Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

searchqu.com browser redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

searchqu.com browser redirect

Unread postby eventhorizon » May 7th, 2011, 5:58 am

Greetings,
Apparently it was through the website ilivid.com that I got this searchqu.com/406 redirect to my Firefox homepage. Since then, I have deleted all files that seem to be connected to ilivid, deleted any shortcuts, run up-to-date Malwarebytes (nothing connected to this was found) and BitDefender IS2011 virus scans (nothing found). I also did a system restore to two days before the problem arose. I still got the redirect, but after a final re-setting of my Firefox homepage I no longer appear to get redirected to searchqu.com/406 BUT I can't access my normal homepage, getting a 404 error message. My webhosting service (CirtexHosting) is not down, from what I can see in the control panel for the website. Just to double check, I have contacted their customer service and await reply.

I hope you can help me clear up what is perhaps a residual problem with searchqu.

Your help is greatly appreciated!
Here are my logs as requested:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Glenn at 11:33:03,59 on 07/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3572.2280 [GMT 2:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Pare-feu *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\BitDefender\BitDefender 2011\seccenter.exe
C:\Program Files\BitDefender\BitDefender 2011\odscanui.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Glenn Smith\Mes documents\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/defau ... l=fr&s=gen
uInternet Settings,ProxyOverride = localhost;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2011\IEToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\glenn smith\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [<NO NAME>]
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2011\ieshow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2011\bdagent.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 8159217765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\glenns~1\applic~1\mozilla\firefox\profiles\jsuy2xfr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.conflictrecovery.org
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\bitdefender\bitdefender 2011\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\bitdefender\bitdefender 2011\bdaphffext\components\bdaphff3.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\glenn smith\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [2010-8-24 12960]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-6-26 812392]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-6-26 26984]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 376096]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-7-22 76288]
R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2011\updatesrv.exe [2010-8-10 43936]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-11-5 112512]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-4-22 149520]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\fichiers communs\bitdefender\bitdefender firewall\bdfndisf.sys [2010-6-18 111696]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-11-5 33832]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-11-5 244368]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-11-4 232744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-11 135664]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-11 135664]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]
S3 Update Server;BitDefender Update Server v2;c:\program files\fichiers communs\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2010-7-23 307544]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2010-6-28 633424]
S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2010-6-28 970320]
.
=============== Created Last 30 ================
.
2011-05-06 21:01:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Skype Extras
2011-05-06 15:28:00 388096 ----a-r- c:\docume~1\glenns~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-06 15:28:00 -------- d-----w- c:\program files\Trend Micro
2011-05-06 12:23:56 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-06 12:23:56 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-05 16:06:58 -------- d-----w- c:\docume~1\glenns~1\locals~1\applic~1\Ilivid Player
2011-05-05 16:05:20 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{CEEC46AF-A1E6-47D5-B85D-AE1AEF769F81}
2011-05-05 16:03:03 -------- d-----w- c:\docume~1\glenns~1\locals~1\applic~1\PackageAware
2011-04-30 09:23:35 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-04-30 09:23:35 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-30 09:23:35 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-04-30 09:23:35 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-30 09:23:35 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-30 09:23:35 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-04-30 09:23:35 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-30 09:23:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-15 14:39:20 1090952 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2011-04-14 10:20:48 -------- d-----w- c:\windows\ServicePackFiles
.
==================== Find3M ====================
.
2011-03-11 14:10:36 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2011-03-07 05:33:47 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:19 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:52:12 1867008 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:05:48 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:05:47 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:05:47 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:42:13 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:54:06 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 14:44:39 239104 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:54:09 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54:09 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:34:11 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:34:11 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-07-08 08:37:14 101544 ----a-w- c:\program files\fichiers communs\LinkInstaller.exe
.
============= FINISH: 11:33:57,56 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume2
Install Date: 10/11/2009 16:39:41
System Uptime: 07/05/2011 03:16:01 (8 hours ago)
.
Motherboard: Dell Inc. | | 0R906R
Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz | Microprocessor | 2792/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 167,209 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 5 GiB total, 0,815 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Carte Mini de réseau local sans fil N 1510 de Dell
Device ID: PCI\VEN_14E4&DEV_432B&SUBSYS_000D1028&REV_01\4&1CD20F91&0&00E1
Manufacturer: Broadcom
Name: Carte Mini de réseau local sans fil N 1510 de Dell
PNP Device ID: PCI\VEN_14E4&DEV_432B&SUBSYS_000D1028&REV_01\4&1CD20F91&0&00E1
Service: BCM43XX
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Carte réseau 1394
Device ID: V1394\NIC1394\28D6C090424FC000
Manufacturer: Microsoft
Name: Carte réseau 1394
PNP Device ID: V1394\NIC1394\28D6C090424FC000
Service: NIC1394
.
==== System Restore Points ===================
.
RP340: 06/02/2011 21:50:02 - Point de vérification système
RP341: 07/02/2011 22:17:45 - Point de vérification système
RP342: 08/02/2011 23:39:13 - Point de vérification système
RP343: 10/02/2011 00:31:21 - Software Distribution Service 3.0
RP344: 11/02/2011 07:30:55 - Point de vérification système
RP345: 12/02/2011 13:23:06 - Point de vérification système
RP346: 13/02/2011 14:51:35 - Point de vérification système
RP347: 14/02/2011 17:14:52 - Point de vérification système
RP348: 15/02/2011 22:05:18 - Point de vérification système
RP349: 17/02/2011 01:20:55 - Point de vérification système
RP350: 18/02/2011 08:15:46 - Point de vérification système
RP351: 19/02/2011 11:01:20 - Point de vérification système
RP352: 19/02/2011 19:59:39 - Software Distribution Service 3.0
RP353: 19/02/2011 20:25:33 - Software Distribution Service 3.0
RP354: 20/02/2011 23:06:36 - Point de vérification système
RP355: 22/02/2011 13:56:34 - Point de vérification système
RP356: 23/02/2011 14:53:02 - Point de vérification système
RP357: 24/02/2011 14:53:45 - Point de vérification système
RP358: 25/02/2011 16:38:13 - Point de vérification système
RP359: 26/02/2011 21:27:08 - Point de vérification système
RP360: 27/02/2011 22:13:58 - Point de vérification système
RP361: 28/02/2011 11:31:50 - DirectX est installé
RP362: 01/03/2011 12:36:58 - Point de vérification système
RP363: 01/03/2011 13:51:18 - Software Distribution Service 3.0
RP364: 02/03/2011 15:53:57 - Point de vérification système
RP365: 03/03/2011 18:53:34 - Point de vérification système
RP366: 04/03/2011 20:02:46 - Point de vérification système
RP367: 05/03/2011 21:13:12 - Point de vérification système
RP368: 06/03/2011 21:41:51 - Point de vérification système
RP369: 07/03/2011 22:15:30 - Point de vérification système
RP370: 09/03/2011 01:16:29 - Point de vérification système
RP371: 09/03/2011 23:33:31 - Software Distribution Service 3.0
RP372: 11/03/2011 20:50:12 - Point de vérification système
RP373: 12/03/2011 23:26:44 - Point de vérification système
RP374: 14/03/2011 00:28:28 - Point de vérification système
RP375: 15/03/2011 09:29:15 - Point de vérification système
RP376: 16/03/2011 13:25:41 - Point de vérification système
RP377: 17/03/2011 14:26:58 - Point de vérification système
RP378: 18/03/2011 17:46:55 - Point de vérification système
RP379: 19/03/2011 18:19:14 - Point de vérification système
RP380: 20/03/2011 18:38:21 - Point de vérification système
RP381: 21/03/2011 20:06:30 - Point de vérification système
RP382: 22/03/2011 23:19:01 - Point de vérification système
RP383: 24/03/2011 09:12:18 - Software Distribution Service 3.0
RP384: 26/03/2011 11:31:05 - Point de vérification système
RP385: 28/03/2011 09:15:35 - Point de vérification système
RP386: 29/03/2011 21:08:12 - Point de vérification système
RP387: 31/03/2011 18:49:08 - Point de vérification système
RP388: 01/04/2011 18:54:36 - Point de vérification système
RP389: 02/04/2011 20:40:42 - Point de vérification système
RP390: 04/04/2011 10:57:15 - Point de vérification système
RP391: 05/04/2011 15:38:50 - Point de vérification système
RP392: 07/04/2011 10:33:56 - Point de vérification système
RP393: 08/04/2011 10:54:34 - Point de vérification système
RP394: 10/04/2011 21:50:30 - Point de vérification système
RP395: 13/04/2011 20:21:21 - Point de vérification système
RP396: 14/04/2011 12:07:06 - Software Distribution Service 3.0
RP397: 14/04/2011 16:57:04 - Software Distribution Service 3.0
RP398: 15/04/2011 18:18:06 - Point de vérification système
RP399: 16/04/2011 18:56:39 - Point de vérification système
RP400: 17/04/2011 22:13:46 - Point de vérification système
RP401: 19/04/2011 14:08:53 - Point de vérification système
RP402: 20/04/2011 20:37:20 - Point de vérification système
RP403: 22/04/2011 00:10:21 - Point de vérification système
RP404: 22/04/2011 01:09:40 - Software Distribution Service 3.0
RP405: 25/04/2011 21:49:18 - Point de vérification système
RP406: 26/04/2011 21:54:23 - Point de vérification système
RP407: 27/04/2011 22:47:27 - Point de vérification système
RP408: 27/04/2011 23:48:46 - Software Distribution Service 3.0
RP409: 29/04/2011 19:41:01 - Point de vérification système
RP410: 30/04/2011 22:41:05 - Point de vérification système
RP411: 01/05/2011 22:55:31 - Point de vérification système
RP412: 03/05/2011 17:15:46 - Point de vérification système
RP413: 05/05/2011 10:25:31 - Point de vérification système
RP414: 06/05/2011 10:41:46 - Point de vérification système
RP415: 06/05/2011 14:14:55 - Opération de restauration
RP416: 06/05/2011 14:22:33 - Opération de restauration
RP417: 06/05/2011 14:23:21 - Opération de restauration
RP418: 06/05/2011 17:27:59 - Installed HiJackThis
RP419: 06/05/2011 22:57:38 - Removed Adobe Reader 9.4.4 - Français.
RP420: 06/05/2011 22:58:06 - Installed Adobe Reader X (10.0.1) - Français.
RP421: 06/05/2011 23:03:33 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader X (10.0.1) - Français
All Day Battery Life Configuration
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
ArcSoft Software Suite
Assistant de connexion Windows Live ID
AviSynth 2.5
BioAPI Framework
BitDefender Internet Security 2011
Bonjour
Canon CanoScan Toolbox 4.1
CCleaner
Conexant HDA D330 MDC V.92 Modem
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB2158563)
Correctif pour Windows XP (KB2443685)
Correctif pour Windows XP (KB932716-v2)
Correctif pour Windows XP (KB945436)
Correctif pour Windows XP (KB949764)
Correctif pour Windows XP (KB952287)
Correctif pour Windows XP (KB953955)
Correctif pour Windows XP (KB954434)
Correctif pour Windows XP (KB958347)
Correctif pour Windows XP (KB959252)
Correctif pour Windows XP (KB961118)
Correctif pour Windows XP (KB968764)
Correctif pour Windows XP (KB970653-v3)
Correctif pour Windows XP (KB976098-v2)
Correctif pour Windows XP (KB979306)
Correctif pour Windows XP (KB981793)
db-reader 2.2
DCP32MMWrapper
Defraggler
Dell Control Point
Dell ControlPoint Connection Manager
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell ControlVault Host Components Installer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
Digital Line Detect
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
FrontPage Express 2.02
Gemalto
GIMP 2.6.9
Google Chrome
Google Update Helper
Google Earth
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Intel(R) Network Connections 13.0.42.0
Intel(R) PRO Alerting Agent
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Lecteur Windows Media 11
Logiciel QuickCam de Logitech
Logitech Desktop Messenger
Macromedia Dreamweaver MX
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Manual CanoScan 9900F
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile FRA Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mise à jour de sécurité pour Lecteur Windows Media (KB2378111)
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)
Mise à jour de sécurité pour Lecteur Windows Media (KB975558)
Mise à jour de sécurité pour Lecteur Windows Media (KB978695)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2183461)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2360131)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2416400)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2482017)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2497640)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2510531)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB978207)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)
Mise à jour de sécurité pour Windows XP (KB2079403)
Mise à jour de sécurité pour Windows XP (KB2115168)
Mise à jour de sécurité pour Windows XP (KB2121546)
Mise à jour de sécurité pour Windows XP (KB2160329)
Mise à jour de sécurité pour Windows XP (KB2229593)
Mise à jour de sécurité pour Windows XP (KB2259922)
Mise à jour de sécurité pour Windows XP (KB2279986)
Mise à jour de sécurité pour Windows XP (KB2286198)
Mise à jour de sécurité pour Windows XP (KB2296011)
Mise à jour de sécurité pour Windows XP (KB2296199)
Mise à jour de sécurité pour Windows XP (KB2347290)
Mise à jour de sécurité pour Windows XP (KB2360937)
Mise à jour de sécurité pour Windows XP (KB2387149)
Mise à jour de sécurité pour Windows XP (KB2393802)
Mise à jour de sécurité pour Windows XP (KB2412687)
Mise à jour de sécurité pour Windows XP (KB2419632)
Mise à jour de sécurité pour Windows XP (KB2423089)
Mise à jour de sécurité pour Windows XP (KB2436673)
Mise à jour de sécurité pour Windows XP (KB2440591)
Mise à jour de sécurité pour Windows XP (KB2443105)
Mise à jour de sécurité pour Windows XP (KB2476687)
Mise à jour de sécurité pour Windows XP (KB2478960)
Mise à jour de sécurité pour Windows XP (KB2478971)
Mise à jour de sécurité pour Windows XP (KB2479628)
Mise à jour de sécurité pour Windows XP (KB2479943)
Mise à jour de sécurité pour Windows XP (KB2481109)
Mise à jour de sécurité pour Windows XP (KB2483185)
Mise à jour de sécurité pour Windows XP (KB2485376)
Mise à jour de sécurité pour Windows XP (KB2485663)
Mise à jour de sécurité pour Windows XP (KB2491683)
Mise à jour de sécurité pour Windows XP (KB2503658)
Mise à jour de sécurité pour Windows XP (KB2506212)
Mise à jour de sécurité pour Windows XP (KB2506223)
Mise à jour de sécurité pour Windows XP (KB2507618)
Mise à jour de sécurité pour Windows XP (KB2508272)
Mise à jour de sécurité pour Windows XP (KB2508429)
Mise à jour de sécurité pour Windows XP (KB2509553)
Mise à jour de sécurité pour Windows XP (KB2511455)
Mise à jour de sécurité pour Windows XP (KB2524375)
Mise à jour de sécurité pour Windows XP (KB923561)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952004)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB954211)
Mise à jour de sécurité pour Windows XP (KB954459)
Mise à jour de sécurité pour Windows XP (KB954600)
Mise à jour de sécurité pour Windows XP (KB955069)
Mise à jour de sécurité pour Windows XP (KB956572)
Mise à jour de sécurité pour Windows XP (KB956744)
Mise à jour de sécurité pour Windows XP (KB956802)
Mise à jour de sécurité pour Windows XP (KB956803)
Mise à jour de sécurité pour Windows XP (KB956841)
Mise à jour de sécurité pour Windows XP (KB956844)
Mise à jour de sécurité pour Windows XP (KB957095)
Mise à jour de sécurité pour Windows XP (KB957097)
Mise à jour de sécurité pour Windows XP (KB958215)
Mise à jour de sécurité pour Windows XP (KB958644)
Mise à jour de sécurité pour Windows XP (KB958687)
Mise à jour de sécurité pour Windows XP (KB958690)
Mise à jour de sécurité pour Windows XP (KB958869)
Mise à jour de sécurité pour Windows XP (KB959426)
Mise à jour de sécurité pour Windows XP (KB960225)
Mise à jour de sécurité pour Windows XP (KB960714)
Mise à jour de sécurité pour Windows XP (KB960715)
Mise à jour de sécurité pour Windows XP (KB960803)
Mise à jour de sécurité pour Windows XP (KB960859)
Mise à jour de sécurité pour Windows XP (KB961371-v2)
Mise à jour de sécurité pour Windows XP (KB961373)
Mise à jour de sécurité pour Windows XP (KB961501)
Mise à jour de sécurité pour Windows XP (KB963027)
Mise à jour de sécurité pour Windows XP (KB968537)
Mise à jour de sécurité pour Windows XP (KB969059)
Mise à jour de sécurité pour Windows XP (KB969897)
Mise à jour de sécurité pour Windows XP (KB969898)
Mise à jour de sécurité pour Windows XP (KB969947)
Mise à jour de sécurité pour Windows XP (KB970238)
Mise à jour de sécurité pour Windows XP (KB970430)
Mise à jour de sécurité pour Windows XP (KB971468)
Mise à jour de sécurité pour Windows XP (KB971486)
Mise à jour de sécurité pour Windows XP (KB971557)
Mise à jour de sécurité pour Windows XP (KB971633)
Mise à jour de sécurité pour Windows XP (KB971657)
Mise à jour de sécurité pour Windows XP (KB971961)
Mise à jour de sécurité pour Windows XP (KB972260)
Mise à jour de sécurité pour Windows XP (KB972270)
Mise à jour de sécurité pour Windows XP (KB973346)
Mise à jour de sécurité pour Windows XP (KB973354)
Mise à jour de sécurité pour Windows XP (KB973507)
Mise à jour de sécurité pour Windows XP (KB973525)
Mise à jour de sécurité pour Windows XP (KB973869)
Mise à jour de sécurité pour Windows XP (KB973904)
Mise à jour de sécurité pour Windows XP (KB974112)
Mise à jour de sécurité pour Windows XP (KB974318)
Mise à jour de sécurité pour Windows XP (KB974392)
Mise à jour de sécurité pour Windows XP (KB974455)
Mise à jour de sécurité pour Windows XP (KB974571)
Mise à jour de sécurité pour Windows XP (KB975025)
Mise à jour de sécurité pour Windows XP (KB975467)
Mise à jour de sécurité pour Windows XP (KB975560)
Mise à jour de sécurité pour Windows XP (KB975561)
Mise à jour de sécurité pour Windows XP (KB975562)
Mise à jour de sécurité pour Windows XP (KB975713)
Mise à jour de sécurité pour Windows XP (KB977165)
Mise à jour de sécurité pour Windows XP (KB977816)
Mise à jour de sécurité pour Windows XP (KB977914)
Mise à jour de sécurité pour Windows XP (KB978037)
Mise à jour de sécurité pour Windows XP (KB978251)
Mise à jour de sécurité pour Windows XP (KB978262)
Mise à jour de sécurité pour Windows XP (KB978338)
Mise à jour de sécurité pour Windows XP (KB978542)
Mise à jour de sécurité pour Windows XP (KB978601)
Mise à jour de sécurité pour Windows XP (KB978706)
Mise à jour de sécurité pour Windows XP (KB979309)
Mise à jour de sécurité pour Windows XP (KB979482)
Mise à jour de sécurité pour Windows XP (KB979559)
Mise à jour de sécurité pour Windows XP (KB979683)
Mise à jour de sécurité pour Windows XP (KB979687)
Mise à jour de sécurité pour Windows XP (KB980195)
Mise à jour de sécurité pour Windows XP (KB980218)
Mise à jour de sécurité pour Windows XP (KB980232)
Mise à jour de sécurité pour Windows XP (KB980436)
Mise à jour de sécurité pour Windows XP (KB981322)
Mise à jour de sécurité pour Windows XP (KB981852)
Mise à jour de sécurité pour Windows XP (KB981957)
Mise à jour de sécurité pour Windows XP (KB981997)
Mise à jour de sécurité pour Windows XP (KB982132)
Mise à jour de sécurité pour Windows XP (KB982214)
Mise à jour de sécurité pour Windows XP (KB982665)
Mise à jour de sécurité pour Windows XP (KB982802)
Mise à jour pour Microsoft Windows (KB971513)
Mise à jour pour Windows Internet Explorer 8 (KB2447568)
Mise à jour pour Windows Internet Explorer 8 (KB975364)
Mise à jour pour Windows Internet Explorer 8 (KB976662)
Mise à jour pour Windows Internet Explorer 8 (KB976749)
Mise à jour pour Windows Internet Explorer 8 (KB978506)
Mise à jour pour Windows Internet Explorer 8 (KB980182)
Mise à jour pour Windows Internet Explorer 8 (KB980302)
Mise à jour pour Windows Internet Explorer 8 (KB982632)
Mise à jour pour Windows Internet Explorer 8 (KB982664)
Mise à jour pour Windows XP (KB2141007)
Mise à jour pour Windows XP (KB2345886)
Mise à jour pour Windows XP (KB2467659)
Mise à jour pour Windows XP (KB2492386)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB951618-v2)
Mise à jour pour Windows XP (KB951978)
Mise à jour pour Windows XP (KB955759)
Mise à jour pour Windows XP (KB955839)
Mise à jour pour Windows XP (KB961503)
Mise à jour pour Windows XP (KB967715)
Mise à jour pour Windows XP (KB968389)
Mise à jour pour Windows XP (KB971029)
Mise à jour pour Windows XP (KB971737)
Mise à jour pour Windows XP (KB973687)
Mise à jour pour Windows XP (KB973815)
MobileMe Control Panel
Modem Diagnostic Tool
Module de compatibilité pour Microsoft Office System 2007
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Module linguistique Microsoft .NET Framework 4 Client Profile FRA
Mozilla Firefox 4.0.1 (x86 fr)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser (KB933579)
NetWaiting
NTRU TCG Software Stack
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OmniPage SE
Package de base Microsoft de service de chiffrement pour cartes à puce
Package de pilotes Windows - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
PHOTOfunSTUDIO -viewer-
PMB
PowerDVD DX
Preboot Manager
Presto! PageManager 6
Private Information Manager
Programme de gestion Camera de Logitech®
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Runtime
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Windows Search 4 - KB963093
Security Wizards
Sibelius Scorch (Firefox, Opera, Netscape only)
Skype Toolbars
Skype™ 5.3
SO32MMWrapper
Spybot - Search & Destroy
SRS Premium Sound
Stellarium 0.10.4
Trusted Drive Manager
tsp patch
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Utilitaire de la carte réseau local sans fil Wireless de Dell
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
WinRAR archiver
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
YouTube Downloader App 3.00
.
==== End Of File ===========================
eventhorizon
Regular Member
 
Posts: 22
Joined: May 6th, 2011, 11:13 am
Advertisement
Register to Remove

Re: searchqu.com browser redirect

Unread postby pgmigg » May 8th, 2011, 12:57 am

Hello eventhorizon,

Welcome to the forum!

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but hopefully not too much.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean"

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: searchqu.com browser redirect

Unread postby pgmigg » May 10th, 2011, 10:22 am

Hello eventhorizon,

Thank you for your patience. Lets do one more scan...

Step 1.
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS/TDL variants.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: searchqu.com browser redirect

Unread postby eventhorizon » May 11th, 2011, 4:30 am

Hi pgmigg,

The TDSSKiller scan completed with nothing found. Here is the log file:

2011/05/11 10:20:40.0296 4680 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/11 10:20:42.0328 4680 ================================================================================
2011/05/11 10:20:42.0328 4680 SystemInfo:
2011/05/11 10:20:42.0328 4680
2011/05/11 10:20:42.0328 4680 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/11 10:20:42.0328 4680 Product type: Workstation
2011/05/11 10:20:42.0328 4680 ComputerName: GLENN_WORK
2011/05/11 10:20:42.0328 4680 UserName: Glenn Smith
2011/05/11 10:20:42.0328 4680 Windows directory: C:\WINDOWS
2011/05/11 10:20:42.0328 4680 System windows directory: C:\WINDOWS
2011/05/11 10:20:42.0328 4680 Processor architecture: Intel x86
2011/05/11 10:20:42.0328 4680 Number of processors: 2
2011/05/11 10:20:42.0328 4680 Page size: 0x1000
2011/05/11 10:20:42.0328 4680 Boot type: Normal boot
2011/05/11 10:20:42.0328 4680 ================================================================================
2011/05/11 10:20:42.0625 4680 Initialize success
2011/05/11 10:21:07.0000 4704 ================================================================================
2011/05/11 10:21:07.0000 4704 Scan started
2011/05/11 10:21:07.0000 4704 Mode: Manual;
2011/05/11 10:21:07.0000 4704 ================================================================================
2011/05/11 10:21:07.0296 4704 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/11 10:21:07.0484 4704 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/11 10:21:07.0515 4704 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/11 10:21:07.0593 4704 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/11 10:21:07.0656 4704 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/11 10:21:07.0718 4704 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
2011/05/11 10:21:07.0796 4704 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/05/11 10:21:07.0875 4704 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/11 10:21:07.0906 4704 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/11 10:21:07.0921 4704 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/11 10:21:07.0984 4704 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/11 10:21:08.0015 4704 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/11 10:21:08.0031 4704 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/11 10:21:08.0062 4704 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/11 10:21:08.0078 4704 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/11 10:21:08.0093 4704 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/11 10:21:08.0156 4704 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/11 10:21:08.0218 4704 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/05/11 10:21:08.0265 4704 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/11 10:21:08.0312 4704 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/11 10:21:08.0359 4704 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/11 10:21:08.0375 4704 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/11 10:21:08.0406 4704 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/11 10:21:08.0515 4704 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/11 10:21:08.0546 4704 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/11 10:21:08.0562 4704 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/11 10:21:08.0625 4704 avc3 (c6cf76384dfc739b0be55abb79ad4dc0) C:\WINDOWS\system32\drivers\avc3.sys
2011/05/11 10:21:08.0687 4704 avckf (b758a219e95c085405b1e356a8267610) C:\WINDOWS\system32\drivers\avckf.sys
2011/05/11 10:21:08.0781 4704 BCM43XX (fe4ed785396eaa554c561992106a35fa) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/05/11 10:21:08.0906 4704 BDFM (54dbdd2ddb11776f1ebb85ccaba718bf) C:\WINDOWS\system32\DRIVERS\bdfm.sys
2011/05/11 10:21:09.0000 4704 Bdfndisf (3b3ad83054c650cf7cdeb0d5ecbd54e1) C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdfndisf.sys
2011/05/11 10:21:09.0046 4704 bdfsfltr (4c44d82e372a87b3cb439a7f14cfef03) C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
2011/05/11 10:21:09.0078 4704 Bdftdif (c23a8547d5ea6d0c3589961bfb7ff6d3) C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys
2011/05/11 10:21:09.0125 4704 BdRawPr (d077f523538c9fb83b3c3fae13861579) C:\WINDOWS\system32\DRIVERS\bdrawpr.sys
2011/05/11 10:21:09.0187 4704 bdselfpr (b6c3cb5978d91eabf405709fb0f0dbe9) C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys
2011/05/11 10:21:09.0265 4704 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/11 10:21:09.0359 4704 BTKRNL (38a3331e2f690d4cdc9de0604b9416e5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/05/11 10:21:09.0453 4704 BTWUSB (d5af663711660d32ec230c6aaf7b6b83) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/05/11 10:21:09.0500 4704 CamDrL (cba8bce5bf67a3c619d5ce540bed9cf7) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
2011/05/11 10:21:09.0578 4704 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/11 10:21:09.0593 4704 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/11 10:21:09.0640 4704 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/11 10:21:09.0671 4704 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/11 10:21:09.0687 4704 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/11 10:21:09.0718 4704 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/11 10:21:09.0781 4704 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/11 10:21:09.0875 4704 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/11 10:21:09.0906 4704 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/11 10:21:09.0921 4704 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/11 10:21:09.0937 4704 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/11 10:21:10.0015 4704 cvusbdrv (ee773b1806a93a86283b10facebe57db) C:\WINDOWS\system32\Drivers\cvusbdrv.sys
2011/05/11 10:21:10.0046 4704 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/11 10:21:10.0078 4704 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/11 10:21:10.0109 4704 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/11 10:21:10.0140 4704 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/11 10:21:10.0187 4704 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/11 10:21:10.0234 4704 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/11 10:21:10.0281 4704 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/11 10:21:10.0343 4704 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/11 10:21:10.0593 4704 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/11 10:21:10.0671 4704 e1yexpress (10cbd2b278ce365b41de378632cb5ddb) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
2011/05/11 10:21:10.0734 4704 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/11 10:21:10.0781 4704 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/11 10:21:10.0843 4704 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/11 10:21:10.0859 4704 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/11 10:21:10.0906 4704 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/11 10:21:10.0968 4704 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/11 10:21:11.0015 4704 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/11 10:21:11.0093 4704 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/11 10:21:11.0125 4704 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/11 10:21:11.0140 4704 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/11 10:21:11.0156 4704 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/11 10:21:11.0203 4704 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/11 10:21:11.0265 4704 HSFHWAZL (f25bb78b0063a8e8fceff33493c305e0) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/05/11 10:21:11.0312 4704 HSF_DPV (04d872629e0afcb07ba9088eaa308c11) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/11 10:21:11.0484 4704 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/11 10:21:11.0500 4704 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/11 10:21:11.0531 4704 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/11 10:21:11.0546 4704 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/11 10:21:11.0640 4704 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys
2011/05/11 10:21:11.0656 4704 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/11 10:21:11.0687 4704 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/11 10:21:11.0750 4704 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/11 10:21:11.0765 4704 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/11 10:21:11.0859 4704 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/11 10:21:11.0875 4704 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/11 10:21:11.0906 4704 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/11 10:21:11.0937 4704 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/11 10:21:11.0968 4704 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/11 10:21:12.0000 4704 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/11 10:21:12.0015 4704 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/11 10:21:12.0046 4704 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/11 10:21:12.0078 4704 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/11 10:21:12.0109 4704 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/11 10:21:12.0156 4704 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/11 10:21:12.0218 4704 LVUSBSta (90259f3a20fbaec1a08d74ef5415b9d8) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/05/11 10:21:12.0250 4704 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/11 10:21:12.0265 4704 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/11 10:21:12.0281 4704 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/11 10:21:12.0296 4704 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/11 10:21:12.0343 4704 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/11 10:21:12.0359 4704 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/11 10:21:12.0406 4704 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/11 10:21:12.0421 4704 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/11 10:21:12.0453 4704 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/11 10:21:12.0500 4704 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/11 10:21:12.0531 4704 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/11 10:21:12.0562 4704 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/11 10:21:12.0562 4704 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/11 10:21:12.0609 4704 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/11 10:21:12.0640 4704 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/11 10:21:12.0671 4704 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/11 10:21:12.0750 4704 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/11 10:21:12.0796 4704 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/11 10:21:12.0828 4704 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/11 10:21:12.0859 4704 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/11 10:21:12.0890 4704 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/11 10:21:12.0921 4704 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/11 10:21:12.0953 4704 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/11 10:21:12.0953 4704 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/11 10:21:13.0000 4704 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/11 10:21:13.0046 4704 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/11 10:21:13.0062 4704 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/11 10:21:13.0125 4704 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/11 10:21:13.0140 4704 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/11 10:21:13.0296 4704 nv (3de17fbc295d1c996890ed1315b7d42e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/11 10:21:13.0531 4704 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/11 10:21:13.0546 4704 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/11 10:21:13.0562 4704 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/11 10:21:13.0609 4704 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/11 10:21:13.0625 4704 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/11 10:21:13.0656 4704 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/11 10:21:13.0687 4704 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
2011/05/11 10:21:13.0718 4704 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
2011/05/11 10:21:13.0750 4704 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/11 10:21:13.0796 4704 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/11 10:21:13.0828 4704 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/11 10:21:13.0890 4704 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/11 10:21:13.0953 4704 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/11 10:21:14.0015 4704 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/11 10:21:14.0031 4704 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/11 10:21:14.0046 4704 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/11 10:21:14.0093 4704 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/11 10:21:14.0171 4704 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/11 10:21:14.0203 4704 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/11 10:21:14.0234 4704 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/11 10:21:14.0265 4704 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/11 10:21:14.0328 4704 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/11 10:21:14.0359 4704 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/11 10:21:14.0390 4704 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/11 10:21:14.0453 4704 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/11 10:21:14.0468 4704 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/11 10:21:14.0515 4704 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/11 10:21:14.0531 4704 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/11 10:21:14.0593 4704 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/11 10:21:14.0640 4704 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/11 10:21:14.0687 4704 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/11 10:21:14.0765 4704 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/05/11 10:21:14.0843 4704 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/11 10:21:14.0875 4704 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/11 10:21:14.0921 4704 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/11 10:21:14.0953 4704 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/11 10:21:15.0015 4704 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/11 10:21:15.0093 4704 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/11 10:21:15.0125 4704 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/11 10:21:15.0171 4704 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/11 10:21:15.0203 4704 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/11 10:21:15.0281 4704 SRS_PremiumSound_Service (584477fdfa731af4635f5875c6b52531) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
2011/05/11 10:21:15.0343 4704 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/11 10:21:15.0531 4704 STHDA (1b76479b80ff0f6e245ba590a64102be) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/11 10:21:15.0609 4704 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/11 10:21:15.0640 4704 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/11 10:21:15.0671 4704 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/11 10:21:15.0734 4704 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/11 10:21:15.0765 4704 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/11 10:21:15.0812 4704 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/11 10:21:15.0843 4704 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/11 10:21:15.0875 4704 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/11 10:21:15.0968 4704 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/11 10:21:16.0000 4704 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/11 10:21:16.0031 4704 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/11 10:21:16.0046 4704 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/11 10:21:16.0109 4704 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/11 10:21:16.0203 4704 Trufos (29c497fc09c655b7bafcfafb6e76b8eb) C:\WINDOWS\system32\DRIVERS\Trufos.sys
2011/05/11 10:21:16.0250 4704 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/11 10:21:16.0281 4704 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/11 10:21:16.0343 4704 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/11 10:21:16.0453 4704 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/11 10:21:16.0500 4704 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/11 10:21:16.0546 4704 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/11 10:21:16.0625 4704 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
2011/05/11 10:21:16.0687 4704 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/11 10:21:16.0703 4704 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/11 10:21:16.0765 4704 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/11 10:21:16.0843 4704 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/11 10:21:16.0906 4704 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/11 10:21:16.0937 4704 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/11 10:21:16.0953 4704 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/11 10:21:16.0984 4704 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/11 10:21:17.0046 4704 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/11 10:21:17.0078 4704 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/11 10:21:17.0125 4704 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/11 10:21:17.0187 4704 WavxDMgr (e1369c7a53c76eb681afd0eba348b45a) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
2011/05/11 10:21:17.0265 4704 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/11 10:21:17.0343 4704 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/11 10:21:17.0390 4704 winachsf (2760c329ac300ed64c3dba8cda599cda) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/11 10:21:17.0546 4704 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/11 10:21:17.0625 4704 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/11 10:21:17.0671 4704 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/11 10:21:17.0703 4704 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/11 10:21:17.0750 4704 ================================================================================
2011/05/11 10:21:17.0750 4704 Scan finished
2011/05/11 10:21:17.0750 4704 ================================================================================
eventhorizon
Regular Member
 
Posts: 22
Joined: May 6th, 2011, 11:13 am

Re: searchqu.com browser redirect

Unread postby eventhorizon » May 11th, 2011, 5:31 am

This is to update regarding the minor issue awaiting response from my hosting service. From my first posting on this thread:

<<snip>> I no longer appear to get redirected to searchqu.com/406 BUT I can't access my normal homepage, getting a 404 error message. My webhosting service (CirtexHosting) is not down, from what I can see in the control panel for the website. Just to double check, I have contacted their customer service and await reply. <</snip>>

Access to the site has been resolved by the hosting service.

I will await your verdict on the log file just sent.
eventhorizon
Regular Member
 
Posts: 22
Joined: May 6th, 2011, 11:13 am

Re: searchqu.com browser redirect

Unread postby pgmigg » May 12th, 2011, 9:56 am

Hello eventhorizon,

Thank you for your patience and additional notes.
Please read carefully my instruction below and print it out because you will not have Internet access during this action...

Step 1.
Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: searchqu.com browser redirect

Unread postby eventhorizon » May 12th, 2011, 6:35 pm

Hello pgmigg,

I followed your instructions but did not get the dialog boxes figured above. First I undid my LAN cable and turned off the BitDefender antivirus and Bit Defender firewall for one hour. I double clicked on ComboFixc icon and a small rectangle appeared to show scanning progress. At one point, I got two lightning fast popups which I barely noticed, alerting me to two separate issues with BitDefender, something such as "suspicious activity" or "illegal process". I would have remembered better or written the details down, but I thought ComboFix was going to complete a scan and automatically generate a report. As it turned out, the program did nothing else after flashing the info on the two BitDefender issues and subsequently I was unable to locate any report in C:/.

Should I run ComboFix again? Given your warning about this program, I want to check with you first!

Many thanks for your continuing help. Glenn
eventhorizon
Regular Member
 
Posts: 22
Joined: May 6th, 2011, 11:13 am

Re: searchqu.com browser redirect

Unread postby pgmigg » May 13th, 2011, 11:34 am

Hello eventhorizon,

The bad result is a result too. :) Don't worry and let change a tool - I will give you detailed instructions...
Actually, you don't need to unplug your LAN cable during any manipulations with Disabling/Enabling of your defense software.
Please read carefully my instruction below and print it out because your Internet access may be interrupted during processing...

Step 1.
OTL - System Scan
Please download OTL.exe ... by Old Timer . Save it to your Desktop
Important! Close all applications and windows so that you have nothing open and are at your Desktop...
  1. Double click on the OTL icon to run it. Keep all other windows closed and let OTL run uninterrupted.
  2. When the window appears, underneath Output at the top, make sure Minimal Output is selected.
  3. Under the Standard Registry box change it to All.
  4. Check/tick the boxes beside LOP Check and Purity Check.
  5. Highlight the following bold text with your mouse and press Ctrl + C on your keyboard:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles


  6. Click under the Custom Scan box and press Ctrl + V on your keyboard to paste the above.
  7. Click the Run Scan button. The scan won't take long.
  8. When the scan completes, Notepad will open (2 windows) with files: OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • OTListIt.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  9. Please post the contents of both OTListIt.txt and Extras.txt files in your next reply.

Please include in your next reply:
  1. Any problem executing the instructions?
  2. Contents of OTListIt.txt file.
  3. Contents of Extras.txt file.

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: searchqu.com browser redirect

Unread postby eventhorizon » May 16th, 2011, 8:56 am

Hello pgmigg,

I had no difficulty this time with OTL. The two reports generated are posted below. Extras had to be posted separately due to size limitations.
Incidently, I just realized that although my homepage remains as I redefined it last week, if I type search terms directly in the browser line the search is carried out by searchqu in FireFox 4.01 (same happens with GoogleChrome, though not with IE8, which retains my chosen search engine).
Thanks again!
eventhorizon

OTL logfile created on: 16/05/2011 14:20:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Glenn Smith\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297,89 Gb Total Space | 167,07 Gb Free Space | 56,08% Space Free | Partition Type: NTFS

Computer Name: GLENN_WORK | User Name: Glenn Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Glenn Smith\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
PRC - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
PRC - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)
PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Glenn Smith\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\Program Files\BitDefender\BitDefender 2011\pchook32.dll (BitDefender S.R.L.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()


========== Win32 Services (SafeList) ==========

SRV - (getPlusHelper) getPlus(R) -- File not found
SRV - (Updatesrv) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe (BitDefender S.R.L.)
SRV - (Update Server) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender)
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.)
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
SRV - (dcpsysmgrsvc) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
SRV - (wlidsvc) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (STacSV) -- c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (stllssvr) -- c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (ACDaemon) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)
SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (PROCEXP113) -- C:\WINDOWS\system32\drivers\PROCEXP113.SYS (Sysinternals - www.sysinternals.com)
DRV - (bdselfpr) -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender LLC)
DRV - (Trufos) -- C:\WINDOWS\system32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (Bdfndisf) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdfndisf.sys (BitDefender)
DRV - (Bdftdif) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys (BitDefender)
DRV - (avckf) -- C:\WINDOWS\system32\drivers\avckf.sys (BitDefender)
DRV - (avc3) -- C:\WINDOWS\system32\drivers\avc3.sys (BitDefender)
DRV - (BdRawPr) -- C:\WINDOWS\system32\drivers\bdrawpr.sys (BITDEFENDER LLC)
DRV - (BDFM) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (CamDrL) Logitech QuickCam Pro 3000(CamDrl) -- C:\WINDOWS\system32\drivers\Camdrl.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.conflictrecovery.org"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {e55904c8-769b-4ffe-8d47-48f411f37d22}:2.0.2
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/11 01:58:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011/03/30 16:19:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/04 22:03:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/20 20:37:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 11:23:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 22:58:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2010/09/15 00:38:39 | 000,000,000 | ---D | M]

[2011/05/05 23:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenn Smith\Application Data\Mozilla\Extensions
[2009/11/11 02:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenn Smith\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/05/05 23:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenn Smith\Application Data\Mozilla\Firefox\Profiles\jsuy2xfr.default\extensions
[2010/04/30 11:40:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Glenn Smith\Application Data\Mozilla\Firefox\Profiles\jsuy2xfr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Application Data\Mozilla\Firefox\Profiles\jsuy2xfr.default\searchplugins\SearchquWebSearch.xml
[2011/05/06 23:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/06 23:01:29 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/30 11:23:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/09/30 13:28:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/30 16:19:33 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
[2009/11/04 22:03:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 18:47:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2011/01/30 17:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2011/03/20 20:37:49 | 000,150,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2010/12/24 00:42:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/12/24 00:42:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/12/24 00:42:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/12/24 00:42:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/12/24 00:42:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/12/24 00:42:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/12/24 00:42:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2011/03/20 20:38:02 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2011/03/20 20:37:40 | 000,100,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/11/28 13:10:16 | 008,467,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll
[2009/11/24 14:14:50 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/11/28 13:10:18 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/01 10:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011/03/23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/12/14 22:47:09 | 000,427,067 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14708 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Liens) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8159217765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 20:00:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (66441705255075840)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 13:54:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Glenn Smith\Bureau\OTL.exe
[2011/05/15 14:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-05-15
[2011/05/12 23:24:17 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/12 23:24:13 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/05/12 23:23:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/12 23:22:56 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/05/11 10:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-05-11
[2011/05/11 10:09:28 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Glenn Smith\Bureau\tdsskiller.exe
[2011/05/10 21:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-05-10
[2011/05/09 10:44:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Glenn Smith\Recent
[2011/05/09 00:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-05-09
[2011/05/08 19:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\J_bac_2011-05-08
[2011/05/06 23:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/06 23:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype
[2011/05/06 23:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype
[2011/05/06 22:59:30 | 001,029,512 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Glenn Smith\Mes documents\SkypeSetup.exe
[2011/05/06 22:55:38 | 047,929,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Glenn Smith\Mes documents\AdbeRdr1001_fr_FR.exe
[2011/05/06 19:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\CSFRS
[2011/05/06 17:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/06 17:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Menu Démarrer\Programmes\HiJackThis
[2011/05/05 18:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\Ilivid Player
[2011/05/05 18:05:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CEEC46AF-A1E6-47D5-B85D-AE1AEF769F81}
[2011/05/05 18:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\PackageAware
[2011/05/02 00:04:23 | 003,161,648 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Glenn Smith\Mes documents\dfsetup204.exe
[2011/05/01 19:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\M_le_Maudit-images
[2011/04/30 15:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-04-30
[2011/04/30 10:32:47 | 012,602,568 | ---- | C] (Mozilla) -- C:\Documents and Settings\Glenn Smith\Mes documents\Firefox Setup 4.0.1.exe
[2011/04/21 16:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Menu Démarrer\Programmes\Google Chrome
[2011/04/17 17:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists4_fichiers
[2011/04/17 17:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists3_fichiers
[2011/04/17 17:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists2_fichiers
[2011/04/17 17:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists1_fichiers
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 14:13:50 | 000,057,494 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\AulaForm.pdf
[2011/05/16 13:54:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glenn Smith\Bureau\OTL.exe
[2011/05/16 13:51:44 | 000,028,409 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/05/16 13:36:00 | 000,001,172 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1676656856-1613018796-938531743-1005UA.job
[2011/05/16 13:35:00 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 13:35:00 | 000,001,062 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/16 12:48:24 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1676656856-1613018796-938531743-1005.job
[2011/05/16 12:48:24 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1676656856-1613018796-938531743-1005.job
[2011/05/16 12:48:05 | 000,022,979 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HaggardEyeofNewt.jpg
[2011/05/16 12:47:09 | 000,009,683 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HaggardEyeofNewt.htm
[2011/05/16 09:11:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/16 09:11:01 | 000,035,431 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2011/05/16 09:10:52 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/05/16 09:10:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/16 09:10:38 | 3745,423,360 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/15 16:36:00 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1676656856-1613018796-938531743-1005Core.job
[2011/05/13 23:37:28 | 000,002,332 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Bureau\Google Chrome.lnk
[2011/05/13 23:37:28 | 000,002,310 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/12 23:24:17 | 000,000,000 | ---- | M] () -- C:\Start_.cmd
[2011/05/12 23:24:13 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/05/12 19:32:26 | 004,347,036 | R--- | M] () -- C:\Documents and Settings\Glenn Smith\Bureau\ComboFix.exe
[2011/05/12 17:33:57 | 001,783,551 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\beameruserguide-2.pdf
[2011/05/12 10:27:34 | 000,048,120 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\petit_dragon_vert.gif
[2011/05/11 10:09:30 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Glenn Smith\Bureau\tdsskiller.exe
[2011/05/10 21:20:33 | 000,944,427 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\ANR_Programmation2011.pdf
[2011/05/08 23:47:13 | 002,471,943 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\parcours-Tour_de_France-2011.pdf
[2011/05/08 21:37:32 | 000,000,403 | ---- | M] () -- C:\WINDOWS\prestopm.INI
[2011/05/08 19:25:05 | 000,000,190 | -H-- | M] () -- C:\WINDOWS\NsNetScan.ini
[2011/05/07 16:19:16 | 000,669,788 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\CSFRS_reglement_aides_financieres_20100623.pdf
[2011/05/07 11:32:52 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\dds.scr
[2011/05/06 23:00:52 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2011/05/06 22:59:31 | 001,029,512 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Glenn Smith\Mes documents\SkypeSetup.exe
[2011/05/06 22:58:40 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader X.lnk
[2011/05/06 22:56:26 | 047,929,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Glenn Smith\Mes documents\AdbeRdr1001_fr_FR.exe
[2011/05/06 22:00:58 | 002,085,220 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\GiantExpedition_AT.JPG
[2011/05/06 21:59:48 | 002,032,240 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\GiantExpedition_LT.JPG
[2011/05/06 17:28:45 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Bureau\HiJackThis.lnk
[2011/05/06 17:27:21 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HijackThis.msi
[2011/05/06 00:12:36 | 000,083,377 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\No_ Don't go to Grad School_ How anthropology reproduces neoliberal Misery.eml
[2011/05/05 23:25:00 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2011/05/05 23:21:25 | 000,002,508 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\cc_20110505_232051.reg
[2011/05/02 00:05:06 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Defraggler.lnk
[2011/05/02 00:04:25 | 003,161,648 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Glenn Smith\Mes documents\dfsetup204.exe
[2011/05/01 21:54:24 | 000,025,713 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2011/04/30 11:23:38 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2011/04/30 10:32:47 | 012,602,568 | ---- | M] (Mozilla) -- C:\Documents and Settings\Glenn Smith\Mes documents\Firefox Setup 4.0.1.exe
[2011/04/30 08:35:23 | 000,580,110 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/04/30 08:35:23 | 000,486,300 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/30 08:35:23 | 000,105,590 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/04/30 08:35:23 | 000,081,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/28 18:56:23 | 000,392,279 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\Missions - Contrat d'assurance.pdf
[2011/04/27 16:07:32 | 000,330,524 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\dem_mis.pdf
[2011/04/26 16:14:07 | 015,809,772 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\WGSmith-VersionThèseFinal.pdf
[2011/04/23 17:44:23 | 000,028,409 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/04/21 11:18:41 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Bureau\Word.lnk
[2011/04/20 17:58:34 | 000,259,964 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\Fiche_de_renseignements_sur_la_soutenance_et_déplacements.pdf
[2011/04/17 20:15:07 | 000,510,682 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\article_befeo_0336-1519_1992_num_79_1_1858.pdf
[2011/04/17 20:14:27 | 000,373,091 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\article_befeo_0336-1519_1992_num_79_1_1859.pdf
[2011/04/17 17:59:43 | 000,029,558 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists4.htm
[2011/04/17 17:59:17 | 000,029,558 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists3.htm
[2011/04/17 17:58:52 | 000,029,558 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists2.htm
[2011/04/17 17:58:15 | 000,029,558 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists1.htm
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/16 14:13:50 | 000,057,494 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\AulaForm.pdf
[2011/05/16 12:48:05 | 000,022,979 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HaggardEyeofNewt.jpg
[2011/05/16 12:47:08 | 000,009,683 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HaggardEyeofNewt.htm
[2011/05/12 23:24:17 | 000,000,000 | ---- | C] () -- C:\Start_.cmd
[2011/05/12 19:32:13 | 004,347,036 | R--- | C] () -- C:\Documents and Settings\Glenn Smith\Bureau\ComboFix.exe
[2011/05/12 17:33:55 | 001,783,551 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\beameruserguide-2.pdf
[2011/05/12 10:27:32 | 000,048,120 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\petit_dragon_vert.gif
[2011/05/10 21:20:26 | 000,944,427 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\ANR_Programmation2011.pdf
[2011/05/08 23:47:13 | 002,471,943 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\parcours-Tour_de_France-2011.pdf
[2011/05/07 16:19:16 | 000,669,788 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\CSFRS_reglement_aides_financieres_20100623.pdf
[2011/05/07 11:32:51 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\dds.scr
[2011/05/06 23:03:28 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/05/06 23:00:52 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2011/05/06 22:58:40 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader X.lnk
[2011/05/06 22:58:40 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader X.lnk
[2011/05/06 22:00:58 | 002,085,220 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\GiantExpedition_AT.JPG
[2011/05/06 21:59:48 | 002,032,240 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\GiantExpedition_LT.JPG
[2011/05/06 17:28:00 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Bureau\HiJackThis.lnk
[2011/05/06 17:27:19 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HijackThis.msi
[2011/05/06 00:12:36 | 000,083,377 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\No_ Don't go to Grad School_ How anthropology reproduces neoliberal Misery.eml
[2011/05/05 23:20:55 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\cc_20110505_232051.reg
[2011/04/30 11:23:38 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
[2011/04/28 18:56:23 | 000,392,279 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\Missions - Contrat d'assurance.pdf
[2011/04/27 16:07:32 | 000,330,524 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\dem_mis.pdf
[2011/04/26 16:13:49 | 015,809,772 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\WGSmith-VersionThèseFinal.pdf
[2011/04/21 16:27:23 | 000,002,332 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Bureau\Google Chrome.lnk
[2011/04/21 16:27:23 | 000,002,310 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/21 16:26:42 | 000,001,172 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1676656856-1613018796-938531743-1005UA.job
[2011/04/21 16:26:42 | 000,001,120 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1676656856-1613018796-938531743-1005Core.job
[2011/04/20 17:58:34 | 000,259,964 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\Fiche_de_renseignements_sur_la_soutenance_et_déplacements.pdf
[2011/04/17 20:15:07 | 000,510,682 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\article_befeo_0336-1519_1992_num_79_1_1858.pdf
[2011/04/17 20:14:27 | 000,373,091 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\article_befeo_0336-1519_1992_num_79_1_1859.pdf
[2011/04/17 17:59:43 | 000,029,558 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists4.htm
[2011/04/17 17:59:17 | 000,029,558 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists3.htm
[2011/04/17 17:58:52 | 000,029,558 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists2.htm
[2011/04/17 17:58:15 | 000,029,558 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists1.htm
[2011/04/13 18:00:25 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010/08/24 10:01:04 | 000,118,321 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Fichiers communs\LinkInstaller.exe
[2010/04/14 01:27:11 | 000,055,848 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/10 16:59:35 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Application Data\bdfvconp.ini
[2010/02/01 23:29:04 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/01/22 13:11:37 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/01/22 13:11:37 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/01/22 13:11:37 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/01/22 13:11:37 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/01/22 13:11:37 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/01/22 13:11:37 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/01/22 13:11:37 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/01/22 13:11:37 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/01/22 13:11:37 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/01/22 13:11:37 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/01/22 13:11:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/01/22 13:11:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/01/22 13:11:37 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/01/22 13:11:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/01/22 13:11:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/01/22 13:11:37 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/01/22 13:11:37 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/01/22 13:11:37 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/01/22 13:11:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/01/14 01:01:42 | 000,000,403 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2010/01/14 00:58:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/01/14 00:57:13 | 000,000,190 | -H-- | C] () -- C:\WINDOWS\NsNetScan.ini
[2009/12/01 02:53:20 | 000,126,464 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2009/11/13 14:30:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009/11/13 14:30:52 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2009/11/13 14:30:40 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009/11/13 14:29:26 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2009/11/13 14:26:48 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/11/13 14:08:35 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/11/13 14:01:23 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2009/11/13 13:59:57 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2009/11/11 02:58:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/11 00:03:33 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2009/11/11 00:03:33 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2009/11/11 00:02:27 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/11/11 00:02:19 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2009/11/10 18:02:34 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/10 17:39:48 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\fusioncache.dat
[2009/11/10 17:39:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\WavXMapDrive.bat
[2009/11/05 05:33:57 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/11/05 05:33:57 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/11/05 05:33:57 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/11/05 05:33:57 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/11/05 05:33:57 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/11/05 05:33:57 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/11/05 05:33:56 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/11/05 05:33:56 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/11/05 05:33:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/11/05 05:31:27 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/11/04 22:28:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/11/04 22:20:10 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/11/04 22:20:10 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/11/04 22:19:33 | 000,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/11/04 22:13:45 | 000,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2009/11/04 22:11:23 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2009/11/04 21:42:13 | 000,028,409 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/22 20:03:06 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/06/05 17:41:18 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2009/06/05 17:41:18 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2009/06/05 17:41:16 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2009/06/05 17:41:16 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2009/06/05 17:41:16 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2009/06/05 17:41:14 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2009/06/05 17:41:14 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2009/06/05 17:41:12 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2009/06/05 17:41:12 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2009/06/05 17:41:12 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2009/06/05 17:41:10 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2009/06/05 17:41:10 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll
[2009/06/05 17:41:10 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2009/06/05 17:41:08 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2009/06/05 17:41:08 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2009/06/05 17:41:08 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2009/06/05 17:41:06 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll
[2009/06/05 17:41:06 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll
[2009/06/05 17:41:04 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll
[2009/06/05 17:41:04 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll
[2009/06/05 17:41:04 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll
[2009/06/05 17:41:04 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll
[2009/06/05 17:41:02 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll
[2009/06/05 17:41:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll
[2009/06/05 17:31:18 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2009/06/03 15:08:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
[2009/06/03 15:08:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
[2009/06/03 15:08:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
[2009/06/03 15:08:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
[2009/06/03 15:08:42 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
[2009/06/03 15:08:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
[2009/06/03 15:08:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
[2009/06/03 15:08:38 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
[2009/06/03 15:08:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
[2009/06/03 15:08:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2009/06/03 15:08:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2009/06/03 15:08:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2009/06/03 15:08:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2009/06/03 15:08:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2009/06/03 15:08:28 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2009/06/03 15:08:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2009/06/03 15:08:26 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2009/06/03 15:08:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2009/06/03 15:08:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2009/06/03 15:08:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2009/06/03 15:08:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2009/06/03 15:08:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2009/06/03 15:08:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2009/06/03 15:08:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2009/06/03 14:07:50 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2009/05/18 10:34:04 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2009/05/05 12:34:22 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2008/08/15 10:46:30 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/27 00:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/27 00:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/27 00:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 23:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 23:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 20:03:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 19:58:26 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 19:57:33 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 14:46:45 | 000,580,110 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2008/04/25 14:46:45 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2008/04/25 14:46:45 | 000,105,590 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2008/04/25 14:46:45 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2008/04/25 14:46:34 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 14:46:33 | 000,486,300 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 14:46:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 14:46:33 | 000,081,644 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 14:46:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 14:46:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 14:46:31 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 14:46:30 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 14:46:28 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 14:46:28 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 14:46:22 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 14:46:19 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 07:53:11 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 07:52:12 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/25 11:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2007/04/19 07:52:16 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/04/19 07:28:10 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/06/30 14:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 14:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 15:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 15:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2003/04/01 11:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/11/04 22:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2010/09/27 18:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2010/12/14 11:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/11/04 22:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/11/13 14:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/11/13 14:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2009/11/04 22:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/11/04 22:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/05/17 20:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/26 15:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/05/05 18:05:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CEEC46AF-A1E6-47D5-B85D-AE1AEF769F81}
[2010/09/15 00:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\BitDefender
[2009/11/04 22:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Broadcom
[2011/05/15 16:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Canon
[2010/08/24 12:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\eMusic
[2009/11/13 14:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\NewSoft
[2010/06/25 20:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\NSBackup
[2010/01/22 13:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Panasonic
[2010/09/15 00:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\QuickScan
[2010/12/27 15:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Regensoft
[2009/11/13 14:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\ScanSoft
[2010/07/14 00:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Stellarium
[2009/11/13 16:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Thunderbird
[2009/11/04 22:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Wave Systems Corp
[2009/11/04 22:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Windows Desktop Search
[2009/11/13 23:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Windows Search
[2011/05/16 09:10:52 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 01:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 01:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
[2011/03/07 21:29:53 | 000,008,376 | ---- | M] () MD5=68F9AD291B0C16F6B4AAEBFC26960EFA -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/02/11 19:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/04/28 00:25:58 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\drivers\storage\R213316\IaStor.sys
[2009/02/11 19:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/04/28 00:25:58 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 10 bytes -> C:\Documents and Settings\Glenn Smith\Mes documents\jxpiinstall.exe:BDU
@Alternate Data Stream - 10 bytes -> C:\Documents and Settings\Glenn Smith\Mes documents\dfsetup121.exe:BDU

< End of report >
eventhorizon
Regular Member
 
Posts: 22
Joined: May 6th, 2011, 11:13 am

Re: searchqu.com browser redirect

Unread postby eventhorizon » May 16th, 2011, 8:57 am

OTL Extras logfile created on: 16/05/2011 14:20:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Glenn Smith\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297,89 Gb Total Space | 167,07 Gb Free Space | 56,08% Space Free | Partition Type: NTFS

Computer Name: GLENN_WORK | User Name: Glenn Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Gestion à distance de Windows
"80:TCP" = 80:TCP:*:Disabled:Gestion à distance de Windows - Mode de compatibilité (HTTP-Entrée)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\NewSoft\Presto! PageManager 6\NetGroup.exe" = C:\Program Files\NewSoft\Presto! PageManager 6\NetGroup.exe:*:Enabled:NewSoft Network Group -- (NewSoft Technology Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Assistant de connexion Windows Live ID
"{14237138-900C-4C0A-AF63-1888F2671F9D}" = SO32MMWrapper
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3872C2B2-1C00-4742-83F5-D0797278E9EF}" = Dell Control Point
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{62C0C0B7-0779-4A40-937A-14A930B6F4A6}" = Dell ControlPoint Connection Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{672D0014-71A9-45EF-B10E-DEF7426961A6}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent
"{71F00DA5-D21D-4245-8FC1-85849BBAD00D}" = Dell ControlPoint System Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer
"{7B088773-4913-46E1-813E-CD1A0FA9CB03}" = DCP32MMWrapper
"{81860953-8A77-4ED5-B57C-F35D703D9489}" = Dell ControlVault Host Components Installer
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9C875FEA-B49E-49F7-AE62-0F9B91F90982}" = SRS Premium Sound
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC375ZZ-434E-42AC-B97A-1D1A8F61F87D}_is1" = db-reader 2.2
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1036-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Français
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logiciel QuickCam de Logitech
"{C4919DA1-6AEB-4B23-86AD-71097C24939B}" = Manual CanoScan 9900F
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}" = BitDefender Internet Security 2011
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Package de pilotes Windows - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"AviSynth" = AviSynth 2.5
"BitDefender" = BitDefender Internet Security 2011
"Broadcom 802.11 Application" = Utilitaire de la carte réseau local sans fil Wireless de Dell
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Defraggler" = Defraggler
"FrontPage Express 2.02" = FrontPage Express 2.02
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Mozilla Firefox 4.0.1 (x86 fr)" = Mozilla Firefox 4.0.1 (x86 fr)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"QcDrv" = Programme de gestion Camera de Logitech®
"RealPlayer 12.0" = RealPlayer
"Stellarium_is1" = Stellarium 0.10.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinGimp-2.0_is1" = GIMP 2.6.9
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"YouTube Downloader App" = YouTube Downloader App 3.00

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\THG.LNK> dans la configuration de hachage. Contexte : Application ,
Catalogue SystemIndex Détails : Un périphérique attaché au système ne fonctionne
pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\THG.LNK> dans la configuration de hachage. Contexte : Application ,
Catalogue SystemIndex Détails : Un périphérique attaché au système ne fonctionne
pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\POWERPOINTMAINIDEAS.DOC.LNK> dans la configuration de hachage. Contexte
: Application , Catalogue SystemIndex Détails : Un périphérique attaché au système
ne fonctionne pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\POWERPOINTMAINIDEAS.DOC.LNK> dans la configuration de hachage. Contexte
: Application , Catalogue SystemIndex Détails : Un périphérique attaché au système
ne fonctionne pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\WGSMITH-VERSIONTHÈSEFINAL.PDF.LNK> dans la configuration de hachage.

Contexte
: Application , Catalogue SystemIndex Détails : Un périphérique attaché au système
ne fonctionne pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\WGSMITH-VERSIONTHÈSEFINAL.PDF.LNK> dans la configuration de hachage.

Contexte
: Application , Catalogue SystemIndex Détails : Un périphérique attaché au système
ne fonctionne pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\DESKTOP.INI> dans la configuration de hachage. Contexte : Application
, Catalogue SystemIndex Détails : Un périphérique attaché au système ne fonctionne
pas correctement. (0x8007001f)

Error - 11/05/2011 04:20:11 | Computer Name = GLENN_WORK | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.


Error - 11/05/2011 04:20:26 | Computer Name = GLENN_WORK | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.

Error - 16/05/2011 08:15:35 | Computer Name = GLENN_WORK | Source = Application Error | ID = 1000
Description = Application défaillante msimn.exe, version 6.0.2900.5512, module défaillant
ntdll.dll, version 5.1.2600.6055, adresse de défaillance 0x00010a19.

[ Application Events ]
Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\THG.LNK> dans la configuration de hachage. Contexte : Application ,
Catalogue SystemIndex Détails : Un périphérique attaché au système ne fonctionne
pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\THG.LNK> dans la configuration de hachage. Contexte : Application ,
Catalogue SystemIndex Détails : Un périphérique attaché au système ne fonctionne
pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\POWERPOINTMAINIDEAS.DOC.LNK> dans la configuration de hachage. Contexte
: Application , Catalogue SystemIndex Détails : Un périphérique attaché au système
ne fonctionne pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\POWERPOINTMAINIDEAS.DOC.LNK> dans la configuration de hachage. Contexte
: Application , Catalogue SystemIndex Détails : Un périphérique attaché au système
ne fonctionne pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\WGSMITH-VERSIONTHÈSEFINAL.PDF.LNK> dans la configuration de hachage.

Contexte
: Application , Catalogue SystemIndex Détails : Un périphérique attaché au système
ne fonctionne pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\WGSMITH-VERSIONTHÈSEFINAL.PDF.LNK> dans la configuration de hachage.

Contexte
: Application , Catalogue SystemIndex Détails : Un périphérique attaché au système
ne fonctionne pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\DESKTOP.INI> dans la configuration de hachage. Contexte : Application
, Catalogue SystemIndex Détails : Un périphérique attaché au système ne fonctionne
pas correctement. (0x8007001f)

Error - 11/05/2011 04:20:11 | Computer Name = GLENN_WORK | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.


Error - 11/05/2011 04:20:26 | Computer Name = GLENN_WORK | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.

Error - 16/05/2011 08:15:35 | Computer Name = GLENN_WORK | Source = Application Error | ID = 1000
Description = Application défaillante msimn.exe, version 6.0.2900.5512, module défaillant
ntdll.dll, version 5.1.2600.6055, adresse de défaillance 0x00010a19.

[ Application Events ]
Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\THG.LNK> dans la configuration de hachage. Contexte : Application ,
Catalogue SystemIndex Détails : Un périphérique attaché au système ne fonctionne
pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\THG.LNK> dans la configuration de hachage. Contexte : Application ,
Catalogue SystemIndex Détails : Un périphérique attaché au système ne fonctionne
pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\POWERPOINTMAINIDEAS.DOC.LNK> dans la configuration de hachage. Contexte
: Application , Catalogue SystemIndex Détails : Un périphérique attaché au système
ne fonctionne pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\POWERPOINTMAINIDEAS.DOC.LNK> dans la configuration de hachage. Contexte
: Application , Catalogue SystemIndex Détails : Un périphérique attaché au système
ne fonctionne pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\WGSMITH-VERSIONTHÈSEFINAL.PDF.LNK> dans la configuration de hachage.

Contexte
: Application , Catalogue SystemIndex Détails : Un périphérique attaché au système
ne fonctionne pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\WGSMITH-VERSIONTHÈSEFINAL.PDF.LNK> dans la configuration de hachage.

Contexte
: Application , Catalogue SystemIndex Détails : Un périphérique attaché au système
ne fonctionne pas correctement. (0x8007001f)

Error - 06/05/2011 08:27:13 | Computer Name = GLENN_WORK | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\GLENN
SMITH\RECENT\DESKTOP.INI> dans la configuration de hachage. Contexte : Application
, Catalogue SystemIndex Détails : Un périphérique attaché au système ne fonctionne
pas correctement. (0x8007001f)

Error - 11/05/2011 04:20:11 | Computer Name = GLENN_WORK | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.


Error - 11/05/2011 04:20:26 | Computer Name = GLENN_WORK | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.

Error - 16/05/2011 08:15:35 | Computer Name = GLENN_WORK | Source = Application Error | ID = 1000
Description = Application défaillante msimn.exe, version 6.0.2900.5512, module défaillant
ntdll.dll, version 5.1.2600.6055, adresse de défaillance 0x00010a19.

[ System Events ]
Error - 24/04/2011 14:02:47 | Computer Name = GLENN_WORK | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 78.251.232.222
sur la carte réseau d'adresse réseau 0CEEE6B5904C.

Error - 24/04/2011 14:13:07 | Computer Name = GLENN_WORK | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 78.251.254.227
sur la carte réseau d'adresse réseau 0CEEE6B5904C.

Error - 24/04/2011 14:20:07 | Computer Name = GLENN_WORK | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 78.251.232.17 sur
la carte réseau d'adresse réseau 0CEEE6B5904C.

Error - 24/04/2011 14:24:07 | Computer Name = GLENN_WORK | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 78.251.232.17 sur
la carte réseau d'adresse réseau 0CEEE6B5904C.

Error - 30/04/2011 09:13:40 | Computer Name = GLENN_WORK | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
stisvc à une transaction.

Error - 30/04/2011 09:14:10 | Computer Name = GLENN_WORK | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
stisvc à une transaction.

Error - 30/04/2011 09:16:18 | Computer Name = GLENN_WORK | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
stisvc à une transaction.

Error - 30/04/2011 09:17:07 | Computer Name = GLENN_WORK | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
stisvc à une transaction.

Error - 30/04/2011 09:17:37 | Computer Name = GLENN_WORK | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
stisvc à une transaction.

Error - 11/05/2011 03:39:01 | Computer Name = GLENN_WORK | Source = DCOM | ID = 10000
Description = Le démarrage d'un serveur DCOM : {28DD3979-0566-4ED3-9B14-1548B3187491}
n'est pas possible. L'erreur : "%2" s'est produite lors du démarrage de la commande :
? ? Š ?

[ System Events ]
Error - 24/04/2011 14:02:47 | Computer Name = GLENN_WORK | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 78.251.232.222
sur la carte réseau d'adresse réseau 0CEEE6B5904C.

Error - 24/04/2011 14:13:07 | Computer Name = GLENN_WORK | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 78.251.254.227
sur la carte réseau d'adresse réseau 0CEEE6B5904C.

Error - 24/04/2011 14:20:07 | Computer Name = GLENN_WORK | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 78.251.232.17 sur
la carte réseau d'adresse réseau 0CEEE6B5904C.

Error - 24/04/2011 14:24:07 | Computer Name = GLENN_WORK | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 78.251.232.17 sur
la carte réseau d'adresse réseau 0CEEE6B5904C.

Error - 30/04/2011 09:13:40 | Computer Name = GLENN_WORK | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
stisvc à une transaction.

Error - 30/04/2011 09:14:10 | Computer Name = GLENN_WORK | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
stisvc à une transaction.

Error - 30/04/2011 09:16:18 | Computer Name = GLENN_WORK | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
stisvc à une transaction.

Error - 30/04/2011 09:17:07 | Computer Name = GLENN_WORK | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
stisvc à une transaction.

Error - 30/04/2011 09:17:37 | Computer Name = GLENN_WORK | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
stisvc à une transaction.

Error - 11/05/2011 03:39:01 | Computer Name = GLENN_WORK | Source = DCOM | ID = 10000
Description = Le démarrage d'un serveur DCOM : {28DD3979-0566-4ED3-9B14-1548B3187491}
n'est pas possible. L'erreur : "%2" s'est produite lors du démarrage de la commande :
? ? Š ?


< End of report >
eventhorizon
Regular Member
 
Posts: 22
Joined: May 6th, 2011, 11:13 am

Re: searchqu.com browser redirect

Unread postby pgmigg » May 16th, 2011, 3:06 pm

Hello eventhorizon,

I got your logs and we can start to treat your computer...
Could you please tell me, did you run ComboFix one more time after first unsuccessful attempt?

Now you need to run an OTL fix. Of cause, before any fixing action which can touch registry, you need to create a full registry backup to have possibility to restore previous conditions if something goes wrong...

Step 1.
ERUNT - Emergency Recovery Utility NT - program

Download and Install:
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  1. Please download ERUNT by Lars Hederer. Save it to your desktop.
  2. Double-click erunt-setup-exe to run the install process. Install ERUNT by following the prompts.
  3. Use the default install settings: say NO to the section that asks you to add ERUNT to the Start-Up folder. You can enable this later.
  4. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  5. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is fine.
  6. Make sure the first two check boxes -> (Create ERUNT and NTREGOPT desktop icons) are checked.
  7. Click on OK, then click on YES to create the folder.

Run to make a full backup:
This will create a full backup of your registry. ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start -> All Programs -> ERUNT, then double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on OK at the prompt, then reply Yes.
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on OK. A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Run OTL Script
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="
    [2011/03/23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Application Data\Mozilla\Firefox\Profiles\jsuy2xfr.default\searchplugins\SearchquWebSearch.xml
    [2011/03/23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    [2011/05/05 18:05:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CEEC46AF-A1E6-47D5-B85D-AE1AEF769F81}
    [2009/12/01 02:53:20 | 000,126,464 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/17 20:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/01/26 15:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2011/05/05 18:05:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CEEC46AF-A1E6-47D5-B85D-AE1AEF769F81}
    @Alternate Data Stream - 10 bytes -> C:\Documents and Settings\Glenn Smith\Mes documents\jxpiinstall.exe:BDU
    @Alternate Data Stream - 10 bytes -> C:\Documents and Settings\Glenn Smith\Mes documents\dfsetup121.exe:BDU
    
    :Files
    C:\Documents and Settings\Glenn Smith\Mes documents\jxpiinstall.exe
    C:\Documents and Settings\Glenn Smith\Mes documents\dfsetup121.exe
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Step 3.
OTL - System Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  1. Double click on the OTL icon to run it. Keep all other windows closed and let OTL run uninterrupted.
  2. When the window appears, underneath Output at the top, make sure Minimal Output is selected.
  3. Under the Standard Registry box change it to All.
  4. Check/tick the boxes beside LOP Check and Purity Check.
  5. Highlight the following bold text with your mouse and press Ctrl + C on your keyboard:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles


  6. Click under the Custom Scan box and press Ctrl + V on your keyboard to paste the above.
  7. Click the Run Scan button. The scan won't take long.
  8. When the scan completes, Notepad will open with file: OTL.txt. This is saved in the same location as OTL.
  9. Please post the contents of OTListIt.txt file in your next reply.

Please include in your next reply:
  1. Any problem executing the instructions?
  2. Contents of report after running OTL fix script.
  3. Contents of OTListIt.txt file.
  4. Did you run ComboFix one more time after first unsuccessful attempt?
  5. What can you say about your computer behaving now?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: searchqu.com browser redirect

Unread postby eventhorizon » May 17th, 2011, 1:51 pm

Hello pgmigg,

A. Any problem executing the instructions?
==> no problem at all this time
B. Contents of report after running OTL fix script.
==> OTL script report is pasted following these answers.
C. Contents of OTListIt.txt file.
==> OTListIt.txt file is pasted into the separate posting following this one.
D. Did you run ComboFix one more time after first unsuccessful attempt?
==> No, when I didn't get the dialog boxes as usual and saw error messages regarding bitDefender I informed you. I did not retry ComboFix. I don't recall doing so, but I might have run a routine cCleaner scan (using the normal default settings) in the days following the ComboFix.
E. What can you say about your computer behaving now?
==> BROWSERS :
Firefox: WebSearch (the searchqu page) is no longer listed among the available search engins in the top right hand search box menu. It is no longer possible to engage the WebSearch search engine by entering terms directly into the URL line (à la GoogleChrome), as was possible before. Looks good now. Also surfing appears a little faster.
Internet Explorer 8: nothing suspicious (though it was ok before).
Safari: nothing suspicious (was ok before)
Google Chrome: Still has a problem: OPENS WITH hxxp://WWW.SEARCHQU.COM/406. I leave as is for now.
OTHER CHECKS :
Malwarebytes: nothing found
BitDefender Deep Scan: no threat detected

Thanks again !
eventhorizon

All processes killed
========== OTL ==========
Prefs.js: "http://www.searchqu.com/web?src=ffb&systemid=406&q=" removed from keyword.URL
C:\Documents and Settings\Glenn Smith\Application Data\Mozilla\Firefox\Profiles\jsuy2xfr.default\searchplugins\SearchquWebSearch.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command\\'' updated successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.com\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\All Users\Application Data\{CEEC46AF-A1E6-47D5-B85D-AE1AEF769F81} folder moved successfully.
C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} folder moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\{CEEC46AF-A1E6-47D5-B85D-AE1AEF769F81}\ not found.
ADS C:\Documents and Settings\Glenn Smith\Mes documents\jxpiinstall.exe:BDU deleted successfully.
ADS C:\Documents and Settings\Glenn Smith\Mes documents\dfsetup121.exe:BDU deleted successfully.
========== FILES ==========
C:\Documents and Settings\Glenn Smith\Mes documents\jxpiinstall.exe moved successfully.
C:\Documents and Settings\Glenn Smith\Mes documents\dfsetup121.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Glenn Smith
->Temp folder emptied: 82996030 bytes
->Temporary Internet Files folder emptied: 49114164 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54851153 bytes
->Google Chrome cache emptied: 6116110 bytes
->Apple Safari cache emptied: 3447808 bytes
->Flash cache emptied: 3966 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 295090 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 263864 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 484 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 85364014 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 21504 bytes

Total Files Cleaned = 270,00 mb


[EMPTYFLASH]

User: Administrateur

User: All Users

User: Default User

User: Glenn Smith
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05172011_151805

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Last edited by Cypher on May 17th, 2011, 2:55 pm, edited 1 time in total.
Reason: Disabled Malicious URL
eventhorizon
Regular Member
 
Posts: 22
Joined: May 6th, 2011, 11:13 am

Re: searchqu.com browser redirect

Unread postby eventhorizon » May 17th, 2011, 1:54 pm

OTL logfile created on: 17/05/2011 15:29:35 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Glenn Smith\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297,89 Gb Total Space | 167,23 Gb Free Space | 56,14% Space Free | Partition Type: NTFS

Computer Name: GLENN_WORK | User Name: Glenn Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Glenn Smith\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2011\downloader.exe (BitDefender)
PRC - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
PRC - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
PRC - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)
PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Glenn Smith\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\Program Files\BitDefender\BitDefender 2011\pchook32.dll (BitDefender S.R.L.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()


========== Win32 Services (SafeList) ==========

SRV - (getPlusHelper) getPlus(R) -- File not found
SRV - (Updatesrv) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe (BitDefender S.R.L.)
SRV - (Update Server) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender)
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.)
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
SRV - (dcpsysmgrsvc) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
SRV - (wlidsvc) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (STacSV) -- c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (stllssvr) -- c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (ACDaemon) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)
SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (PROCEXP113) -- C:\WINDOWS\system32\drivers\PROCEXP113.SYS (Sysinternals - www.sysinternals.com)
DRV - (bdselfpr) -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender LLC)
DRV - (Trufos) -- C:\WINDOWS\system32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (Bdfndisf) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdfndisf.sys (BitDefender)
DRV - (Bdftdif) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys (BitDefender)
DRV - (avckf) -- C:\WINDOWS\system32\drivers\avckf.sys (BitDefender)
DRV - (avc3) -- C:\WINDOWS\system32\drivers\avc3.sys (BitDefender)
DRV - (BdRawPr) -- C:\WINDOWS\system32\drivers\bdrawpr.sys (BITDEFENDER LLC)
DRV - (BDFM) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (CamDrL) Logitech QuickCam Pro 3000(CamDrl) -- C:\WINDOWS\system32\drivers\Camdrl.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.conflictrecovery.org"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {e55904c8-769b-4ffe-8d47-48f411f37d22}:2.0.2
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/11 01:58:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011/03/30 16:19:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/04 22:03:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/20 20:37:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 11:23:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 22:58:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2010/09/15 00:38:39 | 000,000,000 | ---D | M]

[2011/05/05 23:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenn Smith\Application Data\Mozilla\Extensions
[2009/11/11 02:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenn Smith\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/05/05 23:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenn Smith\Application Data\Mozilla\Firefox\Profiles\jsuy2xfr.default\extensions
[2010/04/30 11:40:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Glenn Smith\Application Data\Mozilla\Firefox\Profiles\jsuy2xfr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/06 23:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/06 23:01:29 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/30 11:23:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/09/30 13:28:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/30 16:19:33 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
[2009/11/04 22:03:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 18:47:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2011/01/30 17:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2011/03/20 20:37:49 | 000,150,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2010/12/24 00:42:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/12/24 00:42:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/12/24 00:42:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/12/24 00:42:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/12/24 00:42:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/12/24 00:42:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/12/24 00:42:36 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2011/03/20 20:38:02 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2011/03/20 20:37:40 | 000,100,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/11/28 13:10:16 | 008,467,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll
[2009/11/24 14:14:50 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/11/28 13:10:18 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/01 10:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/12/14 22:47:09 | 000,427,067 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14708 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Liens) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8159217765 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 20:00:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (66441705255075840)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 15:18:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/17 15:12:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/17 15:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2011/05/17 15:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/17 14:47:14 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Glenn Smith\Bureau\erunt-setup.exe
[2011/05/17 00:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-05-17
[2011/05/16 13:54:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Glenn Smith\Bureau\OTL.exe
[2011/05/15 14:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-05-15
[2011/05/12 23:24:17 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/12 23:24:13 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/05/12 23:23:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/12 23:22:56 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/05/11 10:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-05-11
[2011/05/11 10:09:28 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Glenn Smith\Bureau\tdsskiller.exe
[2011/05/10 21:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-05-10
[2011/05/09 10:44:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Glenn Smith\Recent
[2011/05/09 00:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-05-09
[2011/05/08 19:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\J_bac_2011-05-08
[2011/05/06 23:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/06 23:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype
[2011/05/06 23:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype
[2011/05/06 22:59:30 | 001,029,512 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Glenn Smith\Mes documents\SkypeSetup.exe
[2011/05/06 22:55:38 | 047,929,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Glenn Smith\Mes documents\AdbeRdr1001_fr_FR.exe
[2011/05/06 19:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\CSFRS
[2011/05/06 17:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/06 17:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Menu Démarrer\Programmes\HiJackThis
[2011/05/05 18:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\Ilivid Player
[2011/05/05 18:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\PackageAware
[2011/05/02 00:04:23 | 003,161,648 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Glenn Smith\Mes documents\dfsetup204.exe
[2011/05/01 19:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\M_le_Maudit-images
[2011/04/30 15:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-04-30
[2011/04/30 10:32:47 | 012,602,568 | ---- | C] (Mozilla) -- C:\Documents and Settings\Glenn Smith\Mes documents\Firefox Setup 4.0.1.exe
[2011/04/21 16:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Menu Démarrer\Programmes\Google Chrome
[2011/04/17 17:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists4_fichiers
[2011/04/17 17:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists3_fichiers
[2011/04/17 17:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists2_fichiers
[2011/04/17 17:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists1_fichiers

========== Files - Modified Within 30 Days ==========

[2011/05/17 15:24:58 | 000,035,431 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2011/05/17 15:24:56 | 000,028,409 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/05/17 15:24:35 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1676656856-1613018796-938531743-1005.job
[2011/05/17 15:24:33 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1676656856-1613018796-938531743-1005.job
[2011/05/17 15:24:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/17 15:23:52 | 000,001,062 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/17 15:23:52 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/05/17 15:23:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/17 15:23:41 | 3745,423,360 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/17 15:18:09 | 000,580,110 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/05/17 15:18:09 | 000,486,300 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/17 15:18:09 | 000,105,590 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/05/17 15:18:09 | 000,081,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/17 15:10:50 | 000,000,613 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Bureau\NTREGOPT.lnk
[2011/05/17 15:10:50 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Bureau\ERUNT.lnk
[2011/05/17 14:47:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Glenn Smith\Bureau\erunt-setup.exe
[2011/05/17 14:36:00 | 000,001,172 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1676656856-1613018796-938531743-1005UA.job
[2011/05/17 14:35:00 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 16:36:00 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1676656856-1613018796-938531743-1005Core.job
[2011/05/16 14:13:50 | 000,057,494 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\AulaForm.pdf
[2011/05/16 13:54:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glenn Smith\Bureau\OTL.exe
[2011/05/16 12:48:05 | 000,022,979 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HaggardEyeofNewt.jpg
[2011/05/16 12:47:09 | 000,009,683 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HaggardEyeofNewt.htm
[2011/05/13 23:37:28 | 000,002,332 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Bureau\Google Chrome.lnk
[2011/05/13 23:37:28 | 000,002,310 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/12 23:24:17 | 000,000,000 | ---- | M] () -- C:\Start_.cmd
[2011/05/12 23:24:13 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/05/12 19:32:26 | 004,347,036 | R--- | M] () -- C:\Documents and Settings\Glenn Smith\Bureau\ComboFix.exe
[2011/05/12 17:33:57 | 001,783,551 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\beameruserguide-2.pdf
[2011/05/12 10:27:34 | 000,048,120 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\petit_dragon_vert.gif
[2011/05/11 10:09:30 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Glenn Smith\Bureau\tdsskiller.exe
[2011/05/10 21:20:33 | 000,944,427 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\ANR_Programmation2011.pdf
[2011/05/08 23:47:13 | 002,471,943 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\parcours-Tour_de_France-2011.pdf
[2011/05/08 21:37:32 | 000,000,403 | ---- | M] () -- C:\WINDOWS\prestopm.INI
[2011/05/08 19:25:05 | 000,000,190 | -H-- | M] () -- C:\WINDOWS\NsNetScan.ini
[2011/05/07 16:19:16 | 000,669,788 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\CSFRS_reglement_aides_financieres_20100623.pdf
[2011/05/07 11:32:52 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\dds.scr
[2011/05/06 23:00:52 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2011/05/06 22:59:31 | 001,029,512 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Glenn Smith\Mes documents\SkypeSetup.exe
[2011/05/06 22:58:40 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader X.lnk
[2011/05/06 22:56:26 | 047,929,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Glenn Smith\Mes documents\AdbeRdr1001_fr_FR.exe
[2011/05/06 22:00:58 | 002,085,220 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\GiantExpedition_AT.JPG
[2011/05/06 21:59:48 | 002,032,240 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\GiantExpedition_LT.JPG
[2011/05/06 17:28:45 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Bureau\HiJackThis.lnk
[2011/05/06 17:27:21 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HijackThis.msi
[2011/05/06 00:12:36 | 000,083,377 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\No_ Don't go to Grad School_ How anthropology reproduces neoliberal Misery.eml
[2011/05/05 23:25:00 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2011/05/05 23:21:25 | 000,002,508 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\cc_20110505_232051.reg
[2011/05/02 00:05:06 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Defraggler.lnk
[2011/05/02 00:04:25 | 003,161,648 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Glenn Smith\Mes documents\dfsetup204.exe
[2011/05/01 21:54:24 | 000,025,713 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2011/04/30 11:23:38 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2011/04/30 10:32:47 | 012,602,568 | ---- | M] (Mozilla) -- C:\Documents and Settings\Glenn Smith\Mes documents\Firefox Setup 4.0.1.exe
[2011/04/28 18:56:23 | 000,392,279 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\Missions - Contrat d'assurance.pdf
[2011/04/27 16:07:32 | 000,330,524 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\dem_mis.pdf
[2011/04/26 16:14:07 | 015,809,772 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\WGSmith-VersionThèseFinal.pdf
[2011/04/23 17:44:23 | 000,028,409 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/04/21 11:18:41 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Bureau\Word.lnk
[2011/04/20 17:58:34 | 000,259,964 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\Fiche_de_renseignements_sur_la_soutenance_et_déplacements.pdf
[2011/04/17 20:15:07 | 000,510,682 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\article_befeo_0336-1519_1992_num_79_1_1858.pdf
[2011/04/17 20:14:27 | 000,373,091 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\article_befeo_0336-1519_1992_num_79_1_1859.pdf
[2011/04/17 17:59:43 | 000,029,558 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists4.htm
[2011/04/17 17:59:17 | 000,029,558 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists3.htm
[2011/04/17 17:58:52 | 000,029,558 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists2.htm
[2011/04/17 17:58:15 | 000,029,558 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists1.htm

========== Files Created - No Company Name ==========

[2011/05/17 15:10:50 | 000,000,613 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Bureau\NTREGOPT.lnk
[2011/05/17 15:10:50 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Bureau\ERUNT.lnk
[2011/05/16 14:13:50 | 000,057,494 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\AulaForm.pdf
[2011/05/16 12:48:05 | 000,022,979 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HaggardEyeofNewt.jpg
[2011/05/16 12:47:08 | 000,009,683 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HaggardEyeofNewt.htm
[2011/05/12 23:24:17 | 000,000,000 | ---- | C] () -- C:\Start_.cmd
[2011/05/12 19:32:13 | 004,347,036 | R--- | C] () -- C:\Documents and Settings\Glenn Smith\Bureau\ComboFix.exe
[2011/05/12 17:33:55 | 001,783,551 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\beameruserguide-2.pdf
[2011/05/12 10:27:32 | 000,048,120 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\petit_dragon_vert.gif
[2011/05/10 21:20:26 | 000,944,427 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\ANR_Programmation2011.pdf
[2011/05/08 23:47:13 | 002,471,943 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\parcours-Tour_de_France-2011.pdf
[2011/05/07 16:19:16 | 000,669,788 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\CSFRS_reglement_aides_financieres_20100623.pdf
[2011/05/07 11:32:51 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\dds.scr
[2011/05/06 23:03:28 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/05/06 23:00:52 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2011/05/06 22:58:40 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader X.lnk
[2011/05/06 22:58:40 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader X.lnk
[2011/05/06 22:00:58 | 002,085,220 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\GiantExpedition_AT.JPG
[2011/05/06 21:59:48 | 002,032,240 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\GiantExpedition_LT.JPG
[2011/05/06 17:28:00 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Bureau\HiJackThis.lnk
[2011/05/06 17:27:19 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HijackThis.msi
[2011/05/06 00:12:36 | 000,083,377 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\No_ Don't go to Grad School_ How anthropology reproduces neoliberal Misery.eml
[2011/05/05 23:20:55 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\cc_20110505_232051.reg
[2011/04/30 11:23:38 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
[2011/04/28 18:56:23 | 000,392,279 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\Missions - Contrat d'assurance.pdf
[2011/04/27 16:07:32 | 000,330,524 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\dem_mis.pdf
[2011/04/26 16:13:49 | 015,809,772 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\WGSmith-VersionThèseFinal.pdf
[2011/04/21 16:27:23 | 000,002,332 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Bureau\Google Chrome.lnk
[2011/04/21 16:27:23 | 000,002,310 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/21 16:26:42 | 000,001,172 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1676656856-1613018796-938531743-1005UA.job
[2011/04/21 16:26:42 | 000,001,120 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1676656856-1613018796-938531743-1005Core.job
[2011/04/20 17:58:34 | 000,259,964 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\Fiche_de_renseignements_sur_la_soutenance_et_déplacements.pdf
[2011/04/17 20:15:07 | 000,510,682 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\article_befeo_0336-1519_1992_num_79_1_1858.pdf
[2011/04/17 20:14:27 | 000,373,091 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\article_befeo_0336-1519_1992_num_79_1_1859.pdf
[2011/04/17 17:59:43 | 000,029,558 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists4.htm
[2011/04/17 17:59:17 | 000,029,558 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists3.htm
[2011/04/17 17:58:52 | 000,029,558 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists2.htm
[2011/04/17 17:58:15 | 000,029,558 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\your lists1.htm
[2011/04/13 18:00:25 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010/08/24 10:01:04 | 000,118,321 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Fichiers communs\LinkInstaller.exe
[2010/04/14 01:27:11 | 000,055,848 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/10 16:59:35 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Application Data\bdfvconp.ini
[2010/02/01 23:29:04 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/01/22 13:11:37 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/01/22 13:11:37 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/01/22 13:11:37 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/01/22 13:11:37 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/01/22 13:11:37 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/01/22 13:11:37 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/01/22 13:11:37 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/01/22 13:11:37 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/01/22 13:11:37 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/01/22 13:11:37 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/01/22 13:11:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/01/22 13:11:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/01/22 13:11:37 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/01/22 13:11:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/01/22 13:11:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/01/22 13:11:37 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/01/22 13:11:37 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/01/22 13:11:37 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/01/22 13:11:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/01/14 01:01:42 | 000,000,403 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2010/01/14 00:58:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/01/14 00:57:13 | 000,000,190 | -H-- | C] () -- C:\WINDOWS\NsNetScan.ini
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2009/11/13 14:30:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009/11/13 14:30:52 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2009/11/13 14:30:40 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009/11/13 14:29:26 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2009/11/13 14:26:48 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/11/13 14:08:35 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/11/13 14:01:23 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2009/11/13 13:59:57 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2009/11/11 02:58:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/11 00:03:33 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2009/11/11 00:03:33 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2009/11/11 00:02:27 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/11/11 00:02:19 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2009/11/10 18:02:34 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/10 17:39:48 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\fusioncache.dat
[2009/11/10 17:39:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\WavXMapDrive.bat
[2009/11/05 05:33:57 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/11/05 05:33:57 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/11/05 05:33:57 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/11/05 05:33:57 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/11/05 05:33:57 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/11/05 05:33:57 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/11/05 05:33:56 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/11/05 05:33:56 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/11/05 05:33:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/11/05 05:31:27 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/11/04 22:28:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/11/04 22:20:10 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/11/04 22:20:10 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/11/04 22:19:33 | 000,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/11/04 22:13:45 | 000,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2009/11/04 22:11:23 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2009/11/04 21:42:13 | 000,028,409 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/22 20:03:06 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/06/05 17:41:18 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2009/06/05 17:41:18 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2009/06/05 17:41:16 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2009/06/05 17:41:16 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2009/06/05 17:41:16 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2009/06/05 17:41:14 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2009/06/05 17:41:14 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2009/06/05 17:41:12 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2009/06/05 17:41:12 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2009/06/05 17:41:12 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2009/06/05 17:41:10 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2009/06/05 17:41:10 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll
[2009/06/05 17:41:10 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2009/06/05 17:41:08 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2009/06/05 17:41:08 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2009/06/05 17:41:08 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2009/06/05 17:41:06 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll
[2009/06/05 17:41:06 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll
[2009/06/05 17:41:04 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll
[2009/06/05 17:41:04 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll
[2009/06/05 17:41:04 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll
[2009/06/05 17:41:04 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll
[2009/06/05 17:41:02 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll
[2009/06/05 17:41:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll
[2009/06/05 17:31:18 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2009/06/03 15:08:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
[2009/06/03 15:08:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
[2009/06/03 15:08:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
[2009/06/03 15:08:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
[2009/06/03 15:08:42 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
[2009/06/03 15:08:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
[2009/06/03 15:08:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
[2009/06/03 15:08:38 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
[2009/06/03 15:08:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
[2009/06/03 15:08:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2009/06/03 15:08:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2009/06/03 15:08:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2009/06/03 15:08:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2009/06/03 15:08:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2009/06/03 15:08:28 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2009/06/03 15:08:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2009/06/03 15:08:26 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2009/06/03 15:08:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2009/06/03 15:08:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2009/06/03 15:08:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2009/06/03 15:08:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2009/06/03 15:08:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2009/06/03 15:08:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2009/06/03 15:08:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2009/06/03 14:07:50 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2009/05/18 10:34:04 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2009/05/05 12:34:22 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2008/08/15 10:46:30 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/27 00:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/27 00:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/27 00:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 23:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 23:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 20:03:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 19:58:26 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 19:57:33 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 14:46:45 | 000,580,110 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2008/04/25 14:46:45 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2008/04/25 14:46:45 | 000,105,590 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2008/04/25 14:46:45 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2008/04/25 14:46:34 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 14:46:33 | 000,486,300 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 14:46:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 14:46:33 | 000,081,644 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 14:46:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 14:46:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 14:46:31 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 14:46:30 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 14:46:28 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 14:46:28 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 14:46:22 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 14:46:19 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 07:53:11 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 07:52:12 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/25 11:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2007/04/19 07:52:16 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/04/19 07:28:10 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/06/30 14:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 14:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 15:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 15:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2003/04/01 11:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/11/04 22:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2010/09/27 18:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2010/12/14 11:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/11/04 22:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/11/13 14:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/11/13 14:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2009/11/04 22:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/11/04 22:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/09/15 00:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\BitDefender
[2009/11/04 22:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Broadcom
[2011/05/17 14:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Canon
[2010/08/24 12:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\eMusic
[2009/11/13 14:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\NewSoft
[2010/06/25 20:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\NSBackup
[2010/01/22 13:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Panasonic
[2010/09/15 00:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\QuickScan
[2010/12/27 15:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Regensoft
[2009/11/13 14:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\ScanSoft
[2010/07/14 00:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Stellarium
[2009/11/13 16:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Thunderbird
[2009/11/04 22:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Wave Systems Corp
[2009/11/04 22:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Windows Desktop Search
[2009/11/13 23:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn Smith\Application Data\Windows Search
[2011/05/17 15:23:52 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 01:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 01:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
[2011/03/07 21:29:53 | 000,008,376 | ---- | M] () MD5=68F9AD291B0C16F6B4AAEBFC26960EFA -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/02/11 19:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/04/28 00:25:58 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\drivers\storage\R213316\IaStor.sys
[2009/02/11 19:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/04/28 00:25:58 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >
eventhorizon
Regular Member
 
Posts: 22
Joined: May 6th, 2011, 11:13 am

Re: searchqu.com browser redirect

Unread postby eventhorizon » May 17th, 2011, 6:09 pm

Dear pgmigg,

Just to add that I just ran SpyBot search & destroy, which found DoubleClick (1 element browser) and MediaPlex (3 elements browser). SpyBot removed them.

eventhorizon
eventhorizon
Regular Member
 
Posts: 22
Joined: May 6th, 2011, 11:13 am

Re: searchqu.com browser redirect

Unread postby pgmigg » May 18th, 2011, 11:48 am

Hello eventhorizon,

I am glad to read a good new from you. :)

From the other side, I was upset a little with your additional post :(
Just to add that I just ran SpyBot search & destroy, which found DoubleClick (1 element browser) and MediaPlex (3 elements browser). SpyBot removed them.

because it is a not good practice to run any scans other than the ones I asked you - such scans and fixes will only complicate matters! Please don't do it again...

OK. Let continue our treatment...
Firstly, as usual you need to make a full registry backup.

Step 1.
ERUNT - Emergency Recovery Utility NT - program
You already downloaded it and installed...

Run to make a full backup:
This will create a full backup of your registry. ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start -> All Programs -> ERUNT, then double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on OK at the prompt, then reply Yes.
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on OK. A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Run OTL Script
  1. Double-click OTL.exe to start the program.
  2. Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    O4 - HKLM..\Run: [] File not found
    O18 - Protocol\Handler\ipp - No CLSID value found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
    [2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    
  3. Then click the Run Fix button at the top.
  4. Click Image.
  5. OTL may ask to reboot the machine. Please do so if asked.
  6. The report should appear in Notepad after the reboot. Copy and Paste that report in your next reply.

Step 3.
Run OTL Special Scan
  1. Double-click OTL.exe to start the program.
  2. Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchqu;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
    
  3. Then click the Run Scan button at the top.
  4. When the scan completes, Notepad will open with file: OTL.txt. This is saved in the same location as OTL.
  5. Please post the contents of OTL.txt file in your next reply

Right now I am going to investigate a problem which is left for Google Chrome and ask you to reset it first.

Step 4.
Reset Google Chrome

  1. Open the Google Chrome browser.
  2. Next Go to Tools -> Options.
  3. In the Google Chrome Options window, click the under the hood tab.
  4. Now click Reset to defaults.
  5. A pop-up will appear asking you confirm this action. Click Reset to defaults to revert back Google Chrome to default settings.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of report after running OTL fix script.
  3. Contents of report after running OTL Special Scan.
  4. How the Google Chrome is working now?
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 372 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware