Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Command Prompt Flashes Just Before Desktop Icons Show on Startup?


  • Please log in to reply

#1
radiuss

radiuss

    Member

  • Member
  • PipPip
  • 32 posts
Hi everyone. I'm just wondering what I can do. The command prompt flashes and it looks like there is a list of text that QUICKLY scrolls down in a blink of an eye. This is just before the desktop icons show up on the start up. Any idea what could be the problem here?
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
Sounds like it is running a bat file at every logon.

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#3
radiuss

radiuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I have seen some of your contributions before RKinner. Do you do this for a living? Are you a computer tech? You are very knowledgeable.

Edited by radiuss, 23 July 2013 - 11:53 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
I do this as a hobby. Been doing it for about 10 years now.
I'm a retired electrical engineer but I worked as a network engineer for 8 years.
  • 1

#5
radiuss

radiuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
OTL logfile created on: 7/24/2013 3:06:38 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\samsung\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16635)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1.93 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 43.60% Memory free

3.85 Gb Paging File | 2.32 Gb Available in Paging File | 60.18% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 244.04 Gb Total Space | 164.27 Gb Free Space | 67.31% Space Free | Partition Type: NTFS

Drive D: | 221.62 Gb Total Space | 219.82 Gb Free Space | 99.19% Space Free | Partition Type: NTFS

 

Computer Name: SAMSUNG-PC | User Name: samsung | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

[color=#E56717]========== Processes (SafeList) ==========[/color]

 

PRC - [2013/07/24 09:52:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samsung\Desktop\OTL.exe

PRC - [2013/07/13 14:20:27 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

PRC - [2013/07/13 10:50:45 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2013/06/20 18:04:14 | 000,831,272 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe

PRC - [2013/06/20 17:51:32 | 000,548,136 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

PRC - [2013/06/20 17:48:00 | 001,642,280 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe

PRC - [2013/05/28 06:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/05/09 01:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2010/11/20 05:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe

PRC - [2010/06/30 20:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2010/06/30 20:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

 

 

[color=#E56717]========== Modules (No Company Name) ==========[/color]

 

MOD - [2013/07/13 10:50:44 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2013/06/20 17:46:22 | 000,749,352 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll

 

 

[color=#E56717]========== Services (SafeList) ==========[/color]

 

SRV:[b]64bit:[/b] - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:[b]64bit:[/b] - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:[b]64bit:[/b] - [2011/12/08 11:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)

SRV:[b]64bit:[/b] - [2011/12/08 11:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:[b]64bit:[/b] - [2011/12/08 11:43:48 | 000,618,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:[b]64bit:[/b] - [2011/12/08 11:43:44 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:[b]64bit:[/b] - [2011/12/05 10:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)

SRV:[b]64bit:[/b] - [2011/12/05 09:55:36 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)

SRV:[b]64bit:[/b] - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013/07/13 10:50:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/06/20 18:04:14 | 000,831,272 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe -- (hshld)

SRV - [2013/06/20 17:51:32 | 000,548,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)

SRV - [2013/05/28 06:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/24 12:29:56 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2010/06/30 20:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/06/30 20:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

 

DRV:[b]64bit:[/b] - [2013/07/21 00:32:06 | 000,032,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)

DRV:[b]64bit:[/b] - [2013/07/21 00:10:49 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:[b]64bit:[/b] - [2013/07/21 00:10:49 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:[b]64bit:[/b] - [2013/07/21 00:10:49 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:[b]64bit:[/b] - [2013/06/20 18:07:16 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)

DRV:[b]64bit:[/b] - [2013/05/09 01:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:[b]64bit:[/b] - [2013/05/09 01:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:[b]64bit:[/b] - [2013/05/09 01:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:[b]64bit:[/b] - [2013/05/09 01:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:[b]64bit:[/b] - [2013/05/09 01:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:[b]64bit:[/b] - [2013/04/24 20:45:21 | 000,141,848 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\kcrtx64.sys -- (kcrtx64)

DRV:[b]64bit:[/b] - [2013/04/24 20:45:21 | 000,013,896 | R--- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\JRSKD24.SYS -- (JRSKD24)

DRV:[b]64bit:[/b] - [2013/04/24 12:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)

DRV:[b]64bit:[/b] - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:[b]64bit:[/b] - [2013/02/18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:[b]64bit:[/b] - [2013/01/29 18:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:[b]64bit:[/b] - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:[b]64bit:[/b] - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:[b]64bit:[/b] - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:[b]64bit:[/b] - [2011/12/05 10:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)

DRV:[b]64bit:[/b] - [2011/12/05 10:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)

DRV:[b]64bit:[/b] - [2011/07/05 04:55:30 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:[b]64bit:[/b] - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:[b]64bit:[/b] - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:[b]64bit:[/b] - [2011/01/26 05:35:26 | 000,425,064 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:[b]64bit:[/b] - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:[b]64bit:[/b] - [2009/09/16 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:[b]64bit:[/b] - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:[b]64bit:[/b] - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:[b]64bit:[/b] - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:[b]64bit:[/b] - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:[b]64bit:[/b] - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:[b]64bit:[/b] - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:[b]64bit:[/b] - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

 

 

[color=#E56717]========== Internet Explorer ==========[/color]

 

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = 

IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dll (SimilarGroup)

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://naver.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 5F 84 0E AD 01 CE 01  [binary data]

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dll (SimilarGroup)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

[color=#E56717]========== FireFox ==========[/color]

 

FF - prefs.js..browser.startup.homepage: "https://www.google.com/webhp?hl=en"

FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0

FF - user.js - File not found

 

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)

FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@www.ubikey.co.kr/application/npvinetransfer-plugin: C:\Program Files (x86)\INFovine\npVineTransfer.dll (INFOVINE)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)

FF - HKCU\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)

FF - HKCU\Software\MozillaPlugins\@www.ubikey.co.kr/application/npvinetransfer-plugin: C:\Program Files (x86)\INFovine\npVineTransfer.dll (INFOVINE)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/07/21 00:09:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/27 21:25:52 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/27 21:25:52 | 000,000,000 | ---D | M]

 

[2013/02/02 20:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\samsung\AppData\Roaming\Mozilla\Extensions

[2013/07/24 13:32:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/07/24 13:32:10 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]

[2013/07/16 12:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2013/07/13 10:50:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013/07/20 18:50:50 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]

[2013/07/21 00:09:46 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

 

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:[b]64bit:[/b] - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)

O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (SimilarWeb) - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dll (SimilarGroup)

O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found

O4 - HKCU..\Run: [patcherUpdates] C:\Users\samsung\AppData\Local\Temp\patcher\patcherUpdates.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: SimilarWeb - {5D06ED6E-DA78-4486-A246-B131A2C39807} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dll (SimilarGroup)

O13[b]64bit:[/b] - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:[b]64bit:[/b] - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} Reg Error: Key error. (Reg Error: Key error.)

O16 - DPF: {1219B6C3-CD4D-4243-9A4F-4C9F12FCC6E7} http://ck.softforum.co.kr/CKKeyPro/yessign/CKKeyProInst.cab (CK_KeyPro_Inst)

O16 - DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} http://mpi.dacom.net/XMPI/js/LGUplus_XMPI_20110503.cab (XacsPop Control)

O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} https://www.scsk-support.co.kr/shinhancard/cab/403174/SCSK4_WOW64.cab (SCSK Control)

O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} http://mpi.dacom.net/XPayMPI/XPayMPI.cab (XPayMPIOCX Control)

O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} https://vbv.shinhancard.com/XecureObject/xw_install.cab (XecureWeb 4.0 Client Control)

O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} https://v3d.kcp.co.kr/file/kcp_ansimclick.cab (V3D Client Control)

O16 - DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} https://www.bankpay.or.kr/BankPayEFT.cab (BankPayEFTCtrl Control)

O16 - DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} https://vbv.shinhancard.com/infovine/VineTransfer.cab (VineTransfer Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab (KvpIspCtlD Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.254 180.182.54.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F3709F2-A496-4198-86E3-774742504A7E}: DhcpNameServer = 8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB750CDF-6664-4E8F-A083-68C7CC3E87A3}: DhcpNameServer = 192.168.200.254 180.182.54.1

O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Users\samsung\AppData\Local\Temp\patcher\patcherUpdates.exe) - C:\Users\samsung\AppData\Local\Temp\patcher\patcherUpdates.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*

O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*

O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

 

SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:[b]64bit:[/b] Base - Driver Group

SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group

SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group

SafeBootMin:[b]64bit:[/b] File system - Driver Group

SafeBootMin:[b]64bit:[/b] Filter - Driver Group

SafeBootMin:[b]64bit:[/b] HelpSvc - Service

SafeBootMin:[b]64bit:[/b] hitmanpro37 - C:\Windows\SysNative\drivers\hitmanpro37.sys ()

SafeBootMin:[b]64bit:[/b] hitmanpro37.sys - C:\Windows\SysNative\drivers\hitmanpro37.sys ()

SafeBootMin:[b]64bit:[/b] HitmanPro37Crusader - Reg Error: Value error.

SafeBootMin:[b]64bit:[/b] HitmanPro37CrusaderBoot - Reg Error: Value error.

SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group

SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group

SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group

SafeBootMin:[b]64bit:[/b] sacsvr - Service

SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group

SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group

SafeBootMin:[b]64bit:[/b] vmms - Service

SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: HitmanPro37Crusader - Reg Error: Value error.

SafeBootMin: HitmanPro37CrusaderBoot - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:[b]64bit:[/b] Base - Driver Group

SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group

SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group

SafeBootNet:[b]64bit:[/b] File system - Driver Group

SafeBootNet:[b]64bit:[/b] Filter - Driver Group

SafeBootNet:[b]64bit:[/b] HelpSvc - Service

SafeBootNet:[b]64bit:[/b] hitmanpro37 - C:\Windows\SysNative\drivers\hitmanpro37.sys ()

SafeBootNet:[b]64bit:[/b] hitmanpro37.sys - C:\Windows\SysNative\drivers\hitmanpro37.sys ()

SafeBootNet:[b]64bit:[/b] HitmanPro37Crusader - Reg Error: Value error.

SafeBootNet:[b]64bit:[/b] HitmanPro37CrusaderBoot - Reg Error: Value error.

SafeBootNet:[b]64bit:[/b] Messenger - Service

SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group

SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group

SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group

SafeBootNet:[b]64bit:[/b] Network - Driver Group

SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group

SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group

SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group

SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group

SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group

SafeBootNet:[b]64bit:[/b] rdsessmgr - Service

SafeBootNet:[b]64bit:[/b] sacsvr - Service

SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group

SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group

SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group

SafeBootNet:[b]64bit:[/b] TDI - Driver Group

SafeBootNet:[b]64bit:[/b] vmms - Service

SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver

SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: HitmanPro37Crusader - Reg Error: Value error.

SafeBootNet: HitmanPro37CrusaderBoot - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig

ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {BFA2E378-31D9-4595-AFA9-CA19E610DC0F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

 

Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

 

[2013/07/24 10:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2013/07/24 10:09:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2013/07/24 09:52:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\samsung\Desktop\OTL.exe

[2013/07/24 08:59:08 | 000,660,160 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\samsung\Desktop\autoruns.exe

[2013/07/24 08:59:08 | 000,579,264 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\samsung\Desktop\autorunsc.exe

[2013/07/23 10:37:32 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput

[2013/07/23 10:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage

[2013/07/21 22:10:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll

[2013/07/21 22:10:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe

[2013/07/21 22:10:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll

[2013/07/21 22:09:59 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys

[2013/07/21 22:09:58 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys

[2013/07/21 22:09:51 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll

[2013/07/21 22:09:51 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll

[2013/07/21 22:09:51 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll

[2013/07/21 22:09:51 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll

[2013/07/21 22:09:51 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll

[2013/07/21 22:09:50 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll

[2013/07/21 22:09:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll

[2013/07/21 22:09:49 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll

[2013/07/21 22:09:49 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll

[2013/07/21 22:09:49 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll

[2013/07/21 22:09:49 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe

[2013/07/21 22:09:49 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll

[2013/07/21 22:09:49 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll

[2013/07/21 22:09:48 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe

[2013/07/21 22:09:48 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe

[2013/07/21 22:09:48 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe

[2013/07/21 22:09:47 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013/07/21 22:09:47 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll

[2013/07/21 22:09:46 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2013/07/21 22:07:22 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2013/07/21 22:07:22 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2013/07/21 22:07:19 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2013/07/21 21:58:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2013/07/21 21:58:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2013/07/21 12:23:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013/07/21 12:09:48 | 000,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\TuneUp Software

[2013/07/21 00:10:37 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2013/07/21 00:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2013/07/21 00:10:35 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2013/07/21 00:10:24 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2013/07/21 00:10:21 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2013/07/21 00:10:19 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2013/07/21 00:10:12 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2013/07/21 00:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2013/07/21 00:09:03 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2013/07/21 00:01:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2013/07/21 00:01:08 | 000,000,000 | ---D | C] -- C:\Users\samsung\AppData\Local\MFAData

[2013/07/21 00:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2013/07/20 23:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center

[2013/07/20 23:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center

[2013/07/20 22:13:57 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/07/20 21:57:46 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/07/20 21:57:46 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/07/20 21:57:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/07/20 21:57:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/07/20 21:57:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/07/20 21:57:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/07/20 21:57:44 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/07/20 21:57:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/07/20 21:57:44 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/07/20 21:57:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/07/20 21:57:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/07/20 21:57:43 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/07/20 21:57:42 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/07/20 21:57:42 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/07/20 21:57:41 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/07/20 20:54:44 | 000,000,000 | ---D | C] -- C:\Users\samsung\Desktop\Windows Loader

[2013/07/20 20:32:29 | 000,000,000 | ---D | C] -- C:\FRST

[2013/07/20 20:15:00 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft

[2013/07/20 20:05:06 | 000,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\WinRAR

[2013/07/20 20:05:06 | 000,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2013/07/20 20:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2013/07/20 20:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR

[2013/07/20 19:37:45 | 000,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\Malwarebytes

[2013/07/20 19:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/07/20 19:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/07/20 19:37:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/07/20 19:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/07/20 19:12:33 | 000,000,000 | ---D | C] -- C:\Users\samsung\AppData\Local\Programs

[2013/07/20 19:08:12 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll

[2013/07/20 19:08:12 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll

[2013/07/20 19:07:47 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2013/07/20 19:07:46 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2013/07/20 19:03:54 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2013/07/14 09:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013/07/13 08:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeHDSport.TV

[2013/07/07 19:18:41 | 000,000,000 | ---D | C] -- C:\Users\samsung\AppData\Roaming\uTorrent

[2013/07/07 18:25:08 | 000,000,000 | ---D | C] -- C:\Users\samsung\Desktop\Torrents

[2013/07/07 17:53:44 | 000,000,000 | ---D | C] -- C:\Users\samsung\Desktop\Navy Carrier

[2013/07/06 09:18:57 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2013/07/06 09:18:40 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013/07/06 09:18:40 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013/07/06 09:18:39 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013/07/06 09:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

 

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

 

[2013/07/24 14:25:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/07/24 14:25:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/07/24 14:14:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/07/24 13:31:46 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk

[2013/07/24 10:10:43 | 000,000,980 | ---- | M] () -- C:\Users\samsung\Desktop\7-Zip File Manager.lnk

[2013/07/24 09:52:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\samsung\Desktop\OTL.exe

[2013/07/24 09:04:10 | 000,194,687 | ---- | M] () -- C:\Users\samsung\Desktop\screenshot.png

[2013/07/24 08:31:23 | 000,020,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/07/24 08:31:23 | 000,020,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/07/24 08:23:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/07/24 08:23:28 | 1551,286,272 | -HS- | M] () -- C:\hiberfil.sys

[2013/07/21 00:32:06 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys

[2013/07/21 00:29:44 | 000,001,526 | ---- | M] () -- C:\Windows\SysNative\.crusader

[2013/07/21 00:10:49 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2013/07/21 00:10:49 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2013/07/21 00:10:49 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2013/07/21 00:10:49 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum

[2013/07/21 00:10:49 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum

[2013/07/21 00:10:49 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum

[2013/07/21 00:10:38 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013/07/21 00:10:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2013/07/21 00:09:30 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk

[2013/07/20 22:17:37 | 000,294,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/07/20 22:02:55 | 001,258,680 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/07/20 22:02:55 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/07/20 22:02:55 | 000,407,906 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat

[2013/07/20 22:02:55 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/07/20 22:02:55 | 000,104,810 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat

[2013/07/20 19:37:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/07/09 23:15:19 | 000,000,855 | ---- | M] () -- C:\Users\samsung\Desktop\µTorrent.lnk

[2013/07/09 23:15:19 | 000,000,835 | ---- | M] () -- C:\Users\samsung\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

[2013/07/06 23:30:43 | 000,004,683 | ---- | M] () -- C:\Users\samsung\Desktop\imagesddxd.jpg

[2013/07/06 09:18:33 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013/07/06 09:18:31 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2013/07/06 09:18:31 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013/07/06 09:18:31 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013/07/06 09:18:30 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2013/07/06 09:18:30 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2013/06/27 23:20:52 | 000,660,160 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\samsung\Desktop\autoruns.exe

[2013/06/27 23:20:52 | 000,579,264 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\samsung\Desktop\autorunsc.exe

[2013/06/26 19:33:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

 

[color=#E56717]========== Files Created - No Company Name ==========[/color]

 

[2013/07/24 13:31:46 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk

[2013/07/24 10:10:43 | 000,000,980 | ---- | C] () -- C:\Users\samsung\Desktop\7-Zip File Manager.lnk

[2013/07/24 09:04:10 | 000,194,687 | ---- | C] () -- C:\Users\samsung\Desktop\screenshot.png

[2013/07/24 08:59:08 | 000,049,518 | ---- | C] () -- C:\Users\samsung\Desktop\autoruns.chm

[2013/07/21 00:32:06 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys

[2013/07/21 00:29:44 | 000,001,526 | ---- | C] () -- C:\Windows\SysNative\.crusader

[2013/07/21 00:10:38 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013/07/21 00:10:17 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2013/07/21 00:10:14 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2013/07/21 00:09:30 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk

[2013/07/20 19:37:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/07/09 23:15:19 | 000,000,855 | ---- | C] () -- C:\Users\samsung\Desktop\µTorrent.lnk

[2013/07/07 19:19:05 | 000,000,835 | ---- | C] () -- C:\Users\samsung\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

[2013/07/05 09:39:00 | 000,004,683 | ---- | C] () -- C:\Users\samsung\Desktop\imagesddxd.jpg

[2013/06/28 06:46:04 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum

[2013/06/27 08:38:33 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum

[2013/06/27 08:38:32 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum

[2013/06/26 19:33:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2013/05/26 18:49:55 | 000,000,017 | ---- | C] () -- C:\Users\samsung\AppData\Local\resmon.resmoncfg

[2013/04/20 23:36:42 | 000,047,280 | ---- | C] () -- C:\Windows\SysWow64\drivers\SCSK5.sys

[2013/04/20 23:36:40 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\scskConfigEH.ini

[2013/04/09 13:34:54 | 003,721,760 | ---- | C] () -- C:\Windows\SysWow64\ISPPopUpDlg.exe

[2013/01/16 15:45:26 | 000,708,096 | ---- | C] () -- C:\Windows\SysWow64\INIcrypto20.dll

[2013/01/16 15:45:26 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\ISP_crgen.dll

[2013/01/16 15:45:24 | 000,495,616 | ---- | C] () -- C:\Windows\SysWow64\KvpUpCom.dll

[2013/01/16 15:45:24 | 000,045,116 | ---- | C] () -- C:\Windows\SysWow64\KvpSetRegistry.exe

[2013/01/16 15:45:24 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\KVPSetupEx.exe

[2012/04/18 16:48:42 | 000,072,272 | ---- | C] () -- C:\Windows\SysWow64\cosa.dll

 

[color=#E56717]========== ZeroAccess Check ==========[/color]

 

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

[color=#E56717]========== Custom Scans ==========[/color]

 

[color=#E56717]========== Drive Information ==========[/color]

 

Physical Drives

---------------

 

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media

Interface type: IDE

Media Type: Fixed hard disk media

Model: Hitachi HTS547550A9E384 ATA Device

Partitions: 3

Status: OK

Status Info: 0

 

Partitions

---------------

 

DeviceID: Disk #0, Partition #0

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 100.00MB

Starting Offset: 1048576

Hidden sectors: 0

 

 

DeviceID: Disk #0, Partition #1

PartitionType: Installable File System

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 244.00GB

Starting Offset: 105906176

Hidden sectors: 0

 

 

DeviceID: Disk #0, Partition #2

PartitionType: Installable File System

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 222.00GB

Starting Offset: 262145048576

Hidden sectors: 0

 

 

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

 

[color=#A23BEC]< %systemroot%\assembly\GAC_32\*.ini >[/color]

 

[color=#A23BEC]< %systemroot%\assembly\GAC_64\*.ini >[/color]

 

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

 

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe >[/color]

 

[color=#A23BEC]< %APPDATA%\*. >[/color]

[2013/02/03 20:10:37 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\Adobe

[2013/03/10 10:45:28 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\DivX

[2013/02/03 20:12:17 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\fltk.org

[2013/02/02 17:57:07 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\Identities

[2013/02/02 18:25:35 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\Intel

[2013/02/02 20:57:39 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\Macromedia

[2013/07/20 19:37:45 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\Malwarebytes

[2009/07/14 00:45:14 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\Media Center Programs

[2013/07/21 12:57:57 | 000,000,000 | --SD | M] -- C:\Users\samsung\AppData\Roaming\Microsoft

[2013/02/02 20:41:27 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\Mozilla

[2013/03/09 02:11:50 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\OpenOffice.org

[2013/04/14 15:34:32 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\Philipp Winterberg

[2013/02/10 15:06:24 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\SimilarWeb

[2013/07/21 12:09:48 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\TuneUp Software

[2013/07/23 10:16:37 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\uTorrent

[2013/07/10 00:24:11 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\vlc

[2013/07/20 20:34:45 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\WinRAR

[2013/03/11 16:30:01 | 000,000,000 | ---D | M] -- C:\Users\samsung\AppData\Roaming\Xilisoft

 

[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]

[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 

[color=#A23BEC]< MD5 for: CSRSS.EXE  >[/color]

[2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe

[2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

 

[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]

[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

 

[color=#A23BEC]< MD5 for: MSWSOCK.DLL  >[/color]

[2009/07/13 18:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll

[2010/11/20 06:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll

[2010/11/20 06:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll

[2010/11/20 05:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll

[2010/11/20 05:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

[2009/07/13 18:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

 

[color=#A23BEC]< MD5 for: NAPINSP.DLL  >[/color]

[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll

[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

[2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll

[2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

 

[color=#A23BEC]< MD5 for: NLAAPI.DLL  >[/color]

[2009/07/13 18:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll

[2012/01/13 00:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll

[2012/01/13 00:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll

[2010/11/20 05:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll

[2012/10/03 09:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll

[2010/11/20 06:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll

[2012/10/03 10:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll

[2012/10/03 10:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll

[2009/07/13 18:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll

[2012/10/03 10:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll

 

[color=#A23BEC]< MD5 for: PNRPNSP.DLL  >[/color]

[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll

[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll

[2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll

[2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

 

[color=#A23BEC]< MD5 for: PRINTISOLATIONHOST.EXE  >[/color]

[2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe

[2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

 

[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]

[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe

[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

 

[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]

[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

 

[color=#A23BEC]< MD5 for: USER32.DLL  >[/color]

[2010/11/20 05:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010/11/20 05:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009/07/13 18:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010/11/20 06:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010/11/20 06:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 

[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]

[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 

[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]

[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 

[color=#A23BEC]< MD5 for: WINRNR.DLL  >[/color]

[2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll

[2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll

[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll

[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

 

[color=#A23BEC]< MD5 for: WSHELPER.DLL  >[/color]

[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll

[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll

[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll

[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

 

[color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color]

 

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

 

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/07/13 10:50:42 | 000,867,072 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/07/13 10:50:42 | 000,867,072 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/07/13 10:50:42 | 000,867,072 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013/07/13 10:50:45 | 000,920,472 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/07/13 10:50:45 | 000,920,472 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/07/13 10:50:45 | 000,920,472 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/06/11 19:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/06/11 19:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation)

 

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/07/13 10:50:42 | 000,867,072 | ---- | M] (Mozilla Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/07/13 10:50:42 | 000,867,072 | ---- | M] (Mozilla Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/07/13 10:50:42 | 000,867,072 | ---- | M] (Mozilla Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2013/07/13 10:50:45 | 000,920,472 | ---- | M] (Mozilla Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/07/13 10:50:45 | 000,920,472 | ---- | M] (Mozilla Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/07/13 10:50:45 | 000,920,472 | ---- | M] (Mozilla Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/06/11 16:26:36 | 000,051,712 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/06/11 16:26:36 | 000,051,712 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/06/11 16:26:36 | 000,051,712 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/06/11 19:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2013/06/11 19:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation)

 

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

 

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

 

[color=#A23BEC]< %ProgramFiles%\WINDOWS NT\*.* /s >[/color]

[2010/11/20 05:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe

[2009/07/13 18:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll

[2009/07/13 19:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui

[2010/11/20 06:37:33 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\ko-KR\wordpad.exe.mui

[2009/07/13 18:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll

[2009/06/10 14:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt

[2009/06/10 14:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt

[2009/06/10 14:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt

[2009/06/10 14:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt

[2009/06/10 14:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt

[2009/06/10 14:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt

[2009/06/10 14:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt

[2009/07/13 19:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

 

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]



< End of report >


  • 0

#6
radiuss

radiuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
And Number 2:

OTL Extras logfile created on: 7/24/2013 3:06:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\samsung\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.93 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 43.60% Memory free
3.85 Gb Paging File | 2.32 Gb Available in Paging File | 60.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.04 Gb Total Space | 164.27 Gb Free Space | 67.31% Space Free | Partition Type: NTFS
Drive D: | 221.62 Gb Total Space | 219.82 Gb Free Space | 99.19% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG-PC | User Name: samsung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (All) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Users\samsung\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Users\samsung\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{077BE612-9BEE-45C2-ACA4-B691160B746E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0E2FB501-B0DC-499D-BA4B-74C48CA5ECEC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{20D1BFC9-21A6-4CD6-84B3-A3BBF6A9B10B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2A67ECF8-8584-4937-9F8E-AE3CE3162422}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2E19DA1F-FACF-4695-BFCE-2C6699CD28FA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{42447F0E-28E8-4BDC-BEC6-333C999603DB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4DBCE083-E404-4AB0-BEA5-ADA6B80642AF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5A625A8A-8F84-4847-BC11-2E370BBF22EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5E4474D2-3C3D-4B41-8AAC-26B10B6E7367}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{61EEEA08-FFD0-4983-895F-4B106464BD4D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{63133979-D2CE-4EBA-B4FE-DA9D405D37D8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{71C472A1-100A-4F66-9D5C-C4CF6243CE46}" = rport=139 | protocol=6 | dir=out | app=system | 
"{76861812-468D-4EED-ABEB-4470CAE955A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9AABB355-CACD-482F-81F6-80FCA472417C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9EDE715B-B7B1-45A8-8A2F-45461D6B6E62}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A09ED71E-75CC-4268-8D24-3C8764A04F1C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AFE82895-E998-4885-BC39-0954DC31A16C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{B79A3529-00AE-4CA7-AA0E-2979FA0128D8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B95597AA-E137-4553-9F4F-85CC198B046B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C56D07B4-C411-437A-85C7-537AA4702E6E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FB8D06A6-6DD3-43E2-AA9C-7FB00A177EDA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066509E2-DC49-4410-BC70-436A480AF78E}" = protocol=58 | dir=in | [email protected],-28545 | 
"{12F02FBA-6FE5-4797-B3EE-967B6038B02F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2E4C56DE-9AD1-4E2D-B046-157CB46601BD}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{42725C25-91D7-4630-8E24-B2C51D50FBA0}" = protocol=1 | dir=out | [email protected],-28544 | 
"{4C84A72E-6A9E-4B31-8A16-42609D761D95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62356C7A-D875-4618-BF40-6F714E97DE60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{64653BEB-2D9D-4096-9D98-0FFD8906CC2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{66ACD0CD-3B58-4D59-B11C-6C2E8F37E1E8}" = protocol=6 | dir=in | app=c:\users\samsung\appdata\roaming\utorrent\utorrent.exe | 
"{67100EF6-EEA7-4DF9-8540-0CEC8A527985}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{70B037DF-BF27-4F3B-BDF4-14C307B8AE5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8704ABA2-0E78-452F-9881-29A7546E24C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A9B05387-5C0E-4995-BBDB-831B01F8FD88}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AA20A008-B01D-4F75-8485-A5476D8A6459}" = protocol=17 | dir=in | app=c:\users\samsung\appdata\roaming\utorrent\utorrent.exe | 
"{AC07EC5B-F0E8-4057-8B95-0D474607F5C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AD025A86-779F-4E60-AD27-7C7FD5324833}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B05908F1-C546-4492-AD96-E13EDEBFF880}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C1ED3278-20F7-4E43-9334-A453870C2ACE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C6419483-59C0-4917-9CD2-BC0D924C48C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D24A4D57-4F83-487F-837A-98674ECEE7B6}" = protocol=58 | dir=out | [email protected],-28546 | 
"{D7FD6913-B98F-4E4C-BA67-245C393CDF1E}" = protocol=6 | dir=out | app=system | 
"{EC149A66-7586-4C4A-B37F-45F9A2934A58}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{F23B0A56-2353-4ADC-8108-42EABF7EBD3D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{F6093EA4-827F-4F99-B340-A3DB6D0DF03D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FC776AED-65C9-4920-AB03-E54AE1071BA8}" = protocol=1 | dir=in | [email protected],-28543 | 
"TCP Query User{22725255-FAC0-4140-B58C-DDC549A0C459}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{39B4CAB8-8C3B-4562-9294-F31CA7BDB2E1}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"ProInst" = Intel PROSet Wireless
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Free RAR Extract Frog" = Free RAR Extract Frog
"HotspotShield" = Hotspot Shield 3.09
"INFovine" = È̃´ëÆùÀÎÁơ¼­(º¸°ü)¼­ºñ½º
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SimilarWeb" = SimilarWeb
"SoftcampSCSK" = SoftCamp Secure KeyStroke 4.0
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"XecureWeb Control" = XecureWeb Control
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 7/24/2013 5:14:00 AM | Computer Name = samsung-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerUpdateService.exe, version: 
11.6.602.180, time stamp: 0x51a4ab8c  Faulting module name: ntdll.dll, version: 6.1.7601.17725,
 time stamp: 0x4ec49b8f  Exception code: 0xc0000005  Fault offset: 0x0002e243  Faulting
 process id: 0x1480  Faulting application start time: 0x01ce884e22275f8b  Faulting application
 path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  Faulting module
 path: C:\Windows\SysWOW64\ntdll.dll  Report Id: 6025c39f-f441-11e2-aba8-000b6b637c8e
 
Error - 7/24/2013 12:14:02 PM | Computer Name = samsung-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerUpdateService.exe, version: 
11.6.602.180, time stamp: 0x51a4ab8c  Faulting module name: ntdll.dll, version: 6.1.7601.17725,
 time stamp: 0x4ec49b8f  Exception code: 0xc0000005  Fault offset: 0x0002e243  Faulting
 process id: 0xc24  Faulting application start time: 0x01ce8888cebd74d9  Faulting application
 path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  Faulting module
 path: C:\Windows\SysWOW64\ntdll.dll  Report Id: 0dc42634-f47c-11e2-90bb-000b6b637c8e
 
Error - 7/24/2013 1:07:23 PM | Computer Name = samsung-PC | Source = Application Hang | ID = 1002
Description = The program biclient.exe version 1.0.0.1 stopped interacting with 
Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1308    Start
 Time: 01ce888f834e3250    Termination Time: 16    Application Path: C:\Users\samsung\AppData\Local\Temp\biclient.exe

Report
 Id:   
 
Error - 7/24/2013 1:14:00 PM | Computer Name = samsung-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerUpdateService.exe, version: 
11.6.602.180, time stamp: 0x51a4ab8c  Faulting module name: ntdll.dll, version: 6.1.7601.17725,
 time stamp: 0x4ec49b8f  Exception code: 0xc0000005  Fault offset: 0x0002e243  Faulting
 process id: 0x1090  Faulting application start time: 0x01ce88913048a461  Faulting application
 path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  Faulting module
 path: C:\Windows\SysWOW64\ntdll.dll  Report Id: 6e3ca936-f484-11e2-90bb-000b6b637c8e
 
Error - 7/24/2013 2:14:05 PM | Computer Name = samsung-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerUpdateService.exe, version: 
11.6.602.180, time stamp: 0x51a4ab8c  Faulting module name: ntdll.dll, version: 6.1.7601.17725,
 time stamp: 0x4ec49b8f  Exception code: 0xc0000005  Fault offset: 0x0002e243  Faulting
 process id: 0x1154  Faulting application start time: 0x01ce8899933fe7f9  Faulting application
 path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  Faulting module
 path: C:\Windows\SysWOW64\ntdll.dll  Report Id: d2cfa175-f48c-11e2-90bb-000b6b637c8e
 
Error - 7/24/2013 3:14:01 PM | Computer Name = samsung-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerUpdateService.exe, version: 
11.6.602.180, time stamp: 0x51a4ab8c  Faulting module name: ntdll.dll, version: 6.1.7601.17725,
 time stamp: 0x4ec49b8f  Exception code: 0xc0000005  Fault offset: 0x0002e243  Faulting
 process id: 0xde0  Faulting application start time: 0x01ce88a1f3c65dba  Faulting application
 path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  Faulting module
 path: C:\Windows\SysWOW64\ntdll.dll  Report Id: 322dbccc-f495-11e2-90bb-000b6b637c8e
 
Error - 7/24/2013 4:14:00 PM | Computer Name = samsung-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerUpdateService.exe, version: 
11.6.602.180, time stamp: 0x51a4ab8c  Faulting module name: ntdll.dll, version: 6.1.7601.17725,
 time stamp: 0x4ec49b8f  Exception code: 0xc0000005  Fault offset: 0x0002e243  Faulting
 process id: 0x1358  Faulting application start time: 0x01ce88aa55c201eb  Faulting application
 path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  Faulting module
 path: C:\Windows\SysWOW64\ntdll.dll  Report Id: 93ac41b1-f49d-11e2-90bb-000b6b637c8e
 
Error - 7/24/2013 5:14:01 PM | Computer Name = samsung-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerUpdateService.exe, version: 
11.6.602.180, time stamp: 0x51a4ab8c  Faulting module name: ntdll.dll, version: 6.1.7601.17725,
 time stamp: 0x4ec49b8f  Exception code: 0xc0000005  Fault offset: 0x0002e243  Faulting
 process id: 0x1598  Faulting application start time: 0x01ce88b2b757bb18  Faulting application
 path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  Faulting module
 path: C:\Windows\SysWOW64\ntdll.dll  Report Id: f5ab4408-f4a5-11e2-90bb-000b6b637c8e
 
Error - 7/24/2013 6:06:11 PM | Computer Name = samsung-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 1454    Start Time:
 01ce88b708efe826    Termination Time: 0    Application Path: C:\Users\samsung\Desktop\OTL.exe

Report
 Id: 3930a9e3-f4ad-11e2-90bb-000b6b637c8e  
 
Error - 7/24/2013 6:14:07 PM | Computer Name = samsung-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerUpdateService.exe, version: 
11.6.602.180, time stamp: 0x51a4ab8c  Faulting module name: ntdll.dll, version: 6.1.7601.17725,
 time stamp: 0x4ec49b8f  Exception code: 0xc0000005  Fault offset: 0x0002e243  Faulting
 process id: 0x131c  Faulting application start time: 0x01ce88bb1b545d8b  Faulting application
 path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  Faulting module
 path: C:\Windows\SysWOW64\ntdll.dll  Report Id: 5b6e2f93-f4ae-11e2-90bb-000b6b637c8e
 
[ System Events ]
Error - 7/22/2013 12:30:26 AM | Computer Name = samsung-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Intel(R)
 PROSet/Wireless Event Log service to connect.
 
Error - 7/22/2013 12:30:26 AM | Computer Name = samsung-PC | Source = Service Control Manager | ID = 7000
Description = The Intel(R) PROSet/Wireless Event Log service failed to start due
 to the following error:   %%1053
 
Error - 7/22/2013 11:08:22 AM | Computer Name = samsung-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 7/22/2013 10:55:24 PM | Computer Name = samsung-PC | Source = Service Control Manager | ID = 7031
Description = The Hotspot Shield Routing Service service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in 
0 milliseconds: Restart the service.
 
Error - 7/23/2013 8:15:01 PM | Computer Name = samsung-PC | Source = Service Control Manager | ID = 7031
Description = The Hotspot Shield Routing Service service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in 
0 milliseconds: Restart the service.
 
Error - 7/23/2013 8:54:47 PM | Computer Name = samsung-PC | Source = Service Control Manager | ID = 7031
Description = The Hotspot Shield Routing Service service terminated unexpectedly.
  It has done this 2 time(s).  The following corrective action will be taken in 
0 milliseconds: Restart the service.
 
Error - 7/23/2013 11:59:37 PM | Computer Name = samsung-PC | Source = Service Control Manager | ID = 7031
Description = The Hotspot Shield Routing Service service terminated unexpectedly.
  It has done this 3 time(s).  The following corrective action will be taken in 
0 milliseconds: Restart the service.
 
Error - 7/24/2013 11:25:09 AM | Computer Name = samsung-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 7/24/2013 4:31:12 PM | Computer Name = samsung-PC | Source = Service Control Manager | ID = 7031
Description = The Hotspot Shield Service service terminated unexpectedly.  It has
 done this 1 time(s).  The following corrective action will be taken in 0 milliseconds:
 Restart the service.
 
Error - 7/24/2013 4:32:15 PM | Computer Name = samsung-PC | Source = Service Control Manager | ID = 7034
Description = The Hotspot Shield Routing Service service terminated unexpectedly.
  It has done this 1 time(s).
 
 
< End of report >

  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
O4 - HKCU..\Run: [patcherUpdates] C:\Users\samsung\AppData\Local\Temp\patcher\patcherUpdates.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Users\samsung\AppData\Local\Temp\patcher\patcherUpdates.exe) - C:\Users\samsung\AppData\Local\Temp\patcher\patcherUpdates.exe (Microsoft Corporation)

:files
C:\Users\samsung\AppData\Local\Temp\patcher

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\07232013-some number.log so look there if you don't see it.

I expect that was the problem but let's runs the full range of scans just to make sure.

Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(Does this complain that it could not fix all of your files?)


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do it for you:
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#8
radiuss

radiuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
lol I wish I had more time at the moment, Ron. I will get on all of that when I am finished with what I have to do now, and I'll report back here. Please check the thread at a later time for me. Thanks!
  • 0

#9
radiuss

radiuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
by the way, how did you know that the patcher updates.exe was the problem???
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
It claims to be from Microsoft but is running from a place where Microsoft doesn't usually live. Also in a belt and suspenders tactic it also tacked itself on to the wininit key. No way is Microsoft going to do that. So two strikes against it. Next step was a google on "patcherUpdates.exe" which only had two hits. Any legitimate Microsoft software will have thousands of hits. You can submit the file C:\Users\samsung\AppData\Local\Temp\patcher\patcherUpdates.exe to virustotal.com and see what they say if you want to.
  • 0

Advertisements


#11
radiuss

radiuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hey Ron, I completed the first task (OTL "Run Fix" scan) and it solved the problem. Do you highly suggest I follow through with the rest of the list you outlined?

Thank you so much by the way!
-Daniel
  • 0

#12
radiuss

radiuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I went ahead with the next step. Nothing told me it was finished scanning and it stopped scanning for 2 straight minutes, so I assumed it was done.
Here is the log from the aswMBR scan:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-24 19:30:27
-----------------------------
19:30:27.500 OS Version: Windows x64 6.1.7601 Service Pack 1
19:30:27.500 Number of processors: 2 586 0x2505
19:30:27.500 ComputerName: SAMSUNG-PC UserName: samsung
19:30:29.029 Initialize success
19:30:29.809 AVAST engine defs: 13072301
19:31:13.177 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:31:13.177 Disk 0 Vendor: Hitachi_HTS547550A9E384 JE3OA50A Size: 476940MB BusType: 11
19:31:13.302 Disk 0 MBR read successfully
19:31:13.302 Disk 0 MBR scan
19:31:13.318 Disk 0 Windows 7 default MBR code
19:31:13.318 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:31:13.333 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 249900 MB offset 206848
19:31:13.364 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 226938 MB offset 512002048
19:31:13.489 Disk 0 scanning C:\Windows\system32\drivers
19:31:29.417 Service scanning
19:32:06.997 Modules scanning
19:32:07.637 AVAST engine scan C:\Windows
19:32:22.831 AVAST engine scan C:\Windows\system32
19:36:11.122 AVAST engine scan C:\Windows\system32\drivers
19:36:40.169 AVAST engine scan C:\Users\samsung
19:40:36.167 Disk 0 MBR has been saved successfully to "C:\Users\samsung\Desktop\MBR.dat"
19:40:36.182 The log file has been saved successfully to "C:\Users\samsung\Desktop\aswMBR.txt"
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
Looks like that was all of it so no need to run the full set of scans. I would like for you to do this part tho to make sure there was no damage to windows:

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow





(Does this complain that it could not fix all of your files?)


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.


Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.
  • 0

#14
radiuss

radiuss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi Ron,

The scf/ scannow complains that there are bad files and it could not fix them. I hear that this is a common problem with other people. And as for the last step, the link you gave me doesn't work (page cannot be displayed)
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
Common problem with Vista. Not so common with Windows 7 unless you have run one of those speed up my pc programs.

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP