Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

searchqu.com browser redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: searchqu.com browser redirect

Unread postby eventhorizon » May 18th, 2011, 2:49 pm

Hello pgmigg,

I'm very sorry I did a no-no by running SpyBot. I assumed looking for changes in computer behavior meant trying out all my usual tricks, and so I ran the things I usually do. I'm afraid I got too proactive there. I will stick to your instructions from now on, promise. I really appreciate what you are doing and don't want to cause any more problems than absolutely unavoidable!

A. Do you have any problems executing the instructions?
No problems.
B. Contents of report after running OTL fix script.
Below my signature in this message.
C. Contents of report after running OTL Special Scan.
Below the OLT fix script in this message.
D. How the Google Chrome is working now?
I am working with Google Chrome in French language. There is no Under the Hood tab, only basic, personalization, and advanced tabs. I looked at all of them and nowhere, even in submenus, did I find a way to reset the program. I could change the homepage to something other than searchqu/406, but that's all. I left as is so as to change nothing. So Google Chrome is still opening with searchqu homepage.
E. Do you see any changes in computer behavior?
No, it seems the same. Browsers acting the same. The surfing is still a bit better than before the last two scans and fixes. BitDefender optimisation tab says performance is 'excellent', though it was before as well.

Thanks again !
eventhorizon

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ not found.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
C:\WINDOWS\system32\pc_webproxy.dat moved successfully.
C:\WINDOWS\system32\pc_video.dat moved successfully.
C:\WINDOWS\system32\pc_tabloids.dat moved successfully.
C:\WINDOWS\system32\pc_socialnetworks.dat moved successfully.
C:\WINDOWS\system32\pc_searchengines.dat moved successfully.
C:\WINDOWS\system32\pc_regionaltlds.dat moved successfully.
C:\WINDOWS\system32\pc_pornography.dat moved successfully.
C:\WINDOWS\system32\pc_onlineshop.dat moved successfully.
C:\WINDOWS\system32\pc_onlinepay.dat moved successfully.
C:\WINDOWS\system32\pc_onlinedating.dat moved successfully.
C:\WINDOWS\system32\pc_news.dat moved successfully.
C:\WINDOWS\system32\pc_im.dat moved successfully.
C:\WINDOWS\system32\pc_illegal.dat moved successfully.
C:\WINDOWS\system32\pc_hate.dat moved successfully.
C:\WINDOWS\system32\pc_games.dat moved successfully.
C:\WINDOWS\system32\pc_gambling.dat moved successfully.
C:\WINDOWS\system32\pc_drugs.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Glenn Smith
->Temp folder emptied: 420781 bytes
->Temporary Internet Files folder emptied: 1592785 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43962050 bytes
->Google Chrome cache emptied: 6099312 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33310 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 568 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 50,00 mb


[EMPTYFLASH]

User: Administrateur

User: All Users

User: Default User

User: Glenn Smith
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05182011_191600

Files\Folders moved on Reboot...
C:\Documents and Settings\Glenn Smith\Local Settings\Temporary Internet Files\Content.IE5\09MNY7DM\master[1].xml moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 18/05/2011 19:26:00 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Glenn Smith\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 76,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297,89 Gb Total Space | 166,39 Gb Free Space | 55,86% Space Free | Partition Type: NTFS

Computer Name: GLENN_WORK | User Name: Glenn Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Glenn Smith\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2011\downloader.exe (BitDefender)
PRC - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
PRC - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
PRC - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)
PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Glenn Smith\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00087_012\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\Program Files\BitDefender\BitDefender 2011\pchook32.dll (BitDefender S.R.L.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()


========== Win32 Services (SafeList) ==========

SRV - (getPlusHelper) getPlus(R) -- File not found
SRV - (Updatesrv) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe (BitDefender S.R.L.)
SRV - (Update Server) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender)
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.)
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
SRV - (dcpsysmgrsvc) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
SRV - (wlidsvc) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (STacSV) -- c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (stllssvr) -- c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (ACDaemon) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)
SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (PROCEXP113) -- C:\WINDOWS\system32\drivers\PROCEXP113.SYS (Sysinternals - www.sysinternals.com)
DRV - (bdselfpr) -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender LLC)
DRV - (Trufos) -- C:\WINDOWS\system32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (Bdfndisf) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdfndisf.sys (BitDefender)
DRV - (Bdftdif) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys (BitDefender)
DRV - (avckf) -- C:\WINDOWS\system32\drivers\avckf.sys (BitDefender)
DRV - (avc3) -- C:\WINDOWS\system32\drivers\avc3.sys (BitDefender)
DRV - (BdRawPr) -- C:\WINDOWS\system32\drivers\bdrawpr.sys (BITDEFENDER LLC)
DRV - (BDFM) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (CamDrL) Logitech QuickCam Pro 3000(CamDrl) -- C:\WINDOWS\system32\drivers\Camdrl.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.conflictrecovery.org"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e55904c8-769b-4ffe-8d47-48f411f37d22}:2.0.2
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2

FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011/03/30 16:19:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/20 20:37:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 11:23:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 22:58:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2010/09/15 00:38:39 | 000,000,000 | ---D | M]

[2011/05/05 23:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenn Smith\Application Data\Mozilla\Extensions
[2011/05/05 23:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenn Smith\Application Data\Mozilla\Firefox\Profiles\jsuy2xfr.default\extensions
[2010/04/30 11:40:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Glenn Smith\Application Data\Mozilla\Firefox\Profiles\jsuy2xfr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/06 23:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/06 23:01:29 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/09/30 13:28:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/30 16:19:33 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
[2009/11/04 22:03:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 18:47:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/24 14:14:50 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/11/28 13:10:18 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/12/14 22:47:09 | 000,427,067 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14708 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 8159217765 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 20:00:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/17 15:18:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/17 15:12:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/17 15:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2011/05/17 15:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/17 00:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-05-17
[2011/05/16 13:54:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Glenn Smith\Bureau\OTL.exe
[2011/05/15 14:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-05-15
[2011/05/12 23:24:17 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/12 23:24:13 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/05/12 23:23:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/12 23:22:56 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/05/11 10:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-05-11
[2011/05/11 10:09:28 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Glenn Smith\Bureau\tdsskiller.exe
[2011/05/10 21:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-05-10
[2011/05/09 10:44:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Glenn Smith\Recent
[2011/05/09 00:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-05-09
[2011/05/08 19:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\J_bac_2011-05-08
[2011/05/06 23:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/06 23:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype
[2011/05/06 23:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype
[2011/05/06 22:59:30 | 001,029,512 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\Glenn Smith\Mes documents\SkypeSetup.exe
[2011/05/06 22:55:38 | 047,929,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Glenn Smith\Mes documents\AdbeRdr1001_fr_FR.exe
[2011/05/06 19:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\CSFRS
[2011/05/06 17:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/06 17:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Menu Démarrer\Programmes\HiJackThis
[2011/05/05 18:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\Ilivid Player
[2011/05/05 18:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\PackageAware
[2011/05/02 00:04:23 | 003,161,648 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Glenn Smith\Mes documents\dfsetup204.exe
[2011/05/01 19:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\M_le_Maudit-images
[2011/04/30 15:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Mes documents\2011-04-30
[2011/04/30 10:32:47 | 012,602,568 | ---- | C] (Mozilla) -- C:\Documents and Settings\Glenn Smith\Mes documents\Firefox Setup 4.0.1.exe
[2011/04/21 16:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn Smith\Menu Démarrer\Programmes\Google Chrome

========== Files - Modified Within 30 Days ==========

[2011/05/18 19:21:38 | 000,035,431 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2011/05/18 19:21:38 | 000,028,409 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/05/18 19:21:32 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1676656856-1613018796-938531743-1005.job
[2011/05/18 19:21:27 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1676656856-1613018796-938531743-1005.job
[2011/05/18 19:20:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/18 19:20:26 | 000,001,062 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/18 19:20:26 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/05/18 19:20:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/18 19:20:14 | 3745,423,360 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/18 19:16:05 | 000,580,110 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/05/18 19:16:05 | 000,486,300 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/18 19:16:05 | 000,105,590 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/05/18 19:16:05 | 000,081,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/18 18:36:00 | 000,001,172 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1676656856-1613018796-938531743-1005UA.job
[2011/05/18 18:35:01 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/18 16:36:00 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1676656856-1613018796-938531743-1005Core.job
[2011/05/17 15:10:50 | 000,000,613 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Bureau\NTREGOPT.lnk
[2011/05/17 15:10:50 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Bureau\ERUNT.lnk
[2011/05/16 14:13:50 | 000,057,494 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\AulaForm.pdf
[2011/05/16 13:54:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glenn Smith\Bureau\OTL.exe
[2011/05/16 12:48:05 | 000,022,979 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HaggardEyeofNewt.jpg
[2011/05/16 12:47:09 | 000,009,683 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HaggardEyeofNewt.htm
[2011/05/13 23:37:28 | 000,002,332 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Bureau\Google Chrome.lnk
[2011/05/13 23:37:28 | 000,002,310 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/12 23:24:17 | 000,000,000 | ---- | M] () -- C:\Start_.cmd
[2011/05/12 23:24:13 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/05/12 19:32:26 | 004,347,036 | R--- | M] () -- C:\Documents and Settings\Glenn Smith\Bureau\ComboFix.exe
[2011/05/12 17:33:57 | 001,783,551 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\beameruserguide-2.pdf
[2011/05/12 10:27:34 | 000,048,120 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\petit_dragon_vert.gif
[2011/05/11 10:09:30 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Glenn Smith\Bureau\tdsskiller.exe
[2011/05/10 21:20:33 | 000,944,427 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\ANR_Programmation2011.pdf
[2011/05/08 23:47:13 | 002,471,943 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\parcours-Tour_de_France-2011.pdf
[2011/05/08 21:37:32 | 000,000,403 | ---- | M] () -- C:\WINDOWS\prestopm.INI
[2011/05/08 19:25:05 | 000,000,190 | -H-- | M] () -- C:\WINDOWS\NsNetScan.ini
[2011/05/07 16:19:16 | 000,669,788 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\CSFRS_reglement_aides_financieres_20100623.pdf
[2011/05/07 11:32:52 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\dds.scr
[2011/05/06 23:00:52 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2011/05/06 22:59:31 | 001,029,512 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Glenn Smith\Mes documents\SkypeSetup.exe
[2011/05/06 22:58:40 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader X.lnk
[2011/05/06 22:56:26 | 047,929,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Glenn Smith\Mes documents\AdbeRdr1001_fr_FR.exe
[2011/05/06 22:00:58 | 002,085,220 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\GiantExpedition_AT.JPG
[2011/05/06 21:59:48 | 002,032,240 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\GiantExpedition_LT.JPG
[2011/05/06 17:28:45 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Bureau\HiJackThis.lnk
[2011/05/06 17:27:21 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HijackThis.msi
[2011/05/06 00:12:36 | 000,083,377 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\No_ Don't go to Grad School_ How anthropology reproduces neoliberal Misery.eml
[2011/05/05 23:25:00 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2011/05/05 23:21:25 | 000,002,508 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\cc_20110505_232051.reg
[2011/05/02 00:05:06 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Defraggler.lnk
[2011/05/02 00:04:25 | 003,161,648 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Glenn Smith\Mes documents\dfsetup204.exe
[2011/05/01 21:54:24 | 000,025,713 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2011/04/30 11:23:38 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2011/04/30 10:32:47 | 012,602,568 | ---- | M] (Mozilla) -- C:\Documents and Settings\Glenn Smith\Mes documents\Firefox Setup 4.0.1.exe
[2011/04/28 18:56:23 | 000,392,279 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\Missions - Contrat d'assurance.pdf
[2011/04/27 16:07:32 | 000,330,524 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\dem_mis.pdf
[2011/04/26 16:14:07 | 015,809,772 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\WGSmith-VersionThèseFinal.pdf
[2011/04/23 17:44:23 | 000,028,409 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/04/21 11:18:41 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Bureau\Word.lnk
[2011/04/20 17:58:34 | 000,259,964 | ---- | M] () -- C:\Documents and Settings\Glenn Smith\Mes documents\Fiche_de_renseignements_sur_la_soutenance_et_déplacements.pdf

========== Files Created - No Company Name ==========

[2011/05/17 15:10:50 | 000,000,613 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Bureau\NTREGOPT.lnk
[2011/05/17 15:10:50 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Bureau\ERUNT.lnk
[2011/05/16 14:13:50 | 000,057,494 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\AulaForm.pdf
[2011/05/16 12:48:05 | 000,022,979 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HaggardEyeofNewt.jpg
[2011/05/16 12:47:08 | 000,009,683 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HaggardEyeofNewt.htm
[2011/05/12 23:24:17 | 000,000,000 | ---- | C] () -- C:\Start_.cmd
[2011/05/12 19:32:13 | 004,347,036 | R--- | C] () -- C:\Documents and Settings\Glenn Smith\Bureau\ComboFix.exe
[2011/05/12 17:33:55 | 001,783,551 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\beameruserguide-2.pdf
[2011/05/12 10:27:32 | 000,048,120 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\petit_dragon_vert.gif
[2011/05/10 21:20:26 | 000,944,427 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\ANR_Programmation2011.pdf
[2011/05/08 23:47:13 | 002,471,943 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\parcours-Tour_de_France-2011.pdf
[2011/05/07 16:19:16 | 000,669,788 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\CSFRS_reglement_aides_financieres_20100623.pdf
[2011/05/07 11:32:51 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\dds.scr
[2011/05/06 23:03:28 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/05/06 23:00:52 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2011/05/06 22:58:40 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader X.lnk
[2011/05/06 22:58:40 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader X.lnk
[2011/05/06 22:00:58 | 002,085,220 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\GiantExpedition_AT.JPG
[2011/05/06 21:59:48 | 002,032,240 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\GiantExpedition_LT.JPG
[2011/05/06 17:28:00 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Bureau\HiJackThis.lnk
[2011/05/06 17:27:19 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\HijackThis.msi
[2011/05/06 00:12:36 | 000,083,377 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\No_ Don't go to Grad School_ How anthropology reproduces neoliberal Misery.eml
[2011/05/05 23:20:55 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\cc_20110505_232051.reg
[2011/04/30 11:23:38 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
[2011/04/28 18:56:23 | 000,392,279 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\Missions - Contrat d'assurance.pdf
[2011/04/27 16:07:32 | 000,330,524 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\dem_mis.pdf
[2011/04/26 16:13:49 | 015,809,772 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\WGSmith-VersionThèseFinal.pdf
[2011/04/21 16:27:23 | 000,002,332 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Bureau\Google Chrome.lnk
[2011/04/21 16:27:23 | 000,002,310 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/21 16:26:42 | 000,001,172 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1676656856-1613018796-938531743-1005UA.job
[2011/04/21 16:26:42 | 000,001,120 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1676656856-1613018796-938531743-1005Core.job
[2011/04/20 17:58:34 | 000,259,964 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Mes documents\Fiche_de_renseignements_sur_la_soutenance_et_déplacements.pdf
[2011/04/13 18:00:25 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010/08/24 10:01:04 | 000,118,321 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Fichiers communs\LinkInstaller.exe
[2010/04/14 01:27:11 | 000,055,848 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/10 16:59:35 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Application Data\bdfvconp.ini
[2010/02/01 23:29:04 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/01/29 13:00:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/01/22 13:11:37 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/01/22 13:11:37 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/01/22 13:11:37 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/01/22 13:11:37 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/01/22 13:11:37 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/01/22 13:11:37 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/01/22 13:11:37 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/01/22 13:11:37 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/01/22 13:11:37 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/01/22 13:11:37 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/01/22 13:11:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/01/22 13:11:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/01/22 13:11:37 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/01/22 13:11:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/01/22 13:11:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/01/22 13:11:37 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/01/22 13:11:37 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/01/22 13:11:37 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/01/22 13:11:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/01/14 01:01:42 | 000,000,403 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2010/01/14 00:58:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/01/14 00:57:13 | 000,000,190 | -H-- | C] () -- C:\WINDOWS\NsNetScan.ini
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2009/11/14 04:21:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2009/11/13 14:30:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009/11/13 14:30:52 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2009/11/13 14:30:40 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009/11/13 14:29:26 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2009/11/13 14:26:48 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/11/13 14:08:35 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/11/13 14:01:23 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2009/11/13 13:59:57 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2009/11/11 02:58:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/11 00:03:33 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2009/11/11 00:03:33 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2009/11/11 00:02:27 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/11/11 00:02:19 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2009/11/10 18:02:34 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/10 17:39:48 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\fusioncache.dat
[2009/11/10 17:39:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Glenn Smith\Local Settings\Application Data\WavXMapDrive.bat
[2009/11/05 05:33:57 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/11/05 05:33:57 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/11/05 05:33:57 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/11/05 05:33:57 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/11/05 05:33:57 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/11/05 05:33:57 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/11/05 05:33:56 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/11/05 05:33:56 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/11/05 05:33:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/11/05 05:31:27 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/11/04 22:28:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/11/04 22:20:10 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/11/04 22:20:10 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/11/04 22:19:33 | 000,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/11/04 22:13:45 | 000,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2009/11/04 22:11:23 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2009/11/04 21:42:13 | 000,028,409 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/22 20:03:06 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/06/05 17:41:18 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2009/06/05 17:41:18 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2009/06/05 17:41:16 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2009/06/05 17:41:16 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2009/06/05 17:41:16 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2009/06/05 17:41:14 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2009/06/05 17:41:14 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2009/06/05 17:41:12 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2009/06/05 17:41:12 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2009/06/05 17:41:12 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2009/06/05 17:41:10 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2009/06/05 17:41:10 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll
[2009/06/05 17:41:10 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2009/06/05 17:41:08 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2009/06/05 17:41:08 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2009/06/05 17:41:08 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2009/06/05 17:41:06 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll
[2009/06/05 17:41:06 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll
[2009/06/05 17:41:04 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll
[2009/06/05 17:41:04 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll
[2009/06/05 17:41:04 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll
[2009/06/05 17:41:04 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll
[2009/06/05 17:41:02 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll
[2009/06/05 17:41:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll
[2009/06/05 17:31:18 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2009/06/03 15:08:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
[2009/06/03 15:08:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
[2009/06/03 15:08:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
[2009/06/03 15:08:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
[2009/06/03 15:08:42 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
[2009/06/03 15:08:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
[2009/06/03 15:08:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
[2009/06/03 15:08:38 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
[2009/06/03 15:08:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
[2009/06/03 15:08:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2009/06/03 15:08:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2009/06/03 15:08:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2009/06/03 15:08:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2009/06/03 15:08:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2009/06/03 15:08:28 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2009/06/03 15:08:28 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2009/06/03 15:08:26 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2009/06/03 15:08:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2009/06/03 15:08:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2009/06/03 15:08:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2009/06/03 15:08:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2009/06/03 15:08:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2009/06/03 15:08:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2009/06/03 15:08:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2009/06/03 14:07:50 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2009/05/18 10:34:04 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2009/05/05 12:34:22 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2008/08/15 10:46:30 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/27 00:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/27 00:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/27 00:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 23:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 23:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 20:03:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 19:58:26 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 19:57:33 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 14:46:45 | 000,580,110 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2008/04/25 14:46:45 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2008/04/25 14:46:45 | 000,105,590 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2008/04/25 14:46:45 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2008/04/25 14:46:34 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 14:46:33 | 000,486,300 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 14:46:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 14:46:33 | 000,081,644 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 14:46:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 14:46:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 14:46:31 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 14:46:30 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 14:46:28 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 14:46:28 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 14:46:22 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 14:46:19 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 07:53:11 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 07:52:12 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/25 11:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2007/04/19 07:52:16 | 000,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/04/19 07:28:10 | 000,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/06/30 14:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 14:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 15:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 15:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2003/04/01 11:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Custom Scans ==========


< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchqu;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >
[2011/05/05 18:07:02 | 000,000,000 | ---D | M] -- c:\Documents and Settings\Glenn Smith\Local Settings\Application Data\Ilivid Player

< c:|whitesmoke;true;true;true; /FP >

< End of report >
eventhorizon
Regular Member
 
Posts: 22
Joined: May 6th, 2011, 11:13 am
Advertisement
Register to Remove

Re: searchqu.com browser redirect

Unread postby pgmigg » May 19th, 2011, 12:20 pm

Hello eventhorizon,
I am working with Google Chrome in French language. There is no Under the Hood tab, only basic, personalization, and advanced tabs. I looked at all of them and nowhere, even in submenus, did I find a way to reset the program. I could change the homepage to something other than searchqu/406, but that's all. I left as is so as to change nothing. So Google Chrome is still opening with searchqu homepage.

Sorry for inconvenience by giving you instruction on different language. In such case I suggest you to uninstall Google Chrome and the install it again accordingly to steps below.

Step 1.
Uninstall Google Chrome by Add/Remove programs
  1. Click on Start -> Run
  2. In the open text entry box please Copy/Paste appwiz.cpl
  3. Then click enter.
  4. Press the "Remove" or "Change/Remove"...button to uninstall the following:
    Google Chrome
  5. Close Add/Remove programs.

Then, let continue our treatment and as usual you need to make a full registry backup first.

Step 2.
ERUNT - Emergency Recovery Utility NT - program
You already downloaded it and installed...

Run to make a full backup:
This will create a full backup of your registry. ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start -> All Programs -> ERUNT, then double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on OK at the prompt, then reply Yes.
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on OK. A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 3.
Run OTL Script
  1. Double-click OTL.exe to start the program.
  2. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Otl
    [2011/05/05 18:07:02 | 000,000,000 | ---D | M] -- c:\Documents and Settings\Glenn Smith\Local Settings\Application Data\Ilivid Player
    
    :Files
    C:\Documents and Settings\Username\Local Settings\Application Data\Google\Chrome
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    
  3. Then click the Run Fix button at the top.
  4. Click Image.
  5. OTL may ask to reboot the machine. Please do so if asked.
  6. The report should appear in Notepad after the reboot. Copy and Paste that report in your next reply.

Step 4.
FLUSHDNS
  1. Click the Start -> Run... and text entry box will open.
  2. Type: cmd and press OK - the Command Prompt window opens.
  3. Type: ipconfig /flushdns
      Note: There is a space after ipconfig in the above command.
  4. Press Enter.
  5. Type: exit and press Enter to exit the Command Prompt window.
  6. Reboot your computer! <- IMPORTANT!!!

Step 5.
Install Google Chrome
Please go to Google Chrome and press on big blue button Download Google Chrome. Then press on big blue button Accept and install and follow the prompts...

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of report after running OTL fix script.
  3. How the Google Chrome is working now?
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: searchqu.com browser redirect

Unread postby eventhorizon » May 20th, 2011, 5:37 am

Dear pgmigg,

Thanks for your continued help.

A. I had no problem executing the instructions.
B. Report is below.
C. Google Chrome seems to be working well. It is in English now, which will make it easier to work with! When entering search terms in the URL bar, it goes through the Google search engine, no longer searchqu. Surfing is normal, though not lightning fast right now.
D. Computer seems to be acting normally. BitDefender optimization tab shows "Excellent" performance and RAM usage is low, well in the green.

I'll look forward to your analysis of the report below. maybe we're seeing the light at the end of the tunnel...

Regards,
eventhorizon

All processes killed
========== OTL ==========
c:\Documents and Settings\Glenn Smith\Local Settings\Application Data\Ilivid Player folder moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Username\Local Settings\Application Data\Google\Chrome not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Glenn Smith
->Temp folder emptied: 1870906 bytes
->Temporary Internet Files folder emptied: 1035989 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43821631 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 484 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45,00 mb


[EMPTYFLASH]

User: Administrateur

User: All Users

User: Default User

User: Glenn Smith
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05202011_100500

Files\Folders moved on Reboot...
C:\Documents and Settings\Glenn Smith\Local Settings\Temporary Internet Files\Content.IE5\WF1O8DKR\master[1].xml moved successfully.

Registry entries deleted on Reboot...
eventhorizon
Regular Member
 
Posts: 22
Joined: May 6th, 2011, 11:13 am

Re: searchqu.com browser redirect

Unread postby Dakeyras » May 20th, 2011, 2:25 pm

Hi. :)

pgmigg is currently unavailable and I will be continuing the Malware Removal process.

Lets proceed as follows shall we...

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan...Click on Scan Now
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Security Application Check:

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

  • Double-click on SecurityCheck.exe then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Eset Log.
  • SecurityCheck Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: searchqu.com browser redirect

Unread postby eventhorizon » May 21st, 2011, 6:16 am

Hi Dakeyras,

Thanks for filling in for pgmigg. I did the checks requested with no problem (Eset found two threats). To answer your questions:

1. performance, symptoms, problems:
==> It looks like internet surfing is rapid. Google Chrome now searches by default with Google. The available search engines in both Chrome and Firefox no longer include searchqu or related engines, just the usual. Looks good.
In BitDefender Optimization tab, performance is excellent as usual; RAM is in the green. Generic Host Processes for Win32 Services is, however, a processor hog at the moment (39% of processor) but that is perhaps normal.
2. ESET log
==> just below signature
3. SecurityCheck log
==> is just after the ESET log.

Thanks for your help!
-- eventhorizon

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=71dd8d6c3742a0498f07f88334878848
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-21 09:26:51
# local_time=2011-05-21 11:26:51 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1263812 1263812 0 0
# compatibility_mode=8192 67108863 100 0 222 222 0 0
# scanned=149729
# found=2
# cleaned=0
# scan_time=10534
C:\Documents and Settings\Glenn Smith\Mes documents\videora-ipod-504-setup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Glenn Smith\Mes documents\videora-ipodtouch-600-setup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I


Results of screen317's Security Check version 0.99.11
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

BitDefender Internet Security 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Adobe Reader X (10.0.1) - Français
Mozilla Firefox (Firefox, Opera, Netscape only..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

BitDefender BitDefender 2011 vsserv.exe
BitDefender BitDefender 2011 bdagent.exe
BitDefender BitDefender 2011 pchooklaunch32.exe
BitDefender BitDefender 2011 updatesrv.exe
``````````End of Log````````````
eventhorizon
Regular Member
 
Posts: 22
Joined: May 6th, 2011, 11:13 am

Re: searchqu.com browser redirect

Unread postby Dakeyras » May 21st, 2011, 7:19 am

Hi. :)

Thanks for filling in for pgmigg.
You're welcome and thanks for the update also!

Next:

Out of date Java installations pose a security risk. It can be used by malware as a means to infect a computer and or re-infect. We will update this in due course.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Java(TM) 6 Update 21

To do so, click once on the above in turn to highlight and then click on the Remove button.

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK
Code: Select all
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select Off(not recommended) >> OK.

Note: No need for it to be active after the reset becuse you have the BitDefender Internet Security 2011 application installed has a Firewall componant.

New Java Installation:

  • Click here to visit Java's website.
  • Scroll down to Java SE 6 Update 25 (JDK or JRE). Click on Download JRE.
  • Check (tick) Java SE Runtime Environment 6u25 License Agreement box.
  • Click on jre-6u25-windows-i586.exe link next to Windows x86 Offline to download it and save this to a convenient location.
  • Right-click on on jre-6u25-windows-i586.exe and select Run as Administrator to install Java.

Note: During installation de-select the option to install McAfee Security Scan Plus if offered.

Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:Files 
ipconfig /flushdns /c 
%systemroot%\prefetch\*.* 
C:\Documents and Settings\Glenn Smith\Mes documents\videora-ipod-504-setup.exe 
C:\Documents and Settings\Glenn Smith\Mes documents\videora-ipodtouch-600-setup.exe 

:Commands
[Purity]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: searchqu.com browser redirect

Unread postby eventhorizon » May 21st, 2011, 8:47 am

Hi Dakeyras,

Thanks for the quick analysis of the last scan! I was able to do the updates and new scans without incident. Computer seems ok, perhaps not as fast as earlier, but BitDefender Optimization is showing as usual green for RAM usage and Excellent in performance.

OTL went as usual (a detail: when the computer reboots, I have to click "run" on the program again to get the report). The OTL Log is pasted below.

Just with Malwarebytes I had to run it a second time. The first time, nothing was found but no report was generated, so i went into options and set so that reports would be automatically made. Then I ran MBAM again and got the text pasted below the OTL Log.

Thanks again,
eventhorizon

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Configuration IP de Windows
Cache de résolution DNS vidé.
C:\Documents and Settings\Glenn Smith\Bureau\cmd.bat deleted successfully.
C:\Documents and Settings\Glenn Smith\Bureau\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\ACRORD32.EXE-36E8F12E.pf moved successfully.
C:\WINDOWS\prefetch\ADOBEARM.EXE-2D5CF26D.pf moved successfully.
C:\WINDOWS\prefetch\ADOBECOLLABSYNC.EXE-19481FF1.pf moved successfully.
C:\WINDOWS\prefetch\AESTFLTR.EXE-24296A87.pf moved successfully.
C:\WINDOWS\prefetch\AGENTSVR.EXE-260B72BD.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-275708CF.pf moved successfully.
C:\WINDOWS\prefetch\APMSGFWD.EXE-202DCA6E.pf moved successfully.
C:\WINDOWS\prefetch\APNTEX.EXE-1F40D543.pf moved successfully.
C:\WINDOWS\prefetch\APOINT.EXE-28154A30.pf moved successfully.
C:\WINDOWS\prefetch\APPLEMOBILEDEVICEHELPER.EXE-0B3DD80B.pf moved successfully.
C:\WINDOWS\prefetch\APPLEMOBILEDEVICESERVICE.EXE-118B1065.pf moved successfully.
C:\WINDOWS\prefetch\BCMWLTRY.EXE-2A90025A.pf moved successfully.
C:\WINDOWS\prefetch\BDAGENT.EXE-0425AA58.pf moved successfully.
C:\WINDOWS\prefetch\BDAURSBMT.EXE-333FBAEA.pf moved successfully.
C:\WINDOWS\prefetch\BTTRAY.EXE-2D55805E.pf moved successfully.
C:\WINDOWS\prefetch\BTWDINS.EXE-14A3CC28.pf moved successfully.
C:\WINDOWS\prefetch\CF19248.CFXXE-157324A8.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-05C1FBD2.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-05C1FBD5.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-05C1FBD6.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-05C1FBD9.pf moved successfully.
C:\WINDOWS\prefetch\CHROMESETUP.EXE-32F0F541.pf moved successfully.
C:\WINDOWS\prefetch\CHROME_INSTALLER.EXE-1B4F2754.pf moved successfully.
C:\WINDOWS\prefetch\CHROME_UPDATER.EXE-04B33545.pf moved successfully.
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf moved successfully.
C:\WINDOWS\prefetch\CMDINFO.EXE-295F0BD9.pf moved successfully.
C:\WINDOWS\prefetch\CSTBOX.EXE-235B510F.pf moved successfully.
C:\WINDOWS\prefetch\DEFRAG.EXE-2858C7E2.pf moved successfully.
C:\WINDOWS\prefetch\DFRGNTFS.EXE-38C3807C.pf moved successfully.
C:\WINDOWS\prefetch\DISTNOTED.EXE-1ED6FAAC.pf moved successfully.
C:\WINDOWS\prefetch\DLLHOST.EXE-14573387.pf moved successfully.
C:\WINDOWS\prefetch\DOWNLOADER.EXE-272438E3.pf moved successfully.
C:\WINDOWS\prefetch\DWWIN.EXE-2C373FB7.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT-SETUP.EXE-38EA773D.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT.EXE-23218E37.pf moved successfully.
C:\WINDOWS\prefetch\ESETSMARTINSTALLER.EXE-372E7C48.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf moved successfully.
C:\WINDOWS\prefetch\FIND.EXE-0EEAD1A7.pf moved successfully.
C:\WINDOWS\prefetch\FIREFOX.EXE-06188867.pf moved successfully.
C:\WINDOWS\prefetch\FXSSVC.EXE-140862E7.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-0095D79C.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-00EAA129.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-2369CDE7.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-00EC5F32.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-160E1F62.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-1A47F320.pf moved successfully.
C:\WINDOWS\prefetch\HELPSVC.EXE-1C192440.pf moved successfully.
C:\WINDOWS\prefetch\HIDFIND.EXE-1F342FC6.pf moved successfully.
C:\WINDOWS\prefetch\IAANTMON.EXE-3A4C571B.pf moved successfully.
C:\WINDOWS\prefetch\IESHOW.EXE-00D6AEEA.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf moved successfully.
C:\WINDOWS\prefetch\IMAPI.EXE-201490BB.pf moved successfully.
C:\WINDOWS\prefetch\INSTALLER.EXE-2B274004.pf moved successfully.
C:\WINDOWS\prefetch\IPCONFIG.EXE-05D7908C.pf moved successfully.
C:\WINDOWS\prefetch\IPODSERVICE.EXE-37043579.pf moved successfully.
C:\WINDOWS\prefetch\IS-6JVMT.TMP-0BB869F1.pf moved successfully.
C:\WINDOWS\prefetch\IS-D07SU.TMP-2CEE4FEC.pf moved successfully.
C:\WINDOWS\prefetch\ITUNES.EXE-14FD3AEE.pf moved successfully.
C:\WINDOWS\prefetch\JQS.EXE-31B60334.pf moved successfully.
C:\WINDOWS\prefetch\JQSNOTIFY.EXE-359F83C5.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LOGONUI.EXE-312BE1BF.pf moved successfully.
C:\WINDOWS\prefetch\LVCOMSX.EXE-30FB8DC0.pf moved successfully.
C:\WINDOWS\prefetch\MBAM.EXE-0D37CDF0.pf moved successfully.
C:\WINDOWS\prefetch\MDM.EXE-1C8F90CC.pf moved successfully.
C:\WINDOWS\prefetch\MSIMN.EXE-183B59AF.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-2DAE2DE6.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\NVSVC32.EXE-0756FC6B.pf moved successfully.
C:\WINDOWS\prefetch\ODSCANUI.EXE-0F34484F.pf moved successfully.
C:\WINDOWS\prefetch\OFFICELIVESIGNIN.EXE-0768AF43.pf moved successfully.
C:\WINDOWS\prefetch\ONLINECMDLINESCANNER.EXE-2A9449EE.pf moved successfully.
C:\WINDOWS\prefetch\ONLINESCANNERUNINSTALLER.EXE-0094E128.pf moved successfully.
C:\WINDOWS\prefetch\OTL.EXE-23A98F4F.pf moved successfully.
C:\WINDOWS\prefetch\PCHOOKLAUNCH32.EXE-08955341.pf moved successfully.
C:\WINDOWS\prefetch\PLUGIN-CONTAINER.EXE-0EB365FC.pf moved successfully.
C:\WINDOWS\prefetch\PMBDEVICEINFOPROVIDER.EXE-2097962C.pf moved successfully.
C:\WINDOWS\prefetch\POWERPNT.EXE-2EEF88AA.pf moved successfully.
C:\WINDOWS\prefetch\REALPLAY.EXE-05411014.pf moved successfully.
C:\WINDOWS\prefetch\REALSCHED.EXE-2A294C9E.pf moved successfully.
C:\WINDOWS\prefetch\REALUPGRADE.EXE-1CAD92F6.pf moved successfully.
C:\WINDOWS\prefetch\REGEDIT.EXE-2AE3423E.pf moved successfully.
C:\WINDOWS\prefetch\REGSVR32.EXE-396DEA2C.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-3C500167.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-3CAE7316.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-41C4C933.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-461EB4C4.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-4C50DFCF.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-555B2718.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-5841AB92.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-5ACE91DC.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-5C369C01.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-5F120771.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-6A7C7136.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-6ACD0C83.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-6E8D4657.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-71AB9752.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-7444FE0C.pf moved successfully.
C:\WINDOWS\prefetch\SAFARI.EXE-3616B950.pf moved successfully.
C:\WINDOWS\prefetch\SDUPDATE.EXE-2A88E3BA.pf moved successfully.
C:\WINDOWS\prefetch\SEAPORT.EXE-22340720.pf moved successfully.
C:\WINDOWS\prefetch\SEARCHFILTERHOST.EXE-1FEC9DD2.pf moved successfully.
C:\WINDOWS\prefetch\SEARCHINDEXER.EXE-00DB35DB.pf moved successfully.
C:\WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-1460F5CC.pf moved successfully.
C:\WINDOWS\prefetch\SECCENTER.EXE-1844DCB7.pf moved successfully.
C:\WINDOWS\prefetch\SECURITYCHECK.EXE-1E729DCC.pf moved successfully.
C:\WINDOWS\prefetch\SETUP.EXE-1BA1A3CF.pf moved successfully.
C:\WINDOWS\prefetch\SETUP.EXE-1BFCA0BD.pf moved successfully.
C:\WINDOWS\prefetch\SETUP.EXE-213688E5.pf moved successfully.
C:\WINDOWS\prefetch\SETUP.EXE-2E5EE47F.pf moved successfully.
C:\WINDOWS\prefetch\SOFTWAREUPDATE.EXE-1709A272.pf moved successfully.
C:\WINDOWS\prefetch\SPYBOTSD.EXE-1702AD5F.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-2D5FBD18.pf moved successfully.
C:\WINDOWS\prefetch\TDMSERVICE.EXE-30407F7C.pf moved successfully.
C:\WINDOWS\prefetch\TFC.EXE-1D237721.pf moved successfully.
C:\WINDOWS\prefetch\UPDATESRV.EXE-0E091BBF.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf moved successfully.
C:\WINDOWS\prefetch\WINWORD.EXE-241BAD24.pf moved successfully.
C:\WINDOWS\prefetch\WINWORD.EXE-33AEA629.pf moved successfully.
C:\WINDOWS\prefetch\WLIDSVC.EXE-101DAF6B.pf moved successfully.
C:\WINDOWS\prefetch\WLIDSVCM.EXE-00BE526F.pf moved successfully.
C:\WINDOWS\prefetch\WLTRAY.EXE-0D3A5A80.pf moved successfully.
C:\WINDOWS\prefetch\WMIADAP.EXE-32F99497.pf moved successfully.
C:\WINDOWS\prefetch\WMIAPSRV.EXE-02740A4B.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf moved successfully.
C:\WINDOWS\prefetch\WORDCONV.EXE-0ED4103A.pf moved successfully.
C:\WINDOWS\prefetch\WSCNTFY.EXE-0B14C27D.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf moved successfully.
C:\Documents and Settings\Glenn Smith\Mes documents\videora-ipod-504-setup.exe moved successfully.
C:\Documents and Settings\Glenn Smith\Mes documents\videora-ipodtouch-600-setup.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrateur

User: All Users

User: Default User

User: Glenn Smith
->Flash cache emptied: 456 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Glenn Smith
->Temp folder emptied: 861430 bytes
->Temporary Internet Files folder emptied: 7863059 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43491664 bytes
->Google Chrome cache emptied: 8881957 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33466 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17016 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 58,00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 05212011_135516

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Glenn Smith\Local Settings\Temp\Perflib_Perfdata_658.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_264.dat moved successfully.

Registry entries deleted on Reboot...


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6633

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/05/2011 14:19:50
mbam-log-2011-05-21 (14-19-50).txt

Scan type: Quick scan
Objects scanned: 165204
Time elapsed: 1 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
eventhorizon
Regular Member
 
Posts: 22
Joined: May 6th, 2011, 11:13 am

Re: searchqu.com browser redirect

Unread postby Dakeyras » May 21st, 2011, 2:37 pm

Hi. :)

I was able to do the updates and new scans without incident. Computer seems ok, perhaps not as fast as earlier, but BitDefender Optimization is showing as usual green for RAM usage and Excellent in performance.
Some in depth system maintenance will very probably be of benefit, the below links(Importance of Regular System Maintenance) explain about such.

OTL went as usual (a detail: when the computer reboots, I have to click "run" on the program again to get the report). The OTL Log is pasted below.
Thats fine.

Just with Malwarebytes I had to run it a second time. The first time, nothing was found but no report was generated, so i went into options and set so that reports would be automatically made. Then I ran MBAM again and got the text pasted below the OTL Log.
Fair play.

Thanks again
You're most welcome!

Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Image

Clean up with OTL:

  • Double-click OTL to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.

The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once a week.

Other installed security software:

Your presently installed security application, BitDefender Internet Security automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:


Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: searchqu.com browser redirect

Unread postby eventhorizon » May 22nd, 2011, 5:41 am

Hi Dakeyras,

Thank you (and pgmigg, who is a brilliant undergraduate student) ever so much for ridding me of the searchsq browser redirect, and for taking the time to thouroughly clean my system. I am so grateful!

You have a wonderful site, and I will be sure to follow your suggestions for keeping my system clean and running efficiently. I have installed analogx ScriptDefender and WinPatrol, and my updates are configured auto.

Again, thanks a million. You are tops and are doing a great service that deserves recognition!!

All the best,
eventhorizon
Last edited by Wingman on May 22nd, 2011, 5:04 pm, edited 1 time in total.
Reason: Removed link
eventhorizon
Regular Member
 
Posts: 22
Joined: May 6th, 2011, 11:13 am

Re: searchqu.com browser redirect

Unread postby Dakeyras » May 22nd, 2011, 4:44 pm

You're most welcome and thank you for the kind words also...much appreciated! :)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: searchqu.com browser redirect

Unread postby Wingman » May 22nd, 2011, 5:04 pm

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14112
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware