Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Thunderbird sending out emails even when closed... [Closed]

Email virus malware

  • This topic is locked This topic is locked

#1
vermy

vermy

    New Member

  • Member
  • Pip
  • 4 posts

Thunderbird started sending out emails even when it wasn't open.  I noticed it happening about a month ago and have tried several of the popular malware progs to no avail.  I have Kaspersy installed and it slipped past it too.  I downloaded OTL like others on this forum and scanned and am posting the log.  Any help would be greatly appreciated as I am at the end of my rope.  Who are these people that enjoy gumming up the works for everyone?  Why not spend the same time working for a good cause?  Thanks.

 

Attached File  OTL.Txt   119.29KB   50 downloads

 

I forgot to add: the reason I found out it was sending out emails, was the plethora of returned emails with east Indian or Pakistani names in the addresses.

 

OTL logfile created on: 4/8/2014 3:46:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MartiinCo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 46.34% Memory free
5.50 Gb Paging File | 2.25 Gb Available in Paging File | 40.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.88 Gb Total Space | 835.32 Gb Free Space | 91.60% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: MARTIINCO-PC | User Name: MartiinCo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/08 15:45:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MartiinCo\Desktop\OTL.exe
PRC - [2014/03/14 17:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/02 17:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\MartiinCo\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/26 00:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/10/26 00:07:48 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/10/15 06:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/10/10 09:04:35 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2013/03/25 12:45:52 | 000,121,144 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/03/22 10:51:36 | 003,136,376 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBPOSDBService.exe
PRC - [2011/12/22 05:31:08 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/10/22 12:06:44 | 000,141,104 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBDBMgr10.exe
PRC - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
PRC - [2009/05/21 23:10:20 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/14 17:50:40 | 013,637,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
MOD - [2014/03/14 17:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/14 17:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/14 17:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014/03/14 17:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014/03/14 17:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/14 17:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2014/01/02 17:45:04 | 003,558,400 | ---- | M] () -- C:\Users\MartiinCo\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 16:55:02 | 025,100,288 | ---- | M] () -- C:\Users\MartiinCo\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/08/17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/08/10 17:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009/08/10 17:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/03/13 15:16:35 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/25 14:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/02/17 09:43:51 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/26 00:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/10/15 06:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/10/10 09:04:35 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2013/03/25 12:45:52 | 000,121,144 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/01/03 04:48:56 | 001,259,448 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/03/22 10:51:36 | 003,136,376 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBPOSDBService.exe -- (QBPOSDBServiceV10)
SRV - [2011/12/22 05:31:08 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe -- (Intuit Entitlement Service v6.0)
SRV - [2009/05/21 23:10:20 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/21 17:18:54 | 000,620,640 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/12/11 04:33:59 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2013/12/11 04:33:59 | 000,029,792 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2013/10/23 12:00:56 | 000,454,168 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2013/10/10 09:07:30 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/10/10 09:07:30 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2013/08/22 05:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/06/18 09:12:55 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/04/23 14:19:36 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/30 02:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 13:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/16 11:30:50 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ssport.sys -- (SSPORT)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zoneal...=&tstsId=&ver=
IE - HKCU\..\SearchScopes,DefaultScope = {11E7A753-4938-4C58-8EC8-06DC13FD98E2}
IE - HKCU\..\SearchScopes\{11E7A753-4938-4C58-8EC8-06DC13FD98E2}: "URL" = http://search.zoneal...Id=&ver=&&r=647
IE - HKCU\..\SearchScopes\{5B37EB9D-D05F-43B7-8D0D-555272FC3CF0}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{60E47DAA-6B58-4C2F-ABC0-8D79723B20D7}: "URL" = http://www.youtube.c...y={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google US (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.zoneal...&tstsId=&ver=&"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.2.1
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:5.12.12.1
FF - prefs.js..extensions.enabledAddons: %7B1e9a63ef-84ec-49a4-8d6f-2dd9524e90d0%7D:1.4.3
FF - prefs.js..extensions.enabledAddons: %7Bcd617375-6743-4ee8-bac4-fbf10f35729e%7D:2.9.5
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.5
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.51
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.3.7
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.12
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}:0.6.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {e8f509f0-b677-11de-8a39-0800200c9a66}:1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0.20
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: {a45e6b3a-725d-4b20-afde-e7486bfe317c}:3.5.4
FF - prefs.js..extensions.enabledItems: {ded0fc70-7215-4802-afeb-b2982d3e7225}:3.6
FF - prefs.js..network.proxy.no_proxies_on: "*hot-searches.com*,*lender-search.com*"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/12/11 04:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/12/11 04:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/12/11 04:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/17 09:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/17 09:43:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/03/31 17:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Extensions
[2014/03/27 14:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions
[2013/10/31 10:03:26 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2014/03/17 09:24:59 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013/12/17 08:24:31 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2013/12/13 10:36:04 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\[email protected]
[2014/02/08 15:59:18 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\[email protected]
[2013/05/22 14:09:50 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\[email protected]
[2013/08/17 10:06:34 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\[email protected]
[2012/07/05 09:08:34 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\[email protected]
[2014/03/05 10:19:54 | 001,393,079 | ---- | M] () (No name found) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\[email protected]
[2014/03/27 14:21:16 | 000,857,038 | ---- | M] () (No name found) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\[email protected]
[2013/11/08 11:14:41 | 000,367,561 | ---- | M] () (No name found) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\[email protected]
[2012/07/21 09:15:32 | 000,587,582 | ---- | M] () (No name found) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\{1e9a63ef-84ec-49a4-8d6f-2dd9524e90d0}.xpi
[2013/08/22 19:00:00 | 000,065,849 | ---- | M] () (No name found) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
[2014/02/27 10:36:52 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/24 10:28:37 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013/05/24 10:28:37 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2014/02/18 11:16:17 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/03/21 00:15:42 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\extensions\[email protected]\content\Abine\chrome\content\ff\view_expiry.js
[2013/12/06 13:29:42 | 000,002,229 | ---- | M] () -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\searchplugins\craigslist-seattle---salewanted.xml
[2013/12/06 13:29:42 | 000,001,927 | ---- | M] () -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\searchplugins\mycroft-project.xml
[2013/12/06 13:29:42 | 000,004,207 | ---- | M] () -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\searchplugins\newegg.xml
[2013/12/06 13:29:42 | 000,001,057 | ---- | M] () -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\searchplugins\nzbindex.xml
[2014/04/01 14:56:55 | 000,001,136 | ---- | M] () -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\searchplugins\people-search.xml
[2014/01/07 16:19:52 | 000,001,754 | ---- | M] () -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\searchplugins\the-pirate-bay.xml
[2013/12/06 13:29:42 | 000,001,732 | ---- | M] () -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\searchplugins\vcdq.xml
[2013/12/06 13:29:42 | 000,002,383 | ---- | M] () -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\searchplugins\youtube.xml
[2013/12/13 10:23:46 | 000,001,500 | ---- | M] () -- C:\Users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\searchplugins\zonealarm.xml
[2014/02/17 09:43:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/17 09:43:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/12/21 07:41:42 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

========== Chrome  ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: United States Radios = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\acdbioclahlmlaehihjmjhmfhbnhgdob\1_0\
CHR - Extension: Bible = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\adplcelpohamiijahbaanmoimmnoaiaf\2.2_0\
CHR - Extension: Angry Birds = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: TV = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.12_0\
CHR - Extension: YouTube = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Wolfenstein-3d (WONDERFUL) = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkgakklhmhdddcmgnippbhdldhnbgmf\1_0\
CHR - Extension: Facebook = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Adblock Plus = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Google Search = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Awesome Bookmarks Widget [ANTP] = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpomkeboefacdfaoklfekfleengjeodf\2013.106.105.0_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_1\
CHR - Extension: Netflix = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh\1.0.0.2_0\
CHR - Extension: Dark Vibe = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj\1.1_0\
CHR - Extension: My Cloud Stations = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmdelmajagmmpamicifmigalocjomidc\1.22_0\
CHR - Extension: MailChimp = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe\1.1_0\
CHR - Extension: PicMonkey = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.5_0\
CHR - Extension: Google Analytics Opt-out Add-on (by Google) = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1_0\
CHR - Extension: Digital Clock = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo\1.11_0\
CHR - Extension: Click&Clean = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\
CHR - Extension: AdBlock = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: Content Blocker = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_1\
CHR - Extension: Keep My Opt-Outs = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: Tabs to the front! = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla\0.2.4_0\
CHR - Extension: Pixlr Express = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid\1.4_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Allow Right-Click = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo\1.3.2_0\
CHR - Extension: HD Pc Tv = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacofknpccgofhgmjlpcmeoofklcpbom\3.7.5_0\
CHR - Extension: Crackle = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
CHR - Extension: Meta-Tile Widget [ANTP] = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibhffciboaodhfapmcpckhbdpbjjppan\1.2.2_0\
CHR - Extension: World of Solitaire = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\
CHR - Extension: Digital Clock Widget [ANTP] = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikimcdcgajipgcoehakmgloecbaacmoj\1.1.3_0\
CHR - Extension: iPiccy Photo Editor = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh\1.1_0\
CHR - Extension: Virtual Keyboard = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_1\
CHR - Extension: Hulu = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgdoldfgnhlbijenhmmoajnmbgladlei\2.0.3_0\
CHR - Extension: Google Play = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0\
CHR - Extension: Blogger = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lejliakmhcfhakneflmicaoikhbicggc\1_0\
CHR - Extension: Drudge Report News Reader = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdflcgbpfkkkomlfkbfokkbcgofcamgl\1.0_0\
CHR - Extension: Awesome New Tab Pageâ„¢ = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2014.112.31_0\
CHR - Extension: FastestFox for Chrome = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\8.0.9_0\
CHR - Extension: F.B Purity-Clean Up Facebook = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl\9.8.0.10_0\
CHR - Extension: Google Wallet = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Amazon Deals Widget [ANTP] = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolglhjgpggnfpmeapcdnnnpmdijegma\1.1.7.2_0\
CHR - Extension: OneClick Cleaner App = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadiaahhieelhhffeofkdchgfpjehjok\0.9.1.1_0\
CHR - Extension: Picasa = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\
CHR - Extension: Fox News = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pamidlfalnpbkhdhbbepaibgehibgmna\2.4.4_0\
CHR - Extension: Click&Clean App = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.5_0\
CHR - Extension: Psykopaint = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Weather Underground = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
CHR - Extension: Gmail = C:\Users\MartiinCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\MartiinCo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MartiinCo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E296246-42D9-4A60-89AA-BFAA16F30998}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: DhcpNameServer = 192.168.0.1 208.67.220.220
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\qbpos - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll (Intuit Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{02db2941-a554-11e3-a624-f80f413ba11a}\Shell - "" = AutoRun
O33 - MountPoints2\{02db2941-a554-11e3-a624-f80f413ba11a}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{330d6453-79f5-11e2-999a-f80f413ba11a}\Shell - "" = AutoRun
O33 - MountPoints2\{330d6453-79f5-11e2-999a-f80f413ba11a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
O33 - MountPoints2\{330d6488-79f5-11e2-999a-f80f413ba11a}\Shell - "" = AutoRun
O33 - MountPoints2\{330d6488-79f5-11e2-999a-f80f413ba11a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
O33 - MountPoints2\{b7dd6549-0b77-11e3-815e-f80f413ba11a}\Shell - "" = AutoRun
O33 - MountPoints2\{b7dd6549-0b77-11e3-815e-f80f413ba11a}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\{b83db877-dd0a-11e2-840f-f80f413ba11a}\Shell - "" = AutoRun
O33 - MountPoints2\{b83db877-dd0a-11e2-840f-f80f413ba11a}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O33 - MountPoints2\{b9ecba8d-3d94-11e3-bc54-f80f413ba11a}\Shell - "" = AutoRun
O33 - MountPoints2\{b9ecba8d-3d94-11e3-bc54-f80f413ba11a}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O33 - MountPoints2\{da7db9f6-af9b-11e2-8a62-f80f413ba11a}\Shell - "" = AutoRun
O33 - MountPoints2\{da7db9f6-af9b-11e2-8a62-f80f413ba11a}\Shell\AutoRun\command - "" = E:\MI.exe
O33 - MountPoints2\{e70803a9-22ea-11e3-85ad-f80f413ba11a}\Shell - "" = AutoRun
O33 - MountPoints2\{e70803a9-22ea-11e3-85ad-f80f413ba11a}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\{eeff0e9a-c2fe-11e1-8099-f80f413ba11a}\Shell - "" = AutoRun
O33 - MountPoints2\{eeff0e9a-c2fe-11e1-8099-f80f413ba11a}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
O33 - MountPoints2\{ef85f98e-4b39-11e3-9e3c-f80f413ba11a}\Shell - "" = AutoRun
O33 - MountPoints2\{ef85f98e-4b39-11e3-9e3c-f80f413ba11a}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/08 15:45:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MartiinCo\Desktop\OTL.exe
[2014/04/08 09:27:05 | 000,000,000 | ---D | C] -- C:\Users\MartiinCo\Desktop\Recovered Email
[2014/04/07 10:19:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/04/07 09:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2014/04/03 13:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS
[2014/04/03 10:31:36 | 000,000,000 | ---D | C] -- C:\Users\MartiinCo\Desktop\RK_Quarantine
[2014/04/03 10:21:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\MartiinCo\Desktop\HijackThis.exe
[2014/04/02 18:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Whatinstartup
[2014/04/02 17:42:20 | 000,620,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014/04/02 17:42:20 | 000,112,224 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014/04/02 17:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2014/04/02 15:55:19 | 241,499,456 | ---- | C] (Kaspersky Lab) -- C:\Users\MartiinCo\Desktop\kav14.0.0.4651abEN_5098_Upg2013.exe
[2014/03/31 13:19:05 | 002,377,656 | ---- | C] (Copyright © 2013 eSupport.com • All Rights Reserved         ) -- C:\Users\MartiinCo\Desktop\undeleteplus_setup_a.exe
[2014/03/25 12:36:30 | 000,000,000 | ---D | C] -- C:\POS_Settings
[2014/03/25 12:36:12 | 000,000,000 | ---D | C] -- C:\Users\MartiinCo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Retail Plus POS ver. 3.0
[2014/03/25 12:36:00 | 000,000,000 | ---D | C] -- C:\Retail Plus 30
[2014/03/11 15:24:58 | 000,000,000 | ---D | C] -- C:\Users\MartiinCo\Desktop\windows
[2014/03/11 15:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2014/03/11 09:53:16 | 000,000,000 | ---D | C] -- C:\Users\MartiinCo\Desktop\1997 LandRover Discovery Manuals
[2014/03/10 16:44:31 | 000,000,000 | ---D | C] -- C:\Users\MartiinCo\Desktop\Coops
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/08 15:45:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MartiinCo\Desktop\OTL.exe
[2014/04/08 15:17:38 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/08 15:17:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/08 14:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/08 09:26:27 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/08 09:26:27 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/08 09:26:27 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/08 09:24:46 | 002,784,491 | ---- | M] () -- C:\Users\MartiinCo\Desktop\Thunderbird emails.zip
[2014/04/08 09:11:27 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/07 10:27:41 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/07 10:27:40 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/07 10:20:31 | 000,000,208 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/04/07 10:19:19 | 289,115,589 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/07 10:19:19 | 2214,092,800 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/07 09:11:40 | 000,001,667 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2014/04/03 13:44:46 | 000,008,022 | ---- | M] () -- C:\Users\MartiinCo\Desktop\easeus-data-recovery-wizard-professional-7.0-key.torrent
[2014/04/03 10:45:45 | 001,243,655 | ---- | M] () -- C:\Users\MartiinCo\Desktop\ProcessExplorer.zip
[2014/04/03 10:29:21 | 003,972,608 | ---- | M] () -- C:\Users\MartiinCo\Desktop\RogueKiller.exe
[2014/04/03 10:21:42 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\MartiinCo\Desktop\HijackThis.exe
[2014/04/02 18:56:58 | 000,001,477 | ---- | M] () -- C:\Users\MartiinCo\Desktop\WhatInStartup.lnk
[2014/04/02 18:54:47 | 000,074,867 | ---- | M] () -- C:\Users\MartiinCo\Desktop\whatinstartup-x64.zip
[2014/04/02 18:51:37 | 000,000,851 | ---- | M] () -- C:\Users\MartiinCo\Desktop\Install Kaspersky Anti-Virus version 14.0.0.4651.lnk
[2014/04/02 18:48:58 | 000,422,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/02 15:58:36 | 241,499,456 | ---- | M] (Kaspersky Lab) -- C:\Users\MartiinCo\Desktop\kav14.0.0.4651abEN_5098_Upg2013.exe
[2014/03/31 14:08:06 | 002,945,002 | ---- | M] () -- C:\Users\MartiinCo\Desktop\alfalfa.jpg
[2014/03/31 13:26:06 | 000,281,375 | ---- | M] () -- C:\Users\MartiinCo\Desktop\recorded judgement.jpg
[2014/03/31 13:19:06 | 002,377,656 | ---- | M] (Copyright © 2013 eSupport.com • All Rights Reserved         ) -- C:\Users\MartiinCo\Desktop\undeleteplus_setup_a.exe
[2014/03/28 15:15:21 | 000,031,532 | ---- | M] () -- C:\Users\MartiinCo\Desktop\GeorgeBush.jpg
[2014/03/27 15:27:33 | 000,372,247 | ---- | M] () -- C:\Users\MartiinCo\Desktop\release.pdf
[2014/03/27 15:25:19 | 001,405,385 | ---- | M] () -- C:\Users\MartiinCo\Desktop\release.jpg
[2014/03/25 12:36:13 | 000,001,491 | ---- | M] () -- C:\Users\MartiinCo\Desktop\Retail Plus 3.0.lnk
[2014/03/25 10:19:20 | 013,760,264 | ---- | M] () -- C:\Users\MartiinCo\Desktop\Retail30.exe
[2014/03/22 16:08:07 | 000,002,989 | ---- | M] () -- C:\Users\MartiinCo\Desktop\Equipment Parts Source, Aftermarket, Case, Backhoe, Crawler, Loader, Dozer, Tractor Case Power Shuttle Transmission.lnk
[2014/03/20 09:07:22 | 000,085,659 | ---- | M] () -- C:\Users\MartiinCo\Desktop\ngp-red-fir.jpg
[2014/03/18 10:24:48 | 000,002,119 | ---- | M] () -- C:\Users\MartiinCo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/03/14 12:24:25 | 000,002,821 | ---- | M] () -- C:\Users\MartiinCo\Desktop\Inbox - TDR Roundtable.lnk
[2014/03/14 12:05:30 | 001,280,061 | ---- | M] () -- C:\Users\MartiinCo\Desktop\PacBrake Install.PDF
[2014/03/13 15:16:35 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/13 15:16:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/11 15:21:51 | 000,042,181 | ---- | M] () -- C:\Users\MartiinCo\Desktop\hideme_8561516.zip
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/08 09:26:31 | 002,784,491 | ---- | C] () -- C:\Users\MartiinCo\Desktop\Thunderbird emails.zip
[2014/04/07 10:19:19 | 289,115,589 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/04/07 09:11:40 | 000,001,667 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2014/04/03 13:44:44 | 000,008,022 | ---- | C] () -- C:\Users\MartiinCo\Desktop\easeus-data-recovery-wizard-professional-7.0-key.torrent
[2014/04/03 10:45:50 | 001,243,655 | ---- | C] () -- C:\Users\MartiinCo\Desktop\ProcessExplorer.zip
[2014/04/03 10:29:16 | 003,972,608 | ---- | C] () -- C:\Users\MartiinCo\Desktop\RogueKiller.exe
[2014/04/02 18:56:26 | 000,001,477 | ---- | C] () -- C:\Users\MartiinCo\Desktop\WhatInStartup.lnk
[2014/04/02 18:54:46 | 000,074,867 | ---- | C] () -- C:\Users\MartiinCo\Desktop\whatinstartup-x64.zip
[2014/04/02 17:43:34 | 000,000,851 | ---- | C] () -- C:\Users\MartiinCo\Desktop\Install Kaspersky Anti-Virus version 14.0.0.4651.lnk
[2014/03/31 14:08:01 | 002,945,002 | ---- | C] () -- C:\Users\MartiinCo\Desktop\alfalfa.jpg
[2014/03/31 13:26:02 | 000,281,375 | ---- | C] () -- C:\Users\MartiinCo\Desktop\recorded judgement.jpg
[2014/03/28 15:15:07 | 000,031,532 | ---- | C] () -- C:\Users\MartiinCo\Desktop\GeorgeBush.jpg
[2014/03/27 15:27:33 | 000,372,247 | ---- | C] () -- C:\Users\MartiinCo\Desktop\release.pdf
[2014/03/27 15:25:12 | 001,405,385 | ---- | C] () -- C:\Users\MartiinCo\Desktop\release.jpg
[2014/03/25 12:36:13 | 000,001,491 | ---- | C] () -- C:\Users\MartiinCo\Desktop\Retail Plus 3.0.lnk
[2014/03/25 10:14:12 | 013,760,264 | ---- | C] () -- C:\Users\MartiinCo\Desktop\Retail30.exe
[2014/03/22 16:08:07 | 000,002,989 | ---- | C] () -- C:\Users\MartiinCo\Desktop\Equipment Parts Source, Aftermarket, Case, Backhoe, Crawler, Loader, Dozer, Tractor Case Power Shuttle Transmission.lnk
[2014/03/20 09:07:19 | 000,085,659 | ---- | C] () -- C:\Users\MartiinCo\Desktop\ngp-red-fir.jpg
[2014/03/14 12:24:25 | 000,002,821 | ---- | C] () -- C:\Users\MartiinCo\Desktop\Inbox - TDR Roundtable.lnk
[2014/03/14 12:05:24 | 001,280,061 | ---- | C] () -- C:\Users\MartiinCo\Desktop\PacBrake Install.PDF
[2014/03/11 15:21:50 | 000,042,181 | ---- | C] () -- C:\Users\MartiinCo\Desktop\hideme_8561516.zip
[2013/06/24 16:04:32 | 000,000,810 | ---- | C] () -- C:\Windows\wininit.ini
[2013/01/05 14:59:34 | 000,000,001 | ---- | C] () -- C:\Users\MartiinCo\AppData\Local\llftool.4.25.agreement
[2012/10/27 10:22:06 | 000,002,108 | ---- | C] () -- C:\Users\MartiinCo\AppData\Local\recently-used.xbel
[2012/10/23 14:33:29 | 000,131,556 | ---- | C] () -- C:\Users\MartiinCo\AppData\Roaming\VideoPad.dmp
[2012/06/30 15:54:36 | 000,017,408 | ---- | C] () -- C:\Users\MartiinCo\AppData\Local\WebpageIcons.db
[2012/05/08 18:32:11 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/14 18:21:05 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


Edited by Essexboy, 09 April 2014 - 06:29 AM.

  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!
If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Please change your passwords to all your e-mail accounts and also all passwords on accounts you registered using that e-mail. Refer to this Microsoft article Strong passwords: How to create and use them.

NEXT...
  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    aswMBR1.png
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    aswMBR2.png
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that. Please attach it here.
How to add an attachment to a new topic or reply

Please post also these logs: Extras.txt and log from RogueKiller (they should be on Desktop).
  • 0

#3
vermy

vermy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here it is.  Thank you for the warm welcome and the help.  I really appreciate it.   :geek:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-09 12:40:27
-----------------------------
12:40:27.835 OS Version: Windows x64 6.1.7601 Service Pack 1
12:40:27.835 Number of processors: 2 586 0x603
12:40:27.837 ComputerName: MARTIINCO-PC UserName: MartiinCo
12:40:32.372 Initialize success
12:40:43.202 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
12:40:43.208 Disk 0 Vendor: WDC_WD10 77.0 Size: 953869MB BusType: 3
12:40:43.351 Disk 0 MBR read successfully
12:40:43.356 Disk 0 MBR scan
12:40:43.363 Disk 0 unknown MBR code
12:40:43.370 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20000 MB offset 2048
12:40:43.388 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 40962048
12:40:43.405 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 933767 MB offset 41166848
12:40:43.431 Disk 0 scanning C:\Windows\system32\drivers
12:40:49.475 Service scanning
12:40:54.085 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
12:40:54.187 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
12:40:54.230 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
12:40:54.259 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
12:40:54.309 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
12:40:54.386 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
12:41:02.386 Modules scanning
12:41:02.403 Disk 0 trace - called modules:
12:41:02.428 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
12:41:02.436 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003329060]
12:41:02.444 3 CLASSPNP.SYS[fffff880020be43f] -> nt!IofCallDriver -> [0xfffffa800301be40]
12:41:02.452 5 ACPI.sys[fffff88000fb27a1] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa80030417e0]
12:41:02.460 Scan finished successfully
13:18:43.980 Disk 0 MBR has been saved successfully to "C:\Users\MartiinCo\Desktop\MBR.dat"
13:18:43.985 The log file has been saved successfully to "C:\Users\MartiinCo\Desktop\aswMBR.txt"

Attached Files


Edited by Render, 09 April 2014 - 02:45 PM.

  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

Hi,

Did you change a password on e-mail account in question?

Also post Extras.txt log. It should be somewhere on your Desktop. If it's not there, do the following:
 

OTL Extras Scan     

  • Double click on the otlDesktopIcon.png icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on None button at the top.
  • Under the Extra Registry section, check Use SafeList
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of Extras.txt and post it.

 


  • 0

#5
vermy

vermy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Yes I did change the password, but just now...  Here is the Extras.txt contents:

 

OTL Extras logfile created on: 4/9/2014 4:39:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MartiinCo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 51.41% Memory free
5.50 Gb Paging File | 2.39 Gb Available in Paging File | 43.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.88 Gb Total Space | 837.18 Gb Free Space | 91.81% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: MARTIINCO-PC | User Name: MartiinCo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{303AD9D1-2DD2-4F82-8408-2FA25869DEF4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{3C0A13F8-D6D8-495A-9984-E7A198F89CF7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7036E5A0-FF07-43F4-B825-ABA40736DFD5}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe | 
"{C1E51A38-12BD-4529-8FF6-5249090B2C9E}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe | 
"{CC5244BD-3F5D-45C0-AEA2-B0395CC29336}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F1F3248-5063-4794-9C06-C1D8D3EE1BDB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\return to castle wolfenstein\wolfsp.exe | 
"{21A1D14A-2685-4D75-9626-038A7661242A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wolfenstein 3d\base\dosbox.exe | 
"{27422EAF-3D3A-4C67-B6A6-3A02E7ED0E17}" = protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks point of sale 10.0\databaseserver\qbposdbservice.exe | 
"{37215D2F-9C86-42C9-A52C-F45FF65CA11D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3BFFC7EE-528E-4666-81CF-5731FB15606A}" = protocol=6 | dir=in | app=c:\program files\newsbin\newsbinpro64.exe | 
"{42A1AA14-075A-4B29-BAEB-CF10AEAE0CEB}" = protocol=6 | dir=in | app=c:\users\martiinco\appdata\roaming\utorrent\utorrent.exe | 
"{433A640D-54E6-4BC2-A6B5-66FECCAD30B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\return to castle wolfenstein\wolfsp.exe | 
"{49EB8F7D-F68E-4B24-9D6F-7290A7D0FEFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{4B7B2274-587D-43BE-A125-C425DAA49532}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{51E6858F-1CAE-432C-917F-9F3338F527A4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wolfenstein 3d\base\dosbox.exe | 
"{6183482D-5929-45E0-B1C0-4CC0FAA5F4B3}" = protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks point of sale 10.0\databaseserver\qbdbmgrn10.exe | 
"{627833F2-423B-48D5-964E-12D316C0026D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spear of destiny\base\dosbox.exe | 
"{69209A93-61BA-44A1-AF92-38F074C09A15}" = protocol=17 | dir=in | app=c:\program files\newsbin\newsbinpro64.exe | 
"{846AB397-F548-4A1D-9352-2B4B216B3329}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe | 
"{8D86CE6E-D9B7-4BB1-87FA-76AB9E61D10E}" = protocol=17 | dir=in | app=c:\users\martiinco\appdata\roaming\utorrent\utorrent.exe | 
"{94511018-4287-477B-87BF-2061F81C5428}" = protocol=17 | dir=in | app=c:\program files (x86)\intuit\quickbooks point of sale 10.0\databaseserver\qbdbmgrn10.exe | 
"{9B57B431-A92B-43E8-AA45-EC3527AF203E}" = protocol=17 | dir=in | app=c:\users\martiinco\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A0CB7A09-A57D-41B4-9817-8A6A896CA6A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spear of destiny\base\dosbox.exe | 
"{B1F3E8E7-70D6-4BDA-9506-DA73C208AA2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spear of destiny\base\dosbox.exe | 
"{B376E23F-D2DB-47B2-AF78-5648C8056DED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spear of destiny\base\dosbox.exe | 
"{BDAED9AE-6CD9-4D9B-9DD0-0B397B1ECD9B}" = protocol=17 | dir=in | app=c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2012\starter.exe | 
"{BDE3E1BA-1203-41A8-9E41-6185008846E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\return to castle wolfenstein\wolfmp.exe | 
"{BFBD52CD-C82A-4E88-BD05-A57EDE935139}" = protocol=6 | dir=in | app=c:\users\martiinco\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C4A36EF8-337F-4A00-B59E-ADD1A5352C04}" = protocol=6 | dir=in | app=c:\program files (x86)\kaspersky lab\kaspersky anti-virus 2012\starter.exe | 
"{D0A83EAB-07F9-42BA-A68F-C09BD0AC8D1F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spear of destiny\base\dosbox.exe | 
"{D29BFE51-768B-48B8-8B43-F734A7BBC3BB}" = protocol=6 | dir=out | app=c:\program files\newsbin\newsbinpro64.exe | 
"{D3BF624A-1DAC-47A5-A9FB-02BAE982F879}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spear of destiny\base\dosbox.exe | 
"{DA64FDB1-C2ED-4C0D-86EB-41AA57B55A42}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F0A8ADD3-49D4-4D14-A4BF-DD3D857E349C}" = protocol=17 | dir=in | app=c:\program files (x86)\intuit\quickbooks point of sale 10.0\databaseserver\qbdbmgr10.exe | 
"{FE4D8B37-8DD4-4CCE-8545-34EA6E53A405}" = protocol=6 | dir=in | app=c:\program files (x86)\intuit\quickbooks point of sale 10.0\databaseserver\qbdbmgr10.exe | 
"TCP Query User{0EA1AC0B-96A0-4F6A-A772-57C44D44DC7F}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe | 
"TCP Query User{308634E0-DCF4-4563-8045-86D92B27519E}C:\users\martiinco\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\martiinco\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{1B332645-B15A-417E-992E-C13E57B8D78E}C:\users\martiinco\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\martiinco\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{C509581E-A945-4B43-9D6D-FC8139A4EDCB}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617CA6E9-D5FB-4017-8130-82E68C56C34D}" = Image Resizer for Windows (64 bit)
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DCA0803-0890-4631-94BA-17DE31C49C40}" = Microsoft Camera Codec Pack
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.74
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.74
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C5A22A98-AC82-4404-BFB0-1E9F654EB176}" = Motorola Mobile Drivers Installation 6.0.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Newsbin6" = Newsbin Pro
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 51
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{69d72156-6582-4556-8637-06f40aa7f85b}" = Image Resizer for Windows
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{954146E0-49FF-4039-AF58-2257506C7D45}" = ZoneAlarm Firewall
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B769E2BD-8A06-4B03-9496-5B991025A2C6}" = ZoneAlarm Security
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{DEAD13D3-BC70-4AAE-AEF9-BE6297E106D1}" = Motorola Device Software Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Audacity_is1" = Audacity 2.0.3
"Dell Laser MFP 1815" = Dell Laser MFP 1815 Software Uninstall
"DuckCapture_is1" = DuckCapture Standard 2.7
"Easy Email Extractor_is1" = Easy Email Extractor v1.1
"Google Chrome" = Google Chrome
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"LAME_is1" = LAME v3.99.3 (for Windows)
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"Mozilla Thunderbird 24.4.0 (x86 en-US)" = Mozilla Thunderbird 24.4.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam" = Steam
"Steam App 216250" = Dead Island Riptide
"Steam App 2270" = Wolfenstein 3D
"Steam App 9000" = Wolfenstein 3D: Spear of Destiny
"Steam App 9010" = Return to Castle Wolfenstein
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar 
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Retail Plus POS ver. 3.0" = Retail Plus POS ver. 3.0
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/4/2013 3:51:51 PM | Computer Name = MartiinCo-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 11/4/2013 3:51:51 PM | Computer Name = MartiinCo-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 11/4/2013 3:51:51 PM | Computer Name = MartiinCo-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 11/7/2013 7:29:01 PM | Computer Name = MartiinCo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/7/2013 9:02:02 PM | Computer Name = MartiinCo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/11/2013 1:09:15 PM | Computer Name = MartiinCo-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 11/11/2013 1:09:15 PM | Computer Name = MartiinCo-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 11/11/2013 1:09:15 PM | Computer Name = MartiinCo-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 11/11/2013 1:09:15 PM | Computer Name = MartiinCo-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 11/11/2013 9:31:54 PM | Computer Name = MartiinCo-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 12/2/2012 6:39:56 AM | Computer Name = MartiinCo-PC | Source = MCUpdate | ID = 0
Description = 2:39:54 AM - Error connecting to the internet.  2:39:54 AM -     Unable
 to contact server..  
 
Error - 12/2/2012 7:40:35 AM | Computer Name = MartiinCo-PC | Source = MCUpdate | ID = 0
Description = 3:40:34 AM - Error connecting to the internet.  3:40:34 AM -     Unable
 to contact server..  
 
Error - 12/2/2012 8:45:00 AM | Computer Name = MartiinCo-PC | Source = MCUpdate | ID = 0
Description = 4:44:59 AM - Error connecting to the internet.  4:44:59 AM -     Unable
 to contact server..  
 
Error - 12/4/2012 6:24:36 AM | Computer Name = MartiinCo-PC | Source = MCUpdate | ID = 0
Description = 2:24:34 AM - Error connecting to the internet.  2:24:34 AM -     Unable
 to contact server..  
 
Error - 11/21/2013 6:57:00 PM | Computer Name = MartiinCo-PC | Source = MCUpdate | ID = 0
Description = 2:57:00 PM - Failed to retrieve Directory (Error: The remote name 
could not be resolved: 'data.tvdownload.microsoft.com')  
 
Error - 11/21/2013 6:57:02 PM | Computer Name = MartiinCo-PC | Source = MCUpdate | ID = 0
Description = 2:57:02 PM - Failed to retrieve NetTV (Error: The remote name could
 not be resolved: 'data.tvdownload.microsoft.com')  
 
Error - 11/21/2013 6:57:03 PM | Computer Name = MartiinCo-PC | Source = MCUpdate | ID = 0
Description = 2:57:03 PM - Failed to retrieve MCEClientUX (Error: The remote name
 could not be resolved: 'data.tvdownload.microsoft.com')  
 
Error - 11/21/2013 6:57:15 PM | Computer Name = MartiinCo-PC | Source = MCUpdate | ID = 0
Description = 2:57:13 PM - Failed to retrieve SportsSchedule (Error: The remote 
name could not be resolved: 'data.tvdownload.microsoft.com')  
 
Error - 11/21/2013 6:57:16 PM | Computer Name = MartiinCo-PC | Source = MCUpdate | ID = 0
Description = 2:57:16 PM - Failed to retrieve SportsV2 (Error: The remote name could
 not be resolved: 'data.tvdownload.microsoft.com')  
 
Error - 11/21/2013 6:57:25 PM | Computer Name = MartiinCo-PC | Source = MCUpdate | ID = 0
Description = 2:57:17 PM - Failed to retrieve Broadband (Error: The remote name 
could not be resolved: 'data.tvdownload.microsoft.com')  
 
[ System Events ]
Error - 4/27/2013 8:40:21 PM | Computer Name = MartiinCo-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 5/1/2013 12:07:56 PM | Computer Name = MartiinCo-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the lmhosts service.
 
Error - 5/16/2013 8:09:10 PM | Computer Name = MartiinCo-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%2
 
Error - 5/16/2013 8:09:42 PM | Computer Name = MartiinCo-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
 Client Service service to connect.
 
Error - 5/16/2013 8:09:42 PM | Computer Name = MartiinCo-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
 error:   %%1053
 
Error - 5/16/2013 8:11:42 PM | Computer Name = MartiinCo-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 5/16/2013 8:11:42 PM | Computer Name = MartiinCo-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 5/16/2013 8:16:09 PM | Computer Name = MartiinCo-PC | Source = Service Control Manager | ID = 7030
Description = The PST Service service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 5/21/2013 7:02:20 PM | Computer Name = MartiinCo-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 5/22/2013 11:58:31 AM | Computer Name = MartiinCo-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Netman service.
 
 
< End of report >

  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

Hi,

 

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

Please either uninstall, or do not use uTorrent while we are working to clean your computer as P2P programs are known to bring malware to computer.

Also avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications.
As free alternative for MS Office I recommend you to use Libre Office.

NEXT...

Please download ComboFix from one of the following locations to your Desktop:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.

  • Double click on ComboFix.exe and follow the prompts.
  • Accept the disclaimer and allow to update if it asks.


NSIS_disclaimer_ENG.png

NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.


Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


  • 0

#7
vermy

vermy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Utorrent uninstalled before the combofix scan.

 

ComboFix 14-04-09.02 - MartiinCo 04/10/2014   8:19.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2815.1181 [GMT -7:00]
Running from: c:\users\MartiinCo\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-10 to 2014-04-10  )))))))))))))))))))))))))))))))
.
.
2014-04-10 15:27 . 2014-04-10 15:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-10 15:27 . 2014-04-10 15:27 -------- d-----w- c:\users\QBPOSDBSrvUser\AppData\Local\temp
2014-04-10 15:27 . 2014-04-10 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-07 16:11 . 2014-04-07 18:04 -------- d-----w- c:\program files\Recuva
2014-04-03 20:04 . 2014-04-03 20:04 -------- d-----w- c:\program files (x86)\EaseUS
2014-04-03 01:55 . 2014-04-03 01:57 -------- d-----w- c:\program files\Whatinstartup
2014-04-03 00:42 . 2014-01-22 00:18 620640 ------w- c:\windows\system32\drivers\klif.sys
2014-04-03 00:42 . 2013-06-09 03:18 112224 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-04-03 00:37 . 2014-04-03 00:46 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2014-03-25 19:36 . 2014-03-25 19:36 -------- d-----w- C:\POS_Settings
2014-03-25 19:36 . 2014-03-25 19:38 -------- d-----w- C:\Retail Plus 30
2014-03-20 23:25 . 2014-04-08 16:56 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F82ACCD4-5F53-4A3F-B825-5E0EE3CD5C80}\offreg.dll
2014-03-11 22:17 . 2014-03-18 15:05 -------- d-----w- c:\program files\OpenVPN
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-13 22:16 . 2012-04-02 01:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-13 22:16 . 2012-04-02 01:11 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\MartiinCo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\MartiinCo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\MartiinCo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-02-25 1821888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2013-10-10 356128]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-26 73832]
.
c:\users\MartiinCo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\MartiinCo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 C771BUS;CASIO C771 USB Composite Device Driver;c:\windows\system32\DRIVERS\C771BUS.sys;c:\windows\SYSNATIVE\DRIVERS\C771BUS.sys [x]
R3 C771VSP;CASIO C771 USB Virtual Serial Port;c:\windows\system32\DRIVERS\C771VSP.sys;c:\windows\SYSNATIVE\DRIVERS\C771VSP.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 15:56 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:16]
.
2014-04-07 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-04-01 22:55]
.
2014-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 20:16]
.
2014-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03 20:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\MartiinCo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\MartiinCo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\MartiinCo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\MartiinCo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=en&gu=48f6df1741384f018b1f733981d7efa0&tu=10G9y00BU2C01g0&sku=&tstsId=&ver=&
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://emachines.msn.com
mStart Page = hxxp://emachines.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 208.67.220.220
FF - ProfilePath - c:\users\MartiinCo\AppData\Roaming\Mozilla\Firefox\Profiles\avhqylvi.default\
FF - prefs.js: browser.search.selectedEngine - Google US (en)
FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=en&gu=48f6df1741384f018b1f733981d7efa0&tu=10G9y00BU2C01g0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.hpOld0 - about:newtab
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=goughGA&Lan={dfltLng}&gu=48f6df1741384f018b1f733981d7efa0&tu=10G9y00BU2C01g0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - bc23e160000000000000f80f413ba11a
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16052
FF - user.js: extensions.zonealarm.vrsn - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsni - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.22.09:23
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughGA
FF - user.js: extensions.zonealarm.instlRef - ZLN120997796929597-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=en&gu=48f6df1741384f018b1f733981d7efa0&tu=10G9y00BU2C01g0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=en&gu=48f6df1741384f018b1f733981d7efa0&tu=10G9y00BU2C01g0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=goughGA&Lan=en&gu=48f6df1741384f018b1f733981d7efa0&tu=10G9y00BU2C01g0&sku=&tstsId=&ver=&
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-10  08:31:18
ComboFix-quarantined-files.txt  2014-04-10 15:31
.
Pre-Run: 898,012,930,048 bytes free
Post-Run: 898,068,803,584 bytes free
.
- - End Of File - - 382D55B81B4831B5C13EAAF47F8D9467
70E629B51C16B3C007730C6AE57144C9
 

  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

Looks good so far.

 

What are you going to do with MS Office apps as it seems from logs they're not licensed?

 

Please proceed with these:

 

Please download Malwarebytes Anti-Malwareto your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop.
Post that log.

NEXT...

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean".
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 


  • 0

#9
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP