---\\ Software installed (O42)
O42 - Logiciel: AL3 Download Client - (...) [HKLM] -- {D84DF348-966B-4DDD-BE3A-128BC9129505}
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
O42 - Logiciel: Ask Toolbar Updater - (.Ask.com.) [HKCU] -- {79A765E1-C399-405B-85AF-466F52E918B0} =>Toolbar.Ask
O42 - Logiciel: Cycling-Secrets v1.0 - (.Catad83.) [HKLM] -- Cycling-Secrets_is1
O42 - Logiciel: DYMO Stamps - (.Endicia Internet Postage.) [HKLM] -- DYMO Stamps
O42 - Logiciel: DYMO Stamps - (.Endicia Internet Postage.) [HKLM] -- DYMO Stamps.exe
O42 - Logiciel: MeadCo ScriptX (v7.1.0.60 (x86)) - (.Mead & Co Ltd..) [HKLM] -- {BC15EFA7-97B7-43A3-A293-5117EC3C1A86}
O42 - Logiciel: Mr Smooth v1.0 - (.Swim Smooth.) [HKLM] -- Mr Smooth_is1
O42 - Logiciel: MrSmooth - (.Swim Smooth (Swim Smooth UK).) [HKLM] -- {AF81A6CC-F27F-2E0C-8B9A-5F6DA8687E0E}
O42 - Logiciel: Progressive Downloader Plus - (.Progressive Insurance.) [HKCU] -- cf8ca50d45e159d3
O42 - Logiciel: QuickBooks - (.Intuit Inc..) [HKLM] -- {25E202D1-D8E7-46AF-B4B0-157D9993A93E}
O42 - Logiciel: QuickBooks Financial Center - (.Intuit Inc..) [HKLM] -- {890EF3F8-742F-46BD-9E8E-084B3A1F4364}
O42 - Logiciel: QuickBooks Pro 2012 - (.Intuit Inc..) [HKLM] -- {22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}
O42 - Logiciel: QuickFile Florida - (.QuickQuote.) [HKLM] -- QuickFile Florida
O42 - Logiciel: Shop to Win 4 - (...) [HKLM] -- Shop to Win 4 =>Adware.ShopToWin
O42 - Logiciel: TEAM-UP Download - (.Connective Technologies, Inc..) [HKCU] -- TEAM-UP Download
O42 - Logiciel: Total Access Memo 2003 Runtime - (...) [HKLM] -- Total Access Memo 2003 Runtime
O42 - Logiciel: Transfer Manager.NET - (...) [HKLM] -- {287CDCFB-36A4-44A4-9B49-26A95C85B4AD}
~ Logic: 35 Legitimates Filtered in 01mn AMs
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN]
[HKCU\Software\Ask.com]
[HKCU\Software\Endicia]
[HKCU\Software\GNworks]
[HKCU\Software\KZF6cA]
[HKCU\Software\MeadCo]
[HKCU\Software\QuickBooks PDF Converter 3.0]
[HKCU\Software\QuickBooks PDF Converter]
[HKCU\Software\QuickQuote DO NOT DELETE]
[HKCU\Software\Wal-Mart]
[HKLM\Software\APN]
[HKLM\Software\AskToolbar]
[HKLM\Software\Cyclist]
[HKLM\Software\Endicia]
[HKLM\Software\IVANS]
[HKLM\Software\KZF6cA]
[HKLM\Software\MeadCo]
[HKLM\Software\QuickQuote]
[HKLM\Software\Symbience]
[HKLM\Software\TotalRecipeSearch_14EI]
~ Key Software: 381 Legitimates Filtered in 01mn AMs
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 10/22/2012 - 3:54:46 PM - [3.489] ----D C:\Program Files\Ask.com
O43 - CFD: 3/4/2011 - 4:42:08 PM - [7.027] ----D C:\Program Files\Cycling Secrets
O43 - CFD: 2/25/2014 - 5:31:24 PM - [15.299] ----D C:\Program Files\DYMO Label
O43 - CFD: 4/26/2012 - 4:03:04 PM - [9.240] ----D C:\Program Files\DYMO Stamps
O43 - CFD: 3/28/2013 - 4:43:26 PM - [0.285] ----D C:\Program Files\MeadCo ScriptX
O43 - CFD: 4/15/2011 - 3:03:16 PM - [163.417] ----D C:\Program Files\Midland LifeSolutions
O43 - CFD: 1/17/2012 - 4:38:22 PM - [44.415] ----D C:\Program Files\Mr Smooth
O43 - CFD: 1/17/2012 - 4:38:54 PM - [28.933] ----D C:\Program Files\MrSmooth
O43 - CFD: 11/8/2009 - 6:02:25 PM - [34.633] ----D C:\Program Files\QuickQuote
O43 - CFD: 11/8/2009 - 6:02:27 PM - [18.856] ----D C:\Program Files\QuickQuoteA2k2 Runtime
O43 - CFD: 10/22/2012 - 3:54:36 PM - [0.100] ----D C:\Program Files\Smart PC Cleaner =>Rogue.SmartPCCleaner
O43 - CFD: 5/11/2011 - 9:15:11 AM - [0.615] ----D C:\Program Files\Symbience
O43 - CFD: 3/28/2013 - 4:43:27 PM - [6.820] ----D C:\Program Files\Common Files\MeadCo ScriptX
O43 - CFD: 12/20/2011 - 4:55:58 PM - [0] ----D C:\ProgramData\Bomgar-SCC-4EF10069
O43 - CFD: 11/8/2009 - 6:04:09 PM - [0.255] ----D C:\ProgramData\Partner
O43 - CFD: 2/7/2013 - 9:46:36 AM - [0.034] ----D C:\ProgramData\ProgressiveInsurance
O43 - CFD: 10/19/2012 - 11:50:29 AM - [0] ----D C:\Users\Owner\AppData\Roaming\DefaultTab =>Adware.Bandoo
O43 - CFD: 3/16/2010 - 11:14:23 AM - [0.015] ----D C:\Users\Owner\AppData\Roaming\DYMO Stamps
O43 - CFD: 12/19/2011 - 11:28:56 AM - [0] ----D C:\Users\Owner\AppData\Roaming\Idelni
O43 - CFD: 1/17/2012 - 4:41:11 PM - [0.000] ----D C:\Users\Owner\AppData\Roaming\MrSmooth.1F1C2CE6230412E7752D206B573506D8446D8E6A.1
O43 - CFD: 10/18/2012 - 2:44:09 PM - [0] ----D C:\Users\Owner\AppData\Roaming\Smart PC Cleaner =>Rogue.SmartPCCleaner
O43 - CFD: 6/22/2012 - 8:32:44 AM - [0] ----D C:\Users\Owner\AppData\Roaming\Tutysy
O43 - CFD: 1/6/2014 - 4:32:51 PM - [0.222] ----D C:\Users\Owner\AppData\Local\GNworks
O43 - CFD: 3/20/2014 - 1:02:45 PM - [0] ----D C:\Users\Owner\AppData\Local\IAC
O43 - CFD: 3/4/2011 - 4:42:05 PM - [5.369] ----D C:\Users\Owner\AppData\Local\lptmp1284 =>Adware.Incredibar
O43 - CFD: 2/7/2013 - 9:45:38 AM - [0.000] ----D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Progressive Insurance
O43 - CFD: 11/24/2009 - 1:18:23 PM - [0.002] ----D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TEAM-UP Download
~ 1181 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 1475 Legitimates Filtered in 50mn AMs
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.316DF50A505C84138DA4551BB65BA937] - 4/11/2014 - 10:22:45 AM ---A- . (...) -- C:\Windows\System32\GDIPFONTCACHEV1.DAT [129296]
O44 - LFC:[MD5.8EC7C02DF8508F9336F9837E33681440] - 4/14/2014 - 4:48:31 PM ---A- . (...) -- C:\Windows\System32\rpcnetp.dll [17408]
O44 - LFC:[MD5.F9B8748B14F1FDCFEC0E78254ED849D7] - 4/14/2014 - 8:08:12 PM ---A- . (...) -- C:\Windows\System32\rpcnetp.exe [17408]
O44 - LFC:[MD5.697681D23913D175B4DA2849C4F97DE0] - 4/14/2014 - 9:47:19 PM ---A- . (...) -- C:\Windows\win.ini [275]
~ Files: 19 Legitimates Filtered in 02mn AMs
---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
~ ShellExecuteHooks: Scanned in 00mn AMs
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\GNworks Update [Key] . (...) -- :\Users\Owner\AppData\Local\GNworks\ep0lvraa.dll (.not file.)
O53 - SMSR:HKLM\...\startupreg\QUICKDOWNLOAD [Key] . (.QuickQuote - QuickDownload for QuickFile.) -- C:\QuickFL\QuickDownload\QuickDownload.exe
~ SMSR Keys: 15 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 18 Legitimates Filtered in 00mn AMs
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 7/13/2009 - 7:20:28 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.40725D93E5B7806F824715C3211CEDB1] - 7/3/2009 - 11:45:03 AM RSHA- . (...) -- C:\Windows\System32\Drivers\fbd.sys [13]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 7/13/2009 - 4:54:14 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.CB5D13966F74D7F000724A907F614193] - 5/17/2011 - 3:44:44 PM ---A- . (.
http://libusb-win32.sourceforge.net - LibUSB-Win32 - Kernel Driver.) -- C:\Windows\System32\Drivers\libusb0.sys [35776]
O58 - SDL:[MD5.35045BC673E74FE0E8AA89BC16D50FBB] - 12/17/2008 - 8:48:36 PM ---A- . (.01 Communique Laboratory Inc. - RDesktop video mirror driver.) -- C:\Windows\System32\Drivers\rdsdrvdm.sys [27648]
O58 - SDL:[MD5.0D60B8C10A2C5E8DD620B3FDEB1CDA64] - 4/23/2007 - 11:50:50 AM ---A- . (.Windows (R) Codename Longhorn DDK provider - Realtek Utility I/O Driver.) -- C:\Windows\System32\Drivers\RtlProt.sys [25896]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 7/13/2009 - 7:19:04 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.483EBB6E4E5883180F3555BD70F9CFA2] - 7/3/2009 - 11:44:37 AM RSHA- . (...) -- C:\Windows\System32\Drivers\taishop.sys [4]
O58 - SDL:[MD5.6E421CCC57059B0186C6259CA3B6DFC9] - 12/13/2012 - 1:50:38 PM ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 3:40:41 PM ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 7/13/2009 - 3:40:44 PM ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 7/13/2009 - 3:40:40 PM ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 7/13/2009 - 3:40:43 PM ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 7/13/2009 - 3:40:43 PM ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 7/13/2009 - 3:40:23 PM ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 7/13/2009 - 3:40:31 PM ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 7/13/2009 - 3:40:35 PM ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 7/13/2009 - 3:40:39 PM ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 7/13/2009 - 3:40:27 PM ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 7/13/2009 - 3:40:11 PM ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 7/13/2009 - 3:40:15 PM ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 7/13/2009 - 3:40:17 PM ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 7/13/2009 - 3:40:19 PM ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 7/13/2009 - 3:40:13 PM ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 18 Legitimates Filtered in 04mn AMs
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Keys: Scanned in 00mn AMs
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) -
http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {2EF7CAFC-C3FD-4487-882E-879E5DE88ED1} - (Ask Search) -
http://websearch.ask.com =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) -
http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) -
http://www.google.com
O69 - SBI: SearchScopes [HKCU] {75C98131-54C0-4002-B3A9-391BC15BA6E3} - (Google) -
http://www.google.com
O69 - SBI: SearchScopes [HKCU] {AD161361-68EB-41ED-8FC6-02F123AB7811} - (Bing) -
http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {EE82F532-66A2-4785-A208-6C8060CD3F56} - (Yahoo! Search) -
http://search.yahoo.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {E7301C61-00BC-4E42-B058-93A08E3B5BC6} [DefaultScope] - (Bing) -
http://www.bing.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {E7301C61-00BC-4E42-B058-93A08E3B5BC6} [DefaultScope] - (Bing) -
http://www.bing.com
~ Keys: Scanned in 00mn AMs
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.59CA06DE9201457DBA4401016440A88B] [SPRF][8/18/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.EDE73F719C7DB22B8EB1E535963C6134] [SPRF][9/18/2013] (...) -- C:\Users\Owner\AppData\Roaming\wklnhst.dat [4424]
~ Files: 4 Legitimates Filtered in 00mn AMs
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "UDP Query User{AC99B712-7A19-4F3B-B35A-4E776F83CA76}C:\users\owner\documents\ctmweb24863-44902[1]\ctmweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\owner\documents\ctmweb24863-44902[1]\ctmweb.exe (.not file.)
O87 - FAEL: "TCP Query User{5DDE23C5-21A1-40D7-A200-F719DE233DF0}C:\users\owner\documents\ctmweb24863-44902[1]\ctmweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\owner\documents\ctmweb24863-44902[1]\ctmweb.exe (.not file.)
O87 - FAEL: "UDP Query User{5A14633B-6825-4487-B1B7-A519B94A466B}C:\users\owner\appdata\local\temp\temp1_ctmweb24863-44902[1].zip\ctmweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\owner\appdata\local\temp\temp1_ctmweb24863-44902[1].zip\ctmweb.exe (.not file.)
O87 - FAEL: "TCP Query User{4AD48A11-6358-4361-95EB-CBB39C9FAB15}C:\users\owner\appdata\local\temp\temp1_ctmweb24863-44902[1].zip\ctmweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\owner\appdata\local\temp\temp1_ctmweb24863-44902[1].zip\ctmweb.exe (.not file.)
O87 - FAEL: "{5BD8D2DA-FF44-496B-AB8D-D22002810D1F}" |In - None - P17 - TRUE | .(...) -- D:\setup\hpznui01.exe (.not file.)
O87 - FAEL: "{0535378D-A0FA-4F09-86B1-0FE1CC9E51BA}" |In - Private - P6 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\7zS7906.tmp\SymNRT.exe (.not file.)
O87 - FAEL: "{F41BA4B3-8952-4CEA-B33B-7D5441726757}" |In - Private - P17 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\7zS7906.tmp\SymNRT.exe (.not file.)
O87 - FAEL: "{0C0920E4-DE45-47D7-BD44-D0964944AF46}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\migD2CD.tmp\migwiz.exe (.not file.)
O87 - FAEL: "{64AEA52C-817A-4006-B592-4371566D83DD}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\migD2CD.tmp\migwiz.exe (.not file.)
O87 - FAEL: "{F2A66A9B-E2B9-462F-BA78-E5916A2FBAB0}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig1539.tmp\migwiz.exe (.not file.)
O87 - FAEL: "{36A7B2D9-8963-4740-97FF-A91DE2D730EC}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig1539.tmp\migwiz.exe (.not file.)
O87 - FAEL: "{71B4641F-DB20-4FE9-8D10-1C5F57814726}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig26CA.tmp\migwiz.exe (.not file.)
O87 - FAEL: "{1439BC5B-48DE-493C-9E6B-0F225540F66D}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig26CA.tmp\migwiz.exe (.not file.)
O87 - FAEL: "{0E7D93F9-993C-4D2A-864E-E7420F9FB744}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig6AE8.tmp\migwiz.exe (.not file.)
O87 - FAEL: "{6259A0DE-CC78-4FCB-8CA3-C1A3E9776F41}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Owner\AppData\Local\temp\mig6AE8.tmp\migwiz.exe (.not file.)
~ Firewall: 240 Legitimates Filtered in 01mn AMs
---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "07A917B4A41Fc5f4095B43B6427BFF1F" . (.Windows 7 Upgrade Advisor.) -- C:\Windows\Installer\{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}\WuaIcon
O90 - PUC: "15CEC5CCF6CBA6841BAABE8254159ABE" . (.Bing Bar.) -- C:\Windows\Installer\{CC5CEC51-BC6F-486A-B1AA-EB284551A9EB}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "7AFE51CB7B793A342A391571CEC3A168" . (.MeadCo ScriptX (v7.1.0.60 (x86)).) -- C:\Windows\Installer\{BC15EFA7-97B7-43A3-A293-5117EC3C1A86}\scriptx.ico
O90 - PUC: "8F3FE098F247DB64E9E880B4A3F13446" . (.QuickBooks Financial Center.) -- C:\Windows\Installer\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}\ARPPRODUCTICON.exe
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Ask Toolbar.) -- c:\program files\ask.com\fv_4fd8.ico =>Toolbar.Ask
~ Update Products: 186 Legitimates Filtered in 00mn AMs
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.0698B8D780313EC9D0193A830EFEFA45] [WIS][9/23/2010] (.Midland National - Blank Project Template.) -- C:\Windows\Installer\16e169d.msi [413696]
[MD5.4F27D023E0866265CC6F94D5AC1CC915] [WIS][1/17/2012] (.Swim Smooth (Swim Smooth UK) - MrSmooth.) -- C:\Windows\Installer\19ad4ec.msi [20992]
[MD5.CDA6735D856716E986CC696C529500A3] [WIS][8/11/2009] (.Xobni, Inc. - Xobni Core DLL Installer.) -- C:\Windows\Installer\1b78765.msi [110080]
[MD5.86AB4434F55A5CF91518A6A409686C5C] [WIS][1/17/2013] (.Mead & Co Ltd. - MeadCo ScriptX (v7.1.0.60 (x86)).) -- C:\Windows\Installer\1c7220d.msi [3289088]
[MD5.0952E366FA5A3F55C764671E26751C1B] [WIS][6/28/2013] (.FINIS Inc. - Streamline Bridge.) -- C:\Windows\Installer\1ea99b.msi [30208]
[MD5.A37F36438EEB1CB7C1B99F1D33A5F6A5] [WIS][8/21/2013] (.Trusteer - Rapport.) -- C:\Windows\Installer\22c4d.msi [27512832]
[MD5.EA0A7CBE9AC324AB6C3AE3A534A87F1F] [WIS][5/3/2009] (.Corel Corporation - Blank Project Template.) -- C:\Windows\Installer\3468c.msi [7713792]
[MD5.31CD01FA948F6FBE9037F795E0636D34] [WIS][5/3/2009] (.Intuit Inc. - QuickBooks Financial Center.) -- C:\Windows\Installer\39549.msi [1591808]
[MD5.C53594D201D7D297B404E2DEB2C461BA] [WIS][6/16/2009] (.Realtek - Blank Project Template.) -- C:\Windows\Installer\3afe2.msi [5738496]
[MD5.25C4A5F7A8708BAD15A64E5B8DF333CD] [WIS][8/13/2012] (.Ask.com - Blank Project Template.) -- C:\Windows\Installer\dc1fb9.msi [3809280]
[MD5.5084B956DCCD3E1E0289B6809D79EC64] [WIS][9/10/2009] (.MPM - MPM.) -- C:\Windows\Installer\e35644.msi [144384]
[MD5.559583F3F0F090A5A192DE092222E7C4] [WIS][3/14/2012] (.Intuit Inc. - QuickBooks.) -- C:\Windows\Installer\e4372a.msi [49439284]
~ WIS: 194 Legitimates Filtered in 25mn AMs
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\dealioToolbarInstall_RASAPI32 =>PUP.Dealio
HKLM\SOFTWARE\Microsoft\Tracing\dealioToolbarInstall_RASMANCS =>PUP.Dealio
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_en_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_D370CDE96771667E_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_D370CDE96771667E_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32 =>Adware.SearchSettings
HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS =>Adware.SearchSettings
~ BTK: 367 Legitimates Filtered in 00mn AMs
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{4C82B29E-294C-394A-B6F4-8BD92BEEF1BA}] (Intuit.SBD.ERDownloader.ExchangeRateDownloaderException) =>PUP.SoftwareEngine
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
[HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] (Ask Toolbar) =>Toolbar.Ask
~ BCK: 7524 Legitimates Filtered in 12mn AMs
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 4/11/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 2/15/2011 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Demand 4/16/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
SS - | Auto 2/4/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2/4/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 10/23/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 11/14/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Demand 10/19/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 3/14/2012 61440 | (QBFCService) . (.Intuit Inc..) - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
SS - | Demand 7/13/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Disabled 8/11/2009 39424 | (XobniService) . (.Xobni Corporation.) - C:\Program Files\Xobni\XobniService.exe
SR - | Auto 3/18/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 12/18/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 3/27/2009 14336 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agrsmsvc.exe
SR - | Auto 9/7/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 8/30/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 4/16/2009 20544 | (camsvc) . (.TOSHIBA.) - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
SR - | Auto 8/10/2009 185712 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
SR - | Auto 3/10/2009 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
SR - | Demand 7/13/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 7/13/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 7/13/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 10/19/2006 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 3/11/2014 22216 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 7/13/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 7/13/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 6/5/2012 45056 | (QBCFMonitorService) . (.Intuit.) - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
SR - | Auto 3/14/2012 1248256 | (QBVSS) . (.Intuit Inc..) - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
SR - | Auto 1/5/2014 69792 | (rpcnet) . (.Absolute Software Corp..) - C:\Windows\system32\rpcnet.exe
SR - | Auto 2/19/2009 57344 | (RSELSVC) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
SR - | Auto 2/14/2011 249648 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 4/1/2009 62776 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 7/28/2009 128344 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe
SR - | Auto 4/14/2009 176128 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TECO\TecoService.exe =>.Toshiba Corporation
SR - | Demand 8/3/2009 111960 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
SR - | Auto 4/9/2009 656752 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
SR - | Auto 7/13/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 13mn AMs
---\\ Scan Additionnel (O88)
Database Version : 13044 - (4/13/2014)
Clés trouvées (Keys found) : 51
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 9
Fichiers trouvés (Files found) : 6
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Shop to Win 4] =>Adware.ShopToWin^
[HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.Ask
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\APN] =>Toolbar.Ask
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater] =>Toolbar.Ask
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32] =>Toolbar.Ask
[HKLM\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs] =>Toolbar.Ask
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Ask^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShopperReports
C:\Program Files\Smart PC Cleaner =>Rogue.SmartPCCleaner^
C:\Users\Owner\AppData\Roaming\DefaultTab =>Adware.Bandoo^
C:\Users\Owner\AppData\Roaming\Smart PC Cleaner =>Rogue.SmartPCCleaner^
C:\Users\Owner\AppData\Local\lptmp1284 =>Adware.Incredibar^
C:\Program Files\Ask.com =>Toolbar.AskBar
C:\ProgramData\Partner =>Spyware.Partner
C:\Users\Owner\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
C:\Users\Owner\AppData\LocalLow\FunWebProducts =>Adware.MyWebSearch
C:\Users\Owner\AppData\LocalLow\MyWebSearch =>Adware.MyWebSearch
C:\Program Files\Ask.com\UpdateTask.exe =>Toolbar.Ask^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{4C82B29E-294C-394A-B6F4-8BD92BEEF1BA}] (Intuit.SBD.ERDownloader.ExchangeRateDownloaderException) =>PUP.SoftwareEngine^
[HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
[HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] (Ask Toolbar) =>Toolbar.Ask^
~ Additionnel Scan: 479529 Items scanned in 34mn AMs
---\\ Summary of the detections found on your workstation
http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
http://nicolascoolman.webs.com/apps/blog/show/32151568-adware-shoptowin =>Adware.ShopToWin
http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar
http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
http://nicolascoolman.webs.com/apps/blog/show/27529295-adware-searchsettings =>Adware.SearchSettings
http://nicolascoolman.webs.com/apps/blog/show/29758660-pup-softwareengine =>PUP.SoftwareEngine
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector
http://nicolascoolman.webs.com/apps/blog/show/28193283-spyware-partner =>Spyware.Partner
~ MSI: 10 link(s) detected in 00mn AMs
~ 2666 Legitimates filtered by white list
End of the scan (697 lines in 49mn AMs)(0)