Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected, weird symptoms...

Started by Zamoune , Nov 21 2010 02:19 AM

  • Please log in to reply

#1
Zamoune
Posted 21 November 2010 - 02:19 AM

Zamoune

    Member

  • Member
  • PipPip
  • 31 posts
Hi everyone,

I have been reporting problems on this forum three years ago and learned to self remove malware by then...
But this time I'm stuck with one I can't fix.

Symptoms :

  • "No audio device" in the sound interface, I've reinstalled my drivers, one thing done.
  • My Windos XP goes in a Win 98/2k style after some time.
  • My google search's get redirected and I can't do back.
  • Slower loading/startup.
  • When the style change, from then some apps won't start. (i.e : Firefox)

I have runned Combofix(Safe mode), Malware Anti'Malware(Safe mode), VundoFix(Safe mode), Spybot(Safe mode), AVG Anti-rootkit,
TDSSKiller, GMER...

Thanks in advance for your time, pros :D

So has requested on the main forum page, if have used OTL and here are logs:

OTL logfile created on: 2010-11-21 03:05:28 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\telechergement
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 36.97 Gb Free Space | 7.94% Space Free | Partition Type: NTFS
Drive D: | 3.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PARADIS-256142D | User Name: Paradis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-11-21 03:05:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\telechergement\OTL.exe
PRC - [2010-10-28 19:43:23 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010-10-28 19:43:22 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-08-13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009-09-16 21:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008-07-11 17:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2008-05-16 16:12:44 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008-05-16 16:12:08 | 000,430,080 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008-04-13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-01-11 03:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (SafeList) ==========

MOD - [2010-11-21 03:05:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\telechergement\OTL.exe
MOD - [2010-08-23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (VTingWinIe)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - File not found [On_Demand | Stopped] -- -- (PSEXESVC)
SRV - [2010-08-13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-07-08 11:58:35 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-01-08 19:31:04 | 000,057,640 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010-01-08 19:30:28 | 000,234,032 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010-01-08 18:42:42 | 000,285,744 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010-01-08 18:42:40 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009-06-03 12:39:00 | 003,116,380 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008-05-16 16:12:44 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2007-10-25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007-01-11 03:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DarkSpyKernel.sys -- (DarkSpy)
DRV - [2010-10-16 13:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010-06-03 13:13:32 | 000,100,496 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010-04-29 14:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010-01-08 18:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009-12-10 17:23:36 | 006,017,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-11-18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-11-08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009-09-23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-09-11 12:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009-09-11 12:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009-09-11 12:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009-09-11 12:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009-06-18 11:54:10 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\4.tmp -- (MEMSWEEP2)
DRV - [2008-12-31 00:43:48 | 000,023,480 | ---- | M] (Wippien Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wip0204.sys -- (wip0204)
DRV - [2008-05-16 15:54:58 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008-04-13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008-04-13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008-04-13 13:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008-04-13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008-03-25 11:15:10 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007-05-23 16:10:05 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-05-11 16:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2007-05-11 16:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007-01-31 08:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007-01-18 07:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006-06-01 13:15:20 | 000,509,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xnacc.sys -- (xnacc)
DRV - [2006-04-24 12:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006-02-17 06:28:32 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-02-17 06:28:30 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-02-15 03:13:18 | 000,038,016 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006-02-07 12:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005-02-23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004-08-12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.23.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: [email protected]:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-10-29 01:31:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-28 19:43:26 | 000,000,000 | ---D | M]

[2009-09-29 20:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Mozilla\Extensions
[2009-09-29 20:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Mozilla\Extensions\[email protected]
[2010-11-18 20:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Mozilla\Firefox\Profiles\x9ya1yv5.default\extensions
[2009-12-29 19:29:28 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Paradis\Application Data\Mozilla\Firefox\Profiles\x9ya1yv5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010-04-27 12:35:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Paradis\Application Data\Mozilla\Firefox\Profiles\x9ya1yv5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-07-11 16:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Mozilla\Firefox\Profiles\x9ya1yv5.default\extensions\[email protected]
[2009-12-29 19:29:31 | 000,001,201 | ---- | M] () -- C:\Documents and Settings\Paradis\Application Data\Mozilla\Firefox\Profiles\x9ya1yv5.default\searchplugins\winamp-search.xml
[2010-11-18 20:25:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008-04-21 12:22:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
[2010-02-19 15:23:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009-05-07 16:27:36 | 000,283,952 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2010-10-21 07:37:03 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010-10-21 07:37:03 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010-10-21 07:37:03 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010-10-21 07:37:03 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010-10-21 07:37:03 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010-11-17 01:46:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Paradis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paradis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-03-25 09:28:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007-10-17 13:45:38 | 000,000,066 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0764e0a5-7cef-11dd-be22-001d60cada06}\Shell - "" = AutoRun
O33 - MountPoints2\{0764e0a5-7cef-11dd-be22-001d60cada06}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{152e7ab4-9076-11df-bee8-001d60cada06}\Shell - "" = AutoRun
O33 - MountPoints2\{152e7ab4-9076-11df-bee8-001d60cada06}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-11-21 01:13:58 | 000,358,944 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010-11-21 01:13:58 | 000,129,568 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010-11-21 01:13:51 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010-11-21 01:07:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010-11-17 13:23:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-11-17 13:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010-11-17 12:56:25 | 000,000,000 | ---D | C] -- C:\combo12213c
[2010-11-17 00:44:36 | 000,000,000 | ---D | C] -- C:\combo
[2010-11-15 23:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Poker Blind Timer
[2010-11-15 18:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010-11-15 18:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010-11-14 20:38:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-10-28 19:59:25 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010-10-28 19:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paradis\Local Settings\Application Data\EapEventserv
[2010-10-28 12:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paradis\My Documents\Windows Loader
[2010-10-28 10:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paradis\Application Data\system
[2010-10-25 00:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2010-10-24 17:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paradis\Application Data\bizarre creations
[2010-10-24 17:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Blur
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-11-21 03:06:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010-11-21 03:02:44 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-11-21 03:02:44 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010-11-21 03:02:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-11-21 02:46:00 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-436374069-725345543-1003UA.job
[2010-11-21 02:01:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-11-21 01:17:45 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010-11-21 01:12:34 | 001,133,429 | ---- | M] () -- C:\Documents and Settings\Paradis\Desktop\tdsskiller.zip
[2010-11-21 01:07:16 | 000,394,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-11-19 17:39:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-11-19 16:15:24 | 000,052,555 | ---- | M] () -- C:\Documents and Settings\Paradis\Desktop\cliffs_of_dover_ver2.gp5
[2010-11-19 15:39:18 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010-11-19 01:52:22 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Paradis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-11-19 01:48:59 | 000,000,131 | ---- | M] () -- C:\Documents and Settings\Paradis\default.pls
[2010-11-19 01:48:55 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-11-17 15:19:44 | 000,285,226 | ---- | M] () -- C:\Documents and Settings\Paradis\Desktop\GIA400CR9.pdf
[2010-11-17 13:27:18 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010-11-17 12:28:18 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Anti-Rootkit.lnk
[2010-11-17 01:46:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-11-17 00:38:15 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010-11-16 22:34:54 | 000,012,400 | ---- | M] () -- C:\Documents and Settings\Paradis\My Documents\POULIOT VS LATENDRESSE.docx
[2010-11-16 22:28:01 | 000,015,308 | ---- | M] () -- C:\WINDOWS\System32\535.js
[2010-11-16 22:14:25 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Paradis\My Documents\~$ULIOT VS LATENDRESSE.docx
[2010-11-16 22:14:12 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Paradis\Desktop\Word 2007.lnk
[2010-11-15 04:46:00 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-436374069-725345543-1003Core.job
[2010-11-14 20:16:14 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-11-14 20:16:14 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-11-14 19:58:25 | 000,000,229 | ---- | M] () -- C:\Documents and Settings\Paradis\Application Data\sdghzxfg.bat
[2010-11-11 17:57:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010-11-06 21:06:43 | 000,025,271 | ---- | M] () -- C:\Documents and Settings\Paradis\tmp.jpg
[2010-11-06 00:46:40 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Paradis\Desktop\Google Chrome.lnk
[2010-11-06 00:46:40 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Paradis\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010-11-01 21:24:15 | 000,090,324 | ---- | M] () -- C:\Documents and Settings\Paradis\My Documents\francais_Oral.pptx
[2010-11-01 08:48:02 | 000,031,798 | ---- | M] () -- C:\Documents and Settings\Paradis\My Documents\7_-_Nombres_complexes.docx
[2010-10-28 19:59:43 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010-10-28 19:59:43 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010-10-28 19:59:41 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010-10-28 19:59:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010-10-28 19:02:47 | 000,036,439 | ---- | M] () -- C:\Documents and Settings\Paradis\My Documents\hor_GTI.pdf
[2010-10-28 19:01:06 | 000,103,607 | ---- | M] () -- C:\Documents and Settings\Paradis\My Documents\hor_MEC.pdf
[2010-10-28 11:05:29 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2010-10-28 11:05:29 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2010-10-28 10:50:22 | 000,239,090 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-10-25 21:32:50 | 000,066,696 | ---- | M] () -- C:\Documents and Settings\Paradis\My Documents\Rapport_TP2_LAVALLEE_SIMON_et_BEAULIEU_JEAN-FRANCOIS_et_PARADIS_GUILLAUME.docx
[2010-10-25 21:07:51 | 000,074,320 | ---- | M] () -- C:\Documents and Settings\Paradis\My Documents\Étude GTI310.docx
[2010-10-22 11:12:55 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Guitar Hero World Tour.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-11-21 01:12:32 | 001,133,429 | ---- | C] () -- C:\Documents and Settings\Paradis\Desktop\tdsskiller.zip
[2010-11-19 16:15:24 | 000,052,555 | ---- | C] () -- C:\Documents and Settings\Paradis\Desktop\cliffs_of_dover_ver2.gp5
[2010-11-17 15:19:43 | 000,285,226 | ---- | C] () -- C:\Documents and Settings\Paradis\Desktop\GIA400CR9.pdf
[2010-11-17 13:27:18 | 000,000,388 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010-11-17 01:54:30 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Anti-Rootkit.lnk
[2010-11-16 22:14:25 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Paradis\My Documents\~$ULIOT VS LATENDRESSE.docx
[2010-11-16 00:01:48 | 003,029,869 | ---- | C] () -- C:\Documents and Settings\Paradis\My Documents\Neil_Strauss_-The_Game.pdf
[2010-11-15 23:58:08 | 002,225,334 | ---- | C] () -- C:\Documents and Settings\Paradis\My Documents\Muscle-Explosion.pdf
[2010-11-15 23:55:20 | 001,521,414 | ---- | C] () -- C:\Documents and Settings\Paradis\My Documents\Sex God Method.pdf
[2010-11-15 23:55:20 | 001,420,814 | ---- | C] () -- C:\Documents and Settings\Paradis\My Documents\Sex_God_Method__Daniel_Rose_2nd_Edition.pdf
[2010-11-15 23:53:51 | 005,045,437 | ---- | C] () -- C:\Documents and Settings\Paradis\My Documents\Let there be Range (1).PDF
[2010-11-15 23:52:47 | 003,285,904 | ---- | C] () -- C:\Documents and Settings\Paradis\My Documents\How to Write a Business Plan.pdf
[2010-11-15 15:28:01 | 000,015,308 | ---- | C] () -- C:\WINDOWS\System32\535.js
[2010-11-14 19:58:25 | 000,000,229 | ---- | C] () -- C:\Documents and Settings\Paradis\Application Data\sdghzxfg.bat
[2010-11-09 22:28:06 | 000,012,400 | ---- | C] () -- C:\Documents and Settings\Paradis\My Documents\POULIOT VS LATENDRESSE.docx
[2010-11-01 21:24:15 | 000,090,324 | ---- | C] () -- C:\Documents and Settings\Paradis\My Documents\francais_Oral.pptx
[2010-11-01 08:48:04 | 000,031,798 | ---- | C] () -- C:\Documents and Settings\Paradis\My Documents\7_-_Nombres_complexes.docx
[2010-10-29 12:20:46 | 000,025,271 | ---- | C] () -- C:\Documents and Settings\Paradis\tmp.jpg
[2010-10-28 19:59:43 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010-10-28 19:59:41 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010-10-28 19:59:41 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010-10-28 19:59:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010-10-28 19:59:25 | 000,003,739 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010-10-28 19:02:49 | 000,036,439 | ---- | C] () -- C:\Documents and Settings\Paradis\My Documents\hor_GTI.pdf
[2010-10-28 19:01:10 | 000,103,607 | ---- | C] () -- C:\Documents and Settings\Paradis\My Documents\hor_MEC.pdf
[2010-10-28 11:05:14 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2010-10-28 11:05:14 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2010-10-25 21:09:44 | 000,066,696 | ---- | C] () -- C:\Documents and Settings\Paradis\My Documents\Rapport_TP2_LAVALLEE_SIMON_et_BEAULIEU_JEAN-FRANCOIS_et_PARADIS_GUILLAUME.docx
[2010-10-25 21:07:53 | 000,074,320 | ---- | C] () -- C:\Documents and Settings\Paradis\My Documents\Étude GTI310.docx
[2010-10-22 11:12:55 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Guitar Hero World Tour.lnk
[2010-08-11 16:34:18 | 000,000,183 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010-07-13 23:28:29 | 000,234,424 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010-05-09 21:02:51 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Antidote7.ini
[2010-05-04 08:33:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010-05-04 08:32:56 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR280.ini
[2009-12-16 21:04:31 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\KeDetective130.sys
[2009-12-16 19:16:50 | 000,018,866 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009-12-15 22:16:17 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\625385D79F.sys
[2009-12-15 22:13:59 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009-12-12 16:38:11 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009-11-06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-11-04 00:24:42 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2008-11-12 19:31:37 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Paradis\Application Data\PnkBstrK.sys
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-09-07 12:39:27 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008-05-29 09:15:29 | 000,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys
[2008-05-02 13:09:23 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008-05-02 13:08:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2008-05-02 13:07:49 | 000,386,600 | ---- | C] () -- C:\WINDOWS\System32\nxcooking.dll
[2008-05-02 13:06:42 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll
[2008-05-02 12:10:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008-04-02 13:09:24 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008-03-30 12:17:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-03-30 12:10:52 | 000,100,352 | ---- | C] () -- C:\Documents and Settings\Paradis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-03-29 16:44:09 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008-03-25 13:33:23 | 000,013,397 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008-03-25 13:32:58 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008-03-25 13:32:49 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008-03-25 10:17:27 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-03-25 10:17:27 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008-03-25 10:17:26 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-03-25 00:57:16 | 000,013,174 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008-03-25 00:41:05 | 000,000,907 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008-03-25 00:41:05 | 000,000,263 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008-03-25 00:11:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007-12-05 00:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007-05-11 15:12:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007-01-26 01:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007-01-26 01:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll

========== LOP Check ==========

[2010-07-08 12:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010-03-19 18:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009-12-29 02:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2010-05-04 08:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009-09-07 13:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2010-02-05 17:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FTWeak
[2008-05-27 14:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
[2009-12-12 16:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010-07-01 19:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2009-08-10 19:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008-12-02 22:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010-09-26 00:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010-01-14 16:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010-01-14 16:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
[2009-05-16 14:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2010-08-22 18:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010-01-19 17:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2009-01-26 19:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008-03-30 19:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-11-25 23:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2010-06-15 17:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009-04-24 15:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010-01-14 18:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Absolute Poker
[2010-07-08 12:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Autodesk
[2010-10-24 17:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\bizarre creations
[2010-01-14 16:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Blender Foundation
[2009-11-06 11:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Borderlands
[2010-09-26 00:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Cycling '74
[2008-03-25 11:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\DAEMON Tools
[2010-05-09 21:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Druide
[2010-02-05 17:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\FTWeak
[2010-01-26 23:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\GetRightToGo
[2010-07-20 00:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\IObit
[2009-12-12 16:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\iolo
[2008-11-24 23:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Leadertech
[2010-11-02 15:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\LimeWire
[2009-10-16 20:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009-12-08 16:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Microgaming
[2010-03-19 18:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Movienizer
[2010-09-26 00:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\PACE Anti-Piracy
[2009-10-28 00:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\runic games
[2009-01-26 19:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Sony
[2010-11-14 20:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\system
[2010-02-11 17:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\TeamViewer
[2009-11-28 02:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Touchstone
[2010-06-27 15:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\TS3Client
[2009-11-25 23:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Tunngle
[2010-01-13 19:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\UB
[2010-10-28 19:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\uTorrent
[2009-12-03 22:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paradis\Application Data\Wippien
[2010-11-21 03:02:44 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010-11-11 17:57:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2010-11-17 13:27:18 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1377 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:3dNo8XnNoiWwIgQqz9l
@Alternate Data Stream - 1332 bytes -> C:\Program Files\Common Files\System:SMZuU0QobaiPMFgTcIOGQks3a
@Alternate Data Stream - 1161 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:3CLXdNuXHhAat405GMa3z

< End of report >

Edited by Zamoune, 23 November 2010 - 02:13 PM.

  • 0

Advertisements

#2
Zamoune
Posted 21 November 2010 - 03:24 PM

Zamoune

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Refreshing the post, please help!

Edited by Zamoune, 22 November 2010 - 12:43 AM.

  • 0

#3
Zamoune
Posted 22 November 2010 - 05:24 PM

Zamoune

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
74 views, no answers could anyone help pleaseee! :S
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP