XP infected with Win32.FakeAlert.ttam and Win32.Palevo

[French_User]

Hi!

I followed your instructions but when Combofix was almost finished, a blue screen with BAD_POOL_HEADER appeared! Fortunately Windows recovered when I started again my computer. The technical data of the blue screen said:
***STOP:0x00000019 (0x00000020, 0x8A642970, 0x8A642D88, 0x1A830001).

Windows report is:
BCCode : 19 BCP1 : 00000020 BCP2 : 8A642970 BCP3 : 8A642D88
BCP4 : 1A830001 OSVer : 5_1_2600 SP : 3_0 Product : 256_1
C:\DOCUME~1\Andrea\LOCALS~1\Temp\WERa8ca.dir00\Mini020711-01.dmp
C:\DOCUME~1\Andrea\LOCALS~1\Temp\WERa8ca.dir00\sysdata.xml

An Internet Explorer icon has appeared on my Desktop (I use Firefox) after I started my computer again.

(When I looked for antivirus/antispyware programs that may be on my computer, I used the add/remove program function of Windows. I removed only one program that had nothing to do with my computer security but it was not useful. I Wonder if it might have caused the problem.)

I can't find the ComboFix log nor the .txt.


Here is the new DDS log:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Andrea at 11:28:24,93 on 07/02/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2013.1283 [GMT 1:00]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Program files annexes\MozyHome\mozybackup.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Program files annexes\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Program files annexes\Le Petit Robert\prhyper.exe
C:\Program Files\SFR\Kit\9props.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Program files annexes\Firefox\firefox.exe
C:\Program Files\Program files annexes\Firefox\plugin-container.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Andrea\Bureau\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sfr.fr/kit/adsl/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:56545
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Objet d'aide à la navigation SFR: {0f6e720a-1a6b-40e1-a294-1d4d19f156c8} - c:\program files\sfr\kit\SFRNavErrorHelper.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\textware\quickf~1\plugins\IEHelp.dll
BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
uRun: [ISUSPM] "c:\program files\fichiers communs\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Le Petit Robert Hyperappel] c:\program files\program files annexes\le petit robert\prhyper.exe
uRun: [Connexion SFR 9props.exe] "c:\program files\sfr\kit\9props.exe" /trayicon
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NPSStartup]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\program files annexes\itunes\iTunesHelper.exe"
mRun: [conhost] c:\documents and settings\andrea\application data\microsoft\conhost.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\thunde~1.lnk - c:\program files\program files annexes\thunderbird\thunderbird.exe
StartupFolder: c:\documents and settings\all users\menu démarrer\programmes\démarrage\~$A FAIRE__.docx
StartupFolder: c:\documents and settings\all users\menu démarrer\programmes\démarrage\~WRL0005.tmp
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrea\applic~1\mozilla\firefox\profiles\vf7c5akl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\andrea\application data\mozilla\firefox\profiles\vf7c5akl.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\andrea\application data\mozilla\firefox\profiles\vf7c5akl.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\andrea\application data\mozilla\firefox\profiles\vf7c5akl.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\program files annexes\itunes\mozilla plugins\npitunes.dll
FF - plugin: c:\program files\program files annexes\picasa3\npPicasa3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\program files annexes\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - c:\program files\program files annexes\firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\program files annexes\firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Fast Dial: fastdial@telega.phpnet.us - %profile%\extensions\fastdial@telega.phpnet.us
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: Taboo: taboo@runningfrombears.com - %profile%\extensions\taboo@runningfrombears.com
FF - Ext: Morning Coffee: morningCoffee@shaneliesegang - %profile%\extensions\morningCoffee@shaneliesegang
FF - Ext: UpdateScanner: {c07d1a49-9894-49ff-a594-38960ede8fb9} - %profile%\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}
FF - Ext: Wired-Marker: {e36db930-f18d-4449-b45f-e286cfb9e03a} - %profile%\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
FF - Ext: Hyperwords: {9A752782-D706-479b-98F8-3F66BF921692} - %profile%\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
FF - Ext: meebo: firefox@meebo.com - %profile%\extensions\firefox@meebo.com
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: Names Dictionary for rikaichan: {566D6332-1439-43bf-857E-7AD5F137AD0C} - %profile%\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Xmarks Searchtabs: xa@xmarks.com - %profile%\extensions\xa@xmarks.com
FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-17 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2010-5-17 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-17 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-12 56816]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-6-20 233472]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-6-20 36608]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
S2 NewServiceInstall1;NewServiceInstall1;c:\program files\sdl international\t2007_fl\tt\lng\Dialogs1031.lng [2007-4-23 11264]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-7-7 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-7-7 14336]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-6-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-6-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-6-20 121856]
S4 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" --> c:\program files\ma-config.com\maconfservice.exe [?]

=============== Created Last 30 ================

2011-02-07 09:26:00 -------- d-sha-r- C:\cmdcons
2011-02-07 09:22:32 98816 ----a-w- c:\windows\sed.exe
2011-02-07 09:22:32 89088 ----a-w- c:\windows\MBR.exe
2011-02-07 09:22:32 256512 ----a-w- c:\windows\PEV.exe
2011-02-07 09:22:32 161792 ----a-w- c:\windows\SWREG.exe
2011-02-07 09:22:27 -------- d-----w- C:\ComboFix
2011-02-03 21:49:33 -------- d-----w- c:\program files\trend micro
2011-01-31 14:10:36 -------- d-----w- c:\docume~1\andrea\applic~1\QuickScan
2011-01-31 10:28:06 -------- d-----w- c:\docume~1\andrea\locals~1\applic~1\Roxio
2011-01-29 10:56:39 193 ----a-w- c:\docume~1\andrea\applic~1\microsoft\gb_129609.bat
2011-01-08 10:40:18 -------- d-----w- c:\docume~1\andrea\locals~1\applic~1\Search and Replace

==================== Find3M ====================

2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:45 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

============= FINISH: 11:28:37,45 ===============

[Dakeyras]

Hi.

Most unfortunate what has happened but thank you for the detailed report of what actually occurred. Now it could be several reasons that explain this serious of events, so for myself to be better able to ascertain what is the exact culprit/problems. I am going to ask your good self run a different in-depth scanning application shortly.

An Internet Explorer icon has appeared on my Desktop (I use Firefox) after I started my computer again.

That is fine, part of the ComboFix process puts a shortcut for Internet Explorer on the Desktop. You may delete it if you wish.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

• Double-click on OTL.exe to start OTL.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

• How is you computer performing now, any further symptoms and or problems encountered?
• Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

[French_User]

Nothing special about my computer. It seems it has a normal behaviour!

[French_User]

OTL logfile created on: 07/02/2011 21:11:06 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Andrea\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,02 Gb Total Space | 160,96 Gb Free Space | 54,01% Space Free | Partition Type: NTFS

Computer Name: VOSTRO | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Andrea\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Program files annexes\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Program files annexes\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\SFR\Kit\9props.exe (SFR)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Program files annexes\Le Petit Robert\PRHYPER.EXE ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Andrea\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (maconfservice) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (hpqcxs08) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (stllssvr) -- C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (NewServiceInstall1) -- C:\Program Files\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng ()
SRV - (RoxMediaDB9) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (pmxmouse) -- C:\WINDOWS\system32\drivers\pmxmouse.sys (Primax Electronics Ltd.)
DRV - (pmxusblf) -- C:\WINDOWS\system32\drivers\pmxusblf.sys (Primax Electronics Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallb...mb&ibd=0080703
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://partnerpage.google.com/smallb...mb&ibd=0080703


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallb...mb&ibd=0080703
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallb...mb&ibd=0080703
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter =
IE - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/kit/adsl/
IE - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56545

========== FireFox ==========


FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\Program Files\Program files annexes\Flock\flock\plugins [2011/01/05 15:42:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\Program Files\Program files annexes\Flock\flock\components [2011/01/05 15:42:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Program files annexes\Firefox\components [2011/01/09 09:25:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Program files annexes\Firefox\plugins [2011/01/05 15:42:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Program files annexes\Thunderbird\components [2011/01/05 15:42:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Program files annexes\Thunderbird\plugins

[2010/08/05 22:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Extensions
[2010/08/05 22:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/11/20 14:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/02/07 20:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions
[2010/02/13 11:54:35 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/10/22 08:35:58 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2010/11/04 09:57:57 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2008/07/08 08:12:27 | 000,000,000 | ---D | M] (Abstract Classic) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}
[2010/04/07 11:37:47 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2009/11/23 20:41:27 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
[2009/11/23 20:38:11 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2010/11/04 09:57:57 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/05 16:42:11 | 000,000,000 | ---D | M] (iFox Graphite) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}
[2010/06/26 22:00:31 | 000,000,000 | ---D | M] (Hyperwords) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2010/07/26 19:50:34 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2010/09/30 08:48:49 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/07/08 08:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{bbc21d30-1cff-11da-8cd6-0800200c9a66}
[2010/08/26 08:28:47 | 000,000,000 | ---D | M] (Update Scanner) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}
[2010/07/03 20:56:45 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/05/23 08:30:00 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011/01/31 15:10:25 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/02/13 11:54:39 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2010/03/21 12:57:37 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2009/02/20 09:47:48 | 000,000,000 | ---D | M] ("Bookmark Previews") -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\bookmarkpreviews@mozdev.org
[2011/01/08 11:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\engine@conduit.com
[2010/07/26 19:50:38 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\fastdial@telega.phpnet.us
[2008/07/16 11:00:12 | 000,000,000 | ---D | M] (meebo) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\firefox@meebo.com
[2010/09/30 08:48:54 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\foxmarks@kei.com
[2009/04/25 01:45:31 | 000,000,000 | ---D | M] ("Morning Coffee") -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\morningCoffee@shaneliesegang
[2010/07/23 12:32:30 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\rikaichan-jpen@polarcloud.com
[2009/02/07 12:34:26 | 000,000,000 | ---D | M] (Scryve) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\scryve@digitalglue.in
[2010/02/13 11:55:52 | 000,000,000 | ---D | M] (Taboo) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\taboo@runningfrombears.com
[2008/07/08 09:49:22 | 000,000,000 | ---D | M] ("readlater") -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\to@read.later
[2010/02/13 11:55:41 | 000,000,000 | ---D | M] ("Xmarks Searchtabs") -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\xa@xmarks.com
[2010/10/25 10:38:41 | 000,000,000 | ---D | M] (Zotero) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\zotero@chnm.gmu.edu

O1 HOSTS File: ([2004/08/05 12:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\..\Toolbar\ShellBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [conhost] File not found
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PMX Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005..\Run: [ISUSPM] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Program files annexes\Le Petit Robert\PRHYPER.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Andrea\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andrea\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 13:18:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/07 21:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\etape5
[2011/02/07 21:07:08 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea\Bureau\OTL.exe
[2011/02/07 10:51:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/02/07 10:26:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/07 10:22:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/07 10:22:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/07 10:22:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/07 10:22:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/07 10:22:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/02/07 10:21:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/07 10:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\etape4
[2011/02/05 12:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\etape3
[2011/02/03 22:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/02/03 22:49:32 | 000,000,000 | ---D | C] -- C:\rsit
[2011/02/03 22:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\etape2
[2011/02/03 22:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\etape1
[2011/01/31 15:57:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/31 15:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2011/01/31 15:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/01/31 15:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Application Data\QuickScan
[2011/01/31 12:34:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\sauvostro1
[2011/01/31 12:03:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\Sauvegarde_Vostro2011
[2011/01/31 11:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Local Settings\Application Data\Roxio
[2011/01/28 15:50:27 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Andrea\Bureau\spybotsd162.exe
[2011/01/24 12:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\gengokoukan
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.tmp files -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/07 21:07:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea\Bureau\OTL.exe
[2011/02/07 21:05:13 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1FCB9DD2-825C-4F2C-9A0B-B2EBF9E2BFB1}.job
[2011/02/07 20:28:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2011/02/07 20:18:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/07 20:18:50 | 2110,947,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/07 10:26:04 | 000,000,356 | RHS- | M] () -- C:\boot.ini
[2011/02/07 10:19:10 | 004,264,433 | R--- | M] () -- C:\Documents and Settings\Andrea\Bureau\ComboFix.exe
[2011/02/05 12:48:22 | 000,720,369 | ---- | M] () -- C:\Documents and Settings\Andrea\Bureau\rkill.exe
[2011/02/05 12:38:02 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/31 16:15:40 | 000,000,246 | ---- | M] () -- C:\Boot.bak
[2011/01/31 16:13:32 | 000,021,592 | ---- | M] () -- C:\Documents and Settings\Andrea\Application Data\AF4E.1BE
[2011/01/31 15:59:29 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Andrea\Bureau\dds.scr
[2011/01/31 12:19:48 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\Andrea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/31 11:02:28 | 000,001,796 | ---- | M] () -- C:\Documents and Settings\Andrea\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/01/31 09:56:43 | 000,001,007 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/01/28 15:51:36 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Andrea\Bureau\spybotsd162.exe
[2011/01/28 15:16:19 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/09 16:25:15 | 000,000,142 | ---- | M] () -- C:\WINDOWS\rcwin.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.tmp files -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/07 10:26:04 | 000,000,246 | ---- | C] () -- C:\Boot.bak
[2011/02/07 10:26:01 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2011/02/07 10:22:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/07 10:22:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/07 10:22:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/07 10:22:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/07 10:22:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/07 10:18:37 | 004,264,433 | R--- | C] () -- C:\Documents and Settings\Andrea\Bureau\ComboFix.exe
[2011/02/05 12:48:17 | 000,720,369 | ---- | C] () -- C:\Documents and Settings\Andrea\Bureau\rkill.exe
[2011/01/31 15:59:28 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Andrea\Bureau\dds.scr
[2011/01/31 11:29:19 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2011/01/31 11:02:28 | 000,001,796 | ---- | C] () -- C:\Documents and Settings\Andrea\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/01/31 11:02:28 | 000,001,784 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Opera.lnk
[2011/01/24 12:28:28 | 000,021,592 | ---- | C] () -- C:\Documents and Settings\Andrea\Application Data\AF4E.1BE
[2010/08/11 22:00:42 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/20 10:53:17 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/06/20 10:53:17 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/06/20 10:52:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Andrea\Application Data\$_hpcst$.hpc
[2009/11/06 15:58:17 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4969.dll
[2008/08/27 20:56:28 | 000,000,373 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2008/08/26 19:16:06 | 000,001,035 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/08/13 19:26:22 | 000,115,200 | ---- | C] () -- C:\Documents and Settings\Andrea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/15 16:47:05 | 000,015,397 | ---- | C] () -- C:\Program Files\settings.dat
[2008/07/10 17:37:39 | 000,000,157 | ---- | C] () -- C:\WINDOWS\PR1V2.INI
[2008/07/09 13:56:03 | 000,000,142 | ---- | C] () -- C:\WINDOWS\rcwin.ini
[2008/07/07 16:21:31 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\SX32W.DLL
[2008/07/07 16:01:10 | 000,000,070 | ---- | C] () -- C:\WINDOWS\TEXTware.ini
[2008/07/07 16:01:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\Twavbx32.dll
[2008/07/07 16:01:06 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\idiom010227.dll
[2008/07/07 16:01:05 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll
[2008/07/07 16:01:04 | 000,113,288 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2008/07/07 16:01:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ILXTBS.DLL
[2008/07/07 15:43:19 | 000,000,080 | ---- | C] () -- C:\WINDOWS\DeliveryReader.INI
[2008/07/07 13:44:42 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Andrea\Local Settings\Application Data\fusioncache.dat
[2008/07/02 23:24:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/02 23:12:17 | 000,001,007 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/07/02 23:11:25 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/07/02 23:11:24 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/07/02 23:11:07 | 000,131,070 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2008/07/02 22:49:11 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/07/02 22:48:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/07/02 22:47:40 | 000,001,450 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/09/20 23:02:32 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/20 23:02:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/05/02 23:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2004/08/19 13:27:50 | 000,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 13:14:48 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 13:10:38 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/03/09 20:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

< End of report >

[French_User]

OTL Extras logfile created on: 07/02/2011 21:11:06 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Andrea\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,02 Gb Total Space | 160,96 Gb Free Space | 54,01% Space Free | Partition Type: NTFS

Computer Name: VOSTRO | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Program files annexes\Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Program files annexes\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Program files annexes\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Program files annexes\World of Warcraft\WoW-2.4.2-frFR-downloader.exe" = C:\Program Files\Program files annexes\World of Warcraft\WoW-2.4.2-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Program files annexes\Firefox\firefox.exe" = C:\Program Files\Program files annexes\Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Program files annexes\Warcraft III\Warcraft III.exe" = C:\Program Files\Program files annexes\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III -- ()
"C:\Program Files\Program files annexes\World of Warcraft\Launcher.exe" = C:\Program Files\Program files annexes\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Program files annexes\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-frFR-downloader.exe" = C:\Program Files\Program files annexes\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Program files annexes\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe" = C:\Program Files\Program files annexes\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe" = C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe" = C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe" = C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\Program files annexes\Opera 9.5\opera.exe" = C:\Program Files\Program files annexes\Opera 9.5\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Program files annexes\iTunes\iTunes.exe" = C:\Program Files\Program files annexes\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{09C32A3E-CE8E-461F-A2E6-AE798827EB2E}" = ActivePerl 5.8.3 Build 809
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{162d74e4-7d6d-4949-8018-50e96e314696}" = C6200_Help
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 16
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E71ED6-AC20-4AED-8C51-0030EE7FB55B}" = SDLX
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{43BD0C58-6E6E-4500-AFB0-263423319604}" = SDL Trados 2007 Freelance
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Panneau de configuration MobileMe
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = Photo et imagerie HP 2.0 - All-in-One Pilote
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.8.0
"{7E62742F-1EEF-4532-B7FF-2D58004BDEAE}" = SDL Trados Synergy 2007
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8302F817-9F82-40F2-8149-8BB50B0250F7}" = SDL MultiTerm 2007 Desktop
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_BASICR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_BASICR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_BASICR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_BASICR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_BASICR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_BASICR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_BASICR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}" = hp psc 2200 series
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{941F9BA8-06F6-42FD-AB91-CFB99B5E13BF}" = Fallout
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = Photo et imagerie HP 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2E581DB-C4DD-432C-AC84-ED761AC056BC}" = OpenOffice.org 3.1
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE98383B-7BB4-457C-AEAB-D89E9537628F}" = SDLX
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FE54D686-ACC0-42db-A46B-987A5B6D8325}" = C6200
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Anki" = Anki
"Applian FLV Player2.0.24" = Applian FLV Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BASICR" = Microsoft Office Basic 2007
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Delivery" = Delivery
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.0.1
"Flickr Uploadr" = Flickr Uploadr 3.0.5
"Flock" = Flock 1.2
"Freecorder Toolbar3.02" = Freecorder Toolbar 3.02 Application
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP PSC 2200 Series" = Photo et imagerie HP 2.0 - hp psc 2200 series
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"jEdit_is1" = jEdit 4.2
"Le Petit Robert" = Désinstaller Le Petit Robert de la langue française
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"mozy_is1" = MozyHome 1.8.10.0
"MSNINST" = MSN
"OmegaT 1.7.3_02_is1" = OmegaT version 1.7.3_02
"Opera 11.01.1190" = Opera 11.01
"Oxford Advanced Genie" = Oxford Advanced Genie
"PDFCreator Toolbar" = PDFCreator Toolbar
"Picasa 3" = Picasa 3
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Search and Replace (shareware)_is1" = Search and Replace
"SearchAssist" = SearchAssist
"SFR_Kit" = SFR - Kit de connexion
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Time Stamp_is1" = Time Stamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service" = Windows XP Service Pack*3
"World of Warcraft" = World of Warcraft
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Le Robert & Collins" = Le Robert & Collins
"Warcraft III" = Warcraft III

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/01/2011 08:31:06 | Computer Name = VOSTRO | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.2.3989, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 25/01/2011 08:52:57 | Computer Name = VOSTRO | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.2.3989, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 25/01/2011 16:28:02 | Computer Name = VOSTRO | Source = Application Error | ID = 1000
Description = Application défaillante plugin-container.exe, version 1.9.2.3989,
module défaillant ntdll.dll, version 5.1.2600.5755, adresse de défaillance 0x0000100b.

Error - 28/01/2011 09:04:15 | Computer Name = VOSTRO | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000004.

Error - 28/01/2011 09:04:37 | Computer Name = VOSTRO | Source = Application Error | ID = 1000
Description = Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant
dbghelp.dll, version 5.1.2600.5512, adresse de défaillance 0x0001295d.

Error - 28/01/2011 09:06:50 | Computer Name = VOSTRO | Source = Application Hang | ID = 1002
Description = Application bloquée explorer.exe, version 6.0.2900.5512, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30/01/2011 16:19:31 | Computer Name = VOSTRO | Source = Application Hang | ID = 1002
Description = Application bloquée iTunes.exe, version 10.1.1.4, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30/01/2011 16:19:36 | Computer Name = VOSTRO | Source = Bonjour Service | ID = 100
Description = 208: ERROR: read_msg errno 10054 (Une connexion existante a dû être
fermée par l'hôte distant.)

Error - 30/01/2011 16:19:36 | Computer Name = VOSTRO | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (Une connexion existante a dû être
fermée par l'hôte distant.)

Error - 30/01/2011 16:19:36 | Computer Name = VOSTRO | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (Une connexion existante a dû être
fermée par l'hôte distant.)

[ OSession Events ]
Error - 22/05/2009 02:34:34 | Computer Name = DELLDESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17418
seconds with 6060 seconds of active time. This session ended with a crash.

Error - 26/05/2009 05:38:28 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 29378
seconds with 3300 seconds of active time. This session ended with a crash.

Error - 29/05/2009 11:26:26 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 52431
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 03/06/2009 07:24:34 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8805
seconds with 1920 seconds of active time. This session ended with a crash.

Error - 06/06/2009 00:17:27 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11340
seconds with 360 seconds of active time. This session ended with a crash.

Error - 10/06/2009 10:55:25 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47963
seconds with 240 seconds of active time. This session ended with a crash.

Error - 30/11/2009 10:06:49 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13516
seconds with 4080 seconds of active time. This session ended with a crash.

Error - 14/06/2010 11:34:42 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32410
seconds with 12480 seconds of active time. This session ended with a crash.

Error - 15/06/2010 19:00:21 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 59786
seconds with 17760 seconds of active time. This session ended with a crash.

Error - 16/06/2010 05:20:16 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7516
seconds with 2580 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05/02/2011 17:28:36 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 06/02/2011 15:22:52 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7000
Description = Le service NewServiceInstall1 n'a pas pu démarrer en raison de l'erreur*:
%%193

Error - 06/02/2011 15:24:18 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 07/02/2011 04:15:47 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7000
Description = Le service NewServiceInstall1 n'a pas pu démarrer en raison de l'erreur*:
%%193

Error - 07/02/2011 04:17:16 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 07/02/2011 05:51:46 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7000
Description = Le service NewServiceInstall1 n'a pas pu démarrer en raison de l'erreur*:
%%193

Error - 07/02/2011 05:52:39 | Computer Name = VOSTRO | Source = System Error | ID = 1003
Description = Code erreur 00000019, paramètre 1 00000020, paramètre 2 8a642970,
paramètre 3 8a642d88, paramètre 4 1a830001.

Error - 07/02/2011 05:53:16 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Error - 07/02/2011 15:18:54 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7000
Description = Le service NewServiceInstall1 n'a pas pu démarrer en raison de l'erreur*:
%%193

Error - 07/02/2011 15:20:20 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.


< End of report >

[Dakeyras]

Hi.

Nothing special about my computer. It seems it has a normal behaviour!

OK/good!

Next:

Out of date Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update this in due course.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Java(TM) 6 Update 16
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 12
Java(TM) 6 Update 5
Java(TM) 6 Update 7

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Click on Start >> Run...(or the Windows key and R togethor) to bring up the Run box and and copy and paste in:

"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\Andrea-Backup2

and click on OK.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK

Code:

firewall.cpl

Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select On(recommended) >> OK.

Custom OTL Script:

• Double-click OTL.exe to start the program.
• Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

:OTL
SRV - (maconfservice) -- File not found
IE - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = 
IE - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56545
O4 - HKLM..\Run: [conhost] File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
[2011/01/28 15:50:27 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Andrea\Bureau\spybotsd162.exe
[2011/01/24 12:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\gengokoukan
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.tmp files -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.tmp -> ]

:Files 
ipconfig /flushdns /c 
%systemroot%\prefetch\*.* 

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"=-
"2869:TCP"=-
"139:TCP"=-
"445:TCP"=-
"137:UDP"=-
"138:UDP"=-
"3724:TCP"=-
"48113:TCP"=-
"48113:UDP"=-

:Commands
[CreateRestorePoint]
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[Reboot]

• Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
• Then click the red Run Fix button.
• Let the program run unhindered.
• If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and select then follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:

1. Launch Malwarebytes' Anti-Malware
2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

• How is you computer performing now, any further symptoms and or problems encountered?
• OTL Log from the Custom Script.
• Malwarebytes Anti-Malware Log.

[French_User]

Bonjour!

No problem with my computer now but I wonder why a folder I had on my desktop was moved in _OTL moved files. It contains Word files in Japanese-but not the title- (but it's not the only Japanese file on my computer).


OTL log:

All processes killed
========== OTL ==========
Service maconfservice stopped successfully!
Service maconfservice deleted successfully!
File File not found not found.
HKU\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\AlwaysUseDefaultPrinter| /E : value set successfully!
HKU\S-1-5-21-3533338748-219100289-1052393598-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\conhost deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Andrea\Bureau\spybotsd162.exe moved successfully.
C:\Documents and Settings\Andrea\Bureau\gengokoukan folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\002865_.tmp deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\~WRL0005.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configuration IP de Windows
Cache de résolution DNS vidé.
C:\Documents and Settings\Andrea\Bureau\cmd.bat deleted successfully.
C:\Documents and Settings\Andrea\Bureau\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\AGENT.EXE-04DFD557.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-275708CF.pf moved successfully.
C:\WINDOWS\prefetch\AVNOTIFY.EXE-05C5A637.pf moved successfully.
C:\WINDOWS\prefetch\AVSCAN.EXE-2BF7605E.pf moved successfully.
C:\WINDOWS\prefetch\AVWSC.EXE-06733DFE.pf moved successfully.
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf moved successfully.
C:\WINDOWS\prefetch\CONTROL.EXE-24FBF8B3.pf moved successfully.
C:\WINDOWS\prefetch\DSC.EXE-1F2719A1.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT.EXE-23218E37.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf moved successfully.
C:\WINDOWS\prefetch\FINDSTR.EXE-1A4FC238.pf moved successfully.
C:\WINDOWS\prefetch\FIREFOX.EXE-2C930C57.pf moved successfully.
C:\WINDOWS\prefetch\GRPCONV.EXE-375690AD.pf moved successfully.
C:\WINDOWS\prefetch\HELPSVC.EXE-1C192440.pf moved successfully.
C:\WINDOWS\prefetch\HPRBUPDATE.EXE-1597B6DC.pf moved successfully.
C:\WINDOWS\prefetch\HPWUCLI.EXE-0E3B94E9.pf moved successfully.
C:\WINDOWS\prefetch\ICO.EXE-0C053098.pf moved successfully.
C:\WINDOWS\prefetch\IMAPI.EXE-201490BB.pf moved successfully.
C:\WINDOWS\prefetch\IPODSERVICE.EXE-37043579.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-1F614FB2.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-28A3D9B4.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-392A4E93.pf moved successfully.
C:\WINDOWS\prefetch\JAVAWS.EXE-07B23EC5.pf moved successfully.
C:\WINDOWS\prefetch\JAVAWS.EXE-25557CE0.pf moved successfully.
C:\WINDOWS\prefetch\JQS.EXE-31B60334.pf moved successfully.
C:\WINDOWS\prefetch\JQSNOTIFY.EXE-359F83C5.pf moved successfully.
C:\WINDOWS\prefetch\JUSCHED.EXE-0C11AB3F.pf moved successfully.
C:\WINDOWS\prefetch\JUSCHED.EXE-3A5C6C57.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LOGON.SCR-24ADF392.pf moved successfully.
C:\WINDOWS\prefetch\MSFEEDSSYNC.EXE-05335A39.pf moved successfully.
C:\WINDOWS\prefetch\MSIEXEC.EXE-330626DC.pf moved successfully.
C:\WINDOWS\prefetch\MSIF.TMP-221E031A.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-2DAE2DE6.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\OTL.EXE-0A0D9309.pf moved successfully.
C:\WINDOWS\prefetch\PLUGIN-CONTAINER.EXE-2CD303DE.pf moved successfully.
C:\WINDOWS\prefetch\PMXMICED.EXE-0E54B71C.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-3C98A3C8.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-419F288A.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-5830CCA7.pf moved successfully.
C:\WINDOWS\prefetch\RUNONCE.EXE-01CA3A2F.pf moved successfully.
C:\WINDOWS\prefetch\SPRTCMD.EXE-19C0DA25.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-2D5FBD18.pf moved successfully.
C:\WINDOWS\prefetch\THUNDERBIRD.EXE-31C6F96B.pf moved successfully.
C:\WINDOWS\prefetch\UPDATE.EXE-2F5EF2F5.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf moved successfully.
C:\WINDOWS\prefetch\WMIADAP.EXE-32F99497.pf moved successfully.
C:\WINDOWS\prefetch\WMIAPSRV.EXE-02740A4B.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf moved successfully.
C:\WINDOWS\prefetch\WSCNTFY.EXE-0B14C27D.pf moved successfully.
C:\WINDOWS\prefetch\WSCRIPT.EXE-0C5C5251.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrateur

User: All Users

User: Andrea
->Flash cache emptied: 2136854 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 2,00 mb


[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Andrea
->Temp folder emptied: 710540 bytes
->Temporary Internet Files folder emptied: 57593521 bytes
->Java cache emptied: 48736069 bytes
->FireFox cache emptied: 105968550 bytes
->Apple Safari cache emptied: 122442752 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 327706 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67639 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 320,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02082011_103146

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Andrea\Local Settings\Temp\Perflib_Perfdata_5e8.dat not found!

Registry entries deleted on Reboot...

[French_User]

I didn't pay attention and installed Malwarebytes in French. It detected no malware"(Aucun élément nuisible détecté)".


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5709

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/02/2011 10:49:45
mbam-log-2011-02-08 (10-49-45).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 164748
Temps écoulé: 3 minute(s), 29 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

[Dakeyras]

Hi.

I wonder why a folder I had on my desktop was moved in _OTL moved files. It contains Word files in Japanese-but not the title- (but it's not the only Japanese file on my computer).

My sincere apologies, are you referring to this folder, gengokoukan? If so it can be restored again/I can provide instructions how to do so.

I didn't pay attention and installed Malwarebytes in French. It detected no malware"(Aucun élément nuisible détecté)".

Not a problem.

Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.

A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

[French_User]

Thank you for your quick reply!

Yes, it's "gengokoukan"! It's no big deal but if I can have it again, great!

As for the command to check for errors, a command window opens for less than one second and I can't find checkhd.txt (I made a search).