Solved WIN64/Sirefer.y Infection - requesting help with removal

J

Jayrom

Posts: 17   +0
Hi,
MSE detected this trojan, and now my computer keeps rebooting each time it's detected.
It's running windows 7 x64.
Broni I saw your post so here is the result for the FRST scan (first part):
Scan result of Farbar Recovery Scan Tool Version: 19-06-2012
Ran by SYSTEM at 20-06-2012 01:45:08
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6629480 2011-04-14] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [312936 2011-04-21] (NVIDIA Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-05] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-05] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-05] (Intel Corporation)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-11-01] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [75064 2011-07-07] ()
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] ()
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-06-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\nacer\...\Run: [AdobeBridge] [x]
HKU\nacer\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [12163568 2012-06-13] (Google)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
==================== Services (Whitelisted) ======
3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-15] (Adobe Systems Incorporated)
2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [661504 2011-10-19] (Intel Corporation)
2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [936272 2011-10-18] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1354064 2011-10-18] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [1001808 2011-10-18] (Intel Corporation)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [135440 2011-10-20] (Intel(R) Corporation)
2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [166912 2012-04-09] (Dell Products, LP.)
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2012-04-02] (Acresso Software Inc.)
2 Kodak AiO Network Discovery Service; C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [394672 2011-12-19] (Eastman Kodak Company)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [2823000 2010-08-25] (Dell, Inc.)
2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [71168 2011-03-15] (Palm)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-03-19] ()
2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2012-03-19] ()
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
========================== Drivers (Whitelisted) =============
2 adfs; C:\Windows\SysWow64\Drivers\adfs.sys [74720 2008-08-14] (Adobe Systems, Inc.)
3 AMPPAL; C:\Windows\System32\Drivers\AMPPAL.sys [195072 2011-10-19] (Windows (R) Win 7 DDK provider)
3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [195072 2011-10-19] (Windows (R) Win 7 DDK provider)
3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [51712 2011-05-19] (Intel Corporation)
3 btmaux; C:\Windows\System32\Drivers\btmaux.sys [53760 2011-08-29] (Intel Corporation)
3 btmhsf; C:\Windows\System32\Drivers\btmhsf.sys [288768 2011-10-10] (Intel Corporation)
3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [59904 2011-10-11] (Intel Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [250984 2010-12-01] (Realtek Semiconductor Corp.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [16120 2010-11-29] (Intel(R) Corporation)
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-06-19 21:05 - 2012-06-19 21:05 - 00065536 __ASH C:\Windows\System32\config\components{56d800df-8bba-11e1-9301-4ceb421039a1}.TxR.blf
2012-06-18 22:04 - 2012-06-18 22:04 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-18 22:04 - 2012-06-18 22:04 - 00000000 ____D C:\Users\All Users\Application Data\HitmanPro
2012-06-17 16:42 - 2012-06-17 16:42 - 00000000 ____D C:\Users\nacer\Application Data\Malwarebytes
2012-06-17 16:42 - 2012-06-17 16:42 - 00000000 ____D C:\Users\nacer\AppData\Roaming\Malwarebytes
2012-06-17 16:39 - 2012-06-19 23:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-17 16:39 - 2012-06-17 16:39 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-17 16:39 - 2012-06-17 16:39 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-17 16:39 - 2012-06-17 16:39 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-17 16:39 - 2012-06-17 16:39 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-06-17 16:39 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-17 09:16 - 2012-06-19 23:21 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-17 09:16 - 2012-06-19 23:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-16 15:13 - 2012-06-16 15:14 - 00000000 ____D C:\Users\nacer\Desktop\Nouveau dossier
2012-06-15 07:40 - 2012-06-15 07:40 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Another.Happy.Day.2011.TRUEFRENCH.DVDRip.XviD.AC3-DesTroY
2012-06-14 02:02 - 2012-06-14 02:02 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2012-06-14 02:02 - 2012-06-14 02:02 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2012-06-14 02:01 - 2012-05-17 21:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 02:01 - 2012-05-17 21:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 02:01 - 2012-05-17 21:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 02:01 - 2012-05-17 20:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 02:01 - 2012-05-17 20:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 02:01 - 2012-05-17 20:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 02:01 - 2012-05-17 20:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 02:01 - 2012-05-17 20:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 02:01 - 2012-05-17 20:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 02:01 - 2012-05-17 20:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 02:01 - 2012-05-17 20:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 02:01 - 2012-05-17 20:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 02:01 - 2012-05-17 20:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 02:01 - 2012-05-17 20:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 02:01 - 2012-05-17 18:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 02:01 - 2012-05-17 17:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 02:01 - 2012-05-17 17:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 02:01 - 2012-05-17 17:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 02:01 - 2012-05-17 17:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 02:01 - 2012-05-17 17:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 02:01 - 2012-05-17 17:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 02:01 - 2012-05-17 17:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 02:01 - 2012-05-17 17:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 02:01 - 2012-05-17 17:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 02:01 - 2012-05-17 17:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 02:01 - 2012-05-17 17:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 02:01 - 2012-05-17 17:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 02:01 - 2012-05-17 17:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 09:21 - 2012-05-14 20:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 09:21 - 2012-05-04 06:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 09:21 - 2012-05-04 05:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 09:21 - 2012-05-04 05:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 09:21 - 2012-05-01 00:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 09:21 - 2012-04-27 22:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 09:21 - 2012-04-26 00:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 09:21 - 2012-04-26 00:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 09:21 - 2012-04-26 00:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 09:21 - 2012-04-24 00:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 09:21 - 2012-04-24 00:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 09:21 - 2012-04-24 00:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 09:21 - 2012-04-23 23:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 09:21 - 2012-04-23 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 09:21 - 2012-04-23 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 09:21 - 2012-04-07 07:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 09:21 - 2012-04-07 06:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-12 23:53 - 2012-06-19 00:01 - 00000000 ___SD C:\Users\nacer\Google Drive
2012-06-12 23:53 - 2012-06-12 23:53 - 00001673 ____A C:\Users\nacer\Desktop\Google Drive.lnk
2012-06-12 23:47 - 2012-06-12 23:47 - 00000000 ____D C:\Users\nacer\AppData\LocalGoogle
2012-06-12 23:46 - 2012-06-19 22:25 - 00001062 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-12 23:46 - 2012-06-18 21:51 - 00001066 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-12 23:46 - 2012-06-12 23:47 - 00000000 ____D C:\Program Files (x86)\Google
2012-06-11 21:43 - 2012-06-14 23:20 - 00000000 ____D C:\Users\nacer\Desktop\annonce kijiji
2012-06-11 20:18 - 2012-06-11 20:18 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] 21.Jump.Street.2012.FRENCH.BDRip.XviD.REPACK.1CD-ITOMA
2012-06-11 20:13 - 2012-06-11 20:14 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Jeff.Who.Lives.at.Home.2011.LIMITED.FRENCH.DVDRip.XViD-AYMO
2012-06-08 21:46 - 2012-06-08 21:46 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Dance For It 2011 TRUEFRENCH DvDRiP Xvid-TFTD
2012-06-08 18:33 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-08 18:33 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-08 18:33 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-08 18:33 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-08 18:33 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-08 18:33 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-08 18:33 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-08 18:33 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-08 18:33 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-07 16:25 - 2012-06-07 16:25 - 00000000 ____D C:\Users\nacer\Documents\Adobe
2012-06-07 11:58 - 2012-06-16 17:58 - 00000000 ____D C:\Users\nacer\Desktop\Exportation sans titre
2012-06-07 10:28 - 2012-06-07 10:28 - 00002029 ____A C:\Users\Public\Desktop\Lightroom 4.1 64-bits.lnk
2012-06-07 10:28 - 2012-06-07 10:28 - 00002029 ____A C:\Users\All Users\Desktop\Lightroom 4.1 64-bits.lnk
2012-06-07 10:23 - 2012-06-07 10:23 - 00000000 ____D C:\Users\nacer\Desktop\Adobe
2012-06-06 23:28 - 2012-06-06 23:28 - 00000000 ____D C:\Users\nacer\Application Data\ElephormDVDPlayer.8FC2E10752433BF8182FC825ABC2922D2AC381F8.1
2012-06-06 23:28 - 2012-06-06 23:28 - 00000000 ____D C:\Users\nacer\AppData\Roaming\ElephormDVDPlayer.8FC2E10752433BF8182FC825ABC2922D2AC381F8.1
2012-06-06 23:28 - 2012-06-06 23:28 - 00000000 ____D C:\Program Files (x86)\Elephorm
2012-06-06 20:13 - 2012-06-06 20:13 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Ingenious.2009.STV.FRENCH.DVDRip.XviD-SHARiNG
2012-06-06 13:48 - 2012-06-06 13:48 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Man.on.a.Ledge.2012.FRENCH.BRRiP.XviD-AUTOPSiE
2012-06-06 11:05 - 2012-06-06 11:05 - 00001096 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-06-06 11:05 - 2012-06-06 11:05 - 00001096 ____A C:\Users\All Users\Desktop\RealPlayer.lnk
2012-06-04 11:54 - 2012-06-04 11:55 - 00005120 ____A C:\Users\nacer\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-04 11:54 - 2012-06-04 11:55 - 00005120 ____A C:\Users\nacer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-04 11:54 - 2012-06-04 11:55 - 00005120 ____A C:\Users\nacer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-03 21:20 - 2012-06-03 21:21 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Lord.Of.The.Light.2011.FRENCH.DVDRiP.XViD.AC3-ARTEFAC
2012-06-03 20:40 - 2012-06-04 08:31 - 00000000 ____D C:\Users\nacer\Application Data\DivX
2012-06-03 20:40 - 2012-06-04 08:31 - 00000000 ____D C:\Users\nacer\AppData\Roaming\DivX
2012-06-03 20:39 - 2012-06-04 08:33 - 00000000 ____D C:\Program Files\DivX
2012-06-03 20:38 - 2012-06-04 08:33 - 00000000 ____D C:\Program Files (x86)\DivX
2012-06-03 20:24 - 2012-06-04 08:33 - 00000000 ____D C:\Users\All Users\DivX
2012-06-03 20:24 - 2012-06-04 08:33 - 00000000 ____D C:\Users\All Users\Application Data\DivX
2012-06-03 20:14 - 2012-06-03 20:14 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Project.X.2012.FRENCH.BRRiP.XviD.AC3-AUTOPSiE
2012-06-03 03:34 - 2012-06-03 03:34 - 00001179 ____A C:\Users\Public\Desktop\Capture NX 2.lnk
2012-06-03 03:34 - 2012-06-03 03:34 - 00001179 ____A C:\Users\All Users\Desktop\Capture NX 2.lnk
2012-06-03 03:34 - 2012-06-03 03:34 - 00000268 ___RH C:\Users\nacer\Application Data\Textures
2012-06-03 03:34 - 2012-06-03 03:34 - 00000268 ___RH C:\Users\nacer\AppData\Roaming\Textures
2012-06-03 03:34 - 2012-06-03 03:34 - 00000268 ___RH C:\Users\All Users\Transportation
2012-06-03 03:34 - 2012-06-03 03:34 - 00000268 ___RH C:\Users\All Users\Trance Pad
2012-06-03 03:34 - 2012-06-03 03:34 - 00000268 ___RH C:\Users\All Users\Application Data\Transportation
2012-06-03 03:34 - 2012-06-03 03:34 - 00000268 ___RH C:\Users\All Users\Application Data\Trance Pad
2012-06-03 03:34 - 2012-06-03 03:34 - 00000020 ____H C:\Users\All Users\PKP_DLck.DAT
2012-06-03 03:34 - 2012-06-03 03:34 - 00000020 ____H C:\Users\All Users\Application Data\PKP_DLck.DAT
2012-06-03 03:34 - 2012-06-03 03:34 - 00000012 ___RH C:\Users\All Users\Command Line Utility
2012-06-03 03:34 - 2012-06-03 03:34 - 00000012 ___RH C:\Users\All Users\Colors
2012-06-03 03:34 - 2012-06-03 03:34 - 00000012 ___RH C:\Users\All Users\Application Data\Command Line Utility
2012-06-03 03:34 - 2012-06-03 03:34 - 00000012 ___RH C:\Users\All Users\Application Data\Colors
2012-06-03 03:31 - 2012-06-10 09:45 - 00000020 ____H C:\Users\All Users\PKP_DLbx.DAT
2012-06-03 03:31 - 2012-06-10 09:45 - 00000020 ____H C:\Users\All Users\Application Data\PKP_DLbx.DAT
2012-06-02 18:40 - 2012-06-02 18:40 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\nacer\Local Settings\MétéoMédia
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\nacer\Local Settings\Application Data\MétéoMédia
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\nacer\AppData\Local\MétéoMédia
2012-05-31 14:53 - 2012-05-31 14:53 - 00000000 ____D C:\Program Files\WinZip
2012-05-25 18:40 - 2012-05-25 18:42 - 00000000 ____D C:\Users\nacer\Downloads\ELsirra.Alnabawya.Tarek.Swidan
2012-05-25 17:43 - 2012-05-25 17:43 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Safe.House.2012.FRENCH.BRRiP.XViD-JHB
2012-05-25 17:41 - 2012-05-25 17:41 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Safe.House.2012.VOSTFR.DVDRip.XviD.AC3-KLine
2012-05-23 23:22 - 2012-05-23 23:22 - 00266925 ____A C:\Users\nacer\Desktop\Facture102.pdf
 
(second part):


============ 3 Months Modified Files and Folders =============
2012-06-20 01:45 - 2012-06-20 01:44 - 00000000 ____D C:\FRST
2012-06-19 23:21 - 2012-06-17 16:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-19 23:21 - 2012-06-17 09:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-19 23:21 - 2012-06-17 09:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-19 23:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2012-06-19 22:27 - 2012-03-14 16:52 - 00000000 ____D C:\Users\nacer\Application Data\uTorrent
2012-06-19 22:27 - 2012-03-14 16:52 - 00000000 ____D C:\Users\nacer\AppData\Roaming\uTorrent
2012-06-19 22:26 - 2012-03-13 20:11 - 00000000 ____D C:\Users\All Users\Kodak
2012-06-19 22:26 - 2012-03-13 20:11 - 00000000 ____D C:\Users\All Users\Application Data\Kodak
2012-06-19 22:25 - 2012-06-12 23:46 - 00001062 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-19 22:25 - 2012-02-16 20:05 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-06-19 22:25 - 2012-02-16 20:05 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-06-19 22:25 - 2012-02-16 20:05 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-06-19 22:25 - 2012-02-16 20:05 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-06-19 22:25 - 2012-02-16 20:05 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-06-19 22:25 - 2012-02-16 20:05 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-06-19 22:25 - 2012-02-16 20:00 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-06-19 22:24 - 2012-03-13 15:47 - 00000000 ____D C:\Users\nacer\Local Settings\VirtualStore
2012-06-19 22:24 - 2012-03-13 15:47 - 00000000 ____D C:\Users\nacer\Local Settings\Application Data\VirtualStore
2012-06-19 22:24 - 2012-03-13 15:47 - 00000000 ____D C:\Users\nacer\AppData\Local\VirtualStore
2012-06-19 22:24 - 2012-02-16 21:15 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-19 22:24 - 2012-02-16 21:15 - 00000000 ____D C:\Users\All Users\Application Data\NVIDIA
2012-06-19 22:23 - 2012-04-25 09:16 - 00021390 ____A C:\Windows\setupact.log
2012-06-19 22:23 - 2012-03-13 15:43 - 00000000 ____D C:\users\nacer
2012-06-19 22:23 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-19 22:23 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-06-19 21:05 - 2012-06-19 21:05 - 00065536 __ASH C:\Windows\System32\config\components{56d800df-8bba-11e1-9301-4ceb421039a1}.TxR.blf
2012-06-19 18:49 - 2012-02-16 21:14 - 01176824 ____A C:\Windows\WindowsUpdate.log
2012-06-19 18:48 - 2012-02-16 20:28 - 00000000 ____D C:\Users\All Users\Sonic
2012-06-19 18:48 - 2012-02-16 20:28 - 00000000 ____D C:\Users\All Users\Application Data\Sonic
2012-06-19 00:01 - 2012-06-12 23:53 - 00000000 ___SD C:\Users\nacer\Google Drive
2012-06-18 22:11 - 2012-04-17 22:09 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-06-18 22:04 - 2012-06-18 22:04 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-18 22:04 - 2012-06-18 22:04 - 00000000 ____D C:\Users\All Users\Application Data\HitmanPro
2012-06-18 21:51 - 2012-06-12 23:46 - 00001066 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-18 21:40 - 2012-03-31 09:39 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-18 21:40 - 2012-03-26 13:00 - 00001078 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236642402-275450473-2825933408-1001UA.job
2012-06-18 21:40 - 2012-03-26 12:59 - 00001026 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236642402-275450473-2825933408-1001Core.job
2012-06-17 20:06 - 2011-04-07 21:14 - 01404730 ____A C:\Windows\System32\perfh00C.dat
2012-06-17 20:06 - 2011-04-07 21:14 - 00371656 ____A C:\Windows\System32\perfc00C.dat
2012-06-17 20:06 - 2009-07-14 00:13 - 00006472 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-17 18:14 - 2009-07-14 00:08 - 00032496 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-17 16:42 - 2012-06-17 16:42 - 00000000 ____D C:\Users\nacer\Application Data\Malwarebytes
2012-06-17 16:42 - 2012-06-17 16:42 - 00000000 ____D C:\Users\nacer\AppData\Roaming\Malwarebytes
2012-06-17 16:39 - 2012-06-17 16:39 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-17 16:39 - 2012-06-17 16:39 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-17 16:39 - 2012-06-17 16:39 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-17 16:39 - 2012-06-17 16:39 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-06-17 09:32 - 2012-03-14 12:22 - 00000000 __SHD C:\Users\nacer\Local Settings\Application Data\{cef69c20-c207-628d-19fc-7ff2452f6860}
2012-06-17 09:32 - 2012-03-14 12:22 - 00000000 __SHD C:\Users\nacer\Local Settings\{cef69c20-c207-628d-19fc-7ff2452f6860}
2012-06-17 09:32 - 2012-03-14 12:22 - 00000000 __SHD C:\Users\nacer\AppData\Local\{cef69c20-c207-628d-19fc-7ff2452f6860}
2012-06-17 09:17 - 2012-03-14 15:53 - 00001912 ____A C:\Windows\epplauncher.mif
2012-06-17 09:16 - 2011-02-10 10:41 - 00006438 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-16 17:58 - 2012-06-07 11:58 - 00000000 ____D C:\Users\nacer\Desktop\Exportation sans titre
2012-06-16 15:14 - 2012-06-16 15:13 - 00000000 ____D C:\Users\nacer\Desktop\Nouveau dossier
2012-06-15 15:43 - 2009-07-13 23:45 - 00025008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-15 15:43 - 2009-07-13 23:45 - 00025008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-15 07:40 - 2012-06-15 07:40 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Another.Happy.Day.2011.TRUEFRENCH.DVDRip.XviD.AC3-DesTroY
2012-06-14 23:20 - 2012-06-11 21:43 - 00000000 ____D C:\Users\nacer\Desktop\annonce kijiji
2012-06-14 10:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2012-06-14 09:01 - 2012-03-13 18:16 - 00000000 ____D C:\Users\nacer\Local Settings\Nero
2012-06-14 09:01 - 2012-03-13 18:16 - 00000000 ____D C:\Users\nacer\Local Settings\Application Data\Nero
2012-06-14 09:01 - 2012-03-13 18:16 - 00000000 ____D C:\Users\nacer\AppData\Local\Nero
2012-06-14 02:29 - 2009-07-13 23:45 - 05141856 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 02:12 - 2012-03-13 19:53 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-14 02:12 - 2012-03-13 19:53 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-06-14 02:06 - 2012-03-15 11:10 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-14 02:02 - 2012-06-14 02:02 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2012-06-14 02:02 - 2012-06-14 02:02 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2012-06-12 23:53 - 2012-06-12 23:53 - 00001673 ____A C:\Users\nacer\Desktop\Google Drive.lnk
2012-06-12 23:47 - 2012-06-12 23:47 - 00000000 ____D C:\Users\nacer\AppData\LocalGoogle
2012-06-12 23:47 - 2012-06-12 23:46 - 00000000 ____D C:\Program Files (x86)\Google
2012-06-12 23:47 - 2012-03-26 12:59 - 00000000 ____D C:\Users\nacer\Local Settings\Google
2012-06-12 23:47 - 2012-03-26 12:59 - 00000000 ____D C:\Users\nacer\Local Settings\Application Data\Google
2012-06-12 23:47 - 2012-03-26 12:59 - 00000000 ____D C:\Users\nacer\AppData\Local\Google
2012-06-12 18:56 - 2012-04-17 22:09 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-06-11 22:52 - 2012-03-25 11:07 - 00000000 ____D C:\Users\nacer\Application Data\vlc
2012-06-11 22:52 - 2012-03-25 11:07 - 00000000 ____D C:\Users\nacer\AppData\Roaming\vlc
2012-06-11 20:18 - 2012-06-11 20:18 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] 21.Jump.Street.2012.FRENCH.BDRip.XviD.REPACK.1CD-ITOMA
2012-06-11 20:14 - 2012-06-11 20:13 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Jeff.Who.Lives.at.Home.2011.LIMITED.FRENCH.DVDRip.XViD-AYMO
2012-06-10 09:45 - 2012-06-03 03:31 - 00000020 ____H C:\Users\All Users\PKP_DLbx.DAT
2012-06-10 09:45 - 2012-06-03 03:31 - 00000020 ____H C:\Users\All Users\Application Data\PKP_DLbx.DAT
2012-06-08 21:46 - 2012-06-08 21:46 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Dance For It 2011 TRUEFRENCH DvDRiP Xvid-TFTD
2012-06-07 16:25 - 2012-06-07 16:25 - 00000000 ____D C:\Users\nacer\Documents\Adobe
2012-06-07 16:25 - 2012-03-14 16:57 - 00000000 ____D C:\Users\nacer\Local Settings\Application Data\Adobe
2012-06-07 16:25 - 2012-03-14 16:57 - 00000000 ____D C:\Users\nacer\Local Settings\Adobe
2012-06-07 16:25 - 2012-03-14 16:57 - 00000000 ____D C:\Users\nacer\AppData\Local\Adobe
2012-06-07 16:25 - 2012-03-13 18:00 - 00000000 ____D C:\Users\nacer\Application Data\Adobe
2012-06-07 16:25 - 2012-03-13 18:00 - 00000000 ____D C:\Users\nacer\AppData\Roaming\Adobe
2012-06-07 10:28 - 2012-06-07 10:28 - 00002029 ____A C:\Users\Public\Desktop\Lightroom 4.1 64-bits.lnk
2012-06-07 10:28 - 2012-06-07 10:28 - 00002029 ____A C:\Users\All Users\Desktop\Lightroom 4.1 64-bits.lnk
2012-06-07 10:28 - 2012-03-14 17:17 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-06-07 10:28 - 2012-02-16 19:59 - 00000000 ____D C:\Users\All Users\Application Data\Adobe
2012-06-07 10:28 - 2012-02-16 19:59 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-07 10:27 - 2012-03-14 20:33 - 00000000 ____D C:\Program Files\Adobe
2012-06-07 10:23 - 2012-06-07 10:23 - 00000000 ____D C:\Users\nacer\Desktop\Adobe
2012-06-06 23:28 - 2012-06-06 23:28 - 00000000 ____D C:\Users\nacer\Application Data\ElephormDVDPlayer.8FC2E10752433BF8182FC825ABC2922D2AC381F8.1
2012-06-06 23:28 - 2012-06-06 23:28 - 00000000 ____D C:\Users\nacer\AppData\Roaming\ElephormDVDPlayer.8FC2E10752433BF8182FC825ABC2922D2AC381F8.1
2012-06-06 23:28 - 2012-06-06 23:28 - 00000000 ____D C:\Program Files (x86)\Elephorm
2012-06-06 20:13 - 2012-06-06 20:13 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Ingenious.2009.STV.FRENCH.DVDRip.XviD-SHARiNG
2012-06-06 13:48 - 2012-06-06 13:48 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Man.on.a.Ledge.2012.FRENCH.BRRiP.XviD-AUTOPSiE
2012-06-06 11:05 - 2012-06-06 11:05 - 00001096 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-06-06 11:05 - 2012-06-06 11:05 - 00001096 ____A C:\Users\All Users\Desktop\RealPlayer.lnk
2012-06-06 11:05 - 2012-04-16 15:51 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-06-06 11:05 - 2012-04-16 15:50 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-06-06 11:05 - 2012-04-16 15:50 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-06-06 11:05 - 2012-04-16 15:50 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-06-06 11:05 - 2012-04-16 15:50 - 00000000 ____D C:\Users\All Users\Real
2012-06-06 11:05 - 2012-04-16 15:50 - 00000000 ____D C:\Users\All Users\Application Data\Real
2012-06-04 14:26 - 2012-03-13 21:18 - 00000000 ____D C:\Users\nacer\Application Data\Skype
2012-06-04 14:26 - 2012-03-13 21:18 - 00000000 ____D C:\Users\nacer\AppData\Roaming\Skype
2012-06-04 11:55 - 2012-06-04 11:54 - 00005120 ____A C:\Users\nacer\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-04 11:55 - 2012-06-04 11:54 - 00005120 ____A C:\Users\nacer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-04 11:55 - 2012-06-04 11:54 - 00005120 ____A C:\Users\nacer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-04 08:34 - 2012-04-29 10:10 - 00003234 ____A C:\Windows\PFRO.log
2012-06-04 08:33 - 2012-06-03 20:39 - 00000000 ____D C:\Program Files\DivX
2012-06-04 08:33 - 2012-06-03 20:38 - 00000000 ____D C:\Program Files (x86)\DivX
2012-06-04 08:33 - 2012-06-03 20:24 - 00000000 ____D C:\Users\All Users\DivX
2012-06-04 08:33 - 2012-06-03 20:24 - 00000000 ____D C:\Users\All Users\Application Data\DivX
2012-06-04 08:31 - 2012-06-03 20:40 - 00000000 ____D C:\Users\nacer\Application Data\DivX
2012-06-04 08:31 - 2012-06-03 20:40 - 00000000 ____D C:\Users\nacer\AppData\Roaming\DivX
2012-06-03 21:21 - 2012-06-03 21:20 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Lord.Of.The.Light.2011.FRENCH.DVDRiP.XViD.AC3-ARTEFAC
2012-06-03 20:14 - 2012-06-03 20:14 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Project.X.2012.FRENCH.BRRiP.XviD.AC3-AUTOPSiE
2012-06-03 12:27 - 2012-04-16 15:50 - 00000000 ____D C:\Users\nacer\Application Data\Real
2012-06-03 12:27 - 2012-04-16 15:50 - 00000000 ____D C:\Users\nacer\AppData\Roaming\Real
2012-06-03 03:34 - 2012-06-03 03:34 - 00001179 ____A C:\Users\Public\Desktop\Capture NX 2.lnk
2012-06-03 03:34 - 2012-06-03 03:34 - 00001179 ____A C:\Users\All Users\Desktop\Capture NX 2.lnk
2012-06-03 03:34 - 2012-06-03 03:34 - 00000268 ___RH C:\Users\nacer\Application Data\Textures
2012-06-03 03:34 - 2012-06-03 03:34 - 00000268 ___RH C:\Users\nacer\AppData\Roaming\Textures
2012-06-03 03:34 - 2012-06-03 03:34 - 00000268 ___RH C:\Users\All Users\Transportation
2012-06-03 03:34 - 2012-06-03 03:34 - 00000268 ___RH C:\Users\All Users\Trance Pad
2012-06-03 03:34 - 2012-06-03 03:34 - 00000268 ___RH C:\Users\All Users\Application Data\Transportation
2012-06-03 03:34 - 2012-06-03 03:34 - 00000268 ___RH C:\Users\All Users\Application Data\Trance Pad
2012-06-03 03:34 - 2012-06-03 03:34 - 00000020 ____H C:\Users\All Users\PKP_DLck.DAT
2012-06-03 03:34 - 2012-06-03 03:34 - 00000020 ____H C:\Users\All Users\Application Data\PKP_DLck.DAT
2012-06-03 03:34 - 2012-06-03 03:34 - 00000012 ___RH C:\Users\All Users\Command Line Utility
2012-06-03 03:34 - 2012-06-03 03:34 - 00000012 ___RH C:\Users\All Users\Colors
2012-06-03 03:34 - 2012-06-03 03:34 - 00000012 ___RH C:\Users\All Users\Application Data\Command Line Utility
2012-06-03 03:34 - 2012-06-03 03:34 - 00000012 ___RH C:\Users\All Users\Application Data\Colors
2012-06-03 03:34 - 2012-04-13 08:38 - 00000000 ____D C:\Users\nacer\Local Settings\Nikon
2012-06-03 03:34 - 2012-04-13 08:38 - 00000000 ____D C:\Users\nacer\Local Settings\Application Data\Nikon
2012-06-03 03:34 - 2012-04-13 08:38 - 00000000 ____D C:\Users\nacer\Application Data\Nikon
2012-06-03 03:34 - 2012-04-13 08:38 - 00000000 ____D C:\Users\nacer\AppData\Roaming\Nikon
2012-06-03 03:34 - 2012-04-13 08:38 - 00000000 ____D C:\Users\nacer\AppData\Local\Nikon
2012-06-03 03:34 - 2012-04-13 08:31 - 00000000 ____D C:\Users\All Users\Ultima_T15
2012-06-03 03:34 - 2012-04-13 08:31 - 00000000 ____D C:\Users\All Users\EnterNHelp
2012-06-03 03:34 - 2012-04-13 08:31 - 00000000 ____D C:\Users\All Users\Application Data\Ultima_T15
2012-06-03 03:34 - 2012-04-13 08:31 - 00000000 ____D C:\Users\All Users\Application Data\EnterNHelp
2012-06-03 03:32 - 2012-04-13 08:31 - 00000000 ____D C:\Program Files (x86)\Nikon
2012-06-02 18:40 - 2012-06-02 18:40 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-02 17:19 - 2012-06-08 18:33 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-08 18:33 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-08 18:33 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-08 18:33 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-08 18:33 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-08 18:33 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-08 18:33 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-08 18:33 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-08 18:33 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\nacer\Local Settings\MétéoMédia
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\nacer\Local Settings\Application Data\MétéoMédia
2012-06-01 08:30 - 2012-06-01 08:30 - 00000000 ____D C:\Users\nacer\AppData\Local\MétéoMédia
2012-05-31 14:55 - 2012-03-14 17:44 - 00000000 ____D C:\Users\All Users\WinZip
2012-05-31 14:55 - 2012-03-14 17:44 - 00000000 ____D C:\Users\All Users\Application Data\WinZip
2012-05-31 14:53 - 2012-05-31 14:53 - 00000000 ____D C:\Program Files\WinZip
2012-05-31 13:07 - 2012-02-16 20:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-05-26 11:40 - 2012-04-21 09:28 - 00001456 ____A C:\Users\nacer\Local Settings\Application Data\Adobe Enregistrer pour le Web 12.0 Prefs
2012-05-26 11:40 - 2012-04-21 09:28 - 00001456 ____A C:\Users\nacer\Local Settings\Adobe Enregistrer pour le Web 12.0 Prefs
2012-05-26 11:40 - 2012-04-21 09:28 - 00001456 ____A C:\Users\nacer\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs
2012-05-25 18:42 - 2012-05-25 18:40 - 00000000 ____D C:\Users\nacer\Downloads\ELsirra.Alnabawya.Tarek.Swidan
2012-05-25 17:43 - 2012-05-25 17:43 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Safe.House.2012.FRENCH.BRRiP.XViD-JHB
2012-05-25 17:41 - 2012-05-25 17:41 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] Safe.House.2012.VOSTFR.DVDRip.XviD.AC3-KLine
2012-05-23 23:22 - 2012-05-23 23:22 - 00266925 ____A C:\Users\nacer\Desktop\Facture102.pdf
2012-05-23 22:00 - 2012-03-14 16:48 - 00000000 ____D C:\Users\nacer\Documents\Graphisme
2012-05-19 13:09 - 2012-03-13 18:02 - 00000000 ____D C:\Users\nacer\Application Data\Mozilla
2012-05-19 13:09 - 2012-03-13 18:02 - 00000000 ____D C:\Users\nacer\AppData\Roaming\Mozilla
2012-05-17 21:47 - 2012-06-14 02:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 21:16 - 2012-06-14 02:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 21:06 - 2012-06-14 02:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 20:59 - 2012-06-14 02:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 20:59 - 2012-06-14 02:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 20:58 - 2012-06-14 02:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 20:58 - 2012-06-14 02:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 20:56 - 2012-06-14 02:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 20:55 - 2012-06-14 02:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 20:55 - 2012-06-14 02:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 20:54 - 2012-06-14 02:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 20:51 - 2012-06-14 02:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 20:51 - 2012-06-14 02:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 20:47 - 2012-06-14 02:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 18:11 - 2012-06-14 02:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 17:48 - 2012-06-14 02:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 17:45 - 2012-06-14 02:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 17:36 - 2012-06-14 02:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 17:35 - 2012-06-14 02:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 17:35 - 2012-06-14 02:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 17:33 - 2012-06-14 02:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 17:31 - 2012-06-14 02:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 17:29 - 2012-06-14 02:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 17:29 - 2012-06-14 02:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 17:27 - 2012-06-14 02:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 17:25 - 2012-06-14 02:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 17:24 - 2012-06-14 02:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 17:20 - 2012-06-14 02:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-17 14:32 - 2012-03-14 17:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-17 14:32 - 2012-03-14 17:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-14 20:32 - 2012-06-13 09:21 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-13 22:41 - 2012-05-13 19:35 - 00000000 ____D C:\Users\nacer\Desktop\visa
2012-05-12 08:37 - 2011-04-07 21:37 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-06 18:42 - 2012-05-06 18:42 - 00000000 ____D C:\Users\nacer\Local Settings\Unity
2012-05-06 18:42 - 2012-05-06 18:42 - 00000000 ____D C:\Users\nacer\Local Settings\Application Data\Unity
2012-05-06 18:42 - 2012-05-06 18:42 - 00000000 ____D C:\Users\nacer\AppData\Local\Unity
2012-05-05 21:07 - 2012-03-14 16:54 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-05 10:16 - 2012-04-14 08:16 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 10:16 - 2012-03-31 09:39 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-05 10:16 - 2012-02-16 19:24 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-04 06:06 - 2012-06-13 09:21 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 05:03 - 2012-06-13 09:21 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 05:03 - 2012-06-13 09:21 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 21:38 - 2012-04-30 20:23 - 00000000 ____D C:\Users\nacer\Downloads\Asterix.Aux.Jeux.Olympiques.FRENCH.DVDRip.XviD
2012-05-03 21:37 - 2012-04-30 20:23 - 00000000 ____D C:\Users\nacer\Downloads\alvin et les chipmunks
2012-05-01 00:40 - 2012-06-13 09:21 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 20:42 - 2012-04-30 20:25 - 00000000 ____D C:\Users\nacer\Downloads\jeu de dupes
2012-04-30 20:18 - 2012-04-30 20:14 - 00000000 ____D C:\Users\nacer\Downloads\African.Cats.2011.FRENCH.BDRip.XviD-NERD
2012-04-30 14:08 - 2012-04-26 13:16 - 00000000 ____D C:\Users\All Users\Origin
2012-04-30 14:08 - 2012-04-26 13:16 - 00000000 ____D C:\Users\All Users\Application Data\Origin
2012-04-29 10:10 - 2012-03-20 21:50 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2012-04-29 10:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\LiveKernelReports
2012-04-27 22:55 - 2012-06-13 09:21 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 10:15 - 2012-04-27 10:15 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2012-04-26 13:16 - 2012-04-26 13:15 - 00000000 ____D C:\Users\nacer\Application Data\Origin
2012-04-26 13:16 - 2012-04-26 13:15 - 00000000 ____D C:\Users\nacer\AppData\Roaming\Origin
2012-04-26 13:15 - 2012-04-26 13:15 - 00000530 ____A C:\Windows\KB893803v2.log
2012-04-26 00:41 - 2012-06-13 09:21 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 00:41 - 2012-06-13 09:21 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 00:34 - 2012-06-13 09:21 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 19:30 - 2012-04-24 18:46 - 00000000 ____D C:\Users\nacer\Downloads\[www.Cpasbien.com] The.Guard.2011.FRENCH.BRRIP.XviD.AC3-ArRoWs
2012-04-24 00:37 - 2012-06-13 09:21 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 00:37 - 2012-06-13 09:21 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 00:37 - 2012-06-13 09:21 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 23:36 - 2012-06-13 09:21 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 23:36 - 2012-06-13 09:21 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 23:36 - 2012-06-13 09:21 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 11:07 - 2012-04-02 19:04 - 00000000 ____D C:\Users\nacer\Downloads\font
2012-04-23 08:34 - 2012-04-23 08:34 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-23 08:34 - 2012-04-23 08:34 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-04-23 08:34 - 2012-04-23 08:33 - 00000000 ____D C:\Program Files\iTunes
2012-04-23 08:34 - 2012-04-23 08:33 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-04-23 08:33 - 2012-04-23 08:33 - 00000000 ____D C:\Program Files\iPod
2012-04-23 08:33 - 2012-04-09 19:25 - 00000000 ____D C:\Users\All Users\Application Data\Apple Computer
2012-04-23 08:33 - 2012-04-09 19:25 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-04-23 08:31 - 2012-04-23 08:31 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-04-23 08:31 - 2012-04-23 08:31 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-04-23 08:31 - 2012-04-23 08:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-04-21 08:59 - 2012-04-03 00:20 - 00000000 ____D C:\Users\All Users\FLEXnet
2012-04-21 08:59 - 2012-04-03 00:20 - 00000000 ____D C:\Users\All Users\Application Data\FLEXnet
2012-04-21 08:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2012-04-20 23:24 - 2012-04-20 23:24 - 04815683 ____A C:\Users\nacer\Documents\DIDINE & ...pdf
2012-04-20 23:16 - 2012-04-20 23:16 - 00000000 ____D C:\Program Files (x86)\123di_5021
2012-04-17 22:09 - 2012-04-11 10:41 - 00000000 ____D C:\Program Files\Dell Support Center
2012-04-16 15:51 - 2012-04-16 15:50 - 00000000 ____D C:\Program Files (x86)\Real
2012-04-16 15:50 - 2003-03-18 21:14 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-04-16 15:50 - 2003-02-21 05:42 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-04-16 13:27 - 2012-03-14 17:18 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-04-16 13:27 - 2012-03-14 17:18 - 00000000 ____D C:\Users\All Users\Application Data\regid.1986-12.com.adobe
2012-04-16 13:27 - 2012-03-13 15:44 - 00169248 ____A C:\Users\nacer\Local Settings\GDIPFONTCACHEV1.DAT
2012-04-16 13:27 - 2012-03-13 15:44 - 00169248 ____A C:\Users\nacer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-04-16 13:27 - 2012-03-13 15:44 - 00169248 ____A C:\Users\nacer\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-16 13:00 - 2012-02-16 19:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-04-14 22:26 - 2012-04-13 08:31 - 00000020 ____H C:\Users\All Users\PKP_DLet.DAT
2012-04-14 22:26 - 2012-04-13 08:31 - 00000020 ____H C:\Users\All Users\Application Data\PKP_DLet.DAT
2012-04-14 08:28 - 2012-04-14 08:28 - 00000000 ____D C:\Users\All Users\Nikon
2012-04-14 08:28 - 2012-04-14 08:28 - 00000000 ____D C:\Users\All Users\Application Data\Nikon
2012-04-13 08:33 - 2012-03-13 17:52 - 00000000 ____D C:\Users\nacer\Local Settings\Downloaded Installations
2012-04-13 08:33 - 2012-03-13 17:52 - 00000000 ____D C:\Users\nacer\Local Settings\Application Data\Downloaded Installations
2012-04-13 08:33 - 2012-03-13 17:52 - 00000000 ____D C:\Users\nacer\AppData\Local\Downloaded Installations
2012-04-13 08:33 - 2012-02-16 19:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-13 08:32 - 2012-04-13 08:32 - 00001968 ____A C:\Users\Public\Desktop\ViewNX 2.lnk
2012-04-13 08:32 - 2012-04-13 08:32 - 00001968 ____A C:\Users\All Users\Desktop\ViewNX 2.lnk
2012-04-13 08:31 - 2012-04-13 08:31 - 00000268 ___RH C:\Users\nacer\Application Data\Pipe Organ
2012-04-13 08:31 - 2012-04-13 08:31 - 00000268 ___RH C:\Users\nacer\Application Data\Pick Bass
2012-04-13 08:31 - 2012-04-13 08:31 - 00000268 ___RH C:\Users\nacer\Application Data\Pianos and Keyboards
2012-04-13 08:31 - 2012-04-13 08:31 - 00000268 ___RH C:\Users\nacer\AppData\Roaming\Pipe Organ
2012-04-13 08:31 - 2012-04-13 08:31 - 00000268 ___RH C:\Users\nacer\AppData\Roaming\Pick Bass
2012-04-13 08:31 - 2012-04-13 08:31 - 00000268 ___RH C:\Users\nacer\AppData\Roaming\Pianos and Keyboards
2012-04-13 08:31 - 2012-04-13 08:31 - 00000268 ___RH C:\Users\All Users\Plug-Ins
2012-04-13 08:31 - 2012-04-13 08:31 - 00000268 ___RH C:\Users\All Users\Plug-In Settings
2012-04-13 08:31 - 2012-04-13 08:31 - 00000268 ___RH C:\Users\All Users\Plants
2012-04-13 08:31 - 2012-04-13 08:31 - 00000268 ___RH C:\Users\All Users\Application Data\Plug-Ins
2012-04-13 08:31 - 2012-04-13 08:31 - 00000268 ___RH C:\Users\All Users\Application Data\Plug-In Settings
2012-04-13 08:31 - 2012-04-13 08:31 - 00000268 ___RH C:\Users\All Users\Application Data\Plants
2012-04-13 08:31 - 2012-04-13 08:31 - 00000020 ____H C:\Users\All Users\PKP_DLev.DAT
2012-04-13 08:31 - 2012-04-13 08:31 - 00000020 ____H C:\Users\All Users\PKP_DLes.DAT
2012-04-13 08:31 - 2012-04-13 08:31 - 00000020 ____H C:\Users\All Users\Application Data\PKP_DLev.DAT
2012-04-13 08:31 - 2012-04-13 08:31 - 00000020 ____H C:\Users\All Users\Application Data\PKP_DLes.DAT
2012-04-13 08:31 - 2012-04-13 08:31 - 00000000 ____D C:\Users\All Users\Image Units
2012-04-13 08:31 - 2012-04-13 08:31 - 00000000 ____D C:\Users\All Users\Hybrid Chords
2012-04-13 08:31 - 2012-04-13 08:31 - 00000000 ____D C:\Users\All Users\Helper Scripts
2012-04-13 08:31 - 2012-04-13 08:31 - 00000000 ____D C:\Users\All Users\Application Data\Image Units
2012-04-13 08:31 - 2012-04-13 08:31 - 00000000 ____D C:\Users\All Users\Application Data\Hybrid Chords
2012-04-13 08:31 - 2012-04-13 08:31 - 00000000 ____D C:\Users\All Users\Application Data\Helper Scripts
2012-04-13 08:31 - 2003-03-18 20:05 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL
2012-04-12 11:55 - 2012-04-12 11:55 - 00000000 ____D C:\Users\Default\Local Settings\Microsoft Help
2012-04-12 11:55 - 2012-04-12 11:55 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\Microsoft Help
2012-04-12 11:55 - 2012-04-12 11:55 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-04-12 11:55 - 2012-04-12 11:55 - 00000000 ____D C:\Users\Default User\Local Settings\Microsoft Help
2012-04-12 11:55 - 2012-04-12 11:55 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\Microsoft Help
2012-04-12 11:55 - 2012-04-12 11:55 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-04-10 23:12 - 2011-02-10 08:33 - 00000000 ____D C:\DELL
2012-04-07 21:11 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-04-07 07:31 - 2012-06-13 09:21 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 06:26 - 2012-06-13 09:21 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-05 15:08 - 2012-03-13 20:24 - 00000000 ____D C:\Users\nacer\Local Settings\Eastman_Kodak_Company
2012-04-05 15:08 - 2012-03-13 20:24 - 00000000 ____D C:\Users\nacer\Local Settings\Application Data\Eastman_Kodak_Company
2012-04-05 15:08 - 2012-03-13 20:24 - 00000000 ____D C:\Users\nacer\AppData\Local\Eastman_Kodak_Company
2012-04-05 13:11 - 2012-04-05 13:11 - 00000000 ____D C:\Users\nacer\Local Settings\Mozilla
2012-04-05 13:11 - 2012-04-05 13:11 - 00000000 ____D C:\Users\nacer\Local Settings\Application Data\Mozilla
2012-04-05 13:11 - 2012-04-05 13:11 - 00000000 ____D C:\Users\nacer\AppData\Local\Mozilla
2012-04-05 13:11 - 2012-04-05 13:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-04 18:48 - 2012-03-24 17:31 - 00000000 ____D C:\Users\nacer\Application Data\Apple Computer
2012-04-04 18:48 - 2012-03-24 17:31 - 00000000 ____D C:\Users\nacer\AppData\Roaming\Apple Computer
2012-04-04 14:56 - 2012-06-17 16:39 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 00:10 - 2012-04-03 00:10 - 00000000 ____D C:\Users\All Users\Application Data\ALM
2012-04-03 00:10 - 2012-04-03 00:10 - 00000000 ____D C:\Users\All Users\ALM
2012-04-02 23:44 - 2012-04-02 23:44 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2012-04-02 14:04 - 2012-04-01 22:27 - 00001096 ____A C:\Windows\SysWOW64\Ahmbed.gz
2012-04-01 21:18 - 2012-04-01 21:18 - 00000000 ____D C:\Users\nacer\Application Data\TuneUp Software
2012-04-01 21:18 - 2012-04-01 21:18 - 00000000 ____D C:\Users\nacer\AppData\Roaming\TuneUp Software
2012-04-01 21:18 - 2012-04-01 21:18 - 00000000 ____D C:\Users\All Users\TuneUp Software
2012-04-01 21:18 - 2012-04-01 21:18 - 00000000 ____D C:\Users\All Users\Application Data\TuneUp Software
2012-04-01 21:17 - 2012-04-01 21:17 - 00000000 __SHD C:\Users\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-01 21:17 - 2012-04-01 21:17 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-03-30 06:35 - 2012-05-11 18:57 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-26 13:03 - 2012-02-16 20:03 - 00000000 ____D C:\Users\All Users\Skype
2012-03-26 13:03 - 2012-02-16 20:03 - 00000000 ____D C:\Users\All Users\Application Data\Skype
2012-03-26 12:59 - 2012-03-13 22:32 - 00000000 ____D C:\Users\nacer\Local Settings\Deployment
2012-03-26 12:59 - 2012-03-13 22:32 - 00000000 ____D C:\Users\nacer\Local Settings\Application Data\Deployment
2012-03-26 12:59 - 2012-03-13 22:32 - 00000000 ____D C:\Users\nacer\AppData\Local\Deployment
2012-03-25 11:07 - 2012-03-25 11:07 - 00001068 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-03-25 11:07 - 2012-03-25 11:07 - 00001068 ____A C:\Users\All Users\Desktop\VLC media player.lnk
2012-03-25 11:07 - 2012-03-25 11:07 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2012-03-25 10:58 - 2012-03-19 14:15 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2012-03-24 17:31 - 2012-03-24 17:31 - 00000000 ____D C:\Users\nacer\Local Settings\Application Data\Apple Computer
2012-03-24 17:31 - 2012-03-24 17:31 - 00000000 ____D C:\Users\nacer\Local Settings\Apple Computer
2012-03-24 17:31 - 2012-03-24 17:31 - 00000000 ____D C:\Users\nacer\AppData\Local\Apple Computer
2012-03-24 17:30 - 2012-03-24 17:30 - 00000000 ____D C:\Users\All Users\Application Data\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-24 17:30 - 2012-03-24 17:30 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-24 17:29 - 2012-03-24 17:29 - 00000000 ____D C:\Users\nacer\Local Settings\Application Data\Apple
2012-03-24 17:29 - 2012-03-24 17:29 - 00000000 ____D C:\Users\nacer\Local Settings\Apple
2012-03-24 17:29 - 2012-03-24 17:29 - 00000000 ____D C:\Users\nacer\AppData\Local\Apple
2012-03-24 17:29 - 2012-03-24 17:29 - 00000000 ____D C:\Users\All Users\Application Data\Apple
2012-03-24 17:29 - 2012-03-24 17:29 - 00000000 ____D C:\Users\All Users\Apple
2012-03-24 17:29 - 2012-03-24 17:29 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-03-24 17:29 - 2012-03-24 17:29 - 00000000 ____D C:\Program Files\Bonjour
2012-03-24 17:29 - 2012-03-24 17:29 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-03-24 17:29 - 2012-03-24 17:29 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-03-23 14:14 - 2012-03-23 14:14 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-03-23 13:53 - 2012-03-18 12:48 - 00000000 ____D C:\Program Files\Palm, Inc
ZeroAccess:
C:\Windows\Installer\{cef69c20-c207-628d-19fc-7ff2452f6860}
C:\Windows\Installer\{cef69c20-c207-628d-19fc-7ff2452f6860}\@
C:\Windows\Installer\{cef69c20-c207-628d-19fc-7ff2452f6860}\L
C:\Windows\Installer\{cef69c20-c207-628d-19fc-7ff2452f6860}\n
C:\Windows\Installer\{cef69c20-c207-628d-19fc-7ff2452f6860}\U
ZeroAccess:
C:\Users\nacer\AppData\Local\{cef69c20-c207-628d-19fc-7ff2452f6860}
C:\Users\nacer\AppData\Local\{cef69c20-c207-628d-19fc-7ff2452f6860}\@
C:\Users\nacer\AppData\Local\{cef69c20-c207-628d-19fc-7ff2452f6860}\L
C:\Users\nacer\AppData\Local\{cef69c20-c207-628d-19fc-7ff2452f6860}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 10%
Total physical RAM: 8086.17 MB
Available physical RAM: 7269.44 MB
Total Pagefile: 8084.37 MB
Available Pagefile: 7260.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:245.67 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:9.74 GB) NTFS
4 Drive f: (KINGSTON) (Removable) (Total:7.44 GB) (Free:4.78 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Nø disque Statut Taille Libre Dyn GPT
--------- ------------- ------- ------- --- ---
Disque 0 En ligne 465 G octets 2048 K octets
Disque 1 En ligne 7628 M octets 0 octets
Disque 2 Aucun m‚dia 0 octets 0 octets
Quitte DiskPart...

==========================================================
Last Boot: 2012-06-08 10:53
======================= End Of Log ==========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
=========================================================

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Thanks for your kick answer.
Here is the result for the search:

Farbar Recovery Scan Tool Version: 19-06-2012
Ran by SYSTEM at 2012-06-20 03:07:16
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
 
See if you can boot normally.

If so....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
My fault.
I apologize :)
Too many topics with that damn rootkit...LOL
Hold on...
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 

Attachments

  • fixlist.txt
    399 bytes · Views: 6
Hi Broni,
Here is the result for the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 19-06-2012
Ran by SYSTEM at 2012-06-20 13:29:38 Run:1
Running from F:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\Installer\{cef69c20-c207-628d-19fc-7ff2452f6860} moved successfully.
C:\Users\nacer\AppData\Local\{cef69c20-c207-628d-19fc-7ff2452f6860} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====
 
Hi Broni,

So I launched ComboFix, and everything went fine, here is the report:
Thanks again for your help.

ComboFix 12-06-20.02 - nacer 2012-06-21 1:13.1.8 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.2.1036.18.8086.5864 [GMT -4:00]
Lancé depuis: c:\users\nacer\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\288d198f-eb50-4316-9b17-4269c8487bf7.dll
c:\programdata\Roaming
c:\programdata\Transportation
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-21 au 2012-06-21 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-21 05:38 . 2012-06-21 05:38 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1CA6E1B-D567-4A5D-8237-8C335FBDD032}\offreg.dll
2012-06-21 05:30 . 2012-06-21 05:30 -------- d-----w- C:\found.000
2012-06-21 05:20 . 2012-06-21 05:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-20 06:44 . 2012-06-20 06:46 -------- d-----w- C:\FRST
2012-06-19 03:04 . 2012-06-19 03:04 -------- d-----w- c:\programdata\HitmanPro
2012-06-17 21:42 . 2012-06-17 21:42 -------- d-----w- c:\users\nacer\AppData\Roaming\Malwarebytes
2012-06-17 21:39 . 2012-06-17 21:39 -------- d-----w- c:\programdata\Malwarebytes
2012-06-17 21:39 . 2012-06-20 04:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-17 21:39 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 14:18 . 2012-06-17 14:18 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2710400A-76E0-4B64-B3C5-1E5973355D4E}\gapaengine.dll
2012-06-17 14:18 . 2012-05-08 14:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1CA6E1B-D567-4A5D-8237-8C335FBDD032}\mpengine.dll
2012-06-17 14:16 . 2012-06-20 04:21 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-17 14:16 . 2012-06-20 04:21 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-13 14:21 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 04:53 . 2012-06-21 04:59 -------- d-s---w- c:\users\nacer\Google Drive
2012-06-13 04:46 . 2012-06-13 04:47 -------- d-----w- c:\program files (x86)\Google
2012-06-08 23:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-08 23:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-08 23:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-08 23:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-08 23:33 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-08 23:33 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-08 23:33 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-08 23:33 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-08 23:33 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-07 04:28 . 2012-06-07 04:28 -------- d-----w- c:\users\nacer\AppData\Roaming\ElephormDVDPlayer.8FC2E10752433BF8182FC825ABC2922D2AC381F8.1
2012-06-07 04:28 . 2012-06-07 04:28 -------- d-----w- c:\program files (x86)\Elephorm
2012-06-06 16:05 . 2012-06-06 16:05 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-06-04 01:40 . 2012-06-04 13:31 -------- d-----w- c:\users\nacer\AppData\Roaming\DivX
2012-06-04 01:39 . 2012-06-04 13:33 -------- d-----w- c:\program files\DivX
2012-06-04 01:38 . 2012-06-04 13:33 -------- d-----w- c:\program files (x86)\DivX
2012-06-04 01:24 . 2012-06-04 13:33 -------- d-----w- c:\programdata\DivX
2012-06-03 08:33 . 2012-06-03 08:33 49152 ----a-r- c:\users\nacer\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2012-06-02 23:40 . 2012-06-02 23:40 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-01 13:30 . 2012-06-01 13:30 -------- d-----w- c:\users\nacer\AppData\Local\MétéoMédia
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 15:16 . 2012-03-31 14:39 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 15:16 . 2012-02-17 00:24 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 15:16 . 2012-04-14 13:16 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-16 20:50 . 2003-03-19 02:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-04-16 20:50 . 2003-02-21 10:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-13 13:33 . 2012-04-13 13:33 57344 ----a-r- c:\users\nacer\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-04-13 13:31 . 2003-03-19 01:05 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2012-03-30 11:35 . 2012-05-11 23:57 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-13 12163568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-07-07 75064]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-06 296056]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\nacer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"Adobe_ID0ENQBO"=c:\progra~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-13 116648]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-03 1038088]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-13 116648]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-21 135440]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-04-10 166912]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-22 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 15:16]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-13 04:46]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-13 04:46]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236642402-275450473-2825933408-1001Core.job
- c:\users\nacer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 17:59]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236642402-275450473-2825933408-1001UA.job
- c:\users\nacer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-26 17:59]
.
2012-06-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-13 20:30 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-13 20:30 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-13 20:30 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-13 20:30 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-04-14 6629480]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-22 312936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-11 4500640]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Ajouter au fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\nacer\AppData\Roaming\Mozilla\Firefox\Profiles\0nk7r6pm.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Heure de fin: 2012-06-21 01:46:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-06-21 05:46
.
Avant-CF: 265 755 332 608 octets libres
Après-CF: 282 196 148 224 octets libres
.
- - End Of File - - 968D4FFB50FD5AA9EAE31C6ADA189D31
 
Looks good :)

Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
No more issues, internet is working and everything seams fine.
Here is the result for OTL (first part):

OTL logfile created on: 2012-06-21 02:00:36 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\nacer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

7,90 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 72,82% Memory free
15,79 Gb Paging File | 13,49 Gb Available in Paging File | 85,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 262,11 Gb Free Space | 58,75% Space Free | Partition Type: NTFS
Drive F: | 7,44 Gb Total Space | 4,78 Gb Free Space | 64,22% Space Free | Partition Type: FAT32

Computer Name: NACER-PC | User Name: nacer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-06-20 19:58:08 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\nacer\Desktop\OTL.exe
PRC - [2012-06-13 16:30:00 | 012,163,568 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012-06-13 00:46:56 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012-06-06 12:05:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012-04-10 00:31:48 | 000,166,912 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-03-19 15:30:34 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012-03-19 15:30:20 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012-01-03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-12-19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011-11-25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011-10-18 13:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011-10-18 13:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011-10-18 13:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011-10-18 13:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011-09-22 12:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011-09-22 12:11:26 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011-09-22 12:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011-09-21 12:30:12 | 004,109,312 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011-07-07 19:16:00 | 000,075,064 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
PRC - [2011-04-22 12:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-04-21 23:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-04-13 12:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010-12-20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010-12-20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010-11-17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010-05-25 19:16:16 | 000,619,008 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
PRC - [2008-06-11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2012-06-21 01:50:33 | 000,086,016 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\_elementtree.pyd
MOD - [2012-06-21 01:50:32 | 000,792,576 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\wx._gdi_.pyd
MOD - [2012-06-21 01:50:32 | 000,571,392 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\pysqlite2._sqlite.pyd
MOD - [2012-06-21 01:50:32 | 000,263,168 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\win32com.shell.shell.pyd
MOD - [2012-06-21 01:50:32 | 000,153,088 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\pyexpat.pyd
MOD - [2012-06-21 01:50:32 | 000,096,256 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\win32api.pyd
MOD - [2012-06-21 01:50:32 | 000,070,656 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\wx._html2.pyd
MOD - [2012-06-21 01:50:32 | 000,040,448 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\_socket.pyd
MOD - [2012-06-21 01:50:32 | 000,011,776 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\win32crypt.pyd
MOD - [2012-06-21 01:50:31 | 001,018,368 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\windows._cacheinvalidation.pyd
MOD - [2012-06-21 01:50:31 | 000,731,136 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\wx._misc_.pyd
MOD - [2012-06-21 01:50:31 | 000,354,304 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\pythoncom26.dll
MOD - [2012-06-21 01:50:31 | 000,110,592 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\PyWinTypes26.dll
MOD - [2012-06-21 01:50:31 | 000,073,728 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\_ctypes.pyd
MOD - [2012-06-21 01:50:30 | 001,169,408 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\wx._core_.pyd
MOD - [2012-06-21 01:50:30 | 001,056,256 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\wx._controls_.pyd
MOD - [2012-06-21 01:50:30 | 000,807,424 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\wx._windows_.pyd
MOD - [2012-06-21 01:50:30 | 000,645,120 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\_ssl.pyd
MOD - [2012-06-21 01:50:30 | 000,585,728 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\unicodedata.pyd
MOD - [2012-06-21 01:50:30 | 000,311,808 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\_hashlib.pyd
MOD - [2012-06-21 01:50:30 | 000,121,856 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\wx._wizard.pyd
MOD - [2012-06-21 01:50:30 | 000,111,104 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\win32file.pyd
MOD - [2012-06-21 01:50:30 | 000,039,424 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\win32inet.pyd
MOD - [2012-06-21 01:50:30 | 000,036,352 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\win32process.pyd
MOD - [2012-06-21 01:50:30 | 000,022,528 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\win32pdh.pyd
MOD - [2012-06-21 01:50:30 | 000,017,920 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\win32event.pyd
MOD - [2012-06-21 01:50:30 | 000,011,776 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI50682\select.pyd
MOD - [2012-06-14 03:45:35 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
MOD - [2012-06-14 03:32:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012-06-14 03:32:43 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012-06-14 03:32:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012-06-14 03:32:29 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012-06-14 03:32:27 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012-05-12 11:20:39 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012-05-12 11:20:35 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
MOD - [2012-05-12 11:19:24 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012-05-12 11:19:23 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012-05-12 11:19:21 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012-05-12 11:19:21 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012-05-12 11:18:35 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012-05-12 10:42:33 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012-05-12 10:41:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012-05-12 10:41:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012-05-12 10:41:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012-05-12 10:41:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012-05-12 10:41:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012-02-16 22:03:29 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011-09-22 12:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011-07-07 19:16:00 | 000,075,064 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
MOD - [2011-04-07 22:13:04 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_fr_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2010-11-25 00:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010-11-17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012-04-03 00:44:03 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012-03-26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012-03-26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011-11-01 15:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2011-11-01 15:25:42 | 000,340,240 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011-11-01 15:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2011-10-20 20:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV:64bit: - [2011-10-19 16:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011-03-15 16:35:18 | 000,071,168 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)
SRV:64bit: - [2010-11-29 17:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV:64bit: - [2010-09-22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009-11-17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009-07-13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-05-05 11:16:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-05-03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-04-10 00:31:48 | 000,166,912 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-04-03 00:41:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012-03-19 15:30:34 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012-03-19 15:30:20 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012-01-03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-12-19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011-11-25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011-10-18 13:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011-10-18 13:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011-10-18 13:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011-09-22 12:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011-04-22 12:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-04-21 23:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010-12-20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010-12-20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010-11-25 07:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010-11-25 07:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010-08-25 22:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010-03-18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-06-10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-08-15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-03-20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012-03-01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-16 22:03:37 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-02-16 22:03:37 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-12-01 21:57:06 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011-10-19 16:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011-10-19 16:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011-10-11 15:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011-10-10 18:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011-08-29 18:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011-07-20 09:39:58 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011-05-19 03:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011-05-17 11:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011-05-17 11:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011-05-13 04:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011-04-22 12:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011-03-04 01:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-02-10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011-02-10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011-01-20 13:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011-01-12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010-12-01 12:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010-11-30 18:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-11-29 17:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010-11-20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-10-19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010-03-19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010-02-27 11:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009-07-13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008-06-27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007-05-14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006-11-01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009-07-13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008-08-14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3C1A1CDD-5859-4BC2-8857-6117A7C5E988}
IE:64bit: - HKLM\..\SearchScopes\{3C1A1CDD-5859-4BC2-8857-6117A7C5E988}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3C1A1CDD-5859-4BC2-8857-6117A7C5E988}
IE - HKLM\..\SearchScopes\{3C1A1CDD-5859-4BC2-8857-6117A7C5E988}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...cbf3086f2&lang=en&ds=hk011&pr=sa&d=2012-05-31 15:53:44&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\nacer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\nacer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nacer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nacer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\nacer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-20 00:21:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-04-23 09:31:17 | 000,000,000 | ---D | M]

[2012-04-05 14:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nacer\AppData\Roaming\Mozilla\Extensions
[2012-06-06 00:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nacer\AppData\Roaming\Mozilla\Firefox\Profiles\0nk7r6pm.default\extensions
[2012-06-06 00:56:11 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\nacer\AppData\Roaming\Mozilla\Firefox\Profiles\0nk7r6pm.default\extensions\foxyproxy@eric.h.jung
[2012-05-31 14:07:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-05-31 14:07:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-06-20 00:21:45 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012-04-15 23:47:30 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\NACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0NK7R6PM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012-03-13 00:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-03-13 01:43:04 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2012-05-31 15:53:41 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-03-13 01:33:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-03-13 01:43:04 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012-03-13 01:43:04 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2012-03-13 01:43:04 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012-03-13 01:43:04 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2012-06-21 01:37:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\nacer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convertir au format PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir au format PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C7261B8-DE6F-4E05-93A3-70EBCB621A16}: DhcpNameServer = 13.35.0.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC118372-AC7A-42FF-86F2-BE6F6F7D6CBC}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
OTL (second part):

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-06-21 01:58:56 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\nacer\Desktop\OTL.exe
[2012-06-21 01:46:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-06-21 01:38:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-06-21 01:30:15 | 000,000,000 | ---D | C] -- C:\found.000
[2012-06-21 01:11:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-06-21 01:11:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-06-21 01:11:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-06-21 01:10:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-06-21 01:09:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-06-20 02:44:55 | 000,000,000 | ---D | C] -- C:\FRST
[2012-06-19 22:36:03 | 004,563,905 | R--- | C] (Swearware) -- C:\Users\nacer\Desktop\ComboFix.exe
[2012-06-19 22:06:20 | 000,000,000 | ---D | C] -- C:\Users\nacer\Desktop\System32
[2012-06-18 23:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012-06-17 17:42:07 | 000,000,000 | ---D | C] -- C:\Users\nacer\AppData\Roaming\Malwarebytes
[2012-06-17 17:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-06-17 17:39:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-06-17 17:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-06-17 10:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012-06-17 10:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012-06-16 16:13:52 | 000,000,000 | ---D | C] -- C:\Users\nacer\Desktop\Nouveau dossier
[2012-06-13 00:53:16 | 000,000,000 | --SD | C] -- C:\Users\nacer\Google Drive
[2012-06-13 00:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012-06-13 00:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012-06-11 22:43:17 | 000,000,000 | ---D | C] -- C:\Users\nacer\Desktop\annonce kijiji
[2012-06-07 17:25:25 | 000,000,000 | ---D | C] -- C:\Users\nacer\Documents\Adobe
[2012-06-07 12:58:07 | 000,000,000 | ---D | C] -- C:\Users\nacer\Desktop\Exportation sans titre
[2012-06-07 11:23:34 | 000,000,000 | ---D | C] -- C:\Users\nacer\Desktop\Adobe
[2012-06-07 00:28:05 | 000,000,000 | ---D | C] -- C:\Users\nacer\AppData\Roaming\ElephormDVDPlayer.8FC2E10752433BF8182FC825ABC2922D2AC381F8.1
[2012-06-07 00:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elephorm
[2012-06-06 12:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012-06-06 12:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012-06-03 21:40:23 | 000,000,000 | ---D | C] -- C:\Users\nacer\AppData\Roaming\DivX
[2012-06-03 21:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012-06-03 21:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012-06-03 21:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012-06-03 04:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capture NX 2
[2012-06-02 19:40:48 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012-06-01 09:31:02 | 000,000,000 | ---D | C] -- C:\Users\nacer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MétéoMédia
[2012-06-01 09:30:59 | 000,000,000 | ---D | C] -- C:\Users\nacer\AppData\Local\MétéoMédia
[2012-05-31 15:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012-05-31 15:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip

========== Files - Modified Within 30 Days ==========

[2012-06-21 02:05:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1236642402-275450473-2825933408-1001UA.job
[2012-06-21 02:01:04 | 001,462,778 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012-06-21 02:01:04 | 000,877,170 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-06-21 02:01:04 | 000,391,192 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012-06-21 02:01:04 | 000,333,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-06-21 02:01:04 | 000,006,472 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-06-21 01:57:43 | 000,025,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-06-21 01:57:43 | 000,025,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-06-21 01:51:08 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-21 01:50:43 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-21 01:48:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-06-21 01:48:19 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2012-06-21 01:37:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-06-21 01:36:35 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012-06-21 01:35:29 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2012-06-21 01:16:02 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-06-21 01:10:41 | 004,563,905 | R--- | M] (Swearware) -- C:\Users\nacer\Desktop\ComboFix.exe
[2012-06-20 19:58:08 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\nacer\Desktop\OTL.exe
[2012-06-18 22:40:13 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1236642402-275450473-2825933408-1001Core.job
[2012-06-17 17:39:40 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-06-17 10:17:06 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-06-17 10:16:50 | 000,006,438 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-06-14 03:29:15 | 005,141,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-06-13 00:53:16 | 000,001,673 | ---- | M] () -- C:\Users\nacer\Desktop\Google Drive.lnk
[2012-06-12 19:56:29 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012-06-10 10:45:20 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2012-06-07 11:28:04 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.1 64-bits.lnk
[2012-06-06 12:05:46 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012-06-06 12:05:17 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012-06-04 12:55:21 | 000,005,120 | ---- | M] () -- C:\Users\nacer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-03 04:34:26 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Trance Pad
[2012-06-03 04:34:26 | 000,000,268 | RH-- | M] () -- C:\Users\nacer\AppData\Roaming\Templates
[2012-06-03 04:34:26 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLck.DAT
[2012-06-03 04:34:26 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Colors
[2012-06-03 04:34:24 | 000,000,268 | RH-- | M] () -- C:\Users\nacer\AppData\Roaming\Textures
[2012-06-03 04:34:24 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Command Line Utility
[2012-06-03 04:34:08 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\Capture NX 2.lnk
[2012-05-26 12:40:50 | 000,001,456 | ---- | M] () -- C:\Users\nacer\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs
[2012-05-24 00:22:53 | 000,266,925 | ---- | M] () -- C:\Users\nacer\Desktop\Facture102.pdf

========== Files Created - No Company Name ==========

[2012-06-21 01:35:29 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
[2012-06-21 01:11:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-06-21 01:11:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-06-21 01:11:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-06-21 01:11:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-06-21 01:11:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-06-17 17:39:40 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-06-17 10:16:52 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012-06-13 00:53:16 | 000,001,673 | ---- | C] () -- C:\Users\nacer\Desktop\Google Drive.lnk
[2012-06-13 00:46:58 | 000,001,066 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-13 00:46:58 | 000,001,062 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-07 11:28:04 | 000,002,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.1 64 bits.lnk
[2012-06-07 11:28:04 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.1 64-bits.lnk
[2012-06-07 00:28:04 | 000,000,885 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elephorm.lnk
[2012-06-06 12:05:46 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012-06-04 12:54:59 | 000,005,120 | ---- | C] () -- C:\Users\nacer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-03 04:34:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Trance Pad
[2012-06-03 04:34:26 | 000,000,268 | RH-- | C] () -- C:\Users\nacer\AppData\Roaming\Templates
[2012-06-03 04:34:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2012-06-03 04:34:26 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Colors
[2012-06-03 04:34:24 | 000,000,268 | RH-- | C] () -- C:\Users\nacer\AppData\Roaming\Textures
[2012-06-03 04:34:24 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Command Line Utility
[2012-06-03 04:34:08 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\Capture NX 2.lnk
[2012-06-03 04:31:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2012-05-24 00:22:45 | 000,266,925 | ---- | C] () -- C:\Users\nacer\Desktop\Facture102.pdf
[2012-04-21 10:28:37 | 000,001,456 | ---- | C] () -- C:\Users\nacer\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs
[2012-04-13 09:31:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Plug-Ins
[2012-04-13 09:31:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Plug-In Settings
[2012-04-13 09:31:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Plants
[2012-04-13 09:31:56 | 000,000,268 | RH-- | C] () -- C:\Users\nacer\AppData\Roaming\Pipe Organ
[2012-04-13 09:31:56 | 000,000,268 | RH-- | C] () -- C:\Users\nacer\AppData\Roaming\Pick Bass
[2012-04-13 09:31:56 | 000,000,268 | RH-- | C] () -- C:\Users\nacer\AppData\Roaming\Pianos and Keyboards
[2012-04-13 09:31:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012-04-13 09:31:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012-04-13 09:31:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012-03-19 15:30:20 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-03-19 15:30:20 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012-03-19 15:30:19 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012-02-16 21:40:11 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012-02-16 21:40:09 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012-02-16 21:40:07 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012-02-16 21:40:07 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-02-16 21:40:06 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012-02-16 20:47:54 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2011-02-10 11:41:26 | 000,006,438 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012-06-07 00:28:05 | 000,000,000 | ---D | M] -- C:\Users\nacer\AppData\Roaming\ElephormDVDPlayer.8FC2E10752433BF8182FC825ABC2922D2AC381F8.1
[2012-03-13 16:51:14 | 000,000,000 | ---D | M] -- C:\Users\nacer\AppData\Roaming\Fingertapps
[2012-03-18 13:48:20 | 000,000,000 | ---D | M] -- C:\Users\nacer\AppData\Roaming\JasonRobitaille
[2012-06-03 04:34:27 | 000,000,000 | ---D | M] -- C:\Users\nacer\AppData\Roaming\Nikon
[2012-04-26 14:16:34 | 000,000,000 | ---D | M] -- C:\Users\nacer\AppData\Roaming\Origin
[2012-03-14 18:46:03 | 000,000,000 | ---D | M] -- C:\Users\nacer\AppData\Roaming\PCDr
[2012-03-14 19:32:56 | 000,000,000 | ---D | M] -- C:\Users\nacer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012-03-13 21:11:14 | 000,000,000 | ---D | M] -- C:\Users\nacer\AppData\Roaming\Temp
[2012-04-01 22:18:38 | 000,000,000 | ---D | M] -- C:\Users\nacer\AppData\Roaming\TuneUp Software
[2012-06-19 23:27:11 | 000,000,000 | ---D | M] -- C:\Users\nacer\AppData\Roaming\uTorrent
[2012-06-12 19:56:29 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012-06-17 19:14:49 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012-06-21 01:36:35 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012-06-21 01:35:29 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2012-06-21 01:46:10 | 000,026,512 | ---- | M] () -- C:\ComboFix.txt
[2012-02-16 21:24:56 | 000,004,023 | RH-- | M] () -- C:\dell.sdr
[2012-06-21 01:48:19 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2012-06-21 01:48:28 | 4183,994,367 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009-07-14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009-07-14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009-07-14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009-07-14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009-06-10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010-11-10 04:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009-07-14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012-03-13 18:42:58 | 000,000,221 | -HS- | M] () -- C:\Users\nacer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012-06-21 01:10:41 | 004,563,905 | R--- | M] (Swearware) -- C:\Users\nacer\Desktop\ComboFix.exe
[2012-06-20 19:58:08 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\nacer\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012-06-21 01:16:02 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-06-21 01:50:43 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-21 01:51:08 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-18 22:40:13 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1236642402-275450473-2825933408-1001Core.job
[2012-06-21 02:05:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1236642402-275450473-2825933408-1001UA.job
[2012-06-12 19:56:29 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012-06-21 01:48:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012-06-17 19:14:49 | 000,032,496 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
[2012-06-21 01:36:35 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009-06-10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012-03-15 12:34:17 | 000,000,402 | -HS- | M] () -- C:\Users\nacer\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012-06-03 04:34:26 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Colors
[2012-06-03 04:34:24 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Command Line Utility
[2012-04-13 09:31:56 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Plants
[2012-04-13 09:31:56 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Plug-In Settings
[2012-04-13 09:31:56 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Plug-Ins
[2012-06-03 04:34:26 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Trance Pad

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

< >
< End of report >
 
Here is the result for Extra:

OTL Extras logfile created on: 2012-06-21 02:00:36 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\nacer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

7,90 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 72,82% Memory free
15,79 Gb Paging File | 13,49 Gb Available in Paging File | 85,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 262,11 Gb Free Space | 58,75% Space Free | Partition Type: NTFS
Drive F: | 7,44 Gb Total Space | 4,78 Gb Free Space | 64,22% Space Free | Partition Type: FAT32

Computer Name: NACER-PC | User Name: nacer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30902BE1-FB36-42C7-A985-08BC0C6665FB}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7201697A-CF2F-46B0-954A-51A404994536}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9781D923-1369-4529-9A07-AC0CFAEBE49C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}" = Microsoft Antimalware Service FR-FR Language Pack
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.30
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client FR-FR Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit
"332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D98F04D-11A1-4B64-A406-43292B9EEE90}" = Dell PhotoStage
"{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel(R) WiDi
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3612B0B9-F731-4B94-9356-E224AC552801}" = Dell Digital Delivery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{48F9998C-3BA0-42D3-82E6-5882441EB8CE}" = Adobe Flash CS4 STI-fr
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD423B54-8668-44B6-8610-D24514445E88}" = Adobe Flash CS4 Extension - Flash Lite STI fr
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C55E7B0F-1363-499F-8608-4D9D33DAF305}" = Google Drive
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2E4FBCD-6CB1-432B-BDCF-CEE0892381C7}" = Dell Stage
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = French App Name
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = Logiciel pour imprimante multifonction KODAK
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E824859B-3C34-421A-1DC9-FA2C0FC086DD}" = Elephorm
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Capture NX 2" = Capture NX 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = French App Name
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Webcam Central" = Dell Webcam Central
"ElephormDVDPlayer.8FC2E10752433BF8182FC825ABC2922D2AC381F8.1" = Elephorm
"ESN Sonar-0.70.4" = ESN Sonar
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 11.0 (x86 fr)" = Mozilla Firefox 11.0 (x86 fr)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 15.0" = RealPlayer
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"ZinioReader4" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"MétéoMédia" = MétéoMédia
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012-06-17 17:48:45 | Computer Name = nacer-PC | Source = WinMgmt | ID = 10
Description =

Error - 2012-06-17 17:52:34 | Computer Name = nacer-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.31:5353 18 31.2.168.192.in-addr.arpa.
PTR nacer-PC-2.local.

Error - 2012-06-17 17:52:34 | Computer Name = nacer-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 31.2.168.192.in-addr.arpa.
PTR nacer-PC.local.

Error - 2012-06-17 17:52:46 | Computer Name = nacer-PC | Source = WinMgmt | ID = 10
Description =

Error - 2012-06-17 17:58:05 | Computer Name = nacer-PC | Source = WinMgmt | ID = 10
Description =

Error - 2012-06-17 17:58:17 | Computer Name = nacer-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Le service Services de chiffrement n’a pas pu initialiser l’objet
sauvegarde VSS « System Writer ». Details: Could not query the status of the EventSystem
service. System Error: Le serveur RPC n’est pas disponible. .

Error - 2012-06-17 18:01:43 | Computer Name = nacer-PC | Source = WinMgmt | ID = 10
Description =

Error - 2012-06-17 18:02:30 | Computer Name = nacer-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Le service Services de chiffrement n’a pas pu initialiser l’objet
sauvegarde VSS « System Writer ». Details: Could not query the status of the EventSystem
service. System Error: Le serveur RPC n’est pas disponible. .

Error - 2012-06-17 18:05:15 | Computer Name = nacer-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.31:5353 18 31.2.168.192.in-addr.arpa.
PTR nacer-PC-2.local.

Error - 2012-06-17 18:05:15 | Computer Name = nacer-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 31.2.168.192.in-addr.arpa.
PTR nacer-PC.local.

Error - 2012-06-17 18:06:36 | Computer Name = nacer-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2012-06-21 01:18:56 | Computer Name = nacer-PC | Source = Ntfs | ID = 262199
Description = La structure du système de fichiers sur le disque est endommagée et
inutilisable. Exécutez l’utilitaire chkdsk sur le volume OS.

Error - 2012-06-21 01:19:46 | Computer Name = nacer-PC | Source = Application Popup | ID = 1060
Description = Le chargement de \??\C:\ComboFix\catchme.sys a été bloqué en raison
d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel pour
obtenir une version compatible du pilote.

Error - 2012-06-21 01:20:17 | Computer Name = nacer-PC | Source = Service Control Manager | ID = 7030
Description = Le service PEVSystemStart est marqué comme étant interactif. Cependant,
le système est configuré pour ne pas autoriser les services interactifs. Ce service
peut ne pas fonctionner correctement.

Error - 2012-06-21 01:36:58 | Computer Name = nacer-PC | Source = Service Control Manager | ID = 7023
Description = Le service Windows Defender s’est arrêté avec l’erreur : %%126

Error - 2012-06-21 01:40:14 | Computer Name = nacer-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-21 01:47:57 | Computer Name = nacer-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 a rencontré une erreur lors de la tentative de mise à jour des
signatures. Nouvelle version des signatures : Version précédente des signatures :
1.127.2172.0 Source de la mise à jour : %%859 Étape de la mise à jour : %%853 Chemin
d'accès source : http://www.microsoft.com Type de signature : %%800 Type de la mise
à jour : %%803 Utilisateur : AUTORITE NT\Système Version actuelle du moteur : Version
précédente du moteur : 1.1.8403.0 Code d'erreur : 0x8024001e Description de l'erreur :
Un problème inattendu s’est produit lors de la vérification des mises à jour. Pour
plus d’informations sur l’installation ou la résolution des problèmes de mise à
jour, voir Aide et support.

Error - 2012-06-21 01:47:57 | Computer Name = nacer-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 a rencontré une erreur lors de la tentative de mise à jour des
signatures. Nouvelle version des signatures : Version précédente des signatures :
1.127.2172.0 Source de la mise à jour : %%859 Étape de la mise à jour : %%853 Chemin
d'accès source : http://www.microsoft.com Type de signature : %%800 Type de la mise
à jour : %%803 Utilisateur : AUTORITE NT\Système Version actuelle du moteur : Version
précédente du moteur : 1.1.8403.0 Code d'erreur : 0x8024001e Description de l'erreur :
Un problème inattendu s’est produit lors de la vérification des mises à jour. Pour
plus d’informations sur l’installation ou la résolution des problèmes de mise à
jour, voir Aide et support.

Error - 2012-06-21 01:50:38 | Computer Name = nacer-PC | Source = Service Control Manager | ID = 7011
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l’attente de la réponse transactionnelle du service SftService.

Error - 2012-06-21 01:51:08 | Computer Name = nacer-PC | Source = Service Control Manager | ID = 7011
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l’attente de la réponse transactionnelle du service SftService.

Error - 2012-06-21 01:56:21 | Computer Name = nacer-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 a rencontré une erreur lors de la tentative de mise à jour des
signatures. Nouvelle version des signatures : Version précédente des signatures :
1.127.2172.0 Source de la mise à jour : %%859 Étape de la mise à jour : %%852 Chemin
d'accès source : http://www.microsoft.com Type de signature : %%800 Type de la mise
à jour : %%803 Utilisateur : AUTORITE NT\Système Version actuelle du moteur : Version
précédente du moteur : 1.1.8403.0 Code d'erreur : 0x80072ee2 Description de l'erreur :
Le délai imparti à l’opération est dépassé


< End of report >
 
Good news :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - Startup: C:\Users\nacer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk = File not found

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Result for OTL fix:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
C:\Users\nacer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: nacer
->Temp folder emptied: 33270224 bytes
->Temporary Internet Files folder emptied: 820759193 bytes
->Java cache emptied: 753319 bytes
->FireFox cache emptied: 191806205 bytes
->Flash cache emptied: 73058 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1071190 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 302512271 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 288,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: nacer
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: nacer
->Flash cache emptied: 456 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.50.0 log created on 06212012_030517
Files\Folders moved on Reboot...
C:\Users\nacer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP000090CA453CE871529D5A4F not found!
File\Folder C:\Windows\temp\TMP000095BFB1D7630CBB410260 not found!
Registry entries deleted on Reboot...
 
Result for Security Check:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 7 Update 1
Out of date Java installed!
Adobe Flash Player ( 10.0.2.54) Flash Player Out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 fr..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````
 
Result for Farbar Service Scanner:

Farbar Service Scanner Version: 19-06-2012 01
Ran by nacer (administrator) on 21-06-2012 at 03:28:50
Running from "F:\"
Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2012-06-08 19:33] - [2012-06-02 18:19] - 2428952 ____A (Microsoft Corporation) D9EF901DCA379CFE914E9FA13B73B4C4
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
Hello Broni,
So everything went fine, the eset corrected 2 infection, malwarebytes found 2 of them and MSE 3, the computer is running normally.
Thanks for your help, let me know if I should do something else.
Jérôme
 
Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

=======================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Hi Broni,
I'm sorry I did not give you any update before but I was not avalaible to do the all the work.
Here is the result for the OTL scan/fixes :
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: nacer
->Temp folder emptied: 1398756564 bytes
->Temporary Internet Files folder emptied: 42715204 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 52262386 bytes
->Flash cache emptied: 61123 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 138558 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50607 bytes
RecycleBin emptied: 834841846 bytes

Total Files Cleaned = 2 221,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: nacer
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: nacer
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07112012_114855
Files\Folders moved on Reboot...
File move failed. C:\Users\nacer\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat scheduled to be moved on reboot.
C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YC3JR4WX\default[2].htm moved successfully.
C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YC3JR4WX\InboxLight[1].htm moved successfully.
C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YC3JR4WX\resourcespreload[1].htm moved successfully.
C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YC3JR4WX\WebIMPop[1].htm moved successfully.
C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YC3JR4WX\xmlProxy[2].htm moved successfully.
C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNSBIMI3\adloader[1].htm moved successfully.
C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNSBIMI3\Messenger[2].htm moved successfully.
C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNSBIMI3\resourcespreload[1].htm moved successfully.
C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11WA3PGQ\RteFrame_16.2.7040.0620[1].htm moved successfully.
C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11WA3PGQ\xmlProxy[2].htm moved successfully.
C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UB1FIGF\ads[5].htm moved successfully.
C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UB1FIGF\AjaxHistoryFrame[1].htm moved successfully.
C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UB1FIGF\EditMessageLight[1].htm moved successfully.
C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UB1FIGF\LocalStorage[2].htm moved successfully.
C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UB1FIGF\page-2[1].htm moved successfully.
PendingFileRenameOperations files...
[2012-06-21 03:17:54 | 000,000,000 | ---- | M] () C:\Users\nacer\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5
[2012-06-21 03:34:28 | 000,294,820 | ---- | M] () C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat : Unable to obtain MD5
File C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YC3JR4WX\default[2].htm not found!
File C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YC3JR4WX\InboxLight[1].htm not found!
File C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YC3JR4WX\resourcespreload[1].htm not found!
File C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YC3JR4WX\WebIMPop[1].htm not found!
File C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YC3JR4WX\xmlProxy[2].htm not found!
File C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNSBIMI3\adloader[1].htm not found!
File C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNSBIMI3\Messenger[2].htm not found!
File C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNSBIMI3\resourcespreload[1].htm not found!
File C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11WA3PGQ\RteFrame_16.2.7040.0620[1].htm not found!
File C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11WA3PGQ\xmlProxy[2].htm not found!
File C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UB1FIGF\ads[5].htm not found!
File C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UB1FIGF\AjaxHistoryFrame[1].htm not found!
File C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UB1FIGF\EditMessageLight[1].htm not found!
File C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UB1FIGF\LocalStorage[2].htm not found!
File C:\Users\nacer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UB1FIGF\page-2[1].htm not found!
Registry entries deleted on Reboot...
 
And here is the result for the OTL Cleanup :
OTL logfile created on: 2012-07-11 12:00:27 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\nacer\Desktop\security
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

7,90 Gb Total Physical Memory | 5,62 Gb Available Physical Memory | 71,17% Memory free
15,79 Gb Paging File | 13,29 Gb Available in Paging File | 84,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 232,03 Gb Free Space | 52,01% Space Free | Partition Type: NTFS

Computer Name: NACER-PC | User Name: nacer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-07-11 11:24:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\nacer\Desktop\security\OTL.exe
PRC - [2012-06-20 19:02:30 | 012,163,848 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012-06-19 14:33:06 | 000,173,056 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2012-06-13 00:46:56 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012-06-06 12:05:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012-03-19 15:30:34 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012-03-19 15:30:20 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012-01-03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-12-19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011-11-25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011-10-18 13:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011-10-18 13:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011-10-18 13:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011-10-18 13:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011-09-22 12:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011-09-22 12:11:26 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011-09-22 12:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011-09-21 12:30:12 | 004,109,312 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011-07-07 19:16:00 | 000,075,064 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
PRC - [2011-04-22 12:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-04-21 23:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-04-13 12:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010-12-20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010-12-20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010-11-17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2008-06-11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2012-07-11 11:52:49 | 000,086,016 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\_elementtree.pyd
MOD - [2012-07-11 11:52:49 | 000,040,448 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\_socket.pyd
MOD - [2012-07-11 11:52:48 | 000,571,392 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\pysqlite2._sqlite.pyd
MOD - [2012-07-11 11:52:48 | 000,263,168 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\win32com.shell.shell.pyd
MOD - [2012-07-11 11:52:48 | 000,096,256 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\win32api.pyd
MOD - [2012-07-11 11:52:47 | 001,018,368 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\windows._cacheinvalidation.pyd
MOD - [2012-07-11 11:52:47 | 000,792,576 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\wx._gdi_.pyd
MOD - [2012-07-11 11:52:47 | 000,731,136 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\wx._misc_.pyd
MOD - [2012-07-11 11:52:47 | 000,354,304 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\pythoncom26.dll
MOD - [2012-07-11 11:52:47 | 000,153,088 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\pyexpat.pyd
MOD - [2012-07-11 11:52:47 | 000,110,592 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\PyWinTypes26.dll
MOD - [2012-07-11 11:52:47 | 000,073,728 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\_ctypes.pyd
MOD - [2012-07-11 11:52:47 | 000,070,656 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\wx._html2.pyd
MOD - [2012-07-11 11:52:47 | 000,011,776 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\win32crypt.pyd
MOD - [2012-07-11 11:52:46 | 001,169,408 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\wx._core_.pyd
MOD - [2012-07-11 11:52:46 | 000,807,424 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\wx._windows_.pyd
MOD - [2012-07-11 11:52:46 | 000,645,120 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\_ssl.pyd
MOD - [2012-07-11 11:52:46 | 000,311,808 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\_hashlib.pyd
MOD - [2012-07-11 11:52:46 | 000,121,856 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\wx._wizard.pyd
MOD - [2012-07-11 11:52:46 | 000,111,104 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\win32file.pyd
MOD - [2012-07-11 11:52:46 | 000,036,352 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\win32process.pyd
MOD - [2012-07-11 11:52:46 | 000,022,528 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\win32pdh.pyd
MOD - [2012-07-11 11:52:42 | 001,056,256 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\wx._controls_.pyd
MOD - [2012-07-11 11:52:42 | 000,039,424 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\win32inet.pyd
MOD - [2012-07-11 11:52:37 | 000,585,728 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\unicodedata.pyd
MOD - [2012-07-11 11:52:37 | 000,017,920 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\win32event.pyd
MOD - [2012-07-11 11:52:37 | 000,011,776 | ---- | M] () -- C:\Users\nacer\AppData\Local\Temp\_MEI41042\select.pyd
MOD - [2012-06-14 03:45:35 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
MOD - [2012-06-14 03:32:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012-06-14 03:32:43 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012-06-14 03:32:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012-06-14 03:32:29 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012-06-14 03:32:27 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012-05-12 11:20:39 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012-05-12 11:20:35 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
MOD - [2012-05-12 11:19:24 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012-05-12 11:19:23 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012-05-12 11:19:21 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012-05-12 11:19:21 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012-05-12 11:18:35 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012-05-12 10:42:33 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012-05-12 10:41:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012-05-12 10:41:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012-05-12 10:41:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012-05-12 10:41:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012-05-12 10:41:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012-02-16 22:03:29 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011-09-22 12:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011-07-07 19:16:00 | 000,075,064 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
MOD - [2011-04-07 22:13:04 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_fr_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2010-11-25 00:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010-11-17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012-04-03 00:44:03 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012-03-26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012-03-26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011-11-01 15:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2011-11-01 15:25:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011-11-01 15:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2011-10-20 20:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV:64bit: - [2011-10-19 16:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011-03-15 16:35:18 | 000,071,168 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)
SRV:64bit: - [2010-11-29 17:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV:64bit: - [2010-09-22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009-11-17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009-07-13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-07-11 11:43:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-06-19 14:33:06 | 000,173,056 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2012-05-03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-04-03 00:41:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012-03-19 15:30:34 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012-03-19 15:30:20 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012-01-03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-12-19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011-11-25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011-10-18 13:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011-10-18 13:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011-10-18 13:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011-09-22 12:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011-04-22 12:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-04-21 23:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010-12-20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010-12-20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010-11-25 07:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010-11-25 07:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010-08-25 22:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010-03-18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-06-10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-08-15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-03-20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012-03-01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-16 22:03:37 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-02-16 22:03:37 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-12-01 21:57:06 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011-10-19 16:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011-10-19 16:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011-10-11 15:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011-10-10 18:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011-08-29 18:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011-07-20 09:39:58 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011-05-19 03:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011-05-17 11:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011-05-17 11:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011-05-13 04:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011-04-22 12:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011-03-04 01:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-02-10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011-02-10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011-01-20 13:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011-01-12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010-12-01 12:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010-11-30 18:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-11-29 17:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010-11-20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-10-19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010-03-19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010-02-27 11:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009-07-13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008-06-27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007-05-14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006-11-01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009-07-13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008-08-14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3C1A1CDD-5859-4BC2-8857-6117A7C5E988}
IE:64bit: - HKLM\..\SearchScopes\{3C1A1CDD-5859-4BC2-8857-6117A7C5E988}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3C1A1CDD-5859-4BC2-8857-6117A7C5E988}
IE - HKLM\..\SearchScopes\{3C1A1CDD-5859-4BC2-8857-6117A7C5E988}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.ca/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...cbf3086f2&lang=en&ds=hk011&pr=sa&d=2012-05-31 15:53:44&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\nacer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\nacer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nacer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nacer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\nacer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-20 00:21:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-04-23 09:31:17 | 000,000,000 | ---D | M]

[2012-04-05 14:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nacer\AppData\Roaming\Mozilla\Extensions
[2012-07-06 10:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nacer\AppData\Roaming\Mozilla\Firefox\Profiles\0nk7r6pm.default\extensions
[2012-06-06 00:56:11 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\nacer\AppData\Roaming\Mozilla\Firefox\Profiles\0nk7r6pm.default\extensions\foxyproxy@eric.h.jung
[2012-05-31 14:07:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-05-31 14:07:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-03-13 00:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-03-13 01:43:04 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2012-05-31 15:53:41 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-03-13 01:33:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-03-13 01:43:04 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012-03-13 01:43:04 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2012-03-13 01:43:04 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012-03-13 01:43:04 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2012-06-21 01:37:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convertir au format PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir au format PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C7261B8-DE6F-4E05-93A3-70EBCB621A16}: DhcpNameServer = 13.35.0.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC118372-AC7A-42FF-86F2-BE6F6F7D6CBC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-07-11 11:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012-07-11 11:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012-07-11 11:38:04 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012-07-11 11:38:04 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012-07-11 11:37:58 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012-07-11 11:37:58 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012-07-11 11:37:40 | 000,000,000 | ---D | C] -- C:\Users\nacer\Desktop\security
[2012-07-10 10:19:03 | 000,000,000 | R--D | C] -- C:\Users\nacer\Desktop\MySyncUPFiles
[2012-07-10 10:18:00 | 000,000,000 | ---D | C] -- C:\Users\nacer\Desktop\narcy jazz fest 2012 drive
[2012-07-03 00:41:55 | 000,000,000 | ---D | C] -- C:\Users\nacer\Desktop\narcy jazz fest 2012 (4)
[2012-07-02 18:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Digital Delivery
[2012-06-21 04:11:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012-06-21 03:05:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-06-21 01:46:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-06-21 01:38:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-06-21 01:30:15 | 000,000,000 | ---D | C] -- C:\found.000
[2012-06-21 01:11:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-06-21 01:11:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-06-21 01:11:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-06-21 01:10:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-06-21 01:09:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-06-20 02:44:55 | 000,000,000 | ---D | C] -- C:\FRST
[2012-06-19 22:06:20 | 000,000,000 | ---D | C] -- C:\Users\nacer\Desktop\narcy jazz fest 2012 (6)
[2012-06-18 23:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012-06-17 17:42:07 | 000,000,000 | ---D | C] -- C:\Users\nacer\AppData\Roaming\Malwarebytes
[2012-06-17 17:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-06-17 10:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012-06-17 10:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012-06-16 16:13:52 | 000,000,000 | ---D | C] -- C:\Users\nacer\Desktop\narcy jazz fest 2012 (5)
[2012-06-14 03:01:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-06-14 03:01:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-06-14 03:01:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-06-14 03:01:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-06-14 03:01:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-06-14 03:01:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-06-14 03:01:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012-06-14 03:01:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012-06-14 03:01:16 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012-06-14 03:01:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012-06-14 03:01:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012-06-14 03:01:16 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-06-14 03:01:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-06-13 10:21:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012-06-13 10:21:21 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012-06-13 10:21:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012-06-13 10:21:18 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012-06-13 10:21:18 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012-06-13 10:21:17 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012-06-13 10:21:09 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012-06-13 10:21:07 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012-06-13 10:21:07 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012-06-13 00:53:16 | 000,000,000 | --SD | C] -- C:\Users\nacer\Google Drive
[2012-06-13 00:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012-06-13 00:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

========== Files - Modified Within 30 Days ==========

[2012-07-11 12:05:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1236642402-275450473-2825933408-1001UA.job
[2012-07-11 11:59:32 | 000,025,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-07-11 11:59:32 | 000,025,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-07-11 11:52:22 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-07-11 11:51:53 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-07-11 11:51:53 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012-07-11 11:51:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-07-11 11:51:32 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2012-07-11 11:51:02 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-07-11 11:43:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-07-11 11:43:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-07-11 11:37:54 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012-07-11 11:37:53 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012-07-10 14:04:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1236642402-275450473-2825933408-1001Core.job
[2012-07-10 10:03:28 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012-07-05 00:16:11 | 001,506,314 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012-07-05 00:16:11 | 000,890,556 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-07-05 00:16:11 | 000,405,844 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012-07-05 00:16:11 | 000,346,204 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-07-05 00:16:11 | 000,006,536 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-06-21 01:37:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-06-17 10:17:06 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-06-17 10:16:50 | 000,006,438 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-06-14 03:29:15 | 005,141,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-06-13 00:53:16 | 000,001,673 | ---- | M] () -- C:\Users\nacer\Desktop\Google Drive.lnk

========== Files Created - No Company Name ==========

[2012-06-21 01:11:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-06-21 01:11:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-06-21 01:11:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-06-21 01:11:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-06-21 01:11:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-06-17 10:16:52 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012-06-13 00:53:16 | 000,001,673 | ---- | C] () -- C:\Users\nacer\Desktop\Google Drive.lnk
[2012-06-13 00:46:58 | 000,001,066 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-13 00:46:58 | 000,001,062 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-04 12:54:59 | 000,005,120 | ---- | C] () -- C:\Users\nacer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-03 04:34:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Trance Pad
[2012-06-03 04:34:26 | 000,000,268 | RH-- | C] () -- C:\Users\nacer\AppData\Roaming\Templates
[2012-06-03 04:34:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2012-06-03 04:34:26 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Colors
[2012-06-03 04:34:24 | 000,000,268 | RH-- | C] () -- C:\Users\nacer\AppData\Roaming\Textures
[2012-06-03 04:34:24 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Command Line Utility
[2012-06-03 04:31:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2012-04-21 10:28:37 | 000,001,456 | ---- | C] () -- C:\Users\nacer\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs
[2012-04-13 09:31:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Plug-Ins
[2012-04-13 09:31:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Plug-In Settings
[2012-04-13 09:31:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Plants
[2012-04-13 09:31:56 | 000,000,268 | RH-- | C] () -- C:\Users\nacer\AppData\Roaming\Pipe Organ
[2012-04-13 09:31:56 | 000,000,268 | RH-- | C] () -- C:\Users\nacer\AppData\Roaming\Pick Bass
[2012-04-13 09:31:56 | 000,000,268 | RH-- | C] () -- C:\Users\nacer\AppData\Roaming\Pianos and Keyboards
[2012-04-13 09:31:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012-04-13 09:31:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012-04-13 09:31:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012-03-19 15:30:20 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-03-19 15:30:20 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012-03-19 15:30:19 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012-02-16 21:40:11 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012-02-16 21:40:09 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012-02-16 21:40:07 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012-02-16 21:40:07 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-02-16 21:40:06 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012-02-16 20:47:54 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2011-02-10 11:41:26 | 000,006,438 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
< End of report >
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back