Net Browser Suddenly Stops Working
Solved/Closed
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
-
May 12, 2014 at 12:24 PM
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 - May 21, 2014 at 10:02 AM
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 - May 21, 2014 at 10:02 AM
Related:
- Net Browser Suddenly Stops Working
- Torch browser - Download - Browsers
- Flock browser - Download - Browsers
- College brawl browser - Download - Adult games
- Ur browser - Download - Browsers
- Crazy browser - Download - Browsers
14 responses
Brainy100
Posts
70
Registration date
Friday March 14, 2014
Status
Member
Last seen
August 26, 2014
5
May 12, 2014 at 12:33 PM
May 12, 2014 at 12:33 PM
what message goes it display as a reply, when you are trying to connect to internet?
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 13, 2014 at 04:26 AM
May 13, 2014 at 04:26 AM
Firefox just displays a blank screen after a few minutes of web browsing.
Brainy100
Posts
70
Registration date
Friday March 14, 2014
Status
Member
Last seen
August 26, 2014
5
May 13, 2014 at 05:38 AM
May 13, 2014 at 05:38 AM
check your browser configuration and your service provider, if the both are in good condition and this still happen. It might be virus attack, or application failure, you can try to uninstall and reinstall it.
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 13, 2014 at 08:05 AM
May 13, 2014 at 08:05 AM
I've checked both the browser configuration and I can surf on the net perfectly fine on my SGSII, my parents SGT 3 7.0 and my old Acer TravelMate without any problems. So I know for a fact that it's not a problem with my ISP. I've checked it for viruses and malware too. I might try a total reinstall later on. I was wondering could it be a problem with my Norton Antivirus and Firewall suite?
Brainy100
Posts
70
Registration date
Friday March 14, 2014
Status
Member
Last seen
August 26, 2014
5
May 13, 2014 at 03:38 PM
May 13, 2014 at 03:38 PM
uninstall and reinstall it lets see.
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 14, 2014 at 04:12 AM
May 14, 2014 at 04:12 AM
Well, if I cann't find a way to fix this problem I probably will do a reinstall.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
May 13, 2014 at 05:34 PM
May 13, 2014 at 05:34 PM
Lets check for a virus.
Use your Internet Explorer if necessary.
Follow the instructions in this how-to article about downloading, installing and running ZHP Diag tool:
https://ccm.net/download/download-23176-zhpdiag
If it is a virus, we will get rid of it for you.
Regards
Ambucias
Moderator, Virus Security Contributor
Use your Internet Explorer if necessary.
Follow the instructions in this how-to article about downloading, installing and running ZHP Diag tool:
https://ccm.net/download/download-23176-zhpdiag
If it is a virus, we will get rid of it for you.
Regards
Ambucias
Moderator, Virus Security Contributor
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
May 13, 2014 at 05:36 PM
May 13, 2014 at 05:36 PM
P.S. If you have p2p programmes, in my opinion, chances are you have several viruses.
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 14, 2014 at 04:11 AM
May 14, 2014 at 04:11 AM
I don't see how it could be a virus problem as I've used more or less the same P2P program on my HP 4320S as I do on my Acer TravelMate. But I will install ZHP Diag Tool and see what it says.
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 14, 2014 at 12:25 PM
May 14, 2014 at 12:25 PM
Heres the results from ZHPDiag on my HP Probook 4320S:
~ Report of ZHPDiag v2014.5.14.63 - Nicolas Coolman (14/05/2014)
~ Launched by Jin Kazama (14/05/2014 17:20:30)
~ Web site address : https://nicolascoolman.webs.com/
~ Analysis software blog : http://nicolascoolman.byethost7.com
~ Free support forums for disinfection : https://nicolascoolman.webs.com/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found
---\\ Internet browsers
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 28.0
---\\ Windows product information
~ Langage: Anglais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ System protection software
Norton AntiVirus Parent MSI v11.0.1
Spybot - Search & Destroy v1.6.2
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 13 Plugin
Java 7 Update 55
---\\ Information on the system
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3055.4 MB (77% free)
System Restore: Activé (Enable)
System drive C: has 81 GB (83%) free of 98 GB
---\\ Connection to the system mode
~ Computer Name: WEBSYSTEM
~ User Name: Jin Kazama
~ All Users Names: SUPPORT_388945a0, Jin Kazama, HelpAssistant, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Jin Kazama\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Jin Kazama\Application Data\
~ %Desktop% : C:\Documents and Settings\Jin Kazama\Desktop\
~ %Favorites% : C:\Documents and Settings\Jin Kazama\Favorites\
~ %LocalAppData% : C:\Documents and Settings\Jin Kazama\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Jin Kazama\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 81 Go of 98 Go)
D: Hard drive, Flash drive, Thumb drive (Free 191 Go of 200 Go)
E: CD-ROM drive (Not Inserted)
---\\ State of the Windows Security Center
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.12896823FB95BFB3DC9B46BCAEDC9923] - (.Microsoft Corporation - Windows Explorer.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\Explorer.exe [1033728]
[MD5.8AF91E4B4C1F5338EBE1548117304296] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/03/2014 - 17:59:23.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.ED0EF0A136DEC83DF69F04118870003E] - (.Microsoft Corporation - Windows NT Logon Application.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [507904]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44544]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) (.13/04/2008 - 23:48:02.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [52480]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80128]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 23:02:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.14/04/2008 - 00:10:28.) -- C:\WINDOWS\system32\Drivers\redbook.sys [57600]
[MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [52352]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/9
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/53
~ Mes Documents (My Documents) : 1/45
~ Mon Bureau (My Desktop) : 0/70
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 00s
---\\ Process running
[MD5.141238D655A71423A1FDA8CA1D03B54D] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [610304] [PID.744]
[MD5.76C495A19F694E18BCE9713B3587948E] - (.Symantec Corporation - Symantec Settings Manager Service.) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [181608] [PID.1012]
[MD5.E6E616F803A1B63C15105F19FE4B76D4] - (.Symantec Corporation - Norton Internet Security NISUM.) -- C:\Program Files\Norton Personal Firewall\NISUM.exe [140992] [PID.1040]
[MD5.08FA56B7C13B4CBF0E5D351AECAD92B1] - (.Symantec Corporation - SPBBC Service.) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [173160] [PID.1156]
[MD5.CF1A0433BB97C839484DD359691DD521] - (.Symantec Corporation - Symantec Event Manager Service.) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [197992] [PID.1216]
[MD5.90F4AB6DEDE1D075FC9656675D95C03B] - (.IDT, Inc. - IDT PC Audio TPE.) -- c:\program files\idt\wdm\STacSV.exe [229461] [PID.1652]
[MD5.F89C612B4BD55044D2780A078293563A] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904] [PID.1716]
[MD5.2020C6BD44E1898AC6CE816F9A3000B8] - (.Hewlett-Packard Company - QLBController.) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [254520] [PID.1724]
[MD5.05B2715B10DDAE91E5FABAC0491D3F54] - (.Andrea Electronics Corporation - AEFltrs MFC Application.) -- C:\WINDOWS\system32\AESTFltr.exe [737280] [PID.1736]
[MD5.D371E0D9F6B3D4B874E6F467D95BDC79] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664] [PID.1744]
[MD5.F40C8C9DBABFD6611404EE36127D6326] - (.Hewlett-Packard Corporation - Hp Accelerometer System Tray.) -- C:\WINDOWS\System32\accelerometerST.exe [70200] [PID.1772]
[MD5.037B1E7798960E0420003D05BB577EE6] - (...) -- ystem32\rundll32.exe [0] [PID.1844]
[MD5.B94785E20A1C16A315F4D01250AF404F] - (.Arcsoft, Inc. - Arcsoft Security Service.) -- C:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\ArcSecurity.exe [80384] [PID.1896]
[MD5.F82FE3C3B87934554491D54498F008E4] - (.Motorola, Inc. - Bluetooth Device Manager.) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [3511888] [PID.1940]
[MD5.198C84D0D3157B01BCF2282830F09E2F] - (.Symantec Corporation - Norton Internet Security Proxy Service.) -- C:\Program Files\Norton Personal Firewall\ccPxySvc.exe [34496] [PID.2000]
[MD5.644795F6985C740F5E36E9336B837D0B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072] [PID.1336]
[MD5.B76FCE8AA8705A8A0DC240D83BD29AD4] - (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe [58728] [PID.1352]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.1712]
[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.1852]
[MD5.DF9F96E3B3AA6C6DDB33FA8C5646A632] - (.Hewlett-Packard Company - hpHotkeyMonitor Service.) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248] [PID.2068]
[MD5.45A663489E1A24FE3696F689178C1041] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.2096]
[MD5.2238B91AC1A12CC6CC4C4FED41258B2A] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2184]
[MD5.BB4E55778D8DE3885E1CDAC795DE7BCE] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.2212]
[MD5.8FC8458BCB585617AAC9E17A558D9155] - (.Symantec Corporation - Norton AntiVirus Auto-Protect Service.) -- C:\Program Files\Norton AntiVirus\navapsvc.exe [177264] [PID.2236]
[MD5.7D2633295EB6FF2B938185874884059D] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208] [PID.2260]
[MD5.CD0E2E150DAF26D1AA3FC62935BE5E92] - (.ArcSoft, Inc. - ArcVCapture.) -- C:\WINDOWS\system32\uArcCapture.exe [506472] [PID.2420]
[MD5.44AA8D5D3B3B5610FEF46CA8A9C52D8C] - (.Intel Corporation - User Notification Service.) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.2476]
[MD5.96621958FADE636986F13F32458D8647] - (.Motorola, Inc. - Bluetooth OBEX Service.) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe [508680] [PID.2532]
[MD5.A2DE0A67C77EBC6DFAD3D55232790ADD] - (.Hewlett-Packard - HPPA_Service.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [102968] [PID.2572]
[MD5.F54B3DB096ABD6E9BBBD052FD3878A48] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.2656]
[MD5.3D9B36631032FDE0FFEA0DC0260E4E35] - (.Macrovision Europe Ltd. - Activation Licensing Service.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680] [PID.3012]
[MD5.EF3EA06057132138B4E5895A61601DBE] - (.Hewlett-Packard Company - hpqwmiex Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [230968] [PID.3096]
[MD5.B097D6C522FF0D61EFE6BC85C25E5949] - (.Motorola, Inc. - Bluetooth Media Service.) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe [901384] [PID.3992]
[MD5.71B7498C93B1CEF51F10A33ED8693A05] - (.Motorola, Inc. - Bluetooth Media Player Controller.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe [1367816] [PID.392]
[MD5.E7704CBF568815C1CAA6E513387BD3F2] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [65536] [PID.788]
[MD5.74EF310FAC89341CE2897B7F2C4A7B0F] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [65536] [PID.1248]
[MD5.61E3F63855657A3D4F7EB6D75181DBAE] - (.Hewlett-Packard - HP Wireless Assistant.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064] [PID.1228]
[MD5.0FD9E89B3AC4F6F3995CDBF8CD4C9715] - (.Hewlett-Packard Development Company L.P. - hpCaslNotification.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe [309816] [PID.3860]
[MD5.3E930C641079443D4DE036167A69CAA2] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232] [PID.4116]
[MD5.E1B4EE856AD8A31B64D9E2AB20542D96] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7874560] [PID.5424]
~ Processes Running: Scanned in 00mn 01s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
~ IE Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 06s
~ Nombre de lignes (Lines number): 15514
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Norton AntiVirus - [HKLM]{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} . (.Symantec Corporation - Norton AntiVirusNAVShellExt Module.) -- C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QLBController] . (.Hewlett-Packard Company - QLBController.) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
O4 - HKLM\..\Run: [AESTFltr] . (.Andrea Electronics Corporation - AEFltrs MFC Application.) -- C:\WINDOWS\system32\AESTFltr.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] . (.Hewlett-Packard Corporation - Hp Accelerometer System Tray.) -- C:\WINDOWS\System32\accelerometerST.exe
O4 - HKLM\..\Run: [DTRun] . (.ArcSoft Inc. - ArcSoft TotalMedia Theatre.) -- C:\Program Files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [BTMTrayAgent] . (...) -- C:\Program Files\Motorola\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [Cpqset] . (.No owner - Cpqset Application.) -- C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] . (.No owner - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [ccApp] . (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] . (.Symantec Corporation - Common Client Registry Integrity Verifier.) -- C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] . (.Symantec Corporation - Symantec Security Drivers Install Monitor.) -- C:\Program Files\SymNetDrv\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-507921405-527237240-1801674531-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-507921405-527237240-1801674531-1003\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} . (...) -- C:\Program Files\Motorola\Bluetooth\bluetooth.ico
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Orphan key
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Reset Web Settings' hijack (O14)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1399900313437
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B1E897-B4C6-4074-AFDB-8BBB7FBD2EDE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C0B1E897-B4C6-4074-AFDB-8BBB7FBD2EDE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Network Agent.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Secondary Logon Service Notification DLL.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\HP Wallpaper.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\HP Wallpaper.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Task Planned Automatically (039)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jin Kazama.job [540]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Symantec NetDetect.job [374]
~ Scheduled Task: 6 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Conduit] =>Toolbar.Conduit
~ Key Software: 258 Legitimates Filtered in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 11/05/2014 - 10:20:42 - [] ----D C:\Program Files\AliveMedia
O43 - CFD: 10/05/2014 - 22:47:59 - [] ----D C:\Program Files\SymNetDrv
~ Program Folder: 137 Legitimates Filtered in 00mn 00s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.16619366B1EE0B155E5DCEE7B78B4998] - 10/05/2014 - 16:19:14 ---A- . (...) -- C:\WINDOWS\cmsetacl.log [200]
O44 - LFC:[MD5.2CE7B1EEB99C14032C0E2201B004F80E] - 10/05/2014 - 16:19:39 ---A- . (...) -- C:\WINDOWS\system32\wmimgmt.msc [63488]
O44 - LFC:[MD5.CDD932EDCB756FB5F7CE5E2F090BA838] - 10/05/2014 - 16:19:43 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.h [768]
O44 - LFC:[MD5.28E3647CBB608139AFB076103208552B] - 10/05/2014 - 16:19:43 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.ini [1931]
O44 - LFC:[MD5.4A547D74B435E78418BE06406250C1D3] - 10/05/2014 - 16:19:44 ---A- . (...) -- C:\WINDOWS\system32\tslabels.h [3286]
O44 - LFC:[MD5.03C361FAB5AD67924C5150A384C62BE6] - 10/05/2014 - 16:19:44 ---A- . (...) -- C:\WINDOWS\system32\tslabels.ini [13223]
O44 - LFC:[MD5.F463BC45CD34ADE54F801746B6D322B1] - 10/05/2014 - 16:19:44 ---A- . (...) -- C:\WINDOWS\system32\usrlogon.cmd [1161]
O44 - LFC:[MD5.405E1EF8E3C88E9BCD2853382BB12430] - 10/05/2014 - 16:19:45 ---A- . (...) -- C:\WINDOWS\system32\bopomofo.uce [22984]
O44 - LFC:[MD5.4FDED87068052EEB9B72A97FDBC141DB] - 10/05/2014 - 16:19:45 ---A- . (...) -- C:\WINDOWS\system32\gb2312.uce [24006]
O44 - LFC:[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - 10/05/2014 - 16:19:45 ---A- . (...) -- C:\WINDOWS\system32\ideograf.uce [60458]
O44 - LFC:[MD5.DAC71A10A6A71CB6E3F427AE3283734B] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\Blue Lace 16.bmp [1272]
O44 - LFC:[MD5.73D70ED3EC3BBFD8FD35DF431C38F374] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\Coffee Bean.bmp [17062]
O44 - LFC:[MD5.3A8B85AB7B415BF3F8AFE285DFE0CE29] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\FeatherTexture.bmp [16730]
O44 - LFC:[MD5.203EF178BF8B0A8EC34E27E4DEDB6349] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\Gone Fishing.bmp [17336]
O44 - LFC:[MD5.1AC5E83598D4F2143B59A2D893C3279A] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\Greenstone.bmp [26582]
O44 - LFC:[MD5.280920B6773C74C3649A934257112BE1] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\Prairie Wind.bmp [65954]
O44 - LFC:[MD5.927A66BD587E31CB12D3AB25381658DC] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\Rhododendron.bmp [17362]
O44 - LFC:[MD5.39F43DBCE366B2561DF073B4C0839299] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\Soap Bubbles.bmp [65978]
O44 - LFC:[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\system32\kanji_1.uce [6948]
O44 - LFC:[MD5.529BBD63519BBD654EF328454019693F] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\system32\kanji_2.uce [8484]
O44 - LFC:[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\system32\korean.uce [12876]
O44 - LFC:[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\system32\shiftjis.uce [16740]
O44 - LFC:[MD5.30F5568679A54042F99CA9EC1102EBCD] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\system32\subrange.uce [93702]
O44 - LFC:[MD5.5B4AC407E566076BB726BA91E067D313] - 10/05/2014 - 16:19:47 ---A- . (...) -- C:\WINDOWS\River Sumida.bmp [26680]
O44 - LFC:[MD5.EB3BFC14E41FBAA41B4FD4489AA82D39] - 10/05/2014 - 16:19:47 ---A- . (...) -- C:\WINDOWS\Santa Fe Stucco.bmp [65832]
O44 - LFC:[MD5.5290EA6951F4724259F423B12C8E1393] - 10/05/2014 - 16:19:47 ---A- . (...) -- C:\WINDOWS\Zapotec.bmp [9522]
O44 - LFC:[MD5.A0E966AB5FD4C40BEC1796C42A27827E] - 10/05/2014 - 16:20:03 ---A- . (...) -- C:\WINDOWS\DtcInstall.log [130]
O44 - LFC:[MD5.487403459F0B2F1A3ADEEF02496BD80E] - 10/05/2014 - 16:20:05 ---A- . (...) -- C:\WINDOWS\vb.ini [36]
O44 - LFC:[MD5.6C2F0BA210C2B53EF07653ABAC6C2490] - 10/05/2014 - 16:20:05 ---A- . (...) -- C:\WINDOWS\vbaddin.ini [37]
O44 - LFC:[MD5.CC38C1780B5905B846EE977ABAB091B2] - 10/05/2014 - 16:20:07 ---A- . (...) -- C:\WINDOWS\system32\emptyregdb.dat [21640]
O44 - LFC:[MD5.DADB3267CF9AA47E7EF8BBF043FBC4B8] - 10/05/2014 - 16:20:18 ---A- . (...) -- C:\WINDOWS\sessmgr.setup.log [1022]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 10/05/2014 - 16:21:02 ---A- . (...) -- C:\WINDOWS\desktop.ini [2]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 10/05/2014 - 16:21:02 ---A- . (...) -- C:\WINDOWS\system32\desktop.ini [2]
O44 - LFC:[MD5.2F3CDC1D898FD25B2547F5BFEB01FD0D] - 10/05/2014 - 16:21:02 -SH-- . (...) -- C:\WINDOWS\winnt.bmp [48680]
O44 - LFC:[MD5.2F3CDC1D898FD25B2547F5BFEB01FD0D] - 10/05/2014 - 16:21:02 -SH-- . (...) -- C:\WINDOWS\winnt256.bmp [48680]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 10/05/2014 - 16:21:19 R-HA- . (...) -- C:\WINDOWS\WindowsShell.Manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 10/05/2014 - 16:21:19 R-HA- . (...) -- C:\WINDOWS\system32\cdplayer.exe.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 10/05/2014 - 16:21:19 R-HA- . (...) -- C:\WINDOWS\system32\ncpa.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 10/05/2014 - 16:21:19 R-HA- . (...) -- C:\WINDOWS\system32\nwc.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 10/05/2014 - 16:21:19 R-HA- . (...) -- C:\WINDOWS\system32\sapi.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 10/05/2014 - 16:21:19 R-HA- . (...) -- C:\WINDOWS\system32\wuaucpl.cpl.manifest [749]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 10/05/2014 - 16:21:23 R-HA- . (...) -- C:\WINDOWS\system32\WindowsLogon.manifest [488]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 10/05/2014 - 16:21:23 R-HA- . (...) -- C:\WINDOWS\system32\logonui.exe.manifest [488]
O44 - LFC:[MD5.53D7F47255085310F50604FDE3076F97] - 10/05/2014 - 16:21:51 ---A- . (...) -- C:\WINDOWS\ODBCINST.INI [4161]
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 10/05/2014 - 16:21:55 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832]
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 10/05/2014 - 16:21:55 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 10/05/2014 - 16:21:56 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/05/2014 - 16:21:57 ---A- . (...) -- C:\AUTOEXEC.BAT [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/05/2014 - 16:21:57 ---A- . (...) -- C:\CONFIG.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/05/2014 - 16:21:57 ---A- . (...) -- C:\WINDOWS\control.ini [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/05/2014 - 16:21:57 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/05/2014 - 16:21:57 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.F3C139AD492C4F73353057442E6995CE] - 10/05/2014 - 16:22:06 ---A- . (...) -- C:\WINDOWS\system32\c_10021.nls [66082]
O44 - LFC:[MD5.72233F1A1D788A84D4687A258CC97CBF] - 10/05/2014 - 16:22:09 ---A- . (...) -- C:\WINDOWS\system32\c_10005.nls [66082]
O44 - LFC:[MD5.A99203A3397A9DB352C5D8DFBDA230A8] - 10/05/2014 - 16:22:09 ---A- . (...) -- C:\WINDOWS\system32\c_862.nls [66594]
O44 - LFC:[MD5.C050215D8D21DF5658E94187973FB89C] - 10/05/2014 - 16:22:11 ---A- . (...) -- C:\WINDOWS\system32\c_720.nls [66594]
O44 - LFC:[MD5.4D4C7CED88E5621F21A4911A44CADACC] - 10/05/2014 - 16:22:12 ---A- . (...) -- C:\WINDOWS\system32\C_28596.NLS [66082]
O44 - LFC:[MD5.1DBBCC1B712C2674BDF29A05A5DD366E] - 10/05/2014 - 16:22:12 ---A- . (...) -- C:\WINDOWS\system32\c_10004.nls [66082]
O44 - LFC:[MD5.77F127766D758EB2C6451E221A0C7F7D] - 10/05/2014 - 16:22:12 ---A- . (...) -- C:\WINDOWS\system32\c_708.nls [66082]
O44 - LFC:[MD5.C58563DF50115E935BC811FFBCE1FC89] - 10/05/2014 - 16:22:12 ---A- . (...) -- C:\WINDOWS\system32\c_864.nls [66594]
O44 - LFC:[MD5.FECDD856845DC0246942AC24D92C54E9] - 10/05/2014 - 16:22:15 ---A- . (...) -- C:\WINDOWS\regopt.log [3046]
O44 - LFC:[MD5.EA780782D9B37722B2CEC3B91A131519] - 10/05/2014 - 16:23:02 ---A- . (...) -- C:\WINDOWS\WMPrfSKY.prx [39348]
O44 - LFC:[MD5.F66F790154680A4BEBE7A6F5A9B96853] - 10/05/2014 - 16:24:01 ---A- . (...) -- C:\WINDOWS\WMPrfSLV.prx [34638]
O44 - LFC:[MD5.6169A36CA495005DA56F75A02250DFE9] - 10/05/2014 - 16:25:38 ---A- . (...) -- C:\WINDOWS\Q307419.log [170]
O44 - LFC:[MD5.DFA8CBD5C99B86E058B9D0BD9FB2C6CB] - 10/05/2014 - 16:25:45 ---A- . (...) -- C:\WINDOWS\muisetup.log [1674]
O44 - LFC:[MD5.964E26615C37A577220CE6B813A00444] - 10/05/2014 - 16:27:06 ---A- . (...) -- C:\WINDOWS\system32\$winnt$.inf [415]
O44 - LFC:[MD5.2FF8113FC9AA806E6220793800DEED1B] - 10/05/2014 - 16:27:44 ---A- . (...) -- C:\WINDOWS\REGLOCS.OLD [8192]
O44 - LFC:[MD5.200886313C13E0C4308D07CEBEAC59DF] - 10/05/2014 - 16:28:33 ---A- . (...) -- C:\WINDOWS\setuplog.txt [804973]
O44 - LFC:[MD5.8BA82FE5283C6F01F9AEA120F26F861B] - 10/05/2014 - 16:29:05 ---A- . (...) -- C:\WINDOWS\OEWABLog.txt [833]
O44 - LFC:[MD5.597EF5D7D75D8858E5816516557AA2A9] - 10/05/2014 - 16:40:56 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.C9930FFCEFA146AD880E0BEED7C1357A] - 10/05/2014 - 16:42:45 R--A- . (...) -- C:\WINDOWS\system32\ArcVCapLogo.bmp [1920056]
O44 - LFC:[MD5.EF3CF419168225EFDF87EB7D0402BFAA] - 10/05/2014 - 16:42:46 ---A- . (...) -- C:\WINDOWS\system32\arcVCapture.pfg [1680]
O44 - LFC:[MD5.7CAF0AEF50072DCE93608697A3893F6D] - 10/05/2014 - 16:43:33 ---A- . (...) -- C:\camera.log [195]
O44 - LFC:[MD5.C65FB4C44B27B791ADC2215E8B18F219] - 10/05/2014 - 16:44:21 ---A- . (...) -- C:\WINDOWS\Wdf01005Inst.log [6680]
O44 - LFC:[MD5.7FD1956E221C3750E0532A48E8EDD305] - 10/05/2014 - 16:46:19 ---A- . (.No owner - About Page.) -- C:\WINDOWS\system32\RtNicProp32.dll [80416]
O44 - LFC:[MD5.F4A7E37FC983626450799CBB86609CC4] - 10/05/2014 - 16:47:31 ---A- . (...) -- C:\WINDOWS\Wdf01009Inst.log [4214]
O44 - LFC:[MD5.414BE7DF939B9E13587D0AF5113CD01D] - 10/05/2014 - 16:48:15 ---A- . (...) -- C:\WINDOWS\wiadebug.log [293]
O44 - LFC:[MD5.4D4FFA3DAD3C93478DD6B74A7FF09F36] - 10/05/2014 - 17:14:36 R--A- . (...) -- C:\WINDOWS\SET3.tmp [1296669]
O44 - LFC:[MD5.D84CCA844A329765D9734B534B226FE3] - 10/05/2014 - 17:14:37 R--A- . (...) -- C:\WINDOWS\SET4.tmp [1088840]
O44 - LFC:[MD5.C88469E6A8796CD38BD931E18BFD6139] - 10/05/2014 - 17:14:38 R--A- . (...) -- C:\WINDOWS\SET8.tmp [16535]
O44 - LFC:[MD5.01C47C2ECED034EF6F8C1552A97CFF00] - 10/05/2014 - 17:14:45 ----- . (...) -- C:\WINDOWS\system32\CONFIG.TMP [2577]
O44 - LFC:[MD5.30475F091008E24550523515A023270D] - 10/05/2014 - 17:14:45 ---A- . (...) -- C:\WINDOWS\system32\AUTOEXEC.NT [1688]
O44 - LFC:[MD5.6CB26848BCDAA361B6EE21264FB362C3] - 10/05/2014 - 17:14:47 ---A- . (...) -- C:\WINDOWS\system32\c_20127.nls [66082]
O44 - LFC:[MD5.6F8A509550FE8C92D07EE0143BF29BA1] - 10/05/2014 - 17:14:48 ---A- . (...) -- C:\WINDOWS\system32\c_10010.nls [66082]
O44 - LFC:[MD5.D2CA471D36A69D17F82D5C1B64FAEE39] - 10/05/2014 - 17:14:48 ---A- . (...) -- C:\WINDOWS\system32\c_10029.nls [66082]
O44 - LFC:[MD5.9CA501D2A8E6909C5B2E8C9274682BF1] - 10/05/2014 - 17:14:48 ---A- . (...) -- C:\WINDOWS\system32\c_10082.nls [66082]
O44 - LFC:[MD5.21E928C8E6ED8EEAB0D1AAEE82ACDD76] - 10/05/2014 - 17:14:48 ---A- . (...) -- C:\WINDOWS\system32\c_852.nls [66594]
O44 - LFC:[MD5.5D038EEABA8EA438F6B5ABD5E91BC851] - 10/05/2014 - 17:14:50 ---A- . (...) -- C:\WINDOWS\system32\C_28594.NLS [66082]
O44 - LFC:[MD5.3E969213F35127D83DAB48FF1283E8E4] - 10/05/2014 - 17:14:50 ---A- . (...) -- C:\WINDOWS\system32\c_855.nls [66594]
O44 - LFC:[MD5.5CD475CA7B87844DE1E0483B536F9AAE] - 10/05/2014 - 17:14:50 ---A- . (...) -- C:\WINDOWS\system32\c_866.nls [66594]
O44 - LFC:[MD5.B537ACFAB9E70F0EF48DB696A08ADC81] - 10/05/2014 - 17:14:51 ---A- . (...) -- C:\WINDOWS\system32\C_28597.NLS [66082]
O44 - LFC:[MD5.0A206B5CACD3CA70D2044DA691304765] - 10/05/2014 - 17:14:51 ---A- . (...) -- C:\WINDOWS\system32\c_10006.nls [66082]
O44 - LFC:[MD5.BAC7072B365F9648CA318154BA7E03EC] - 10/05/2014 - 17:14:51 ---A- . (...) -- C:\WINDOWS\system32\c_737.nls [66594]
O44 - LFC:[MD5.780C444EB16B65E6DE96F794A732DA12] - 10/05/2014 - 17:14:51 ---A- . (...) -- C:\WINDOWS\system32\c_869.nls [66594]
O44 - LFC:[MD5.8BE0D77A873730B4EB1DAB7C6622CD46] - 10/05/2014 - 17:14:51 ---A- . (...) -- C:\WINDOWS\system32\c_875.nls [66082]
O44 - LFC:[MD5.E22D1B9AC7854C0A654E4C4232074E49] - 10/05/2014 - 17:14:52 ---A- . (...) -- C:\WINDOWS\system32\C_28595.NLS [66082]
O44 - LFC:[MD5.AF4A866226BD04ACF06135088D75BB63] - 10/05/2014 - 17:14:52 ---A- . (...) -- C:\WINDOWS\system32\c_10007.nls [66082]
O44 - LFC:[MD5.314E85390BEBDAE5D1E11DB2D8CBC6E9] - 10/05/2014 - 17:14:52 ---A- . (...) -- C:\WINDOWS\system32\c_10017.nls [66082]
O44 - LFC:[MD5.EFFDFF60A38CF648811BBCDD722ECF5E] - 10/05/2014 - 17:14:53 ---A- . (...) -- C:\WINDOWS\system32\c_10081.nls [66082]
O44 - LFC:[MD5.C37A21EE1ADFDC13FC707D97073148ED] - 10/05/2014 - 17:14:53 ---A- . (...) -- C:\WINDOWS\system32\c_28599.nls [66082]
O44 - LFC:[MD5.A8764750B22B528D85A691A52CB21856] - 10/05/2014 - 17:14:53 ---A- . (...) -- C:\WINDOWS\system32\c_857.nls [66594]
O44 - LFC:[MD5.35448F3A71EBBECF8E997FAD3A99327D] - 10/05/2014 - 17:14:55 ---A- . (...) -- C:\WINDOWS\system32\c_28603.nls [66082]
O44 - LFC:[MD5.549DE7456EEB488B4248BB5C88A5BE67] - 10/05/2014 - 17:15:02 ---A- . (...) -- C:\WINDOWS\system32\pid.PNF [4444]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/05/2014 - 17:16:14 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.09E420F90A329BDA68477FA4AF43CB28] - 10/05/2014 - 17:17:30 ---A- . (...) -- C:\WINDOWS\system32\xjis.nls [28288]
O44 - LFC:[MD5.157A2706E78D7B581642F6F787EC37E5] - 10/05/2014 - 17:17:31 ---A- . (...) -- C:\WINDOWS\system32\c_10001.nls [162850]
O44 - LFC:[MD5.AAB0740BCBDCE107E0BABEE466905EB4] - 10/05/2014 - 17:17:31 ---A- . (...) -- C:\WINDOWS\system32\c_20000.nls [180258]
O44 - LFC:[MD5.B2B3B6A63D9A1837673A2B2C44455A20] - 10/05/2014 - 17:17:31 ---A- . (...) -- C:\WINDOWS\system32\c_20290.nls [66082]
O44 - LFC:[MD5.3FEF4EEFC8827A03B19124575B17205E] - 10/05/2014 - 17:17:31 ---A- . (...) -- C:\WINDOWS\system32\c_20932.nls [180770]
O44 - LFC:[MD5.32919D0DA9A834E8197203C4858ABCF6] - 10/05/2014 - 17:17:31 ---A- . (...) -- C:\WINDOWS\system32\c_20936.nls [173602]
O44 - LFC:[MD5.232094E602642181A5A508975665D11B] - 10/05/2014 - 17:17:31 ---A- . (...) -- C:\WINDOWS\system32\c_20949.nls [177698]
O44 - LFC:[MD5.07CD5D103AEB4AD2B624EE1ADBFAA456] - 10/05/2014 - 17:17:31 ---A- . (...) -- C:\WINDOWS\system32\c_21027.nls [66082]
O44 - LFC:[MD5.1855E6398A2E937E47809FD8B83647E4] - 10/05/2014 - 17:17:41 ---A- . (...) -- C:\WINDOWS\system32\c_10003.nls [177698]
O44 - LFC:[MD5.A337491EA01F4BE0779A981CB7ACB999] - 10/05/2014 - 17:17:41 ---A- . (...) -- C:\WINDOWS\system32\c_1361.nls [189986]
O44 - LFC:[MD5.DB4F8D50EDA4C0C51BDD0753880FA20B] - 10/05/2014 - 17:17:41 ---A- . (...) -- C:\WINDOWS\system32\ksc.nls [47066]
O44 - LFC:[MD5.AAF2CFDFCEAE84151060465A4C4506DA] - 10/05/2014 - 17:17:46 ---A- . (...) -- C:\WINDOWS\system32\WINPY.MB [1783864]
O44 - LFC:[MD5.FBA8EDF2418C8754D7199B7DCAD9F159] - 10/05/2014 - 17:17:46 ---A- . (...) -- C:\WINDOWS\system32\WINSP.MB [1564868]
O44 - LFC:[MD5.23C1E8F026FB81824388E8EC457CF75E] - 10/05/2014 - 17:17:46 ---A- . (...) -- C:\WINDOWS\system32\c_10008.nls [173602]
O44 - LFC:[MD5.54144F43EDF5AA8F504A30E7C1D1A7B5] - 10/05/2014 - 17:17:46 ---A- . (...) -- C:\WINDOWS\system32\prc.nls [83748]
O44 - LFC:[MD5.901863C68E6523336CAC602FE9320ABC] - 10/05/2014 - 17:17:46 ---A- . (...) -- C:\WINDOWS\system32\prcp.nls [83748]
O44 - LFC:[MD5.5A651B76C819817A2B992F34C3A8BC8D] - 10/05/2014 - 17:17:47 ---A- . (...) -- C:\WINDOWS\system32\WINZM.MB [1223500]
O44 - LFC:[MD5.EA2A501A6EE240361FA42FBA90E93611] - 10/05/2014 - 17:17:48 ---A- . (...) -- C:\WINDOWS\system32\PINTLPAD.HLP [14821]
O44 - LFC:[MD5.6D62961C6936709C4FE55CE5F7BE4AC1] - 10/05/2014 - 17:17:48 ---A- . (...) -- C:\WINDOWS\system32\PINTLPAE.HLP [16254]
O44 - LFC:[MD5.6556B40EBEB0879DB90B7AC32B41379B] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\a15.tbl [1460]
O44 - LFC:[MD5.9CF1E26D5CFC4747AF8BA76297353523] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\a234.tbl [44370]
O44 - LFC:[MD5.FF0ABF80940C1A6A9E0DB36EB431EB8E] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\acode.tbl [44370]
O44 - LFC:[MD5.217BC5677C19491A22846324300A363C] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\arphr.tbl [110566]
O44 - LFC:[MD5.BB30616600212D6EA337441AAC516F22] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\arptr.tbl [16312]
O44 - LFC:[MD5.2D37D46049C16DEDCF89BF76EC734877] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\array30.tab [146126]
O44 - LFC:[MD5.1924C588038F922AAB8CB66DF42EA4D6] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\arrayhw.tab [18600]
O44 - LFC:[MD5.C01B81BB10AD14DBC5C4ECD350638096] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\big5.nls [66728]
O44 - LFC:[MD5.EE1F60F8774D74BED8B13498F3FE737A] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\bopomofo.nls [82172]
O44 - LFC:[MD5.05C0B7F8FA403E6DA75671685A58A940] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\c_10002.nls [195618]
O44 - LFC:[MD5.2511B0F32128156F4C7F9F1164D5A108] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\dayiphr.tbl [520]
O44 - LFC:[MD5.F649C69497F99AA0E87EE81A1E140D0A] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\dayiptr.tbl [700]
O44 - LFC:[MD5.531FE5A2634D87A078017259F21D9736] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\lcphrase.tbl [211938]
O44 - LFC:[MD5.D3C85593F8C4576FCF9B42AC48CA4368] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\lcptr.tbl [24114]
O44 - LFC:[MD5.805EE17EB45B370D75BD8DE1986EE0D5] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\msdayi.tbl [116285]
O44 - LFC:[MD5.87027AC38E50D8185F83F27F92C41330] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\phon.tbl [4071]
O44 - LFC:[MD5.84E0FC05489B2E05B1F7CD41B3E7FD3B] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\phoncode.tbl [43242]
O44 - LFC:[MD5.1C47CF06E760E1865C9AAF04710D517C] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\phonptr.tbl [2714]
O44 - LFC:[MD5.55DCED5F0946C03E70B255A3AFC932B1] - 10/05/2014 - 17:17:55 ---A- . (...) -- C:\WINDOWS\system32\korwbrkr.lex [1158818]
O44 - LFC:[MD5.C04D36BBEF5B9BAA8D8DA0B57F22BE20] - 10/05/2014 - 17:17:55 ---A- . (...) -- C:\WINDOWS\system32\noise.jpn [2060]
O44 - LFC:[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - 10/05/2014 - 17:17:55 ---A- . (...) -- C:\WINDOWS\system32\noise.kor [1486]
O44 - LFC:[MD5.A0E02492452D4E237465D99D005D91FD] - 10/05/2014 - 17:18:07 ---A- . (...) -- C:\WINDOWS\system.ini [231]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/05/2014 - 17:18:57 ---A- . (...) -- C:\WINDOWS\system32\h323log.txt [0]
O44 - LFC:[MD5.2500AE26CC6C0998ECFA024DEA9913E0] - 10/05/2014 - 19:33:31 ---A- . (...) -- C:\WINDOWS\atiogl.xml [21544]
O44 - LFC:[MD5.DB96156AE0C447B49B8BB6B3324FF3DB] - 10/05/2014 - 19:33:31 ---A- . (...) -- C:\WINDOWS\system32\atiapfxx.blb [56336]
O44 - LFC:[MD5.0848BD09277CE61A6563D99BB63E026D] - 10/05/2014 - 19:33:31 ---A- . (...) -- C:\WINDOWS\system32\atiicdxx.dat [203336]
O44 - LFC:[MD5.DADAFE066983AB646E8550013FB7DA13] - 10/05/2014 - 19:33:31 ---A- . (...) -- C:\WINDOWS\system32\ativva5x.dat [3]
O44 - LFC:[MD5.CD663D99F1458BAA1840411C01B86EE5] - 10/05/2014 - 19:33:31 ---A- . (...) -- C:\WINDOWS\system32\ativva6x.dat [887724]
O44 - LFC:[MD5.DC66E4185D1A91E09DB2ABD82CFB0170] - 10/05/2014 - 19:33:31 ---A- . (...) -- C:\WINDOWS\system32\ativvaxx.cap [481456]
O44 - LFC:[MD5.FC094174027C23B89C24837D3B1405D5] - 10/05/2014 - 19:33:31 ---A- . (.No owner - ATIODCLI Application.) -- C:\WINDOWS\system32\ATIODCLI.exe [45056]
O44 - LFC:[MD5.118B79E717FE6F93F79D3E110240D8F9] - 10/05/2014 - 19:33:31 ---A- . (.No owner - ATIODE Application.) -- C:\WINDOWS\system32\ATIODE.exe [294912]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/05/2014 - 19:33:36 ---A- . (...) -- C:\WINDOWS\ativpsrm.bin [0]
O44 - LFC:[MD5.459DB8708F93BEAC0F75E149E1D990F6] - 10/05/2014 - 19:40:07 ---A- . (...) -- C:\setup.log [86]
O44 - LFC:[MD5.6527EE87C4BA019D54AA443CD4826266] - 10/05/2014 - 19:45:15 ---A- . (...) -- C:\WINDOWS\DPINST.LOG [34476]
O44 - LFC:[MD5.3CF09A0A997B6F6A2929296E74B32C11] - 10/05/2014 - 19:46:23 ---A- . (...) -- C:\WINDOWS\system32\RaCoInst.dat [14051]
O44 - LFC:[MD5.0602B1265719D15AF1B76D03CB20D0F9] - 10/05/2014 - 19:48:01 ---A- . (...) -- C:\WINDOWS\system32\RaCoInst.log [2727]
O44 - LFC:[MD5.DA933A978694A26DE2C65311372F031D] - 10/05/2014 - 19:48:45 ---A- . (...) -- C:\RTKNIC_setup.log [208]
O44 - LFC:[MD5.99B96BF58CC87D4E019FFD779FD82E83] - 10/05/2014 - 19:53:05 ---A- . (...) -- C:\WINDOWS\system32\hpBat.cpl [45056]
O44 - LFC:[MD5.D553447E5F57BF24FEB861CED6735AC2] - 10/05/2014 - 19:54:09 RSHA- . (...) -- C:\WINDOWS\system32\Drivers\103C_HP_NTBK_HP ProBook 4320s_YN_0U_QCNF1160C6C_EU_46_I1421_SHP_VKBC Version 53.36_B68AHH Ver. F.21_T120613_WXP3_L409_M3056_J320_7Intel_8Pentium II_92.53_#140510_N18143090_()_XMOBILE_CN10_Z_2_G100268E0.MRK [1591]
O44 - LFC:[MD5.F2FB2F13A23ED62C0AC621B6FE08F06A] - 10/05/2014 - 19:55:22 ---A- . (...) -- C:\WINDOWS\system32\HPWA.ini [188]
O44 - LFC:[MD5.5D2CD26F2CB236FA7C417E8A100A1A83] - 10/05/2014 - 19:59:00 ---A- . (...) -- C:\WINDOWS\HP Wallpaper.bmp [6912056]
O44 - LFC:[MD5.A38B008293E55F1013770D00EF774953] - 10/05/2014 - 19:59:00 ---A- . (...) -- C:\WINDOWS\system32\OEMlogo.bmp [42296]
O44 - LFC:[MD5.BCBE035B78EF7F9B1AE2E2AFA7E07C51] - 10/05/2014 - 19:59:00 ---A- . (...) -- C:\WINDOWS\system32\oeminfo.ini [14252]
O44 - LFC:[MD5.986B0893202A73566AD412CF20749F8A] - 10/05/2014 - 20:42:17 ---A- . (...) -- C:\WINDOWS\system32\xvid.ax [143872]
O44 - LFC:[MD5.E3833540C755C06EC18D414047448B14] - 10/05/2014 - 20:42:17 ---A- . (...) -- C:\WINDOWS\system32\xvidcore.dll [645632]
O44 - LFC:[MD5.348AC3C5B87056E24C9E0039332BFB66] - 10/05/2014 - 20:42:17 ---A- . (...) -- C:\WINDOWS\system32\xvidvfw.dll [240640]
O44 - LFC:[MD5.EE9D8B7FAD6E066F255E7598D3CB25F4] - 10/05/2014 - 21:02:34 ---A- . (...) -- C:\WINDOWS\win.ini [552]
O44 - LFC:[MD5.DDDABFE35CBA2DD92F1EEE06A3B0E76B] - 10/05/2014 - 21:05:32 ---A- . (...) -- C:\WINDOWS\system32\OGACheckControl.DLL [691592]
O44 - LFC:[MD5.3E6551117534C482FFFF17BEE62DFF84] - 10/05/2014 - 21:05:32 ---A- . (...) -- C:\WINDOWS\system32\OGAVerify.exe [528744]
O44 - LFC:[MD5.1A1688D1071FCC6044138C3567728B79] - 10/05/2014 - 21:11:17 ---A- . (...) -- C:\WINDOWS\DirectX.log [26282]
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 10/05/2014 - 21:29:46 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.E5021338211D6B4BFEAF3DFD72B91181] - 10/05/2014 - 21:38:42 ---A- . (...) -- C:\WINDOWS\system32\SR2.dat [14]
O44 - LFC:[MD5.E858FC0ADDC6A302B517F92C3101C0BC] - 10/05/2014 - 21:38:52 -SHA- . (...) -- C:\WINDOWS\system32\{FDF02722-0E8A-4A88-9A86-76769E26E992}.dat [32]
O44 - LFC:[MD5.5047DE34F5E771771E9BB2952A74F0A7] - 10/05/2014 - 21:38:52 -SHA- . (...) -- C:\WINDOWS\{62CD0615-59E2-4ED0-8529-04FDA7715694}.dat [32]
O44 - LFC:[MD5.25E522A3127D5080F8700B19F8FAFF73] - 11/05/2014 - 12:21:52 ---A- . (...) -- C:\WINDOWS\wmsetup.log [4260]
O44 - LFC:[MD5.EE5C83436711E7BF8AC72802FECCB497] - 13/05/2014 - 15:44:38 ---A- . (...) -- C:\WINDOWS\ie8.log [56089]
O44 - LFC:[MD5.EC703E336CC016D2D57F5A0DBD3B04D5] - 13/05/2014 - 15:45:24 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.B308558E582B1D2C0BD92D34E54A24C6] - 13/05/2014 - 15:45:32 ---A- . (...) -- C:\WINDOWS\updspapi.log [35321]
O44 - LFC:[MD5.E971D7637E2F00CA84FEE05948D66EBC] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [90571]
O44 - LFC:[MD5.B3DE2D4B511B4692BAE6C8FC9F0382D3] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [7380]
O44 - LFC:[MD5.B2F7F4EBB7E7635392B3A71B84E09F09] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\comsetup.log [42534]
O44 - LFC:[MD5.A59CD58983D22049CD8F4009975591AC] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\iis6.log [162987]
O44 - LFC:[MD5.FE1E897DFA30E7FDB1DA138C1310833C] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.AA0F240A3DDDF2BC9726B8C91C49F584] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\msgsocm.log [5147]
O44 - LFC:[MD5.AFD3C1D3EBA2DBAE4A9228784DD271D6] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\msmqinst.log [40256]
O44 - LFC:[MD5.EE6FD72900308CD0DA2D4DAB53280131] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\netfxocm.log [16864]
O44 - LFC:[MD5.056EBFD3B6F8ED35492176C60A60721A] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [25154]
O44 - LFC:[MD5.F05F6910898629F5A383AEA8C3A182EA] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\ocgen.log [61904]
O44 - LFC:[MD5.FF3D689D92A2C25CB611305FDD51CF2B] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\ocmsn.log [5949]
O44 - LFC:[MD5.933AAAD25C9EEA03CE588A272007F5E5] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\tabletoc.log [5026]
O44 - LFC:[MD5.17E1BE57100796A0963A4DC611478A48] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\tsoc.log [49975]
O44 - LFC:[MD5.A6EAF6ECE7D4C6B3339BB85B9D25D57D] - 13/05/2014 - 15:45:51 ---A- . (...) -- C:\WINDOWS\ie8_main.log [182931]
O44 - LFC:[MD5.FA8EA3B6BE78DA1857BFD4A931DCAC40] - 13/05/2014 - 15:47:13 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [8881]
~ Files: 638 Legitimates Filtered in 00mn 15s
---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:03/12/2009 - 20:30:42 ---A- . (.IDT, Inc. - IDT PC Audio TPE.) -- C:\WINDOWS\system32\Drivers\sthda.sys [1656246]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9029]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4768]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27866]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33840]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 54 Legitimates Filtered in 00mn 00s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 07/03/2005 - C:\Program Files\Norton AntiVirus\SAVRTPEL.sys (SAVRTPEL) .(.Symantec Corporation - SAVRTPEL.) - LEGACY_SAVRTPEL
~ Legacy: 140 Legitimates Filtered in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - https://www.bing.com/?fdr=lc&toHttps=1&redig=636E85BA310741769F6F7203285A1529
~ Keys: Scanned in 00mn 00s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 28/09/2009 109056 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SS - | Demand 10/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 17/01/2008 79208 | (ccPwdSvc) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
SS - | Demand 14/04/2008 224768 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 19/10/2005 46704 | (NPFMntor) . (.Symantec Corporation.) - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
SS - | Demand 07/03/2005 198368 | (SAVScan) . (.Symantec Corporation.) - C:\Program Files\Norton AntiVirus\SAVScan.exe
SS - | Auto 19/10/2005 67184 | (SBService) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.exe
SS - | Demand 28/03/2007 206552 | (SNDSrvc) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
SR - | Auto 22/11/2009 80384 | (Arcsoft Security Service) . (.Arcsoft, Inc..) - C:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\ArcSecurity.exe
SR - | Auto 19/05/2011 610304 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SR - | Demand 25/10/2010 3511888 | (Bluetooth Device Manager) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
SR - | Demand 15/07/2010 901384 | (Bluetooth Media Service) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
SR - | Auto 16/07/2010 508680 | (Bluetooth OBEX Service) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
SR - | Auto 17/01/2008 197992 | (ccEvtMgr) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
SR - | Auto 14/09/2002 34496 | (ccPxySvc) . (.Symantec Corporation.) - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
SR - | Auto 17/01/2008 181608 | (ccSetMgr) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
SR - | Demand 10/05/2014 647680 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 16/12/2009 102968 | (HP Wireless Assistant Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
SR - | Auto 04/01/2010 264248 | (hpHotkeyMonitor) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
SR - | Demand 17/12/2009 230968 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 25/08/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 10/05/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 20/08/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/11/2009 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 19/10/2005 177264 | (navapsvc) . (.Symantec Corporation.) - C:\Program Files\Norton AntiVirus\navapsvc.exe
SR - | Auto 23/09/2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 14/09/2002 140992 | (NISUM) . (.Symantec Corporation.) - C:\Program Files\Norton Personal Firewall\NISUM.exe
SR - | Auto 21/07/2004 173160 | (SPBBCSvc) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
SR - | Auto 03/12/2009 229461 | (STacSV) . (.IDT, Inc..) - c:\program files\idt\wdm\STacSV.exe
SR - | Auto 04/12/2009 506472 | (uArcCapture) . (.ArcSoft, Inc..) - C:\WINDOWS\system32\uArcCapture.exe
SR - | Auto 04/11/2009 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Services: Scanned in 00mn 06s
---\\ Scan Additionnel (O88)
Database Version : 13045 - (14/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKCU\Software\Conduit] =>Toolbar.Conduit^
~ Additionnel Scan: 270022 Items scanned in 00mn 11s
---\\ Summary of the detections found on your workstation
http://nicolascoolman.byethost7.com/toolbar-conduit =>Toolbar.Conduit
~ MSI: 1 link(s) detected in 00mn 00s
~ 1390 Legitimates filtered by white list
End of the scan (639 lines in 00mn 55s)(0)
~ Report of ZHPDiag v2014.5.14.63 - Nicolas Coolman (14/05/2014)
~ Launched by Jin Kazama (14/05/2014 17:20:30)
~ Web site address : https://nicolascoolman.webs.com/
~ Analysis software blog : http://nicolascoolman.byethost7.com
~ Free support forums for disinfection : https://nicolascoolman.webs.com/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found
---\\ Internet browsers
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 28.0
---\\ Windows product information
~ Langage: Anglais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ System protection software
Norton AntiVirus Parent MSI v11.0.1
Spybot - Search & Destroy v1.6.2
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 13 Plugin
Java 7 Update 55
---\\ Information on the system
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3055.4 MB (77% free)
System Restore: Activé (Enable)
System drive C: has 81 GB (83%) free of 98 GB
---\\ Connection to the system mode
~ Computer Name: WEBSYSTEM
~ User Name: Jin Kazama
~ All Users Names: SUPPORT_388945a0, Jin Kazama, HelpAssistant, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Jin Kazama\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Jin Kazama\Application Data\
~ %Desktop% : C:\Documents and Settings\Jin Kazama\Desktop\
~ %Favorites% : C:\Documents and Settings\Jin Kazama\Favorites\
~ %LocalAppData% : C:\Documents and Settings\Jin Kazama\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Jin Kazama\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 81 Go of 98 Go)
D: Hard drive, Flash drive, Thumb drive (Free 191 Go of 200 Go)
E: CD-ROM drive (Not Inserted)
---\\ State of the Windows Security Center
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.12896823FB95BFB3DC9B46BCAEDC9923] - (.Microsoft Corporation - Windows Explorer.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\Explorer.exe [1033728]
[MD5.8AF91E4B4C1F5338EBE1548117304296] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/03/2014 - 17:59:23.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.ED0EF0A136DEC83DF69F04118870003E] - (.Microsoft Corporation - Windows NT Logon Application.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [507904]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44544]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) (.13/04/2008 - 23:48:02.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [52480]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80128]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 23:02:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.14/04/2008 - 00:10:28.) -- C:\WINDOWS\system32\Drivers\redbook.sys [57600]
[MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [52352]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/9
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/53
~ Mes Documents (My Documents) : 1/45
~ Mon Bureau (My Desktop) : 0/70
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 00s
---\\ Process running
[MD5.141238D655A71423A1FDA8CA1D03B54D] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [610304] [PID.744]
[MD5.76C495A19F694E18BCE9713B3587948E] - (.Symantec Corporation - Symantec Settings Manager Service.) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [181608] [PID.1012]
[MD5.E6E616F803A1B63C15105F19FE4B76D4] - (.Symantec Corporation - Norton Internet Security NISUM.) -- C:\Program Files\Norton Personal Firewall\NISUM.exe [140992] [PID.1040]
[MD5.08FA56B7C13B4CBF0E5D351AECAD92B1] - (.Symantec Corporation - SPBBC Service.) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [173160] [PID.1156]
[MD5.CF1A0433BB97C839484DD359691DD521] - (.Symantec Corporation - Symantec Event Manager Service.) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [197992] [PID.1216]
[MD5.90F4AB6DEDE1D075FC9656675D95C03B] - (.IDT, Inc. - IDT PC Audio TPE.) -- c:\program files\idt\wdm\STacSV.exe [229461] [PID.1652]
[MD5.F89C612B4BD55044D2780A078293563A] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904] [PID.1716]
[MD5.2020C6BD44E1898AC6CE816F9A3000B8] - (.Hewlett-Packard Company - QLBController.) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [254520] [PID.1724]
[MD5.05B2715B10DDAE91E5FABAC0491D3F54] - (.Andrea Electronics Corporation - AEFltrs MFC Application.) -- C:\WINDOWS\system32\AESTFltr.exe [737280] [PID.1736]
[MD5.D371E0D9F6B3D4B874E6F467D95BDC79] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664] [PID.1744]
[MD5.F40C8C9DBABFD6611404EE36127D6326] - (.Hewlett-Packard Corporation - Hp Accelerometer System Tray.) -- C:\WINDOWS\System32\accelerometerST.exe [70200] [PID.1772]
[MD5.037B1E7798960E0420003D05BB577EE6] - (...) -- ystem32\rundll32.exe [0] [PID.1844]
[MD5.B94785E20A1C16A315F4D01250AF404F] - (.Arcsoft, Inc. - Arcsoft Security Service.) -- C:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\ArcSecurity.exe [80384] [PID.1896]
[MD5.F82FE3C3B87934554491D54498F008E4] - (.Motorola, Inc. - Bluetooth Device Manager.) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [3511888] [PID.1940]
[MD5.198C84D0D3157B01BCF2282830F09E2F] - (.Symantec Corporation - Norton Internet Security Proxy Service.) -- C:\Program Files\Norton Personal Firewall\ccPxySvc.exe [34496] [PID.2000]
[MD5.644795F6985C740F5E36E9336B837D0B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072] [PID.1336]
[MD5.B76FCE8AA8705A8A0DC240D83BD29AD4] - (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe [58728] [PID.1352]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.1712]
[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.1852]
[MD5.DF9F96E3B3AA6C6DDB33FA8C5646A632] - (.Hewlett-Packard Company - hpHotkeyMonitor Service.) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248] [PID.2068]
[MD5.45A663489E1A24FE3696F689178C1041] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.2096]
[MD5.2238B91AC1A12CC6CC4C4FED41258B2A] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2184]
[MD5.BB4E55778D8DE3885E1CDAC795DE7BCE] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.2212]
[MD5.8FC8458BCB585617AAC9E17A558D9155] - (.Symantec Corporation - Norton AntiVirus Auto-Protect Service.) -- C:\Program Files\Norton AntiVirus\navapsvc.exe [177264] [PID.2236]
[MD5.7D2633295EB6FF2B938185874884059D] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208] [PID.2260]
[MD5.CD0E2E150DAF26D1AA3FC62935BE5E92] - (.ArcSoft, Inc. - ArcVCapture.) -- C:\WINDOWS\system32\uArcCapture.exe [506472] [PID.2420]
[MD5.44AA8D5D3B3B5610FEF46CA8A9C52D8C] - (.Intel Corporation - User Notification Service.) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.2476]
[MD5.96621958FADE636986F13F32458D8647] - (.Motorola, Inc. - Bluetooth OBEX Service.) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe [508680] [PID.2532]
[MD5.A2DE0A67C77EBC6DFAD3D55232790ADD] - (.Hewlett-Packard - HPPA_Service.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [102968] [PID.2572]
[MD5.F54B3DB096ABD6E9BBBD052FD3878A48] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.2656]
[MD5.3D9B36631032FDE0FFEA0DC0260E4E35] - (.Macrovision Europe Ltd. - Activation Licensing Service.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680] [PID.3012]
[MD5.EF3EA06057132138B4E5895A61601DBE] - (.Hewlett-Packard Company - hpqwmiex Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [230968] [PID.3096]
[MD5.B097D6C522FF0D61EFE6BC85C25E5949] - (.Motorola, Inc. - Bluetooth Media Service.) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe [901384] [PID.3992]
[MD5.71B7498C93B1CEF51F10A33ED8693A05] - (.Motorola, Inc. - Bluetooth Media Player Controller.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe [1367816] [PID.392]
[MD5.E7704CBF568815C1CAA6E513387BD3F2] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [65536] [PID.788]
[MD5.74EF310FAC89341CE2897B7F2C4A7B0F] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [65536] [PID.1248]
[MD5.61E3F63855657A3D4F7EB6D75181DBAE] - (.Hewlett-Packard - HP Wireless Assistant.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064] [PID.1228]
[MD5.0FD9E89B3AC4F6F3995CDBF8CD4C9715] - (.Hewlett-Packard Development Company L.P. - hpCaslNotification.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe [309816] [PID.3860]
[MD5.3E930C641079443D4DE036167A69CAA2] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232] [PID.4116]
[MD5.E1B4EE856AD8A31B64D9E2AB20542D96] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7874560] [PID.5424]
~ Processes Running: Scanned in 00mn 01s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
~ IE Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 06s
~ Nombre de lignes (Lines number): 15514
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Norton AntiVirus - [HKLM]{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} . (.Symantec Corporation - Norton AntiVirusNAVShellExt Module.) -- C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QLBController] . (.Hewlett-Packard Company - QLBController.) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
O4 - HKLM\..\Run: [AESTFltr] . (.Andrea Electronics Corporation - AEFltrs MFC Application.) -- C:\WINDOWS\system32\AESTFltr.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] . (.Hewlett-Packard Corporation - Hp Accelerometer System Tray.) -- C:\WINDOWS\System32\accelerometerST.exe
O4 - HKLM\..\Run: [DTRun] . (.ArcSoft Inc. - ArcSoft TotalMedia Theatre.) -- C:\Program Files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [BTMTrayAgent] . (...) -- C:\Program Files\Motorola\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [Cpqset] . (.No owner - Cpqset Application.) -- C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] . (.No owner - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [ccApp] . (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] . (.Symantec Corporation - Common Client Registry Integrity Verifier.) -- C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] . (.Symantec Corporation - Symantec Security Drivers Install Monitor.) -- C:\Program Files\SymNetDrv\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-507921405-527237240-1801674531-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-507921405-527237240-1801674531-1003\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} . (...) -- C:\Program Files\Motorola\Bluetooth\bluetooth.ico
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Orphan key
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Reset Web Settings' hijack (O14)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1399900313437
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B1E897-B4C6-4074-AFDB-8BBB7FBD2EDE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C0B1E897-B4C6-4074-AFDB-8BBB7FBD2EDE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Network Agent.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Secondary Logon Service Notification DLL.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\HP Wallpaper.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\HP Wallpaper.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Task Planned Automatically (039)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jin Kazama.job [540]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Symantec NetDetect.job [374]
~ Scheduled Task: 6 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Conduit] =>Toolbar.Conduit
~ Key Software: 258 Legitimates Filtered in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 11/05/2014 - 10:20:42 - [] ----D C:\Program Files\AliveMedia
O43 - CFD: 10/05/2014 - 22:47:59 - [] ----D C:\Program Files\SymNetDrv
~ Program Folder: 137 Legitimates Filtered in 00mn 00s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.16619366B1EE0B155E5DCEE7B78B4998] - 10/05/2014 - 16:19:14 ---A- . (...) -- C:\WINDOWS\cmsetacl.log [200]
O44 - LFC:[MD5.2CE7B1EEB99C14032C0E2201B004F80E] - 10/05/2014 - 16:19:39 ---A- . (...) -- C:\WINDOWS\system32\wmimgmt.msc [63488]
O44 - LFC:[MD5.CDD932EDCB756FB5F7CE5E2F090BA838] - 10/05/2014 - 16:19:43 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.h [768]
O44 - LFC:[MD5.28E3647CBB608139AFB076103208552B] - 10/05/2014 - 16:19:43 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.ini [1931]
O44 - LFC:[MD5.4A547D74B435E78418BE06406250C1D3] - 10/05/2014 - 16:19:44 ---A- . (...) -- C:\WINDOWS\system32\tslabels.h [3286]
O44 - LFC:[MD5.03C361FAB5AD67924C5150A384C62BE6] - 10/05/2014 - 16:19:44 ---A- . (...) -- C:\WINDOWS\system32\tslabels.ini [13223]
O44 - LFC:[MD5.F463BC45CD34ADE54F801746B6D322B1] - 10/05/2014 - 16:19:44 ---A- . (...) -- C:\WINDOWS\system32\usrlogon.cmd [1161]
O44 - LFC:[MD5.405E1EF8E3C88E9BCD2853382BB12430] - 10/05/2014 - 16:19:45 ---A- . (...) -- C:\WINDOWS\system32\bopomofo.uce [22984]
O44 - LFC:[MD5.4FDED87068052EEB9B72A97FDBC141DB] - 10/05/2014 - 16:19:45 ---A- . (...) -- C:\WINDOWS\system32\gb2312.uce [24006]
O44 - LFC:[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - 10/05/2014 - 16:19:45 ---A- . (...) -- C:\WINDOWS\system32\ideograf.uce [60458]
O44 - LFC:[MD5.DAC71A10A6A71CB6E3F427AE3283734B] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\Blue Lace 16.bmp [1272]
O44 - LFC:[MD5.73D70ED3EC3BBFD8FD35DF431C38F374] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\Coffee Bean.bmp [17062]
O44 - LFC:[MD5.3A8B85AB7B415BF3F8AFE285DFE0CE29] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\FeatherTexture.bmp [16730]
O44 - LFC:[MD5.203EF178BF8B0A8EC34E27E4DEDB6349] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\Gone Fishing.bmp [17336]
O44 - LFC:[MD5.1AC5E83598D4F2143B59A2D893C3279A] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\Greenstone.bmp [26582]
O44 - LFC:[MD5.280920B6773C74C3649A934257112BE1] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\Prairie Wind.bmp [65954]
O44 - LFC:[MD5.927A66BD587E31CB12D3AB25381658DC] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\Rhododendron.bmp [17362]
O44 - LFC:[MD5.39F43DBCE366B2561DF073B4C0839299] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\Soap Bubbles.bmp [65978]
O44 - LFC:[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\system32\kanji_1.uce [6948]
O44 - LFC:[MD5.529BBD63519BBD654EF328454019693F] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\system32\kanji_2.uce [8484]
O44 - LFC:[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\system32\korean.uce [12876]
O44 - LFC:[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\system32\shiftjis.uce [16740]
O44 - LFC:[MD5.30F5568679A54042F99CA9EC1102EBCD] - 10/05/2014 - 16:19:46 ---A- . (...) -- C:\WINDOWS\system32\subrange.uce [93702]
O44 - LFC:[MD5.5B4AC407E566076BB726BA91E067D313] - 10/05/2014 - 16:19:47 ---A- . (...) -- C:\WINDOWS\River Sumida.bmp [26680]
O44 - LFC:[MD5.EB3BFC14E41FBAA41B4FD4489AA82D39] - 10/05/2014 - 16:19:47 ---A- . (...) -- C:\WINDOWS\Santa Fe Stucco.bmp [65832]
O44 - LFC:[MD5.5290EA6951F4724259F423B12C8E1393] - 10/05/2014 - 16:19:47 ---A- . (...) -- C:\WINDOWS\Zapotec.bmp [9522]
O44 - LFC:[MD5.A0E966AB5FD4C40BEC1796C42A27827E] - 10/05/2014 - 16:20:03 ---A- . (...) -- C:\WINDOWS\DtcInstall.log [130]
O44 - LFC:[MD5.487403459F0B2F1A3ADEEF02496BD80E] - 10/05/2014 - 16:20:05 ---A- . (...) -- C:\WINDOWS\vb.ini [36]
O44 - LFC:[MD5.6C2F0BA210C2B53EF07653ABAC6C2490] - 10/05/2014 - 16:20:05 ---A- . (...) -- C:\WINDOWS\vbaddin.ini [37]
O44 - LFC:[MD5.CC38C1780B5905B846EE977ABAB091B2] - 10/05/2014 - 16:20:07 ---A- . (...) -- C:\WINDOWS\system32\emptyregdb.dat [21640]
O44 - LFC:[MD5.DADB3267CF9AA47E7EF8BBF043FBC4B8] - 10/05/2014 - 16:20:18 ---A- . (...) -- C:\WINDOWS\sessmgr.setup.log [1022]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 10/05/2014 - 16:21:02 ---A- . (...) -- C:\WINDOWS\desktop.ini [2]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 10/05/2014 - 16:21:02 ---A- . (...) -- C:\WINDOWS\system32\desktop.ini [2]
O44 - LFC:[MD5.2F3CDC1D898FD25B2547F5BFEB01FD0D] - 10/05/2014 - 16:21:02 -SH-- . (...) -- C:\WINDOWS\winnt.bmp [48680]
O44 - LFC:[MD5.2F3CDC1D898FD25B2547F5BFEB01FD0D] - 10/05/2014 - 16:21:02 -SH-- . (...) -- C:\WINDOWS\winnt256.bmp [48680]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 10/05/2014 - 16:21:19 R-HA- . (...) -- C:\WINDOWS\WindowsShell.Manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 10/05/2014 - 16:21:19 R-HA- . (...) -- C:\WINDOWS\system32\cdplayer.exe.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 10/05/2014 - 16:21:19 R-HA- . (...) -- C:\WINDOWS\system32\ncpa.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 10/05/2014 - 16:21:19 R-HA- . (...) -- C:\WINDOWS\system32\nwc.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 10/05/2014 - 16:21:19 R-HA- . (...) -- C:\WINDOWS\system32\sapi.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 10/05/2014 - 16:21:19 R-HA- . (...) -- C:\WINDOWS\system32\wuaucpl.cpl.manifest [749]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 10/05/2014 - 16:21:23 R-HA- . (...) -- C:\WINDOWS\system32\WindowsLogon.manifest [488]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 10/05/2014 - 16:21:23 R-HA- . (...) -- C:\WINDOWS\system32\logonui.exe.manifest [488]
O44 - LFC:[MD5.53D7F47255085310F50604FDE3076F97] - 10/05/2014 - 16:21:51 ---A- . (...) -- C:\WINDOWS\ODBCINST.INI [4161]
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 10/05/2014 - 16:21:55 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832]
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 10/05/2014 - 16:21:55 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 10/05/2014 - 16:21:56 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/05/2014 - 16:21:57 ---A- . (...) -- C:\AUTOEXEC.BAT [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/05/2014 - 16:21:57 ---A- . (...) -- C:\CONFIG.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/05/2014 - 16:21:57 ---A- . (...) -- C:\WINDOWS\control.ini [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/05/2014 - 16:21:57 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/05/2014 - 16:21:57 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.F3C139AD492C4F73353057442E6995CE] - 10/05/2014 - 16:22:06 ---A- . (...) -- C:\WINDOWS\system32\c_10021.nls [66082]
O44 - LFC:[MD5.72233F1A1D788A84D4687A258CC97CBF] - 10/05/2014 - 16:22:09 ---A- . (...) -- C:\WINDOWS\system32\c_10005.nls [66082]
O44 - LFC:[MD5.A99203A3397A9DB352C5D8DFBDA230A8] - 10/05/2014 - 16:22:09 ---A- . (...) -- C:\WINDOWS\system32\c_862.nls [66594]
O44 - LFC:[MD5.C050215D8D21DF5658E94187973FB89C] - 10/05/2014 - 16:22:11 ---A- . (...) -- C:\WINDOWS\system32\c_720.nls [66594]
O44 - LFC:[MD5.4D4C7CED88E5621F21A4911A44CADACC] - 10/05/2014 - 16:22:12 ---A- . (...) -- C:\WINDOWS\system32\C_28596.NLS [66082]
O44 - LFC:[MD5.1DBBCC1B712C2674BDF29A05A5DD366E] - 10/05/2014 - 16:22:12 ---A- . (...) -- C:\WINDOWS\system32\c_10004.nls [66082]
O44 - LFC:[MD5.77F127766D758EB2C6451E221A0C7F7D] - 10/05/2014 - 16:22:12 ---A- . (...) -- C:\WINDOWS\system32\c_708.nls [66082]
O44 - LFC:[MD5.C58563DF50115E935BC811FFBCE1FC89] - 10/05/2014 - 16:22:12 ---A- . (...) -- C:\WINDOWS\system32\c_864.nls [66594]
O44 - LFC:[MD5.FECDD856845DC0246942AC24D92C54E9] - 10/05/2014 - 16:22:15 ---A- . (...) -- C:\WINDOWS\regopt.log [3046]
O44 - LFC:[MD5.EA780782D9B37722B2CEC3B91A131519] - 10/05/2014 - 16:23:02 ---A- . (...) -- C:\WINDOWS\WMPrfSKY.prx [39348]
O44 - LFC:[MD5.F66F790154680A4BEBE7A6F5A9B96853] - 10/05/2014 - 16:24:01 ---A- . (...) -- C:\WINDOWS\WMPrfSLV.prx [34638]
O44 - LFC:[MD5.6169A36CA495005DA56F75A02250DFE9] - 10/05/2014 - 16:25:38 ---A- . (...) -- C:\WINDOWS\Q307419.log [170]
O44 - LFC:[MD5.DFA8CBD5C99B86E058B9D0BD9FB2C6CB] - 10/05/2014 - 16:25:45 ---A- . (...) -- C:\WINDOWS\muisetup.log [1674]
O44 - LFC:[MD5.964E26615C37A577220CE6B813A00444] - 10/05/2014 - 16:27:06 ---A- . (...) -- C:\WINDOWS\system32\$winnt$.inf [415]
O44 - LFC:[MD5.2FF8113FC9AA806E6220793800DEED1B] - 10/05/2014 - 16:27:44 ---A- . (...) -- C:\WINDOWS\REGLOCS.OLD [8192]
O44 - LFC:[MD5.200886313C13E0C4308D07CEBEAC59DF] - 10/05/2014 - 16:28:33 ---A- . (...) -- C:\WINDOWS\setuplog.txt [804973]
O44 - LFC:[MD5.8BA82FE5283C6F01F9AEA120F26F861B] - 10/05/2014 - 16:29:05 ---A- . (...) -- C:\WINDOWS\OEWABLog.txt [833]
O44 - LFC:[MD5.597EF5D7D75D8858E5816516557AA2A9] - 10/05/2014 - 16:40:56 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.C9930FFCEFA146AD880E0BEED7C1357A] - 10/05/2014 - 16:42:45 R--A- . (...) -- C:\WINDOWS\system32\ArcVCapLogo.bmp [1920056]
O44 - LFC:[MD5.EF3CF419168225EFDF87EB7D0402BFAA] - 10/05/2014 - 16:42:46 ---A- . (...) -- C:\WINDOWS\system32\arcVCapture.pfg [1680]
O44 - LFC:[MD5.7CAF0AEF50072DCE93608697A3893F6D] - 10/05/2014 - 16:43:33 ---A- . (...) -- C:\camera.log [195]
O44 - LFC:[MD5.C65FB4C44B27B791ADC2215E8B18F219] - 10/05/2014 - 16:44:21 ---A- . (...) -- C:\WINDOWS\Wdf01005Inst.log [6680]
O44 - LFC:[MD5.7FD1956E221C3750E0532A48E8EDD305] - 10/05/2014 - 16:46:19 ---A- . (.No owner - About Page.) -- C:\WINDOWS\system32\RtNicProp32.dll [80416]
O44 - LFC:[MD5.F4A7E37FC983626450799CBB86609CC4] - 10/05/2014 - 16:47:31 ---A- . (...) -- C:\WINDOWS\Wdf01009Inst.log [4214]
O44 - LFC:[MD5.414BE7DF939B9E13587D0AF5113CD01D] - 10/05/2014 - 16:48:15 ---A- . (...) -- C:\WINDOWS\wiadebug.log [293]
O44 - LFC:[MD5.4D4FFA3DAD3C93478DD6B74A7FF09F36] - 10/05/2014 - 17:14:36 R--A- . (...) -- C:\WINDOWS\SET3.tmp [1296669]
O44 - LFC:[MD5.D84CCA844A329765D9734B534B226FE3] - 10/05/2014 - 17:14:37 R--A- . (...) -- C:\WINDOWS\SET4.tmp [1088840]
O44 - LFC:[MD5.C88469E6A8796CD38BD931E18BFD6139] - 10/05/2014 - 17:14:38 R--A- . (...) -- C:\WINDOWS\SET8.tmp [16535]
O44 - LFC:[MD5.01C47C2ECED034EF6F8C1552A97CFF00] - 10/05/2014 - 17:14:45 ----- . (...) -- C:\WINDOWS\system32\CONFIG.TMP [2577]
O44 - LFC:[MD5.30475F091008E24550523515A023270D] - 10/05/2014 - 17:14:45 ---A- . (...) -- C:\WINDOWS\system32\AUTOEXEC.NT [1688]
O44 - LFC:[MD5.6CB26848BCDAA361B6EE21264FB362C3] - 10/05/2014 - 17:14:47 ---A- . (...) -- C:\WINDOWS\system32\c_20127.nls [66082]
O44 - LFC:[MD5.6F8A509550FE8C92D07EE0143BF29BA1] - 10/05/2014 - 17:14:48 ---A- . (...) -- C:\WINDOWS\system32\c_10010.nls [66082]
O44 - LFC:[MD5.D2CA471D36A69D17F82D5C1B64FAEE39] - 10/05/2014 - 17:14:48 ---A- . (...) -- C:\WINDOWS\system32\c_10029.nls [66082]
O44 - LFC:[MD5.9CA501D2A8E6909C5B2E8C9274682BF1] - 10/05/2014 - 17:14:48 ---A- . (...) -- C:\WINDOWS\system32\c_10082.nls [66082]
O44 - LFC:[MD5.21E928C8E6ED8EEAB0D1AAEE82ACDD76] - 10/05/2014 - 17:14:48 ---A- . (...) -- C:\WINDOWS\system32\c_852.nls [66594]
O44 - LFC:[MD5.5D038EEABA8EA438F6B5ABD5E91BC851] - 10/05/2014 - 17:14:50 ---A- . (...) -- C:\WINDOWS\system32\C_28594.NLS [66082]
O44 - LFC:[MD5.3E969213F35127D83DAB48FF1283E8E4] - 10/05/2014 - 17:14:50 ---A- . (...) -- C:\WINDOWS\system32\c_855.nls [66594]
O44 - LFC:[MD5.5CD475CA7B87844DE1E0483B536F9AAE] - 10/05/2014 - 17:14:50 ---A- . (...) -- C:\WINDOWS\system32\c_866.nls [66594]
O44 - LFC:[MD5.B537ACFAB9E70F0EF48DB696A08ADC81] - 10/05/2014 - 17:14:51 ---A- . (...) -- C:\WINDOWS\system32\C_28597.NLS [66082]
O44 - LFC:[MD5.0A206B5CACD3CA70D2044DA691304765] - 10/05/2014 - 17:14:51 ---A- . (...) -- C:\WINDOWS\system32\c_10006.nls [66082]
O44 - LFC:[MD5.BAC7072B365F9648CA318154BA7E03EC] - 10/05/2014 - 17:14:51 ---A- . (...) -- C:\WINDOWS\system32\c_737.nls [66594]
O44 - LFC:[MD5.780C444EB16B65E6DE96F794A732DA12] - 10/05/2014 - 17:14:51 ---A- . (...) -- C:\WINDOWS\system32\c_869.nls [66594]
O44 - LFC:[MD5.8BE0D77A873730B4EB1DAB7C6622CD46] - 10/05/2014 - 17:14:51 ---A- . (...) -- C:\WINDOWS\system32\c_875.nls [66082]
O44 - LFC:[MD5.E22D1B9AC7854C0A654E4C4232074E49] - 10/05/2014 - 17:14:52 ---A- . (...) -- C:\WINDOWS\system32\C_28595.NLS [66082]
O44 - LFC:[MD5.AF4A866226BD04ACF06135088D75BB63] - 10/05/2014 - 17:14:52 ---A- . (...) -- C:\WINDOWS\system32\c_10007.nls [66082]
O44 - LFC:[MD5.314E85390BEBDAE5D1E11DB2D8CBC6E9] - 10/05/2014 - 17:14:52 ---A- . (...) -- C:\WINDOWS\system32\c_10017.nls [66082]
O44 - LFC:[MD5.EFFDFF60A38CF648811BBCDD722ECF5E] - 10/05/2014 - 17:14:53 ---A- . (...) -- C:\WINDOWS\system32\c_10081.nls [66082]
O44 - LFC:[MD5.C37A21EE1ADFDC13FC707D97073148ED] - 10/05/2014 - 17:14:53 ---A- . (...) -- C:\WINDOWS\system32\c_28599.nls [66082]
O44 - LFC:[MD5.A8764750B22B528D85A691A52CB21856] - 10/05/2014 - 17:14:53 ---A- . (...) -- C:\WINDOWS\system32\c_857.nls [66594]
O44 - LFC:[MD5.35448F3A71EBBECF8E997FAD3A99327D] - 10/05/2014 - 17:14:55 ---A- . (...) -- C:\WINDOWS\system32\c_28603.nls [66082]
O44 - LFC:[MD5.549DE7456EEB488B4248BB5C88A5BE67] - 10/05/2014 - 17:15:02 ---A- . (...) -- C:\WINDOWS\system32\pid.PNF [4444]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/05/2014 - 17:16:14 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.09E420F90A329BDA68477FA4AF43CB28] - 10/05/2014 - 17:17:30 ---A- . (...) -- C:\WINDOWS\system32\xjis.nls [28288]
O44 - LFC:[MD5.157A2706E78D7B581642F6F787EC37E5] - 10/05/2014 - 17:17:31 ---A- . (...) -- C:\WINDOWS\system32\c_10001.nls [162850]
O44 - LFC:[MD5.AAB0740BCBDCE107E0BABEE466905EB4] - 10/05/2014 - 17:17:31 ---A- . (...) -- C:\WINDOWS\system32\c_20000.nls [180258]
O44 - LFC:[MD5.B2B3B6A63D9A1837673A2B2C44455A20] - 10/05/2014 - 17:17:31 ---A- . (...) -- C:\WINDOWS\system32\c_20290.nls [66082]
O44 - LFC:[MD5.3FEF4EEFC8827A03B19124575B17205E] - 10/05/2014 - 17:17:31 ---A- . (...) -- C:\WINDOWS\system32\c_20932.nls [180770]
O44 - LFC:[MD5.32919D0DA9A834E8197203C4858ABCF6] - 10/05/2014 - 17:17:31 ---A- . (...) -- C:\WINDOWS\system32\c_20936.nls [173602]
O44 - LFC:[MD5.232094E602642181A5A508975665D11B] - 10/05/2014 - 17:17:31 ---A- . (...) -- C:\WINDOWS\system32\c_20949.nls [177698]
O44 - LFC:[MD5.07CD5D103AEB4AD2B624EE1ADBFAA456] - 10/05/2014 - 17:17:31 ---A- . (...) -- C:\WINDOWS\system32\c_21027.nls [66082]
O44 - LFC:[MD5.1855E6398A2E937E47809FD8B83647E4] - 10/05/2014 - 17:17:41 ---A- . (...) -- C:\WINDOWS\system32\c_10003.nls [177698]
O44 - LFC:[MD5.A337491EA01F4BE0779A981CB7ACB999] - 10/05/2014 - 17:17:41 ---A- . (...) -- C:\WINDOWS\system32\c_1361.nls [189986]
O44 - LFC:[MD5.DB4F8D50EDA4C0C51BDD0753880FA20B] - 10/05/2014 - 17:17:41 ---A- . (...) -- C:\WINDOWS\system32\ksc.nls [47066]
O44 - LFC:[MD5.AAF2CFDFCEAE84151060465A4C4506DA] - 10/05/2014 - 17:17:46 ---A- . (...) -- C:\WINDOWS\system32\WINPY.MB [1783864]
O44 - LFC:[MD5.FBA8EDF2418C8754D7199B7DCAD9F159] - 10/05/2014 - 17:17:46 ---A- . (...) -- C:\WINDOWS\system32\WINSP.MB [1564868]
O44 - LFC:[MD5.23C1E8F026FB81824388E8EC457CF75E] - 10/05/2014 - 17:17:46 ---A- . (...) -- C:\WINDOWS\system32\c_10008.nls [173602]
O44 - LFC:[MD5.54144F43EDF5AA8F504A30E7C1D1A7B5] - 10/05/2014 - 17:17:46 ---A- . (...) -- C:\WINDOWS\system32\prc.nls [83748]
O44 - LFC:[MD5.901863C68E6523336CAC602FE9320ABC] - 10/05/2014 - 17:17:46 ---A- . (...) -- C:\WINDOWS\system32\prcp.nls [83748]
O44 - LFC:[MD5.5A651B76C819817A2B992F34C3A8BC8D] - 10/05/2014 - 17:17:47 ---A- . (...) -- C:\WINDOWS\system32\WINZM.MB [1223500]
O44 - LFC:[MD5.EA2A501A6EE240361FA42FBA90E93611] - 10/05/2014 - 17:17:48 ---A- . (...) -- C:\WINDOWS\system32\PINTLPAD.HLP [14821]
O44 - LFC:[MD5.6D62961C6936709C4FE55CE5F7BE4AC1] - 10/05/2014 - 17:17:48 ---A- . (...) -- C:\WINDOWS\system32\PINTLPAE.HLP [16254]
O44 - LFC:[MD5.6556B40EBEB0879DB90B7AC32B41379B] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\a15.tbl [1460]
O44 - LFC:[MD5.9CF1E26D5CFC4747AF8BA76297353523] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\a234.tbl [44370]
O44 - LFC:[MD5.FF0ABF80940C1A6A9E0DB36EB431EB8E] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\acode.tbl [44370]
O44 - LFC:[MD5.217BC5677C19491A22846324300A363C] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\arphr.tbl [110566]
O44 - LFC:[MD5.BB30616600212D6EA337441AAC516F22] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\arptr.tbl [16312]
O44 - LFC:[MD5.2D37D46049C16DEDCF89BF76EC734877] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\array30.tab [146126]
O44 - LFC:[MD5.1924C588038F922AAB8CB66DF42EA4D6] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\arrayhw.tab [18600]
O44 - LFC:[MD5.C01B81BB10AD14DBC5C4ECD350638096] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\big5.nls [66728]
O44 - LFC:[MD5.EE1F60F8774D74BED8B13498F3FE737A] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\bopomofo.nls [82172]
O44 - LFC:[MD5.05C0B7F8FA403E6DA75671685A58A940] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\c_10002.nls [195618]
O44 - LFC:[MD5.2511B0F32128156F4C7F9F1164D5A108] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\dayiphr.tbl [520]
O44 - LFC:[MD5.F649C69497F99AA0E87EE81A1E140D0A] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\dayiptr.tbl [700]
O44 - LFC:[MD5.531FE5A2634D87A078017259F21D9736] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\lcphrase.tbl [211938]
O44 - LFC:[MD5.D3C85593F8C4576FCF9B42AC48CA4368] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\lcptr.tbl [24114]
O44 - LFC:[MD5.805EE17EB45B370D75BD8DE1986EE0D5] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\msdayi.tbl [116285]
O44 - LFC:[MD5.87027AC38E50D8185F83F27F92C41330] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\phon.tbl [4071]
O44 - LFC:[MD5.84E0FC05489B2E05B1F7CD41B3E7FD3B] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\phoncode.tbl [43242]
O44 - LFC:[MD5.1C47CF06E760E1865C9AAF04710D517C] - 10/05/2014 - 17:17:49 ---A- . (...) -- C:\WINDOWS\system32\phonptr.tbl [2714]
O44 - LFC:[MD5.55DCED5F0946C03E70B255A3AFC932B1] - 10/05/2014 - 17:17:55 ---A- . (...) -- C:\WINDOWS\system32\korwbrkr.lex [1158818]
O44 - LFC:[MD5.C04D36BBEF5B9BAA8D8DA0B57F22BE20] - 10/05/2014 - 17:17:55 ---A- . (...) -- C:\WINDOWS\system32\noise.jpn [2060]
O44 - LFC:[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - 10/05/2014 - 17:17:55 ---A- . (...) -- C:\WINDOWS\system32\noise.kor [1486]
O44 - LFC:[MD5.A0E02492452D4E237465D99D005D91FD] - 10/05/2014 - 17:18:07 ---A- . (...) -- C:\WINDOWS\system.ini [231]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/05/2014 - 17:18:57 ---A- . (...) -- C:\WINDOWS\system32\h323log.txt [0]
O44 - LFC:[MD5.2500AE26CC6C0998ECFA024DEA9913E0] - 10/05/2014 - 19:33:31 ---A- . (...) -- C:\WINDOWS\atiogl.xml [21544]
O44 - LFC:[MD5.DB96156AE0C447B49B8BB6B3324FF3DB] - 10/05/2014 - 19:33:31 ---A- . (...) -- C:\WINDOWS\system32\atiapfxx.blb [56336]
O44 - LFC:[MD5.0848BD09277CE61A6563D99BB63E026D] - 10/05/2014 - 19:33:31 ---A- . (...) -- C:\WINDOWS\system32\atiicdxx.dat [203336]
O44 - LFC:[MD5.DADAFE066983AB646E8550013FB7DA13] - 10/05/2014 - 19:33:31 ---A- . (...) -- C:\WINDOWS\system32\ativva5x.dat [3]
O44 - LFC:[MD5.CD663D99F1458BAA1840411C01B86EE5] - 10/05/2014 - 19:33:31 ---A- . (...) -- C:\WINDOWS\system32\ativva6x.dat [887724]
O44 - LFC:[MD5.DC66E4185D1A91E09DB2ABD82CFB0170] - 10/05/2014 - 19:33:31 ---A- . (...) -- C:\WINDOWS\system32\ativvaxx.cap [481456]
O44 - LFC:[MD5.FC094174027C23B89C24837D3B1405D5] - 10/05/2014 - 19:33:31 ---A- . (.No owner - ATIODCLI Application.) -- C:\WINDOWS\system32\ATIODCLI.exe [45056]
O44 - LFC:[MD5.118B79E717FE6F93F79D3E110240D8F9] - 10/05/2014 - 19:33:31 ---A- . (.No owner - ATIODE Application.) -- C:\WINDOWS\system32\ATIODE.exe [294912]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 10/05/2014 - 19:33:36 ---A- . (...) -- C:\WINDOWS\ativpsrm.bin [0]
O44 - LFC:[MD5.459DB8708F93BEAC0F75E149E1D990F6] - 10/05/2014 - 19:40:07 ---A- . (...) -- C:\setup.log [86]
O44 - LFC:[MD5.6527EE87C4BA019D54AA443CD4826266] - 10/05/2014 - 19:45:15 ---A- . (...) -- C:\WINDOWS\DPINST.LOG [34476]
O44 - LFC:[MD5.3CF09A0A997B6F6A2929296E74B32C11] - 10/05/2014 - 19:46:23 ---A- . (...) -- C:\WINDOWS\system32\RaCoInst.dat [14051]
O44 - LFC:[MD5.0602B1265719D15AF1B76D03CB20D0F9] - 10/05/2014 - 19:48:01 ---A- . (...) -- C:\WINDOWS\system32\RaCoInst.log [2727]
O44 - LFC:[MD5.DA933A978694A26DE2C65311372F031D] - 10/05/2014 - 19:48:45 ---A- . (...) -- C:\RTKNIC_setup.log [208]
O44 - LFC:[MD5.99B96BF58CC87D4E019FFD779FD82E83] - 10/05/2014 - 19:53:05 ---A- . (...) -- C:\WINDOWS\system32\hpBat.cpl [45056]
O44 - LFC:[MD5.D553447E5F57BF24FEB861CED6735AC2] - 10/05/2014 - 19:54:09 RSHA- . (...) -- C:\WINDOWS\system32\Drivers\103C_HP_NTBK_HP ProBook 4320s_YN_0U_QCNF1160C6C_EU_46_I1421_SHP_VKBC Version 53.36_B68AHH Ver. F.21_T120613_WXP3_L409_M3056_J320_7Intel_8Pentium II_92.53_#140510_N18143090_()_XMOBILE_CN10_Z_2_G100268E0.MRK [1591]
O44 - LFC:[MD5.F2FB2F13A23ED62C0AC621B6FE08F06A] - 10/05/2014 - 19:55:22 ---A- . (...) -- C:\WINDOWS\system32\HPWA.ini [188]
O44 - LFC:[MD5.5D2CD26F2CB236FA7C417E8A100A1A83] - 10/05/2014 - 19:59:00 ---A- . (...) -- C:\WINDOWS\HP Wallpaper.bmp [6912056]
O44 - LFC:[MD5.A38B008293E55F1013770D00EF774953] - 10/05/2014 - 19:59:00 ---A- . (...) -- C:\WINDOWS\system32\OEMlogo.bmp [42296]
O44 - LFC:[MD5.BCBE035B78EF7F9B1AE2E2AFA7E07C51] - 10/05/2014 - 19:59:00 ---A- . (...) -- C:\WINDOWS\system32\oeminfo.ini [14252]
O44 - LFC:[MD5.986B0893202A73566AD412CF20749F8A] - 10/05/2014 - 20:42:17 ---A- . (...) -- C:\WINDOWS\system32\xvid.ax [143872]
O44 - LFC:[MD5.E3833540C755C06EC18D414047448B14] - 10/05/2014 - 20:42:17 ---A- . (...) -- C:\WINDOWS\system32\xvidcore.dll [645632]
O44 - LFC:[MD5.348AC3C5B87056E24C9E0039332BFB66] - 10/05/2014 - 20:42:17 ---A- . (...) -- C:\WINDOWS\system32\xvidvfw.dll [240640]
O44 - LFC:[MD5.EE9D8B7FAD6E066F255E7598D3CB25F4] - 10/05/2014 - 21:02:34 ---A- . (...) -- C:\WINDOWS\win.ini [552]
O44 - LFC:[MD5.DDDABFE35CBA2DD92F1EEE06A3B0E76B] - 10/05/2014 - 21:05:32 ---A- . (...) -- C:\WINDOWS\system32\OGACheckControl.DLL [691592]
O44 - LFC:[MD5.3E6551117534C482FFFF17BEE62DFF84] - 10/05/2014 - 21:05:32 ---A- . (...) -- C:\WINDOWS\system32\OGAVerify.exe [528744]
O44 - LFC:[MD5.1A1688D1071FCC6044138C3567728B79] - 10/05/2014 - 21:11:17 ---A- . (...) -- C:\WINDOWS\DirectX.log [26282]
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 10/05/2014 - 21:29:46 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.E5021338211D6B4BFEAF3DFD72B91181] - 10/05/2014 - 21:38:42 ---A- . (...) -- C:\WINDOWS\system32\SR2.dat [14]
O44 - LFC:[MD5.E858FC0ADDC6A302B517F92C3101C0BC] - 10/05/2014 - 21:38:52 -SHA- . (...) -- C:\WINDOWS\system32\{FDF02722-0E8A-4A88-9A86-76769E26E992}.dat [32]
O44 - LFC:[MD5.5047DE34F5E771771E9BB2952A74F0A7] - 10/05/2014 - 21:38:52 -SHA- . (...) -- C:\WINDOWS\{62CD0615-59E2-4ED0-8529-04FDA7715694}.dat [32]
O44 - LFC:[MD5.25E522A3127D5080F8700B19F8FAFF73] - 11/05/2014 - 12:21:52 ---A- . (...) -- C:\WINDOWS\wmsetup.log [4260]
O44 - LFC:[MD5.EE5C83436711E7BF8AC72802FECCB497] - 13/05/2014 - 15:44:38 ---A- . (...) -- C:\WINDOWS\ie8.log [56089]
O44 - LFC:[MD5.EC703E336CC016D2D57F5A0DBD3B04D5] - 13/05/2014 - 15:45:24 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.B308558E582B1D2C0BD92D34E54A24C6] - 13/05/2014 - 15:45:32 ---A- . (...) -- C:\WINDOWS\updspapi.log [35321]
O44 - LFC:[MD5.E971D7637E2F00CA84FEE05948D66EBC] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [90571]
O44 - LFC:[MD5.B3DE2D4B511B4692BAE6C8FC9F0382D3] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [7380]
O44 - LFC:[MD5.B2F7F4EBB7E7635392B3A71B84E09F09] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\comsetup.log [42534]
O44 - LFC:[MD5.A59CD58983D22049CD8F4009975591AC] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\iis6.log [162987]
O44 - LFC:[MD5.FE1E897DFA30E7FDB1DA138C1310833C] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.AA0F240A3DDDF2BC9726B8C91C49F584] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\msgsocm.log [5147]
O44 - LFC:[MD5.AFD3C1D3EBA2DBAE4A9228784DD271D6] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\msmqinst.log [40256]
O44 - LFC:[MD5.EE6FD72900308CD0DA2D4DAB53280131] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\netfxocm.log [16864]
O44 - LFC:[MD5.056EBFD3B6F8ED35492176C60A60721A] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [25154]
O44 - LFC:[MD5.F05F6910898629F5A383AEA8C3A182EA] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\ocgen.log [61904]
O44 - LFC:[MD5.FF3D689D92A2C25CB611305FDD51CF2B] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\ocmsn.log [5949]
O44 - LFC:[MD5.933AAAD25C9EEA03CE588A272007F5E5] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\tabletoc.log [5026]
O44 - LFC:[MD5.17E1BE57100796A0963A4DC611478A48] - 13/05/2014 - 15:45:35 ---A- . (...) -- C:\WINDOWS\tsoc.log [49975]
O44 - LFC:[MD5.A6EAF6ECE7D4C6B3339BB85B9D25D57D] - 13/05/2014 - 15:45:51 ---A- . (...) -- C:\WINDOWS\ie8_main.log [182931]
O44 - LFC:[MD5.FA8EA3B6BE78DA1857BFD4A931DCAC40] - 13/05/2014 - 15:47:13 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [8881]
~ Files: 638 Legitimates Filtered in 00mn 15s
---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:03/12/2009 - 20:30:42 ---A- . (.IDT, Inc. - IDT PC Audio TPE.) -- C:\WINDOWS\system32\Drivers\sthda.sys [1656246]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9029]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4768]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27866]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33840]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 54 Legitimates Filtered in 00mn 00s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 07/03/2005 - C:\Program Files\Norton AntiVirus\SAVRTPEL.sys (SAVRTPEL) .(.Symantec Corporation - SAVRTPEL.) - LEGACY_SAVRTPEL
~ Legacy: 140 Legitimates Filtered in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - https://www.bing.com/?fdr=lc&toHttps=1&redig=636E85BA310741769F6F7203285A1529
~ Keys: Scanned in 00mn 00s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 28/09/2009 109056 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SS - | Demand 10/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 17/01/2008 79208 | (ccPwdSvc) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
SS - | Demand 14/04/2008 224768 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 19/10/2005 46704 | (NPFMntor) . (.Symantec Corporation.) - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
SS - | Demand 07/03/2005 198368 | (SAVScan) . (.Symantec Corporation.) - C:\Program Files\Norton AntiVirus\SAVScan.exe
SS - | Auto 19/10/2005 67184 | (SBService) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.exe
SS - | Demand 28/03/2007 206552 | (SNDSrvc) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
SR - | Auto 22/11/2009 80384 | (Arcsoft Security Service) . (.Arcsoft, Inc..) - C:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\ArcSecurity.exe
SR - | Auto 19/05/2011 610304 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SR - | Demand 25/10/2010 3511888 | (Bluetooth Device Manager) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
SR - | Demand 15/07/2010 901384 | (Bluetooth Media Service) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
SR - | Auto 16/07/2010 508680 | (Bluetooth OBEX Service) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
SR - | Auto 17/01/2008 197992 | (ccEvtMgr) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
SR - | Auto 14/09/2002 34496 | (ccPxySvc) . (.Symantec Corporation.) - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
SR - | Auto 17/01/2008 181608 | (ccSetMgr) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
SR - | Demand 10/05/2014 647680 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 16/12/2009 102968 | (HP Wireless Assistant Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
SR - | Auto 04/01/2010 264248 | (hpHotkeyMonitor) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
SR - | Demand 17/12/2009 230968 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 25/08/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 10/05/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 20/08/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/11/2009 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 19/10/2005 177264 | (navapsvc) . (.Symantec Corporation.) - C:\Program Files\Norton AntiVirus\navapsvc.exe
SR - | Auto 23/09/2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 14/09/2002 140992 | (NISUM) . (.Symantec Corporation.) - C:\Program Files\Norton Personal Firewall\NISUM.exe
SR - | Auto 21/07/2004 173160 | (SPBBCSvc) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
SR - | Auto 03/12/2009 229461 | (STacSV) . (.IDT, Inc..) - c:\program files\idt\wdm\STacSV.exe
SR - | Auto 04/12/2009 506472 | (uArcCapture) . (.ArcSoft, Inc..) - C:\WINDOWS\system32\uArcCapture.exe
SR - | Auto 04/11/2009 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Services: Scanned in 00mn 06s
---\\ Scan Additionnel (O88)
Database Version : 13045 - (14/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKCU\Software\Conduit] =>Toolbar.Conduit^
~ Additionnel Scan: 270022 Items scanned in 00mn 11s
---\\ Summary of the detections found on your workstation
http://nicolascoolman.byethost7.com/toolbar-conduit =>Toolbar.Conduit
~ MSI: 1 link(s) detected in 00mn 00s
~ 1390 Legitimates filtered by white list
End of the scan (639 lines in 00mn 55s)(0)
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 14, 2014 at 02:14 PM
May 14, 2014 at 02:14 PM
I was just wondering could the problem be due to the fact that I disabled Windows Firewall before installing Norton Firewall, which has somehow caused a software conflict?
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
May 14, 2014 at 04:27 PM
May 14, 2014 at 04:27 PM
No! You have a pup
Hold on, I will put our virus expert on your case, he is 2011n2 (Gabriel)
Good luck
Hold on, I will put our virus expert on your case, he is 2011n2 (Gabriel)
Good luck
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
May 14, 2014 at 04:31 PM
May 14, 2014 at 04:31 PM
Hello,
Can you run again ZHPDiag by clicking on full options button ?
Please think to host the report :
- To transmit the report, click on this link :
https://authentification.site
- Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
- Select the file ZHPDiag.txt.
- Click on "upload »
- Copy the URL and post it here.
Gabriel.
Can you run again ZHPDiag by clicking on full options button ?
Please think to host the report :
- To transmit the report, click on this link :
https://authentification.site
- Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
- Select the file ZHPDiag.txt.
- Click on "upload »
- Copy the URL and post it here.
Gabriel.
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 15, 2014 at 04:36 AM
May 15, 2014 at 04:36 AM
Here are the results, I'm not sure which link to upload so I will just upload all of them
http://speedy.sh/2CyKC/ZHPDiag.txt
[code]http://speedy.sh/2CyKC/ZHPDiag.txt/code
<a href="http://speedy.sh/2CyKC/ZHPDiag.txt">Download at SpeedyShare</a>
http://speedy.sh/2CyKC/ZHPDiag.txt
[code]http://speedy.sh/2CyKC/ZHPDiag.txt/code
<a href="http://speedy.sh/2CyKC/ZHPDiag.txt">Download at SpeedyShare</a>
Didn't find the answer you are looking for?
Ask a question
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
May 15, 2014 at 10:26 AM
May 15, 2014 at 10:26 AM
Hello,
A/ Uninstall Spybot, it is obsolète.
B/
1. Close all applications
2. Select and copy all of the following bold lines.
----------------------------------------------------------------------------------
Script ZHPFix
[HKCU\Software\Conduit]
[HKCU\Software\Conduit]
3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not
4. Click on the the Import button and the lines will automatically paste themselves.
5. Click on the Go button to clean
6. Confirm by clicking OK
7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time
8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.
Gabriel.
A/ Uninstall Spybot, it is obsolète.
B/
1. Close all applications
2. Select and copy all of the following bold lines.
----------------------------------------------------------------------------------
Script ZHPFix
[HKCU\Software\Conduit]
[HKCU\Software\Conduit]
3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not
4. Click on the the Import button and the lines will automatically paste themselves.
5. Click on the Go button to clean
6. Confirm by clicking OK
7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time
8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.
Gabriel.
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 16, 2014 at 04:11 AM
May 16, 2014 at 04:11 AM
Thanks, Gabriel! I will give that a try ASAP.
One question, do I have to uninstall Spybot 1st or could I just keep it?
One question, do I have to uninstall Spybot 1st or could I just keep it?
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 16, 2014 at 04:16 AM
May 16, 2014 at 04:16 AM
Also you said close all applications does that include everything that is running in the system tray?
And where do I copy
Script ZHPFix
[HKCU\Software\Conduit]
[HKCU\Software\Conduit]
to?
Sorry if I sound like a newb but I've never done anything like this before?
And where do I copy
Script ZHPFix
[HKCU\Software\Conduit]
[HKCU\Software\Conduit]
to?
Sorry if I sound like a newb but I've never done anything like this before?
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
May 16, 2014 at 05:23 AM
May 16, 2014 at 05:23 AM
Hello,
Spybot is unnecessary, so you can uninstall it.
You copy the bold lines, then you open ZHPFix and click on "Import".
Gabriel.
Spybot is unnecessary, so you can uninstall it.
You copy the bold lines, then you open ZHPFix and click on "Import".
Gabriel.
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 16, 2014 at 07:22 AM
May 16, 2014 at 07:22 AM
Thanks again, Gabriel for helping.
Here is the results after running that script on ZHPFix:
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Jake Lo at 16/05/2014 12:19:00
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)
Recycle Bin emptied (00mn 22s)
========== Registry keys ==========
REMOVES: HKCU\Software\Conduit
========== Summary ==========
1 : Registry keys
End of clean in 00mn 22s
========== Path to file report ==========
C:\Documents and Settings\Jake Lo\Application Data\ZHP\ZHPFix[R1].txt - 16/05/2014 12:19:23 [460]
Here is the results after running that script on ZHPFix:
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Jake Lo at 16/05/2014 12:19:00
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)
Recycle Bin emptied (00mn 22s)
========== Registry keys ==========
REMOVES: HKCU\Software\Conduit
========== Summary ==========
1 : Registry keys
End of clean in 00mn 22s
========== Path to file report ==========
C:\Documents and Settings\Jake Lo\Application Data\ZHP\ZHPFix[R1].txt - 16/05/2014 12:19:23 [460]
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
May 16, 2014 at 12:09 PM
May 16, 2014 at 12:09 PM
Okay, run again ZHPDiag. Think to host the report.
Gabriel.
Gabriel.
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 16, 2014 at 12:29 PM
May 16, 2014 at 12:29 PM
Heres the link to the latest ZHPDiag run:
http://speedy.sh/GMBbM/ZHPDiag.txt
[code]http://speedy.sh/GMBbM/ZHPDiag.txt/code
<a href="http://speedy.sh/GMBbM/ZHPDiag.txt">Download at SpeedyShare</a>
Thanks again for all the help, Gabriel
http://speedy.sh/GMBbM/ZHPDiag.txt
[code]http://speedy.sh/GMBbM/ZHPDiag.txt/code
<a href="http://speedy.sh/GMBbM/ZHPDiag.txt">Download at SpeedyShare</a>
Thanks again for all the help, Gabriel
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
May 16, 2014 at 01:47 PM
May 16, 2014 at 01:47 PM
Good.
- Download MBAM by clicking " Free Download Version".
- Save it on your desktop.
- Double- click the downloaded file to launch the installation process (if the firewall asks for permission to connect to Malwarebytes, accept)
- Once the software is installed and running, go to the "Review " tab.
- Select Review "Custom" and then click Check Now.
- Select all drives and all exam options (including search rootkits).
- Ensure that Process as malicious detections is selected for PUP and PUM.
- Click Start exam.
- If an update is shown click Update Now and then wait for the review
- Once the review is completed , make sure that the action Quarantine is selected for all elements detected.
- Click Apply actions. If asked to restart the PC, do it.
- In the Review tab, click Export Log = > text file (txt). Otherwise, go to the history tab and Application logs.
- Paste the report.
Gabriel.
- Download MBAM by clicking " Free Download Version".
- Save it on your desktop.
- Double- click the downloaded file to launch the installation process (if the firewall asks for permission to connect to Malwarebytes, accept)
- Once the software is installed and running, go to the "Review " tab.
- Select Review "Custom" and then click Check Now.
- Select all drives and all exam options (including search rootkits).
- Ensure that Process as malicious detections is selected for PUP and PUM.
- Click Start exam.
- If an update is shown click Update Now and then wait for the review
- Once the review is completed , make sure that the action Quarantine is selected for all elements detected.
- Click Apply actions. If asked to restart the PC, do it.
- In the Review tab, click Export Log = > text file (txt). Otherwise, go to the history tab and Application logs.
- Paste the report.
Gabriel.
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 17, 2014 at 07:09 AM
May 17, 2014 at 07:09 AM
Here are the results of the MalwareBytes scan:
http://speedy.sh/Kh5xh/MalwareBytes-Log.txt
[code]http://speedy.sh/Kh5xh/MalwareBytes-Log.txt/code
<a href="http://speedy.sh/Kh5xh/MalwareBytes-Log.txt">Download at SpeedyShare</a>
http://speedy.sh/Kh5xh/MalwareBytes-Log.txt
[code]http://speedy.sh/Kh5xh/MalwareBytes-Log.txt/code
<a href="http://speedy.sh/Kh5xh/MalwareBytes-Log.txt">Download at SpeedyShare</a>
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
May 17, 2014 at 08:06 AM
May 17, 2014 at 08:06 AM
Hello,
Some problems persists ?
Gabriel.
Some problems persists ?
Gabriel.
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 17, 2014 at 08:28 AM
May 17, 2014 at 08:28 AM
Yeah, I'm still getting the same problem after a couple of hours.
I was wondering would using these commands on command prompt solve my problem:
ipconfig/flusshdns
ipconfig/release
ipconfig/renew
or
netsh int ip reset resetlog.txt
I was wondering would using these commands on command prompt solve my problem:
ipconfig/flusshdns
ipconfig/release
ipconfig/renew
or
netsh int ip reset resetlog.txt
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
May 17, 2014 at 08:30 AM
May 17, 2014 at 08:30 AM
Okay, all the computer is blocked or just Firefox ?
It is not responding ?
Gabriel.
It is not responding ?
Gabriel.
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 17, 2014 at 09:02 AM
May 17, 2014 at 09:02 AM
After a couple of hours of browsing on the net on Firefox. Firefox will all of a sudden display a blank screen when I attempt to access a webpage. IE will also display a connection problem error. Apart from that my HP Probook is working perfectly fine. Even uTorrent is still working perfectly fine, and I can ping any website via cmd.
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
May 17, 2014 at 09:09 AM
May 17, 2014 at 09:09 AM
Try to reinstall Firefox.
Gabriel.
Gabriel.
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 17, 2014 at 09:12 AM
May 17, 2014 at 09:12 AM
Tried that.
I've also done a complete reinstall of Windows XP on my HP Probook to see if that would fix
the problem. But I still get the same problem.
Should I just try these commands on cmd?
ipconfig/flusshdns
ipconfig/release
ipconfig/renew
or
netsh int ip reset resetlog.txtipconfig/flusshdns
I've also done a complete reinstall of Windows XP on my HP Probook to see if that would fix
the problem. But I still get the same problem.
Should I just try these commands on cmd?
ipconfig/flusshdns
ipconfig/release
ipconfig/renew
or
netsh int ip reset resetlog.txtipconfig/flusshdns
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
May 17, 2014 at 09:22 AM
May 17, 2014 at 09:22 AM
Ah okay.
Yes you can try these commands.
Gabriel.
Yes you can try these commands.
Gabriel.
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 18, 2014 at 07:06 AM
May 18, 2014 at 07:06 AM
Those commands didn't work either! :/ I think it maybe an issue with Norton Firewall, I've installed a updated version to see if that will help. Figures crossed! :)
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
May 18, 2014 at 08:19 AM
May 18, 2014 at 08:19 AM
Hello,
And if you try to disable it ?
Gabriel.
And if you try to disable it ?
Gabriel.
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 20, 2014 at 04:15 AM
May 20, 2014 at 04:15 AM
HI Gabriel
I managed to fix the problem! Turns out it was a problem with that version of Norton Firewall I was previously using, any I switched to a newer version and everything seems to be fine now!
Thanks for your help!
I managed to fix the problem! Turns out it was a problem with that version of Norton Firewall I was previously using, any I switched to a newer version and everything seems to be fine now!
Thanks for your help!
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 20, 2014 at 04:16 AM
May 20, 2014 at 04:16 AM
Oh, yeah! You wouldn't be able to recommend any good firewall software?
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
May 20, 2014 at 09:02 AM
May 20, 2014 at 09:02 AM
Hello,
Congratulations. :)
For example, Comodo is a good Firewall.
Gabriel.
Congratulations. :)
For example, Comodo is a good Firewall.
Gabriel.
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 21, 2014 at 03:53 AM
May 21, 2014 at 03:53 AM
I've heard about good things about Comodo. But I wonder since it's a complete internet security protection package, will it interfer with Norton Antivirus as I'm currently using that at the moment?
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
May 21, 2014 at 06:52 AM
May 21, 2014 at 06:52 AM
Darkguyver,
You should have only one antivirus. Yes they may conflict as they have different scanning engines, they may skip a detection, give you false positive results yet slow down your computer. The choice is now yours, but you can wait for your Norton license to run out before changing av software.
If you decide to change, begin a new topic on how to completely to remove Norton because after automated removal, Norton leaves all kinds of "dung" behind.
Best regards
Ambubias
P.S. I personally never liked nor trusted Norton, I have used Kaspersky and F-Secure for the best.
You should have only one antivirus. Yes they may conflict as they have different scanning engines, they may skip a detection, give you false positive results yet slow down your computer. The choice is now yours, but you can wait for your Norton license to run out before changing av software.
If you decide to change, begin a new topic on how to completely to remove Norton because after automated removal, Norton leaves all kinds of "dung" behind.
Best regards
Ambubias
P.S. I personally never liked nor trusted Norton, I have used Kaspersky and F-Secure for the best.
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
May 21, 2014 at 07:52 AM
May 21, 2014 at 07:52 AM
Hello,
Thanks Ambucias for answering. :)
Gabriel.
Thanks Ambucias for answering. :)
Gabriel.
darkguyver
Posts
30
Registration date
Monday May 12, 2014
Status
Member
Last seen
November 11, 2014
May 21, 2014 at 08:49 AM
May 21, 2014 at 08:49 AM
Thanks, Ambucias for the quick reply. As for uninstalling Norton, the best thing to do is download and run the Norton Removal Tool. Which should remove everything from your computer.
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
May 21, 2014 at 10:02 AM
May 21, 2014 at 10:02 AM
Exactly, use Norton Removal Tool.