Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

V9.com Hijack [Solved]

Started by brfpeeters , Oct 03 2012 06:05 AM

  • This topic is locked This topic is locked

#1
brfpeeters
Posted 03 October 2012 - 06:05 AM

brfpeeters

    New Member

  • Member
  • Pip
  • 7 posts
Hi falks!

I got problem with V9.com Hijack, it redirect my IE to its page, ever and ever.
I searched for any "V9" regkey and removed, I removed a "V9.exe" from my computer also, I tried a lot of things, and it still there.

I searched in the "Removal Guide" here to find out if you got something, but ... didn't find.

Pleas help me!

Thanks guys!
  • 0

Advertisements

#2
Essexboy
Posted 03 October 2012 - 06:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets have a quick look

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
brfpeeters
Posted 03 October 2012 - 07:12 AM

brfpeeters

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL logfile created on: 03/10/2012 09:59:50 - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Benoit\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

5,99 Gb Total Physical Memory | 3,71 Gb Available Physical Memory | 61,94% Memory free
11,98 Gb Paging File | 9,45 Gb Available in Paging File | 78,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 165,70 Gb Total Space | 104,44 Gb Free Space | 63,03% Space Free | Partition Type: NTFS
Drive D: | 299,96 Gb Total Space | 208,58 Gb Free Space | 69,54% Space Free | Partition Type: NTFS

Computer Name: BENOIT-PC | User Name: Benoit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/03 09:58:46 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Benoit\Desktop\OTL.exe
PRC - [2012/09/28 13:17:44 | 001,398,680 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2012/09/27 12:57:24 | 000,690,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/08/13 10:18:06 | 000,274,024 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/03/28 19:11:06 | 004,103,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe
PRC - [2012/03/09 16:26:58 | 001,073,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
PRC - [2010/10/25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/04/10 09:03:46 | 000,077,824 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2010/01/11 15:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Arquivos de Programas\Dell\DellDock\DockLogin.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/01/01 19:54:04 | 003,735,552 | ---- | M] (Google) -- C:\Users\Benoit\googletalk.exe
PRC - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/28 19:10:18 | 000,067,216 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS6\ASLSupport.dll
MOD - [2012/03/28 12:18:34 | 000,070,776 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS6\unihan.dll
MOD - [2012/03/28 12:18:26 | 000,374,960 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS6\Plug-ins\Filters\Sangam Readers\Reader For PageMaker.smrd
MOD - [2012/03/28 12:18:24 | 000,050,352 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS6\ALDFS32CJK.dll
MOD - [2012/03/28 12:18:24 | 000,046,256 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS6\ALDVM32CJK.dll
MOD - [2012/03/28 12:18:22 | 000,123,056 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS6\PMFileReader.dll
MOD - [2012/03/09 16:26:54 | 000,100,352 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\zlib1.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/08/14 10:15:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/23 01:35:04 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2012/09/05 22:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/08/13 10:18:06 | 000,274,024 | ---- | M] ( ) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2012/07/17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/11 15:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Arquivos de Programas\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/27 11:52:57 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/03/01 03:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/03/11 03:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/14 12:30:14 | 006,201,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 14:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/26 12:23:30 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/23 01:35:02 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/06/23 01:34:58 | 002,768,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 17:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2012/04/05 09:34:02 | 000,046,408 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\GbpKm.sys -- (GbpKm)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com.br
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC






IE - HKU\S-1-5-21-564107981-2342902310-1423014071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com.br
IE - HKU\S-1-5-21-564107981-2342902310-1423014071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKU\S-1-5-21-564107981-2342902310-1423014071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-564107981-2342902310-1423014071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-564107981-2342902310-1423014071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B 5F 1C 1B AF 9C CD 01 [binary data]
IE - HKU\S-1-5-21-564107981-2342902310-1423014071-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-564107981-2342902310-1423014071-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-564107981-2342902310-1423014071-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-564107981-2342902310-1423014071-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-564107981-2342902310-1423014071-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..keyword.URL: "http://websearch.ask...YYYYYYYYUS&&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/09/27 15:38:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/02 09:20:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/10/02 09:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benoit\AppData\Roaming\mozilla\Extensions
[2012/10/02 09:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/05 22:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 22:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/05 22:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/28 11:51:18 | 000,001,266 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Arquivos de Programas\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-564107981-2342902310-1423014071-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-564107981-2342902310-1423014071-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-564107981-2342902310-1423014071-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKU\S-1-5-21-564107981-2342902310-1423014071-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKU\S-1-5-21-564107981-2342902310-1423014071-1000\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.200.5 8.8.8.8 200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51EC3280-0725-4E80-B959-54BFE74FBB19}: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3C0E3F4-ABFE-40AD-8C74-9401176BA23B}: DhcpNameServer = 172.16.200.5 8.8.8.8 200.175.5.139
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{451aa90f-08a1-11e2-afdf-0026b9f17fee}\Shell - "" = AutoRun
O33 - MountPoints2\{451aa90f-08a1-11e2-afdf-0026b9f17fee}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{451aa90f-08a1-11e2-afdf-0026b9f17fee}\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{451aa90f-08a1-11e2-afdf-0026b9f17fee}\Shell\install\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/03 09:58:44 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Benoit\Desktop\OTL.exe
[2012/10/02 13:12:04 | 000,000,000 | ---D | C] -- C:\Users\Benoit\Desktop\SAVITA BHABHI COMPLETE COLLECTION TILL DATE
[2012/10/02 13:04:46 | 000,000,000 | ---D | C] -- C:\Users\Benoit\Desktop\Nikon D7000 Guide to Digital SLR Photography
[2012/10/02 09:20:32 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Mozilla
[2012/10/02 09:20:32 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Local\Mozilla
[2012/10/02 09:20:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/10/02 09:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/10/02 09:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/01 15:02:35 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webteh
[2012/10/01 08:29:10 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\BSplayer PRO
[2012/09/30 23:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/09/30 23:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/09/30 23:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/09/29 10:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/09/29 10:53:30 | 000,000,000 | ---D | C] -- C:\Users\Benoit\Documents\FFOutput
[2012/09/29 10:53:26 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/09/29 10:53:21 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2012/09/29 10:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime
[2012/09/29 09:04:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/09/29 09:04:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/09/29 08:07:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2012/09/29 08:07:46 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/09/28 17:30:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webteh
[2012/09/28 13:17:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2012/09/28 13:16:29 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\BitTorrent
[2012/09/28 11:52:17 | 000,046,408 | ---- | C] (GAS Tecnologia) -- C:\Windows\SysWow64\drivers\GbpKm.sys
[2012/09/28 11:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\GbPlugin
[2012/09/28 11:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GbPlugin
[2012/09/28 11:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012/09/28 10:58:26 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\ATI
[2012/09/28 10:58:26 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Local\ATI
[2012/09/28 10:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/09/28 10:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/09/28 10:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/09/28 10:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/09/28 10:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/09/28 10:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/09/28 10:56:02 | 000,433,152 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/09/28 10:56:02 | 000,202,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/09/28 10:56:02 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/09/28 10:56:02 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/09/28 10:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012/09/28 10:52:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
[2012/09/28 10:51:56 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\InstallShield
[2012/09/28 10:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/09/28 10:50:56 | 000,395,048 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2012/09/28 10:50:56 | 000,260,904 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2012/09/28 10:50:56 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2012/09/28 10:50:56 | 000,203,560 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2012/09/28 10:50:56 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2012/09/28 10:50:56 | 000,147,752 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll
[2012/09/28 10:50:56 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2012/09/28 10:50:55 | 000,272,432 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2012/09/28 10:50:55 | 000,000,000 | ---D | C] -- C:\dell
[2012/09/28 08:48:16 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Local\Google
[2012/09/27 15:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/09/27 15:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012/09/27 15:30:25 | 000,000,000 | ---D | C] -- C:\Users\Benoit\Tracing
[2012/09/27 15:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/09/27 15:28:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012/09/27 15:25:36 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Local\Windows Live
[2012/09/27 15:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012/09/27 15:22:52 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\PACE Anti-Piracy
[2012/09/27 15:22:52 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Local\PACE Anti-Piracy
[2012/09/27 15:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2012/09/27 15:22:47 | 000,000,000 | ---D | C] -- C:\Users\Benoit\Documents\Adobe
[2012/09/27 13:06:09 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/27 12:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2012/09/27 12:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DsNET Corp
[2012/09/27 12:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/09/27 11:53:09 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\TrueCrypt
[2012/09/27 11:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012/09/27 11:52:57 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012/09/27 11:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2012/09/27 11:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\RICOH
[2012/09/27 10:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks
[2012/09/27 10:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2BrightSparks
[2012/09/27 10:08:50 | 000,000,000 | ---D | C] -- C:\Users\Benoit\Documents\Arquivos do Outlook
[2012/09/27 10:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/09/27 10:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/09/27 10:00:04 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Dell
[2012/09/27 10:00:02 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/09/27 10:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/09/27 09:59:26 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Local\Stardock_Corporation
[2012/09/27 09:59:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{8BBA44BE-D722-4F33-ADE1-4A3A86653355}
[2012/09/27 09:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2012/09/27 09:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2012/09/27 09:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2012/09/27 09:59:09 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Local\PackageAware
[2012/09/27 09:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/09/27 09:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/09/27 09:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/09/27 09:57:52 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Local\Microsoft Help
[2012/09/27 09:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/09/27 09:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/09/27 09:57:38 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/09/27 09:56:47 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2012/09/27 09:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2012/09/27 09:56:28 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2012/09/27 09:56:28 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2012/09/27 09:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2012/09/27 09:31:38 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2012/09/27 09:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2012/09/27 09:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2012/09/27 09:30:34 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\WinRAR
[2012/09/27 09:29:47 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/09/27 09:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/09/27 09:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/09/27 08:58:05 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Skype
[2012/09/27 08:58:01 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/09/27 08:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/27 08:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/27 08:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/09/26 22:27:37 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/09/26 22:27:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem
[2012/09/26 22:26:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2012/09/26 22:26:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\pt-BR
[2012/09/26 22:26:25 | 000,000,000 | ---D | C] -- C:\Windows\pt-BR
[2012/09/26 22:26:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2012/09/26 22:24:18 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\pt-BR\pscr.sys.mui
[2012/09/26 22:24:01 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\pt-BR\BrSerIb.sys.mui
[2012/09/26 22:24:00 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\pt-BR\BrSerId.sys.mui
[2012/09/26 22:24:00 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\pt-BR\BrParwdm.sys.mui
[2012/09/26 21:00:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/09/26 21:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/09/26 20:57:51 | 000,000,000 | ---D | C] -- C:\Users\Benoit\Adobe Flash Builder 4.6
[2012/09/26 20:54:31 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2012/09/26 20:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2012/09/26 20:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/09/26 20:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2012/09/26 20:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/09/26 20:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/09/26 20:50:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/09/26 20:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
[2012/09/26 20:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/09/26 20:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/09/26 20:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/09/26 20:45:37 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Macromedia
[2012/09/26 20:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/09/26 20:45:26 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Adobe
[2012/09/26 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Local\Adobe
[2012/09/26 20:21:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vmm32
[2012/09/26 20:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
[2012/09/26 20:20:48 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/09/26 17:38:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/09/26 17:37:26 | 000,000,000 | R--D | C] -- C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/09/26 17:37:26 | 000,000,000 | R--D | C] -- C:\Users\Benoit\Searches
[2012/09/26 17:37:26 | 000,000,000 | R--D | C] -- C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/09/26 17:37:19 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Identities
[2012/09/26 17:37:17 | 000,000,000 | R--D | C] -- C:\Users\Benoit\Contacts
[2012/09/26 17:37:16 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Local\VirtualStore
[2012/09/26 17:37:10 | 000,000,000 | --SD | C] -- C:\Users\Benoit\AppData\Roaming\Microsoft
[2012/09/26 17:37:10 | 000,000,000 | R--D | C] -- C:\Users\Benoit\Videos
[2012/09/26 17:37:10 | 000,000,000 | R--D | C] -- C:\Users\Benoit\Saved Games
[2012/09/26 17:37:10 | 000,000,000 | R--D | C] -- C:\Users\Benoit\Pictures
[2012/09/26 17:37:10 | 000,000,000 | R--D | C] -- C:\Users\Benoit\Music
[2012/09/26 17:37:10 | 000,000,000 | R--D | C] -- C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/09/26 17:37:10 | 000,000,000 | R--D | C] -- C:\Users\Benoit\Links
[2012/09/26 17:37:10 | 000,000,000 | R--D | C] -- C:\Users\Benoit\Favorites
[2012/09/26 17:37:10 | 000,000,000 | R--D | C] -- C:\Users\Benoit\Downloads
[2012/09/26 17:37:10 | 000,000,000 | R--D | C] -- C:\Users\Benoit\Documents
[2012/09/26 17:37:10 | 000,000,000 | R--D | C] -- C:\Users\Benoit\Desktop
[2012/09/26 17:37:10 | 000,000,000 | R--D | C] -- C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/09/26 17:37:10 | 000,000,000 | -HSD | C] -- C:\Users\Benoit\AppData\Local\Temporary Internet Files
[2012/09/26 17:37:10 | 000,000,000 | -HSD | C] -- C:\Users\Benoit\SendTo
[2012/09/26 17:37:10 | 000,000,000 | -HSD | C] -- C:\Users\Benoit\Recent
[2012/09/26 17:37:10 | 000,000,000 | -HSD | C] -- C:\Users\Benoit\Modelos
[2012/09/26 17:37:10 | 000,000,000 | -HSD | C] -- C:\Users\Benoit\Documents\Minhas músicas
[2012/09/26 17:37:10 | 000,000,000 | -HSD | C] -- C:\Users\Benoit\Documents\Minhas imagens
[2012/09/26 17:37:10 | 000,000,000 | -HSD | C] -- C:\Users\Benoit\Documents\Meus vídeos
[2012/09/26 17:37:10 | 000,000,000 | -HSD | C] -- C:\Users\Benoit\Meus documentos
[2012/09/26 17:37:10 | 000,000,000 | -HSD | C] -- C:\Users\Benoit\Menu Iniciar
[2012/09/26 17:37:10 | 000,000,000 | -HSD | C] -- C:\Users\Benoit\AppData\Local\Histórico
[2012/09/26 17:37:10 | 000,000,000 | -HSD | C] -- C:\Users\Benoit\Dados de aplicativos
[2012/09/26 17:37:10 | 000,000,000 | -HSD | C] -- C:\Users\Benoit\AppData\Local\Dados de aplicativos
[2012/09/26 17:37:10 | 000,000,000 | -HSD | C] -- C:\Users\Benoit\Cookies
[2012/09/26 17:37:10 | 000,000,000 | -HSD | C] -- C:\Users\Benoit\Configurações locais
[2012/09/26 17:37:10 | 000,000,000 | -HSD | C] -- C:\Users\Benoit\Ambiente de rede
[2012/09/26 17:37:10 | 000,000,000 | -HSD | C] -- C:\Users\Benoit\Ambiente de impressão
[2012/09/26 17:37:10 | 000,000,000 | -H-D | C] -- C:\Users\Benoit\AppData
[2012/09/26 17:37:10 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Local\Temp
[2012/09/26 17:37:10 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Local\Microsoft
[2012/09/26 17:37:10 | 000,000,000 | ---D | C] -- C:\Users\Benoit\AppData\Roaming\Media Center Programs
[2012/09/26 17:36:58 | 000,000,000 | -HSD | C] -- C:\Program Files\Common Files\Sistema
[2012/09/26 17:36:58 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/09/26 17:36:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modelos
[2012/09/26 17:36:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas músicas
[2012/09/26 17:36:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas imagens
[2012/09/26 17:36:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Meus vídeos
[2012/09/26 17:36:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Iniciar
[2012/09/26 17:36:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoritos
[2012/09/26 17:36:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documentos
[2012/09/26 17:36:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dados de aplicativos
[2012/09/26 17:36:58 | 000,000,000 | -HSD | C] -- C:\Arquivos de Programas
[2012/09/26 17:36:58 | 000,000,000 | -HSD | C] -- C:\Program Files\Arquivos Comuns
[2012/09/26 17:28:40 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/09/26 17:28:05 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2007/01/01 19:54:04 | 003,735,552 | ---- | C] (Google) -- C:\Users\Benoit\googletalk.exe

========== Files - Modified Within 30 Days ==========

[2012/10/03 09:58:46 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Benoit\Desktop\OTL.exe
[2012/10/03 08:16:48 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 08:16:48 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 08:14:27 | 001,628,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/03 08:14:27 | 000,703,580 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/10/03 08:14:27 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/03 08:14:27 | 000,146,366 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/10/03 08:14:27 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/03 08:09:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/03 08:09:22 | 527,835,135 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/02 12:46:47 | 008,019,677 | ---- | M] () -- C:\Users\Benoit\Desktop\T3 V.pdf
[2012/10/02 08:49:12 | 005,659,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/01 15:02:35 | 000,001,143 | ---- | M] () -- C:\Users\Benoit\Desktop\BS.Player PRO.lnk
[2012/10/01 11:15:39 | 003,053,671 | ---- | M] () -- C:\Users\Benoit\Desktop\Cartilha PDCA - Estudo V2.pdf
[2012/09/29 08:22:19 | 001,596,136 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/29 07:51:24 | 003,014,493 | ---- | M] () -- C:\Users\Benoit\Desktop\John Lennon - Imagine Karaoke (With no vocals!).mp3
[2012/09/29 07:50:52 | 003,208,426 | ---- | M] () -- C:\Users\Benoit\Desktop\Imagine - john lennon karaoke.mp3
[2012/09/29 07:50:41 | 000,038,127 | ---- | M] () -- C:\Users\Benoit\Desktop\20120927173813746207u[1].jpg
[2012/09/28 17:30:06 | 013,508,082 | ---- | M] () -- C:\Users\Benoit\Desktop\BSPlayer Pro v2.57 + Key.rar
[2012/09/28 11:51:18 | 000,001,266 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/28 10:54:02 | 000,001,735 | ---- | M] () -- C:\Windows\SysNative\Uninst_EAPModules.bat
[2012/09/28 10:52:30 | 000,898,624 | ---- | M] () -- C:\Windows\SysNative\oem5.inf
[2012/09/28 10:51:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/09/28 08:48:16 | 000,079,625 | ---- | M] () -- C:\Users\Benoit\uninstall.exe
[2012/09/27 16:35:18 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4 64-bits.lnk
[2012/09/27 14:39:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/09/27 11:52:57 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012/09/27 11:48:26 | 000,000,606 | ---- | M] () -- C:\Windows\SysNative\ricdb.ini
[2012/09/27 09:59:26 | 000,001,978 | ---- | M] () -- C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2012/09/27 09:56:47 | 000,000,989 | ---- | M] () -- C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/09/27 08:25:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/09/27 08:25:00 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/09/26 22:26:17 | 000,323,154 | ---- | M] () -- C:\Windows\SysNative\prfi0416.dat
[2012/09/26 22:26:17 | 000,038,536 | ---- | M] () -- C:\Windows\SysNative\prfd0416.dat
[2012/09/26 17:31:17 | 000,047,762 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/09/26 17:31:17 | 000,047,762 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/09/26 17:30:19 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

========== Files Created - No Company Name ==========

[2012/10/01 16:45:28 | 008,019,677 | ---- | C] () -- C:\Users\Benoit\Desktop\T3 V.pdf
[2012/10/01 15:02:35 | 000,001,143 | ---- | C] () -- C:\Users\Benoit\Desktop\BS.Player PRO.lnk
[2012/10/01 11:07:45 | 003,053,671 | ---- | C] () -- C:\Users\Benoit\Desktop\Cartilha PDCA - Estudo V2.pdf
[2012/09/28 17:30:17 | 010,736,296 | ---- | C] () -- C:\Users\Benoit\Desktop\bsplayer_pro257.1051.exe
[2012/09/28 17:29:26 | 013,508,082 | ---- | C] () -- C:\Users\Benoit\Desktop\BSPlayer Pro v2.57 + Key.rar
[2012/09/28 17:27:48 | 003,014,493 | ---- | C] () -- C:\Users\Benoit\Desktop\John Lennon - Imagine Karaoke (With no vocals!).mp3
[2012/09/28 17:22:36 | 003,208,426 | ---- | C] () -- C:\Users\Benoit\Desktop\Imagine - john lennon karaoke.mp3
[2012/09/28 10:56:02 | 000,332,288 | ---- | C] () -- C:\Windows\SysNative\ATIODE.exe
[2012/09/28 10:56:02 | 000,286,560 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/09/28 10:56:02 | 000,286,560 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/09/28 10:56:02 | 000,197,654 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2012/09/28 10:56:02 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\ATIODCLI.exe
[2012/09/28 10:56:02 | 000,018,632 | ---- | C] () -- C:\Windows\atiogl.xml
[2012/09/28 10:52:37 | 000,898,624 | ---- | C] () -- C:\Windows\SysNative\oem5.inf
[2012/09/28 10:52:07 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
[2012/09/28 10:52:06 | 000,058,368 | ---- | C] () -- C:\Windows\SysNative\bcmwlrmt.dll
[2012/09/28 10:52:06 | 000,001,735 | ---- | C] () -- C:\Windows\SysNative\Uninst_EAPModules.bat
[2012/09/28 10:52:06 | 000,000,459 | ---- | C] () -- C:\Windows\SysWow64\vcredist_x64.bat
[2012/09/28 10:52:06 | 000,000,457 | ---- | C] () -- C:\Windows\SysNative\vcredist_x64.bat
[2012/09/28 10:51:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/09/28 08:53:14 | 000,038,127 | ---- | C] () -- C:\Users\Benoit\Desktop\20120927173813746207u[1].jpg
[2012/09/28 08:48:16 | 000,079,625 | ---- | C] () -- C:\Users\Benoit\uninstall.exe
[2012/09/27 16:35:18 | 000,002,063 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4 64 bits.lnk
[2012/09/27 16:35:18 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4 64-bits.lnk
[2012/09/27 15:38:31 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012/09/27 15:38:31 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012/09/27 15:29:30 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012/09/27 15:29:21 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012/09/27 15:29:11 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/09/27 14:39:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/09/27 12:49:50 | 001,596,136 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/27 11:56:08 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2012/09/27 11:56:08 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012/09/27 11:48:26 | 000,000,606 | ---- | C] () -- C:\Windows\SysNative\ricdb.ini
[2012/09/27 09:59:26 | 000,001,978 | ---- | C] () -- C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2012/09/27 09:56:47 | 000,000,989 | ---- | C] () -- C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/09/27 08:25:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/09/27 08:25:00 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/09/26 22:27:12 | 000,000,024 | RH-- | C] () -- C:\Windows\DELL_version
[2012/09/26 22:26:44 | 000,703,580 | ---- | C] () -- C:\Windows\SysNative\prfh0416.dat
[2012/09/26 22:26:44 | 000,323,154 | ---- | C] () -- C:\Windows\SysNative\prfi0416.dat
[2012/09/26 22:26:44 | 000,146,366 | ---- | C] () -- C:\Windows\SysNative\prfc0416.dat
[2012/09/26 22:26:44 | 000,038,536 | ---- | C] () -- C:\Windows\SysNative\prfd0416.dat
[2012/09/26 20:54:58 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012/09/26 20:51:53 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/09/26 17:37:27 | 000,001,513 | ---- | C] () -- C:\Users\Benoit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/09/26 17:31:10 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/09/26 17:31:04 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/09/26 17:30:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/09/26 17:28:05 | 527,835,135 | -HS- | C] () -- C:\hiberfil.sys
[2007/01/01 20:00:20 | 000,069,632 | ---- | C] () -- C:\Users\Benoit\gtalkwmp1.dll

========== ZeroAccess Check ==========

[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 02:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 22:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/03 10:02:22 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\BitTorrent
[2012/10/01 15:04:33 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\BSplayer PRO
[2012/09/29 08:07:46 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/09/27 15:22:52 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\PACE Anti-Piracy
[2012/09/27 13:06:09 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/27 11:54:46 | 000,000,000 | ---D | M] -- C:\Users\Benoit\AppData\Roaming\TrueCrypt

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 22:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009/07/13 22:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 22:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2009/07/13 22:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2009/07/13 22:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 04:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 22:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 22:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 19:01:38 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/04/24 02:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/04/24 01:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2009/07/13 22:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2009/07/13 22:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 22:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 03:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 22:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 22:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 22:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 22:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/13 22:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 22:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 22:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 22:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 22:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 22:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2009/07/13 22:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 22:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 08:21:59 | 000,404,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 03:29:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 04:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 22:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/07/13 22:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2009/07/13 22:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2009/07/13 22:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 04:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2010/12/21 03:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/08/27 03:14:02 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2009/07/13 22:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/13 22:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/02 02:16:53 | 001,114,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2009/07/13 22:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 22:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 22:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/02 02:32:43 | 000,208,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2009/07/13 22:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2009/07/13 22:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2009/07/13 22:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2009/07/13 22:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:64bit: - [2009/07/13 22:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2009/07/13 22:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2009/07/13 22:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2009/07/13 22:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2009/07/13 22:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 22:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 19:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2009/07/13 22:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 22:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/07/13 22:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 03:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 03:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 02:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 22:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 02:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 02:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 02:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 03:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 03:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 09:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 03:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 03:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 02:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 10:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 03:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 02:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 22:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 03:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 03:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 03:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 10:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 22:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\SysNative\qmgr.dll
[2009/07/13 22:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 18:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.AIP >
[2012/03/29 20:35:50 | 000,375,952 | ---- | M] (Adobe Systems Incorporated) MD5=5965DFD83E10938A579952EB58C10298 -- C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Plug-ins\Extensions\Services.aip
[2012/03/29 20:35:50 | 000,297,104 | ---- | M] (Adobe Systems Incorporated) MD5=8311BFD3FD21EB8089259C491406A7B0 -- C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.ASFX >
[2010/10/25 15:15:46 | 000,000,230 | ---- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services\Services.asfx
[2010/10/25 15:15:46 | 000,000,231 | ---- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2010/10/25 15:13:46 | 000,032,633 | ---- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg

< MD5 for: SERVICES.CFSERVICE.JAR >
[2012/03/16 03:33:04 | 000,142,226 | ---- | M] () MD5=18D9FCB12CE658BA4D24D8DC2D641BA6 -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.CFService_4.6.1.335153\services.CFService.jar

< MD5 for: SERVICES.EXE >
[2009/07/13 22:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 22:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 23:50:42 | 000,018,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\pt-BR\services.exe.mui
[2009/07/13 23:50:42 | 000,018,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c78e6f42ac5a3207\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 01:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 17:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 17:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/06/10 17:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 17:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/13 23:54:28 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\SysNative\pt-BR\services.msc
[2009/07/13 23:46:26 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\SysWOW64\pt-BR\services.msc
[2009/07/13 23:54:28 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_01d03f2e82c3cbfa\services.msc
[2009/07/13 23:46:26 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc

< MD5 for: SERVICES.PHPSERVICE.JAR >
[2012/03/16 03:33:06 | 000,149,053 | ---- | M] () MD5=EDDA59974541208844A9FE430268D469 -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.PHPService_4.6.1.335153\services.PHPService.jar

< MD5 for: SERVICES.PTXML >
[2009/07/13 17:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 17:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 04:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SERVICES.STATICCONTENTSERVICE.JAR >
[2012/03/16 03:33:06 | 000,072,917 | ---- | M] () MD5=15E17BFD2088059A73A22119D0D1613A -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.StaticContentService_4.6.1.335153\services.StaticContentService.jar

< MD5 for: SERVICES.WEBSERVICE.DERIVED.JAR >
[2012/03/16 03:33:06 | 000,183,653 | ---- | M] () MD5=1BEE56EAF2A85F3662291392C8804E1E -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\eclipse\plugins\com.adobe.flexbuilder.services.WEBService.derived_4.6.1.335153\services.WEBService.derived.jar

< MD5 for: SVCHOST.EXE >
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 22:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 22:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 09:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 22:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 22:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 10:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 10:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 22:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 04:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 03:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 03:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst
@Alternate Data Stream - 1193 bytes -> C:\Users\Benoit\AppData\Local\KKqp5xbrAw:6dS21V2rvlpXdJ5U
@Alternate Data Stream - 1166 bytes -> C:\Users\Benoit\AppData\Local\Temp:w7vIhAl4JhVi7WmIzJZSGTWh8

< End of report >
  • 0

#4
brfpeeters
Posted 03 October 2012 - 07:22 AM

brfpeeters

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL Extras logfile created on: 03/10/2012 09:59:50 - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Benoit\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

5,99 Gb Total Physical Memory | 3,71 Gb Available Physical Memory | 61,94% Memory free
11,98 Gb Paging File | 9,45 Gb Available in Paging File | 78,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 165,70 Gb Total Space | 104,44 Gb Free Space | 63,03% Space Free | Partition Type: NTFS
Drive D: | 299,96 Gb Total Space | 208,58 Gb Free Space | 69,54% Space Free | Partition Type: NTFS

Computer Name: BENOIT-PC | User Name: Benoit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1592E5C8-939F-4EF1-A0FD-E2E4AD8F311D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{58EDF21E-5B12-4A8D-A241-3E7DEDE260B4}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
"{7393A816-FF60-4438-99F7-540C35174FD0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B0083275-689B-4B12-9189-DFF1293B3745}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080DBAA1-7F5F-42B6-AB19-5DFAAFD49C2A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1D713954-385C-4D3D-BFF2-3DA4BFFBD24C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A2C2C430-AEE8-4159-BA28-EE4C85328F20}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{A3C05660-4BBF-4CB0-B9AC-3ABE10591C5D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AC59618F-2DE3-4D51-B88F-3EFBA28514F6}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{BF979586-15B0-4E25-A666-BADE128BE49D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CE09D2E7-0E3B-4F2A-A36A-DCAE9B2C3997}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{DCD1B77F-9D56-4836-9CE0-6D4586A1846F}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{F9F6CBDE-545E-4975-AAC9-C16240528579}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{669A82E0-43E2-4645-8A2E-1A3DE78F8312}" = Adobe Photoshop Lightroom 4 64-bit
"{67556AEF-4CB7-9D36-FBCD-E080A0C2BE6F}" = ATI AVIVO64 Codecs
"{6C8EEF0B-C4BE-35A7-BF08-7C3C667EB62A}" = Microsoft .NET Framework 4 Extended PTB Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0012-0000-1000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0416-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-1000-0000000FF1CE}_Office14.STANDARD_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0416-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-1000-0000000FF1CE}_Office14.STANDARD_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0416-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-1000-0000000FF1CE}_Office14.STANDARD_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0416-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-1000-0000000FF1CE}_Office14.STANDARD_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0416-1000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-1000-0000000FF1CE}_Office14.STANDARD_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.STANDARD_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-1000-0000000FF1CE}_Office14.STANDARD_{5A876683-AEAB-45E2-BA33-A767B54DB7E2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.STANDARD_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0416-1000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-002C-0416-1000-0000000FF1CE}_Office14.STANDARD_{0FDF2566-665E-4F8A-B1AD-A0FE52B4224E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0416-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
"{90140000-0043-0416-1000-0000000FF1CE}_Office14.STANDARD_{0C40F8A4-7695-48F7-8CAE-634D3882009B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0416-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-1000-0000000FF1CE}_Office14.STANDARD_{8F2AC896-0A49-4054-83BF-3B03E6FBE7CD}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0416-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-1000-0000000FF1CE}_Office14.STANDARD_{E7D06FCA-190E-41AC-BED3-CD41B0E383DC}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DF73B989-7D0F-5ED8-6133-6F9E27C1C1C9}" = ATI Catalyst Install Manager
"{F325B47E-7592-7556-52F6-3D3D3842A028}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
"Office14.STANDARD" = Microsoft Office Standard 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05886DF5-4816-0808-67D3-CC7583FF2412}" = CCC Help Spanish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B41DC4A-DF1E-949F-5665-31483F2C72F4}" = Catalyst Control Center Graphics Previews Vista
"{0B5FDC99-E373-4F0F-938D-42AD090BACC0}" = Windows Live UX Platform Language Pack
"{0D961826-E722-B86D-7BA7-AA70A0B110C5}" = Catalyst Control Center Graphics Previews Common
"{0EA3F981-CC0C-E079-726E-CD0F7D23F2AA}" = Catalyst Control Center Localization All
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{10CE3DC0-A77E-7661-13F4-25D30BC113B2}" = Catalyst Control Center Graphics Full New
"{1204CCB8-9A7D-3375-C8E0-6A4FA16A4036}" = CCC Help Chinese Traditional
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1C11FFE1-50D3-B755-A8A7-8363385B4CA3}" = CCC Help Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21B8371C-9EBA-2CB4-E0A2-9DF0C4A074EC}" = Catalyst Control Center Core Implementation
"{27A21358-02A7-B745-ABBE-25566FE9B397}" = Catalyst Control Center Graphics Full Existing
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2D598A54-750B-4120-B8AD-ED938F74932C}" = Windows Live Essentials
"{32778D4F-E904-E33E-0C48-15E672604D09}" = Catalyst Control Center InstallProxy
"{3444DB77-6D7A-9553-2EE1-60D2A4D003D3}" = CCC Help German
"{34842CCC-AE14-61AE-C8FB-87FAD755B483}" = CCC Help Russian
"{3D65CEB1-0709-43EB-D6CF-DB66D3FAB2D4}" = CCC Help Japanese
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{46AEE281-3436-46EF-A36D-163F7125A290}" = Galeria de Fotos
"{49F1C7D8-B6D5-448C-C9D5-F6C2E3889B16}" = CCC Help Norwegian
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53104B7F-FE3A-B641-1E46-89870E1A63D8}" = CCC Help Chinese Standard
"{5E2E222D-D776-A325-362C-B95017148AB1}" = CCC Help Dutch
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6A6CD707-5B29-5069-B571-2778668C952F}" = CCC Help Finnish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{7AEEF79F-4278-4510-AAD0-23AD14508217}" = Photo Common
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{856DC9B3-F770-9F58-E939-EBEB66C880C1}" = CCC Help Portuguese
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56904D-6C69-DA2A-F573-9F362C55CB6C}" = CCC Help Swedish
"{A5163E8D-19B6-4AFD-A43B-9723A1796AE3}" = Windows Live Messenger
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AEBE7912-AA50-42EB-BBDA-AB352C4D8FAA}" = Movie Maker
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B51C759D-20FD-A4B0-83D1-C4F45E60EC8B}" = CCC Help English
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B862DF65-94C8-6119-1096-2B230D7A6C0E}" = ccc-core-static
"{B9CB74A9-8C7C-16C1-D75A-199B4331CEC2}" = CCC Help French
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{D489B636-E9AB-C08A-ED7B-EA21B2D3D633}" = CCC Help Korean
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DDDBB2E2-D331-1DB1-7FC0-AB896FDCA8AE}" = Catalyst Control Center Graphics Light
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FB2BED9C-50ED-F5C9-1475-B6C15D21C02A}" = CCC Help Italian
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"aTube Catcher" = aTube Catcher
"BitTorrent" = BitTorrent
"BSPlayerp" = BS.Player PRO
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Dell Dock" = Dell Dock
"FormatFactory" = FormatFactory 2.95
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SyncBack_is1" = SyncBack
"TrueCrypt" = TrueCrypt
"V9Software" = Programa de Desinstalação para Página Inicial V9
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-564107981-2342902310-1423014071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/09/2012 08:05:52 | Computer Name = Benoit-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: GbpSv.exe, versão: 2.4.6.0, carimbo
de hora: 0x5006b287 Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo de
hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha: 0x73596a34
Identificação
do processo com falha: 0x32c Hora de início do aplicativo com falha: 0x01cd9e3a859023f3
Caminho
do aplicativo com falha: C:\PROGRA~2\GbPlugin\GbpSv.exe FCaminho do módulo de falhas:
unknown Identificação do Relatório: 033d2436-0a2e-11e2-b1ca-0026b9f17fee

Error - 29/09/2012 08:05:55 | Computer Name = Benoit-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: DockLogin.exe, versão: 6.1.0.0, carimbo
de hora: 0x48ad9601 Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo
de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha: 0x73596a34
Identificação
do processo com falha: 0x4a0 Hora de início do aplicativo com falha: 0x01cd9e3a88e97119
Caminho
do aplicativo com falha: C:\Program Files\Dell\DellDock\DockLogin.exe FCaminho do
módulo de falhas: unknown Identificação do Relatório: 0503cb0a-0a2e-11e2-b1ca-0026b9f17fee

Error - 29/09/2012 08:05:59 | Computer Name = Benoit-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: srvany.exe, versão: 0.0.0.0, carimbo
de hora: 0x3ea0a111 Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo
de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha: 0x73596a34
Identificação
do processo com falha: 0x6a4 Hora de início do aplicativo com falha: 0x01cd9e3a8ca18fa8
Caminho
do aplicativo com falha: C:\Windows\SysWOW64\srvany.exe FCaminho do módulo de falhas:
unknown Identificação do Relatório: 078b4154-0a2e-11e2-b1ca-0026b9f17fee

Error - 29/09/2012 08:05:59 | Computer Name = Benoit-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: KMService.exe, versão: 0.0.0.0, carimbo
de hora: 0x4b612e24 Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo
de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha: 0x73596a34
Identificação
do processo com falha: 0x6c0 Hora de início do aplicativo com falha: 0x01cd9e3a8ca3f108
Caminho
do aplicativo com falha: C:\Windows\KMService.exe FCaminho do módulo de falhas:
unknown Identificação do Relatório: 07aef5f9-0a2e-11e2-b1ca-0026b9f17fee

Error - 29/09/2012 08:06:00 | Computer Name = Benoit-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: c2c_service.exe, versão: 6.2.0.10687,
carimbo de hora: 0x5028f40e Nome do módulo de falhas: unknown, versão: 0.0.0.0,
carimbo de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha:
0x73596a34 Identificação do processo com falha: 0x6fc Hora de início do aplicativo
com falha: 0x01cd9e3a8ca65268 Caminho do aplicativo com falha: C:\ProgramData\Skype\Toolbars\Skype
C2C Service\c2c_service.exe FCaminho do módulo de falhas: unknown Identificação do
Relatório: 07cb867c-0a2e-11e2-b1ca-0026b9f17fee

Error - 29/09/2012 08:06:00 | Computer Name = Benoit-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: Updater.exe, versão: 5.10.1.44067, carimbo
de hora: 0x5000146c Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo
de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha: 0x73596a34
Identificação
do processo com falha: 0x748 Hora de início do aplicativo com falha: 0x01cd9e3a8cb49aaa
Caminho
do aplicativo com falha: C:\Program Files (x86)\Skype\Updater\Updater.exe FCaminho
do módulo de falhas: unknown Identificação do Relatório: 07f8c0a1-0a2e-11e2-b1ca-0026b9f17fee

Error - 29/09/2012 11:56:48 | Computer Name = Benoit-PC | Source = EventSystem | ID = 4621
Description =

Error - 01/10/2012 09:28:40 | Computer Name = Benoit-PC | Source = SideBySide | ID = 16842815
Description = Falha na geração de contexto de ativação para "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll". Erro no arquivo de manifesto ou de diretiva
c:\program files (x86)\spybot - search & destroy\DelZip179.dll", na linha 8. O valor
"*" do atributo language no elemento assemblyIdentity é inválido.

Error - 01/10/2012 16:38:35 | Computer Name = Benoit-PC | Source = EventSystem | ID = 4622
Description =

Error - 02/10/2012 16:05:27 | Computer Name = Benoit-PC | Source = Application Hang | ID = 1002
Description = O programa iexplore.exe versão 9.0.8112.16450 parou de interagir com
o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
verifique o histórico de problemas no painel de controle da Central de Ações. ID
de Processo: 1b0c Hora de Início: 01cda0d91e39b035 Hora de Término: 1003 Caminho do
Aplicativo: C:\Program Files (x86)\internet explorer\iexplore.exe Id do Relatório:


[ System Events ]
Error - 01/10/2012 10:16:00 | Computer Name = Benoit-PC | Source = Schannel | ID = 36888
Description = O seguinte alerta fatal foi gerado: 10. O estado do erro interno é
10.

Error - 02/10/2012 11:48:46 | Computer Name = Benoit-PC | Source = Schannel | ID = 36888
Description = O seguinte alerta fatal foi gerado: 10. O estado do erro interno é
10.

Error - 02/10/2012 12:13:34 | Computer Name = Benoit-PC | Source = Schannel | ID = 36888
Description = O seguinte alerta fatal foi gerado: 10. O estado do erro interno é
10.

Error - 02/10/2012 15:00:44 | Computer Name = Benoit-PC | Source = Schannel | ID = 36888
Description = O seguinte alerta fatal foi gerado: 10. O estado do erro interno é
10.

Error - 02/10/2012 15:01:02 | Computer Name = Benoit-PC | Source = Schannel | ID = 36888
Description = O seguinte alerta fatal foi gerado: 10. O estado do erro interno é
10.

Error - 02/10/2012 15:09:13 | Computer Name = Benoit-PC | Source = Schannel | ID = 36888
Description = O seguinte alerta fatal foi gerado: 10. O estado do erro interno é
10.

Error - 02/10/2012 15:15:02 | Computer Name = Benoit-PC | Source = Schannel | ID = 36888
Description = O seguinte alerta fatal foi gerado: 10. O estado do erro interno é
10.

Error - 02/10/2012 15:32:05 | Computer Name = Benoit-PC | Source = Schannel | ID = 36888
Description = O seguinte alerta fatal foi gerado: 10. O estado do erro interno é
10.

Error - 02/10/2012 15:33:42 | Computer Name = Benoit-PC | Source = Schannel | ID = 36888
Description = O seguinte alerta fatal foi gerado: 10. O estado do erro interno é
10.

Error - 02/10/2012 15:50:29 | Computer Name = Benoit-PC | Source = Schannel | ID = 36888
Description = O seguinte alerta fatal foi gerado: 10. O estado do erro interno é
10.


< End of report >
  • 0

#5
Essexboy
Posted 03 October 2012 - 07:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This may be tricky to remove

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
@Alternate Data Stream - 1193 bytes -> C:\Users\Benoit\AppData\Local\KKqp5xbrAw:6dS21V2rvlpXdJ5U
@Alternate Data Stream - 1166 bytes -> C:\Users\Benoit\AppData\Local\Temp:w7vIhAl4JhVi7WmIzJZSGTWh8

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#6
Essexboy
Posted 03 October 2012 - 07:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Also have you uninstalled this from Control Panel ?

"V9Software" = Programa de Desinstalação para Página Inicial V9
  • 0

#7
brfpeeters
Posted 03 October 2012 - 07:46 AM

brfpeeters

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
No, I deleted the "V9" simply erasing the folder... I confess.
  • 0

#8
Essexboy
Posted 03 October 2012 - 07:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not a problem, let me know if the redirects still occur after reboot

Also do you have an IE shortcut on the desktop ? If so delete that
  • 0

#9
brfpeeters
Posted 03 October 2012 - 08:14 AM

brfpeeters

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The script you gave me will reset the Host files isnt'it?
(because I need what is in it for Adobe Master Suite)
  • 0

#10
Essexboy
Posted 03 October 2012 - 08:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Delete the following line from the fix script :

[resethosts]
  • 0

#11
brfpeeters
Posted 03 October 2012 - 08:23 AM

brfpeeters

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I need to apologize.... (is the word correct).....

Seems that, when I searched and deleted the "V9" lines from REGfile and delete the "V9.EXE" I solved the problem.
I just saw that the V9 webpage only open when I use the IE shortcut I got in the taskbar...
I took a close look at it and I discover this:

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.v9.com/?u...b&utm_medium=ff

That mean that the shortcut has been modified by the V9 HiJack, and even I deleted regfile entry and .exe, that specific shortcut was leading to their webpage yet!

Taht information can be usefull to any user with the same problem.... Got to check your IE Shortcuts and edit them! :)

Thanks a lot ESSEXBOY for the help you offered!
  • 0

#12
Essexboy
Posted 03 October 2012 - 08:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
So it was on the taskbar icon and not the desktop icon.. Sneaky

If you are happy then run OTL and press the cleanup button to remove the tool
  • 0

#13
brfpeeters
Posted 03 October 2012 - 10:52 AM

brfpeeters

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Yeah Essex! Happy! Thanks a lot!
  • 0

#14
Essexboy
Posted 03 October 2012 - 11:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure, keep safe
  • 0

#15
Essexboy
Posted 05 October 2012 - 09:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP