: Application Error
Application défaillante Shell.exe, version 0.0.0.0, horodatage 0x00000000, module défaillant CC32100MT.DLL, version 6.0.6002.18541, horodatage 0x4ec3e3d5, code d’exception 0xc0000135, décalage d’erreur 0x00009f5d, ID du processus 0xb08, heure de début de l’application 0x01cd8165ebc1eabe.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Avertissement Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/08/2012 12:53:43
Type: Avertissement Category: 3
Event: 3036 Source: Microsoft-Windows-Search
La source de contenu <csc://{s-1-5-21-3960516785-660546420-3033704126-1000}/> est inaccessible.

Contexte : Application , Catalogue SystemIndex

Détails :
Erreur non spécifiée (0x80004005)


Log: 'Application' Date/Time: 24/08/2012 10:19:08
Type: Avertissement Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va ętre déchargé. Les applications ou services qui ont accčs ŕ votre Registre risquent de ne pas fonctionner correctement aprčs cela. DÉTAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3960516785-660546420-3033704126-1000:
Process 2596 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 2596 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts


Log: 'Application' Date/Time: 24/08/2012 09:51:56
Type: Avertissement Category: 2
Event: 102 Source: BlueRidge AppGuard
The event description cannot be found.

Log: 'Application' Date/Time: 24/08/2012 09:51:56
Type: Avertissement Category: 2
Event: 102 Source: BlueRidge AppGuard
The event description cannot be found.

Log: 'Application' Date/Time: 23/08/2012 23:22:32
Type: Avertissement Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va ętre déchargé. Les applications ou services qui ont accčs ŕ votre Registre risquent de ne pas fonctionner correctement aprčs cela. DÉTAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3960516785-660546420-3033704126-1001:
Process 2088 (\Device\HarddiskVolume1\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1001
Process 2088 (\Device\HarddiskVolume1\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1001\Software
Process 2088 (\Device\HarddiskVolume1\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1001\Software
Process 2088 (\Device\HarddiskVolume1\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1001\Software
Process 2088 (\Device\HarddiskVolume1\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1001\Software
Process 2088 (\Device\HarddiskVolume1\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1001\Software\Policies
Process 2088 (\Device\HarddiskVolume1\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1001\Software\Policies
Process 2088 (\Device\HarddiskVolume1\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1001\Software\Policies
Process 2088 (\Device\HarddiskVolume1\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1001\Software\Policies
Process 2088 (\Device\HarddiskVolume1\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1001\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Process 2088 (\Device\HarddiskVolume1\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 2088 (\Device\HarddiskVolume1\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 2088 (\Device\HarddiskVolume1\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 2088 (\Device\HarddiskVolume1\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 2088 (\Device\HarddiskVolume1\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap


Log: 'Application' Date/Time: 23/08/2012 23:22:13
Type: Avertissement Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va ętre déchargé. Les applications ou services qui ont accčs ŕ votre Registre risquent de ne pas fonctionner correctement aprčs cela. DÉTAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3960516785-660546420-3033704126-1000:
Process 1836 (\Device\HarddiskVolume1\Program Files\Blue Ridge Networks\AppGuard\AppGuardAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1000
Process 1836 (\Device\HarddiskVolume1\Program Files\Blue Ridge Networks\AppGuard\AppGuardAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1000\Environment


Log: 'Application' Date/Time: 23/08/2012 19:02:03
Type: Avertissement Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va ętre déchargé. Les applications ou services qui ont accčs ŕ votre Registre risquent de ne pas fonctionner correctement aprčs cela. DÉTAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3960516785-660546420-3033704126-1000:
Process 1192 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1000\Software
Process 1192 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3960516785-660546420-3033704126-1000\Software\Policies
  • 0

#37
ramaflore
Posted 24 August 2012 - 12:23 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
What's up with user32.dll and ntdll.dll MD5 ??
  • 0

#38
ramaflore
Posted 24 August 2012 - 12:30 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
deleted post

Edited by ramaflore, 24 August 2012 - 12:33 PM.

  • 0

#39
ramaflore
Posted 24 August 2012 - 12:31 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
The proof :

Attached Thumbnails

  • Démarrage et recup.jpg

Edited by ramaflore, 24 August 2012 - 12:34 PM.

  • 0

#40
ramaflore
Posted 24 August 2012 - 01:26 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
I've just scanned user32.dll with unknown MD5. Look at the results:

My link


For ntldll.dll, look here:

My link

For both, you will have the MD5
  • 0

Advertisements

#41
RKinner
Posted 24 August 2012 - 02:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,736 posts
  • MVP

What's up with user32.dll and ntdll.dll MD5 ??


That's what I'm worried about too. Don't know why we can's see the MD5 for them. See if you can submit both files to http://www.virustotal.com and see what they say. (I see you have already submitted them to jotti so no need to submit them to virustotal.) Also see if you can find shell.exe and submit it too. We are getting errors from it and I don't know why it is running. We can also let OTL look for it:


Copy the text in the code box:


/md5start
shell.exe
CC32100MT.DLL
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Run Scan.

You should get one log. Please copy and paste it.


I do not see any sign that you had a Windows software crash. If it happened, it happened before windows was far enough along to keep track of it. When your KSOD happens exactly what do you see? Is there any text on the screen? What color is it? Is there a faint image visible which you can see better with a flashlight?

Copy the next line:

reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /s > \morejunk.txt


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter. Attach the file c:\morejunk.txt to your next reply.

Now type:

msconfig



Click on the boot tab (second tab from the left) and check "Boot logging" Then OK and reboot

This should tell Vista to create a log called c:\windows\ntbtlog.txt during the boot process. Now reboot and see if you can get a KSOD. (Note the time that this happens.) Then attach the ntbtlog.txt Every three reboots, go in and delete the ntbtlog.txt so it doesn't get too big.

Install the free Avast so you are not running without an anti-virus:
http://www.avast.com...ivirus-download

Download, Save, and right click and Run As Administrator. Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
Text version is at: C:\ProgramData\Avast Software\Avast\report\aswboot.txt

That's all for now. We are going out on the boat for a while so won't be back on line for several hours.
  • 0

#42
ramaflore
Posted 24 August 2012 - 02:22 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
Virustotal for user32.dll My link

Virustotal analyse for ntdll.dll My link

Virustotal doesn't deal with MD5 but with SHA256

About the black screen, I don't think it's related to a software as it appeared before the 'Welcome' screen, each time I boot my laptop.

Black screen, a real one, black color ,it's like before Bios program appeared when you reboot your computer.

Edited by ramaflore, 24 August 2012 - 02:27 PM.

  • 0

#43
ramaflore
Posted 24 August 2012 - 02:35 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
OTL logfile created on: 24/08/2012 22:29:16 - Run 10
OTL by OldTimer - Version 3.2.54.1 Folder = c:\Users\Flore\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1013,44 Mb Total Physical Memory | 346,03 Mb Available Physical Memory | 34,14% Memory free
2,23 Gb Paging File | 1,36 Gb Available in Paging File | 61,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,84 Gb Total Space | 48,33 Gb Free Space | 71,23% Space Free | Partition Type: NTFS
Drive D: | 43,94 Gb Total Space | 29,25 Gb Free Space | 66,57% Space Free | Partition Type: NTFS

Computer Name: PC-DE-FLORE | User Name: Flore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\DriverMax\drivermax.exe (Innovative Solutions)
PRC - c:\Users\Flore\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
PRC - C:\Program Files\NoAutorun-1.1.2.25\NoAutorun.exe (http://sf.net/projects/noautorun/)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Nitro PDF\Express\NitroPDFExpressDriverService.exe (Nitro PDF Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\DriverMax\sync.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroExpressDriverReadSpool) -- C:\Program Files\Nitro PDF\Express\NitroPDFExpressDriverService.exe (Nitro PDF Software)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz134) -- C:\Users\Flore\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (catchme) -- C:\Users\Flore\AppData\Local\Temp\catchme.sys File not found
DRV - (HWiNFO32) -- C:\Program Files\HWiNFO32\HWiNFO32.SYS (REALiX™)
DRV - (TKDac) -- C:\Windows\System32\tkdacxp.sys (INCA Internet Co., Ltd.)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (flash) -- C:\Windows\System32\drivers\flash.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://fr.yahoo.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/12 14:22:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/12 14:22:44 | 000,000,000 | ---D | M]

[2011/12/04 21:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flore\AppData\Roaming\mozilla\Extensions
[2012/08/12 14:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions
[2012/08/12 14:30:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/12 14:30:38 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2012/08/12 14:30:35 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\FasterFox_Lite@BigRedBrent
[2012/08/12 14:30:36 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\[email protected]
[2012/01/03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\searchplugins\askcom.xml
[2012/02/18 22:08:44 | 000,002,140 | ---- | M] () -- C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\searchplugins\s-amazon-fr.xml
[2012/08/12 14:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/08/03 02:45:04 | 000,011,890 | ---- | M] () (No name found) -- C:\USERS\FLORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MX75WWM.DEFAULT\EXTENSIONS\[email protected]
[2012/07/14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/14 02:39:12 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/07/14 02:39:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/14 02:39:12 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/07/14 02:39:12 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/07/14 02:39:12 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/07/14 02:39:12 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2012/08/23 20:55:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files\DriverMax\drivermax.exe (Innovative Solutions)
O4 - Startup: C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Windows\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 124
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB5C2E77-49EC-4129-B8EC-493DF5E601FC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/24 16:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\SARDU_2.0.5
[2012/08/24 14:07:03 | 001,801,592 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2012/08/24 14:07:03 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012/08/24 14:07:02 | 001,379,760 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tosade.dll
[2012/08/24 14:07:02 | 000,819,648 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo2.dll
[2012/08/24 14:07:02 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012/08/24 14:07:02 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012/08/24 14:07:02 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012/08/24 14:07:02 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012/08/24 14:07:02 | 000,134,584 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\tadefxapo.dll
[2012/08/24 14:07:02 | 000,058,264 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\System32\TepeqAPO.dll
[2012/08/24 14:07:01 | 000,560,768 | ---- | C] (Sony Corporation) -- C:\Windows\System32\SFSS_APO.dll
[2012/08/24 14:07:01 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2012/08/24 14:07:01 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2012/08/24 14:07:01 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2012/08/24 14:06:59 | 000,090,256 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll
[2012/08/24 14:06:59 | 000,013,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoLDR.dll
[2012/08/24 14:06:58 | 000,658,064 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2012/08/24 14:06:54 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2012/08/24 14:06:54 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2012/08/24 14:06:53 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2012/08/24 14:06:53 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2012/08/24 14:06:52 | 005,915,648 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat
[2012/08/24 14:06:52 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012/08/24 14:06:52 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012/08/24 14:06:51 | 007,161,736 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2012/08/24 14:06:51 | 000,351,112 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2012/08/24 14:06:51 | 000,106,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2012/08/24 14:06:51 | 000,091,528 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2012/08/24 14:06:51 | 000,061,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2012/08/24 14:06:50 | 007,377,272 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2012/08/24 14:06:50 | 001,246,584 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek2.dll
[2012/08/24 14:06:50 | 000,349,048 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2012/08/24 14:06:48 | 001,929,592 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012/08/24 14:06:48 | 000,717,176 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPOShell.dll
[2012/08/24 14:06:47 | 002,193,472 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012/08/24 14:06:47 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2012/08/24 14:06:47 | 000,350,072 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2012/08/24 14:06:47 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012/08/24 14:06:47 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012/08/24 14:06:46 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2012/08/24 14:06:46 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2012/08/24 14:06:46 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2012/08/24 14:06:46 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2012/08/24 14:06:46 | 000,421,744 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2012/08/24 14:06:46 | 000,398,192 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2012/08/24 14:06:46 | 000,335,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2012/08/24 14:06:45 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2012/08/24 14:06:45 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2012/08/24 14:06:45 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2012/08/24 14:06:45 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2012/08/24 14:06:45 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2012/08/24 14:06:45 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2012/08/24 14:06:45 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2012/08/24 14:06:44 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2012/08/24 14:06:43 | 000,090,624 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[2012/08/24 14:06:42 | 000,176,736 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2012/08/24 14:06:42 | 000,095,840 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2012/08/24 01:37:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2012/08/24 01:37:03 | 000,385,024 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2012/08/23 20:59:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/23 20:55:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/23 20:38:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/23 19:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2012/08/23 19:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/08/23 00:45:49 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxCoIn_v1930.dll
[2012/08/23 00:45:45 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2012/08/23 00:45:42 | 000,536,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumdx32.dll
[2012/08/22 23:33:05 | 000,000,000 | ---D | C] -- C:\Users\Flore\Documents\My Drivers
[2012/08/22 23:21:27 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Innovative Solutions
[2012/08/22 23:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2012/08/22 23:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\DriverMax
[2012/08/20 23:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
[2012/08/20 23:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2012/08/20 12:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\p95v277.win32
[2012/08/18 20:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO32
[2012/08/15 23:15:09 | 000,000,000 | ---D | C] -- C:\fjdtv6.90
[2012/08/15 11:43:22 | 000,000,000 | ---D | C] -- C:\Users\Flore\Documents\Windows7_Vista_jcgriff2
[2012/08/13 19:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Regenerator
[2012/08/13 19:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\HDD Regenerator
[2012/08/13 19:43:35 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Downloaded Installations
[2012/08/13 15:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/08/13 14:51:46 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/13 14:49:26 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2012/08/13 14:49:25 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012/08/13 14:49:24 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012/08/13 14:47:31 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012/08/13 14:47:27 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012/08/13 14:47:27 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2012/08/13 14:47:27 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012/08/13 14:47:27 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012/08/13 14:47:26 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012/08/13 14:45:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2012/08/13 14:45:49 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2012/08/13 14:45:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2012/08/13 14:45:42 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012/08/13 14:45:42 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012/08/13 14:45:42 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/08/13 14:45:42 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2012/08/13 14:45:42 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2012/08/13 14:45:42 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2012/08/13 14:17:49 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012/08/13 14:17:49 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012/08/13 14:17:49 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/08/13 14:16:50 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012/08/13 14:00:48 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2012/08/13 13:53:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/08/13 13:53:07 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/08/13 13:53:07 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012/08/13 13:53:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/08/13 13:52:49 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2012/08/13 13:52:49 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012/08/13 13:52:48 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/08/13 13:52:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/08/13 13:52:47 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2012/08/13 13:52:46 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2012/08/13 13:52:46 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/08/13 13:52:45 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/08/13 13:52:45 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012/08/13 13:52:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/08/13 13:52:44 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012/08/13 13:52:40 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012/08/13 13:52:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012/08/13 13:52:20 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2012/08/13 13:52:19 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2012/08/13 13:52:19 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2012/08/13 13:52:19 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2012/08/13 13:52:19 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2012/08/13 13:52:19 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2012/08/13 13:52:19 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2012/08/13 13:52:18 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012/08/13 13:50:55 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2012/08/13 13:50:54 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012/08/13 13:50:54 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/08/13 13:50:54 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2012/08/13 13:50:53 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012/08/13 13:50:53 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/08/13 13:50:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2012/08/13 13:50:03 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2012/08/13 13:49:50 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012/08/13 13:49:49 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012/08/13 13:49:49 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012/08/13 13:49:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/08/13 13:49:20 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/08/13 13:49:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/08/13 13:48:26 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2012/08/13 13:48:02 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/08/13 13:47:59 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2012/08/13 13:47:59 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2012/08/13 13:47:59 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2012/08/13 13:47:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2012/08/13 13:47:55 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/08/13 13:47:22 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/08/13 13:47:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/08/13 13:47:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/08/13 13:47:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2012/08/13 13:47:13 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/08/13 13:47:13 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/08/13 13:47:00 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012/08/13 13:46:54 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2012/08/13 13:46:54 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2012/08/13 13:46:50 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2012/08/13 13:46:22 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012/08/13 13:46:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2012/08/13 13:46:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2012/08/13 13:45:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012/08/13 13:45:32 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/08/13 13:45:20 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2012/08/13 13:45:16 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012/08/13 13:45:15 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012/08/13 13:45:14 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012/08/13 13:45:14 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012/08/13 13:45:14 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012/08/13 13:45:13 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012/08/13 13:45:13 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2012/08/13 13:45:13 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012/08/13 13:45:13 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012/08/13 13:45:02 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/08/13 13:44:43 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012/08/13 13:44:43 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012/08/13 13:44:41 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/08/13 13:44:35 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2012/08/13 13:44:32 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/08/13 13:44:31 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/08/13 13:44:31 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2012/08/13 13:44:29 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012/08/13 13:44:08 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/08/13 13:44:08 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/08/13 13:44:08 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/08/13 13:44:08 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/08/13 13:44:08 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/08/13 13:43:56 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012/08/13 13:43:49 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/08/13 13:43:43 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/08/13 13:43:43 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/08/13 13:43:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012/08/13 13:43:18 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/08/13 13:43:18 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/08/13 13:43:15 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/08/13 13:42:54 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2012/08/13 13:42:38 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2012/08/13 13:42:30 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012/08/13 13:42:17 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/08/13 12:57:34 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2012/08/13 12:57:31 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012/08/13 12:57:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2012/08/13 12:57:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2012/08/13 12:57:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2012/08/13 11:56:43 | 000,000,000 | ---D | C] -- C:\Desktop
[2012/08/12 15:47:43 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/08/12 15:47:42 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/08/12 15:47:21 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/08/12 15:47:21 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/08/12 15:47:21 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/08/12 15:47:16 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/08/12 15:47:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/08/12 15:34:57 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modčles
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes vidéos
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes images
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Démarrer
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Ma musique
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\Program Files\Fichiers communs
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoris
[2012/08/12 15:04:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Bureau
[2012/08/12 15:04:15 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2012/08/12 15:03:43 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/08/12 15:02:30 | 002,777,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NETw4r32.dll
[2012/08/12 15:02:30 | 002,251,776 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\NETw4v32.sys
[2012/08/12 15:02:30 | 000,745,472 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NETw4c32.dll
[2012/08/12 15:02:26 | 001,095,936 | ---- | C] (Motorola Inc.) -- C:\Windows\System32\drivers\smserial.sys
[2012/08/12 15:02:26 | 000,516,096 | ---- | C] (Motorola Inc.) -- C:\Windows\System32\sm56co85.dll
[2012/08/12 15:02:24 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2012/08/12 15:02:24 | 000,017,768 | ---- | C] (Blue Ridge Networks) -- C:\Windows\System32\drivers\mbrguard.sys
[2012/08/12 15:02:21 | 000,062,208 | ---- | C] (ENE Technology Inc.) -- C:\Windows\System32\drivers\EMS7SK.sys
[2012/08/12 15:02:20 | 000,042,240 | ---- | C] (ENE Technology Inc.) -- C:\Windows\System32\drivers\ESD7SK.sys
[2012/08/12 15:02:18 | 003,784,704 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2012/08/12 15:02:18 | 001,766,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2012/08/12 15:02:18 | 001,183,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2012/08/12 15:02:18 | 000,532,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2012/08/12 15:02:18 | 000,284,160 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2012/08/12 14:17:46 | 000,000,000 | --SD | C] -- C:\Users\Flore\AppData\Roaming\Microsoft
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Videos
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Saved Games
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Pictures
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Music
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Links
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Favorites
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Downloads
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Documents
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\Desktop
[2012/08/12 14:17:46 | 000,000,000 | R--D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Voisinage réseau
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Voisinage d'impression
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\AppData\Local\Temporary Internet Files
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\SendTo
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Recent
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Modčles
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Documents\Mes vidéos
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Documents\Mes images
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Mes documents
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Menu Démarrer
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Documents\Ma musique
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Local Settings
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\AppData\Local\Historique
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Cookies
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\Application Data
[2012/08/12 14:17:46 | 000,000,000 | -HSD | C] -- C:\Users\Flore\AppData\Local\Application Data
[2012/08/12 14:17:46 | 000,000,000 | -H-D | C] -- C:\Users\Flore\AppData
[2012/08/12 14:17:46 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Temp
[2012/08/12 14:17:46 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Microsoft
[2012/08/12 14:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2012/08/12 14:14:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012/08/12 14:11:38 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012/08/12 14:05:18 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/08/12 00:16:40 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\ImgBurn
[2012/08/11 23:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/08/11 23:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/08/08 11:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/08/08 01:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData
[2012/08/07 23:19:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/07 23:19:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/07 23:19:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/07 23:14:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/07 10:34:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/08/07 10:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/05 20:06:41 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/05 20:06:41 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/05 19:02:38 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\vlc
[2012/08/05 19:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/08/05 18:51:00 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Daum
[2012/08/05 18:50:57 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\PotPlayerMini
[2012/08/05 18:50:28 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
[2012/08/05 18:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
[2012/08/05 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\Daum
[2012/08/03 20:02:24 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Runscanner.net
[2012/08/01 19:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/01 19:22:36 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/07/30 12:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Privacyware
[2012/07/27 19:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2012/07/27 19:08:19 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
[2012/07/25 23:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Ultimate Windows Tweaker v2.2
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/24 22:02:19 | 000,005,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/24 22:02:19 | 000,005,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/24 20:02:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/24 20:01:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/08/24 16:32:11 | 000,681,752 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/08/24 16:32:11 | 000,599,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/24 16:32:11 | 000,127,574 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/08/24 16:32:11 | 000,105,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/24 16:21:50 | 014,261,768 | ---- | M] () -- C:\Program Files\SARDU_2.0.5.zip
[2012/08/24 14:49:45 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\DeskUpdate.lnk
[2012/08/24 12:16:59 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/08/24 02:03:15 | 000,016,082 | ---- | M] () -- C:\Windows\System32\results.xml
[2012/08/24 01:24:07 | 000,000,680 | ---- | M] () -- C:\Users\Flore\AppData\Local\d3d9caps.dat
[2012/08/23 20:55:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/23 19:51:48 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/08/23 12:08:29 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/08/23 01:56:02 | 000,000,943 | ---- | M] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/22 23:21:27 | 000,000,816 | ---- | M] () -- C:\Users\Flore\Desktop\DriverMax.lnk
[2012/08/21 00:19:57 | 000,000,210 | ---- | M] () -- C:\Users\Flore\AppData\Roaming\burnaware.ini
[2012/08/21 00:19:52 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/08/21 00:19:52 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/08/20 23:47:27 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2012/08/20 17:20:31 | 000,006,656 | ---- | M] () -- C:\Windows\System32\lpcio.dll
[2012/08/20 01:50:43 | 000,004,608 | ---- | M] () -- C:\Users\Flore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/19 16:48:18 | 000,005,680 | ---- | M] () -- C:\Users\Flore\AppData\Local\Temp5.html
[2012/08/19 16:47:37 | 000,001,955 | ---- | M] () -- C:\Users\Flore\AppData\Local\Temp1.html
[2012/08/16 00:37:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/08/15 22:53:05 | 000,063,545 | ---- | M] () -- C:\fjdtv6.90.zip
[2012/08/15 12:16:03 | 000,287,056 | ---- | M] () -- C:\Users\Flore\Documents\Windows7_Vista_jcgriff2.zip
[2012/08/15 12:01:17 | 002,574,808 | ---- | M] () -- C:\Users\Flore\Documents\Perfmon.html
[2012/08/13 19:43:51 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\HDD Regenerator.lnk
[2012/08/13 15:29:46 | 000,231,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/12 15:34:42 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2012/08/12 15:12:01 | 000,000,438 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/12 15:03:28 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/08/12 15:01:13 | 000,383,601 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/08/12 14:40:28 | 000,021,668 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2012/08/11 23:56:00 | 000,001,650 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/08/10 05:34:39 | 000,139,640 | ---- | M] () -- C:\Windows\System32\p
[2012/08/08 11:19:00 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/08 11:19:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/07 10:34:44 | 000,000,841 | ---- | M] () -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/07 10:34:36 | 000,000,642 | ---- | M] () -- C:\Users\Flore\Desktop\ERUNT.lnk
[2012/08/06 20:55:56 | 000,001,455 | ---- | M] () -- C:\Windows\System\p
[2012/08/06 20:55:17 | 000,005,572 | ---- | M] () -- C:\Windows\p
[2012/08/05 20:03:39 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/08/05 19:02:23 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/08/05 18:50:42 | 000,000,967 | ---- | M] () -- C:\Users\Flore\Desktop\PotPlayer.lnk
[2012/08/01 19:37:49 | 000,000,870 | ---- | M] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/01 19:37:48 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/01 19:22:37 | 000,001,057 | ---- | M] () -- C:\Users\Flore\Desktop\Revo Uninstaller.lnk
[2012/07/31 10:42:14 | 005,915,648 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat
[2012/07/31 10:14:56 | 000,326,245 | ---- | M] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/07/27 19:21:42 | 000,001,832 | ---- | M] () -- C:\Users\Flore\Desktop\VirusTotal Uploader 2.0.lnk
[2012/07/26 11:28:44 | 000,090,256 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInstII.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/24 16:32:51 | 014,261,768 | ---- | C] () -- C:\Program Files\SARDU_2.0.5.zip
[2012/08/24 14:49:15 | 000,951,608 | ---- | C] () -- C:\Program Files\FTSDeskUpdate.exe
[2012/08/24 14:06:53 | 000,326,245 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/08/24 13:02:46 | 000,000,841 | ---- | C] () -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/24 02:03:15 | 000,016,082 | ---- | C] () -- C:\Windows\System32\results.xml
[2012/08/24 01:35:26 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\DeskUpdate.lnk
[2012/08/24 01:24:07 | 000,000,680 | ---- | C] () -- C:\Users\Flore\AppData\Local\d3d9caps.dat
[2012/08/23 19:51:48 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/08/23 12:08:09 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/08/23 00:45:49 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2012/08/23 00:45:48 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
[2012/08/22 23:21:27 | 000,000,816 | ---- | C] () -- C:\Users\Flore\Desktop\DriverMax.lnk
[2012/08/20 23:48:21 | 000,000,210 | ---- | C] () -- C:\Users\Flore\AppData\Roaming\burnaware.ini
[2012/08/20 23:47:27 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\BurnAware Free.lnk
[2012/08/19 16:48:18 | 000,005,680 | ---- | C] () -- C:\Users\Flore\AppData\Local\Temp5.html
[2012/08/19 16:47:37 | 000,001,955 | ---- | C] () -- C:\Users\Flore\AppData\Local\Temp1.html
[2012/08/16 00:37:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/08/15 22:53:04 | 000,063,545 | ---- | C] () -- C:\fjdtv6.90.zip
[2012/08/15 12:16:02 | 000,287,056 | ---- | C] () -- C:\Users\Flore\Documents\Windows7_Vista_jcgriff2.zip
[2012/08/15 12:04:08 | 002,574,808 | ---- | C] () -- C:\Users\Flore\Documents\Perfmon.html
[2012/08/14 00:58:29 | 000,008,064 | ---- | C] () -- C:\Windows\System32\drivers\flash.sys
[2012/08/13 19:43:51 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\HDD Regenerator.lnk
[2012/08/13 13:47:59 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012/08/13 13:43:52 | 000,006,656 | ---- | C] () -- C:\Windows\System32\lpcio.dll
[2012/08/12 15:35:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012/08/12 15:34:42 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2012/08/12 15:20:56 | 000,004,608 | ---- | C] () -- C:\Users\Flore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/12 15:18:27 | 000,000,949 | ---- | C] () -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/12 15:18:23 | 000,000,944 | ---- | C] () -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/08/12 14:40:28 | 000,021,668 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2012/08/12 14:17:46 | 000,000,258 | ---- | C] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/12 14:17:46 | 000,000,240 | ---- | C] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/12 14:16:20 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2012/08/11 23:56:00 | 000,001,662 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/08/11 23:56:00 | 000,001,650 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/08/10 05:34:39 | 000,139,640 | ---- | C] () -- C:\Windows\System32\p
[2012/08/07 23:19:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/07 23:19:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/07 23:19:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/07 23:19:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/07 23:19:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/07 10:34:36 | 000,000,642 | ---- | C] () -- C:\Users\Flore\Desktop\ERUNT.lnk
[2012/08/06 20:55:56 | 000,001,455 | ---- | C] () -- C:\Windows\System\p
[2012/08/06 20:54:51 | 000,005,572 | ---- | C] () -- C:\Windows\p
[2012/08/05 19:02:23 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/08/05 18:50:42 | 000,000,967 | ---- | C] () -- C:\Users\Flore\Desktop\PotPlayer.lnk
[2012/08/01 19:37:49 | 000,000,870 | ---- | C] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/01 19:37:48 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/01 19:37:48 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/30 12:53:48 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/27 19:08:19 | 000,001,832 | ---- | C] () -- C:\Users\Flore\Desktop\VirusTotal Uploader 2.0.lnk
[2012/07/18 00:05:34 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/07/15 01:34:13 | 001,472,131 | ---- | C] () -- C:\Program Files\vba32arkit.zip
[2012/06/28 01:14:43 | 000,826,230 | ---- | C] () -- C:\Program Files\JPEGView_1_0_26.zip
[2012/05/27 03:13:40 | 000,000,004 | ---- | C] () -- C:\Windows\60139727.dat
[2012/05/26 02:53:38 | 000,000,004 | ---- | C] () -- C:\Windows\11290197.dat
[2012/05/25 16:30:01 | 000,000,004 | ---- | C] () -- C:\Windows\16305630.dat
[2012/05/25 02:27:02 | 000,000,004 | ---- | C] () -- C:\Windows\52562384.dat
[2012/05/24 02:29:58 | 000,000,130 | ---- | C] () -- C:\Windows\9218894.dat
[2012/05/21 13:50:06 | 000,000,418 | ---- | C] () -- C:\Users\Flore\.swfinfo
[2012/05/01 15:19:52 | 000,088,656 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/12/14 03:41:02 | 000,000,324 | ---- | C] () -- C:\Windows\12812112.dat
[2011/12/04 22:54:49 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/12/04 21:30:11 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2011/12/04 21:26:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2011/12/04 00:51:53 | 000,000,438 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/03 22:07:27 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

========== Custom Scans ==========

< MD5 for: SHELL.EXE >
[2010/09/03 15:03:56 | 000,818,944 | ---- | M] () MD5=39D56F273B87387A36C9E64086E215A8 -- C:\Program Files\HDD Regenerator\Shell.exe

< End of report >
  • 0

#44
ramaflore
Posted 24 August 2012 - 02:36 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
OTL Extras logfile created on: 24/08/2012 22:29:16 - Run 10
OTL by OldTimer - Version 3.2.54.1 Folder = c:\Users\Flore\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1013,44 Mb Total Physical Memory | 346,03 Mb Available Physical Memory | 34,14% Memory free
2,23 Gb Paging File | 1,36 Gb Available in Paging File | 61,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,84 Gb Total Space | 48,33 Gb Free Space | 71,23% Space Free | Partition Type: NTFS
Drive D: | 43,94 Gb Total Space | 29,25 Gb Free Space | 66,57% Space Free | Partition Type: NTFS

Computer Name: PC-DE-FLORE | User Name: Flore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"DefaultInboundAction" = 1
"DefaultOutboundAction" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe" = C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe" = C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4C6FEC38-E332-483E-B369-F13814582341}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{CF9ACEB2-6F37-42BB-82A4-D8284D11AC61}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"TCP Query User{28F976C5-B62D-47B1-A068-C10083330A03}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{3B892A90-0C40-480C-AC7B-7359C31AC653}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{50272F8E-E0F5-4C3A-86EB-99FE9C98A4CC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{685C5DB0-C2CF-4CEC-BD7E-62407B3506E0}F:\a voir\simpletv 0.4.6 r (vlc 2.0.1)\tv\tv.exe" = protocol=6 | dir=in | app=f:\a voir\simpletv 0.4.6 r (vlc 2.0.1)\tv\tv.exe |
"TCP Query User{C7DD4930-B3D1-4E13-842E-346129CCAAA2}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{1921D901-4F96-4686-9494-B8B5AC2474C0}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{76EC7485-29AD-4D17-80D0-2B0C17B2D10F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9A013F88-AF7D-4B6C-95D1-4DB222C72EA9}F:\a voir\simpletv 0.4.6 r (vlc 2.0.1)\tv\tv.exe" = protocol=17 | dir=in | app=f:\a voir\simpletv 0.4.6 r (vlc 2.0.1)\tv\tv.exe |
"UDP Query User{E332CAD0-1863-4D94-AFB4-A3594897674D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F8088F69-8D8F-4B69-A6BF-87D894A30C40}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{23157413-FB7F-404D-B558-F33B9827F579}" = Minimem
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.2.4902
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{37565633-908E-435A-ADB0-DED2A9707CCF}" = Nitro PDF Express
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{97A39919-9FEA-48B7-AB2B-4F99212D1E98}" = HDD Regenerator
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6CBC979-E613-49E6-A37B-3C342DE35235}_is1" = PDF to Word
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BurnAware Free_is1" = BurnAware Free 5.1
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DMX5_is1" = DriverMax 6
"doPDF 7 printer_is1" = doPDF 7.3 printer
"ERUNT_is1" = ERUNT 1.1j
"FuturixImager6" = FuturixImager
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro36" = HitmanPro 3.6
"ImgBurn" = ImgBurn
"MAXA Cookie Manager_is1" = MAXA Cookie Manager Pro 5.3
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Mozilla Firefox 14.0.1 (x86 fr)" = Mozilla Firefox 14.0.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PotPlayer" = Daum PotPlayer 1.5.33948
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"Replay Video Capture6.0.3" = Replay Video Capture 6
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.2004)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.4.8
"Speccy" = Speccy
"SumatraPDF" = SumatraPDF
"Veetle TV" = Veetle TV
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 2.0.3
"WhoCrashed_is1" = WhoCrashed 3.04

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/08/2012 15:32:04 | Computer Name = PC-de-Flore | Source = Application Error | ID = 1000
Description = Application défaillante Shell.exe, version 0.0.0.0, horodatage 0x00000000,
module défaillant CC32100MT.DLL, version 6.0.6002.18541, horodatage 0x4ec3e3d5,
code d’exception 0xc0000135, décalage d’erreur 0x00009f5d, ID du processus 0xb08,
heure de début de l’application 0x01cd8165ebc1eabe.

Error - 23/08/2012 19:17:50 | Computer Name = PC-de-Flore | Source = Perflib | ID = 1008
Description =

Error - 23/08/2012 19:17:50 | Computer Name = PC-de-Flore | Source = Perflib | ID = 1010
Description =

Error - 23/08/2012 19:25:02 | Computer Name = PC-de-Flore | Source = Perflib | ID = 1008
Description =

Error - 24/08/2012 08:10:16 | Computer Name = PC-de-Flore | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 24/08/2012 07:06:36 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 08:12:31 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 08:22:40 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 08:34:29 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 08:39:36 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 08:39:48 | Computer Name = PC-de-Flore | Source = Service Control Manager | ID = 7034
Description =

Error - 24/08/2012 08:53:16 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 10:27:52 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 13:54:03 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 24/08/2012 14:02:56 | Computer Name = PC-de-Flore | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >
  • 0

#45
ramaflore
Posted 24 August 2012 - 02:41 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
< MD5 for: SHELL.EXE >
[2010/09/03 15:03:56 | 000,818,944 | ---- | M] () MD5=39D56F273B87387A36C9E64086E215A8 -- C:\Program Files\HDD Regenerator\Shell.exe

Should I uninstall HDD Regenerator also ? Shell.exe and CC32100MT.dll are files belong to HDD Regenerator

Look at morejunk.txt attached file

Attached Files


Edited by ramaflore, 24 August 2012 - 02:43 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP