Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ridiculous amount of adware spyware malware all of the above, gamer so


  • This topic is locked This topic is locked

#1
valgalvez

valgalvez

    Member

  • Member
  • PipPip
  • 32 posts
I have a Dell Inspiron ONE2205 which my son has taken over with his games and what not, it's virtually impossible to go on the internet or use it for anything other than playing League of Legends. To browse the internet or even search files it is ridiculously slow, all the browsers have some kind of adware and toolbars on them, and constant popups..please help. OTL log below:

OTL logfile created on: 12/29/2013 4:20:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\The Boss Family\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 37.07% Memory free
7.49 Gb Paging File | 4.25 Gb Available in Paging File | 56.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 115.94 Gb Free Space | 25.70% Space Free | Partition Type: NTFS
Drive D: | 3.61 Gb Total Space | 0.24 Gb Free Space | 6.55% Space Free | Partition Type: FAT32

Computer Name: THEBOSSFAMILY | User Name: The Boss Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/29 16:19:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\The Boss Family\Downloads\OTL.exe
PRC - [2013/12/07 00:22:51 | 000,499,856 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\WPM\wprotectmanager.exe
PRC - [2013/11/29 16:20:48 | 003,806,544 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/11/14 09:32:24 | 000,664,344 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/10/01 04:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/08/15 06:45:56 | 000,051,992 | ---- | M] (cake bake) -- C:\Program Files (x86)\Betcat\WBDesktop.Updater.1.0.0.16.exe
PRC - [2013/07/01 11:28:16 | 000,196,896 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriUp.exe
PRC - [2013/07/01 11:28:16 | 000,119,072 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe
PRC - [2013/07/01 11:28:14 | 000,022,304 | ---- | M] (sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe
PRC - [2013/07/01 11:28:12 | 003,623,200 | ---- | M] (Sendori) -- C:\Program Files (x86)\Sendori\sndappv2.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\The Boss Family\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/04/01 18:15:43 | 003,907,888 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe
PRC - [2013/01/30 19:26:30 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbarsvc.exe
PRC - [2013/01/30 18:42:20 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\RobotBoom_60\bar\1.bin\60barsvc.exe
PRC - [2012/11/29 20:33:06 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/10/27 15:11:03 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/10/27 15:10:54 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/01 10:42:27 | 000,042,528 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbarsvc.exe
PRC - [2012/04/03 21:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/30 10:29:22 | 001,719,144 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
PRC - [2011/05/30 10:29:20 | 002,055,816 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
PRC - [2011/04/23 22:17:26 | 001,994,936 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2011/04/23 22:17:26 | 000,098,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2011/04/23 22:17:08 | 002,412,728 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2011/04/13 07:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/11/20 19:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2010/11/17 07:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/16 19:08:00 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/03 18:48:04 | 000,399,312 | ---- | M] () -- C:\Users\The Boss Family\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 18:48:03 | 013,586,896 | ---- | M] () -- C:\Users\The Boss Family\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 18:48:02 | 004,055,504 | ---- | M] () -- C:\Users\The Boss Family\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 18:47:11 | 000,702,416 | ---- | M] () -- C:\Users\The Boss Family\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 18:47:11 | 000,099,792 | ---- | M] () -- C:\Users\The Boss Family\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 18:47:08 | 001,619,408 | ---- | M] () -- C:\Users\The Boss Family\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/10/10 04:24:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 04:24:31 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/12 02:25:46 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/08/14 11:37:19 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll
MOD - [2013/08/14 11:36:33 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 11:36:16 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 11:36:12 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/06 09:43:10 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2013/07/10 02:45:29 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/11 16:47:24 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2013/06/11 16:47:23 | 000,145,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013/06/11 16:46:10 | 000,153,432 | ---- | M] () -- C:\Users\The Boss Family\AppData\Local\TopArcadeHits\Toparcadehits.dll
MOD - [2013/05/09 06:05:46 | 000,136,472 | ---- | M] () -- C:\Users\The Boss Family\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll
MOD - [2013/05/09 06:05:46 | 000,092,440 | ---- | M] () -- C:\Users\The Boss Family\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll
MOD - [2011/05/30 10:29:22 | 001,719,144 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
MOD - [2011/05/30 10:29:20 | 002,055,816 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
MOD - [2011/05/30 10:25:32 | 007,938,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
MOD - [2011/05/30 10:25:32 | 002,225,664 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
MOD - [2011/04/23 22:18:10 | 000,100,208 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2011/04/23 22:17:32 | 000,062,136 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2011/04/23 22:16:44 | 000,250,552 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2010/11/24 19:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 07:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/08 10:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/11/25 13:59:16 | 000,007,168 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Dell\OSD\DellOSDservice.exe -- (DellOSDservice)
SRV:64bit: - [2010/09/22 04:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/01 22:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2013/12/11 11:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/10 23:45:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/07 00:22:51 | 000,499,856 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\WPM\wprotectmanager.exe -- (Wpm)
SRV - [2013/11/29 16:20:42 | 002,210,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/10/11 11:51:18 | 000,377,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/01 04:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/19 14:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/15 06:45:56 | 000,051,992 | ---- | M] (cake bake) [Auto | Running] -- C:\Program Files (x86)\Betcat\WBDesktop.Updater.1.0.0.16.exe -- (WebCake Desktop Updater)
SRV - [2013/07/01 11:28:16 | 000,119,072 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
SRV - [2013/07/01 11:28:14 | 000,022,304 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
SRV - [2013/07/01 11:28:12 | 003,623,200 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/04/23 07:48:26 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013/04/13 12:20:40 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/04/01 18:15:43 | 003,907,888 | ---- | M] (MediaMall Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2013/03/14 11:56:00 | 005,034,152 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/01/30 19:26:30 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbarsvc.exe -- (GamingWonderlandService)
SRV - [2013/01/30 18:42:20 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\RobotBoom_60\bar\1.bin\60barsvc.exe -- (RobotBoom_60Service)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/10/27 15:11:03 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/10/27 15:10:54 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/01 10:42:27 | 000,042,528 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbarsvc.exe -- (Zwinky_5qService)
SRV - [2012/04/03 21:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/23 22:17:08 | 002,412,728 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/11/25 02:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 02:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/25 17:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/05/30 08:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2013/05/02 22:18:52 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\My Dell\pcdsrvc_x64.pkms -- (PCDSRVC{D3412D80-CF3B4A27-06020200}_0)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/29 17:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/01/29 17:15:04 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/01/03 00:17:38 | 000,079,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2013/01/03 00:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/03 00:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/01/03 00:17:38 | 000,015,752 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2012/11/26 17:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/11/02 02:46:36 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/01/20 08:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/22 05:22:42 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/22 04:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/14 15:17:58 | 000,033,792 | ---- | M] (Nuvoton Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuviocir_win7_x64.sys -- (nuviocir)
DRV:64bit: - [2010/06/23 01:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/06 16:57:08 | 000,073,784 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/04/06 16:57:08 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/03/19 00:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/09 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/02/01 22:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/01 22:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/01 22:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/24 19:28:52 | 000,036,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/09/24 16:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV - [2013/06/07 16:04:53 | 000,089,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\AeriaGames\EdenEternal\avital\ussjcs64.sys -- (usj)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/11/01 05:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoo...5W2XXXXZ2A8C5W2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoo...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoo...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoo...5W2XXXXZ2A8C5W2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.nationzoo...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{94B5FF46-7B2C-4963-867C-8EA31359E643}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoo...5W2XXXXZ2A8C5W2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoo...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoo...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoo...5W2XXXXZ2A8C5W2
IE - HKLM\..\URLSearchHook: {587d8d3d-079b-49d0-b54d-dd2a9911fffb} - C:\Program Files (x86)\MixiDJ_V36\prxtbMix2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.nationzoo...q={searchTerms}
IE - HKLM\..\SearchScopes\{94B5FF46-7B2C-4963-867C-8EA31359E643}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoo...5W2XXXXZ2A8C5W2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...Date=11/06/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=11/06/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.53searchengines.com/?op [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchr...om/?c=9001&t=03
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...Date=11/06/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...Date=11/06/2013
IE - HKCU\..\URLSearchHook: {a8625cb7-85fe-4936-92a4-b2a7c925209e} - No CLSID value found
IE - HKCU\..\URLSearchHook: {e5432fba-1139-40d2-9607-7f4294470559} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {21D200EA-BE5D-4C81-A499-3741135FE1CC}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=11/06/2013
IE - HKCU\..\SearchScopes\{21D200EA-BE5D-4C81-A499-3741135FE1CC}: "URL" = http://search.condui...3122775798&UM=2
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.nationzoo...q={searchTerms}
IE - HKCU\..\SearchScopes\{7A5CF7FA-ACC6-488B-B91A-20EEC7E62A9E}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js - File not found


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@GamingWonderland.com/Plugin: C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\The Boss Family\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@RobotBoom_60.com/Plugin: C:\Program Files (x86)\RobotBoom_60\bar\1.bin\NP60Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@Zwinky_5q.com/Plugin: C:\Program Files (x86)\Zwinky_5q\bar\1.bin\NP5qStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\The Boss Family\AppData\Local\Roblox\Versions\version-c5357fcf5b544474\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\The Boss Family\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\The Boss Family\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\The Boss Family\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\The Boss Family\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\The Boss Family\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\The Boss Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2012/02/04 12:36:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_5q.com: C:\Program Files (x86)\Zwinky_5q\bar\1.bin [2012/09/26 17:39:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/14 18:33:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_60.com: C:\Program Files (x86)\RobotBoom_60\bar\1.bin [2013/01/30 18:42:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/14 18:33:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\GamingWonderland\bar\1.bin [2013/01/30 19:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\RelevantKnowledge\firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/08/06 21:17:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/13 12:20:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/13 12:20:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/02 23:27:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Extensions
[2013/11/27 22:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\eerygphz.default\extensions
[2012/07/01 10:42:32 | 000,000,000 | ---D | M] (Zwinky) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\eerygphz.default\extensions\[email protected]_5q.com
[2013/01/30 18:42:26 | 000,000,000 | ---D | M] (Robot Boom) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\eerygphz.default\extensions\[email protected]_60.com
[2013/01/30 19:26:35 | 000,000,000 | ---D | M] (GamingWonderland) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\eerygphz.default\extensions\[email protected]
[2013/12/28 11:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\eerygphz.default\extensions\staged
[2013/12/28 11:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\hkfwdbq1.default\extensions
[2013/06/11 16:46:11 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\hkfwdbq1.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
[2013/06/11 16:44:14 | 000,000,000 | ---D | M] (MixiDJ V36) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\hkfwdbq1.default\extensions\{587d8d3d-079b-49d0-b54d-dd2a9911fffb}
[2013/06/25 13:32:33 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\hkfwdbq1.default\extensions\{9ee505b9-78f6-45e9-9745-57cbade91206}
[2013/01/30 18:42:14 | 000,000,000 | ---D | M] (Robot Boom) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\hkfwdbq1.default\extensions\[email protected]_60.com
[2013/01/30 19:26:25 | 000,000,000 | ---D | M] (GamingWonderland) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\hkfwdbq1.default\extensions\[email protected]
[2013/04/13 12:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/13 12:20:40 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 09:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/12/07 00:21:37 | 000,000,561 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml
[2013/02/28 19:35:18 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\The Boss Family\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\The Boss Family\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\The Boss Family\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\The Boss Family\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\The Boss Family\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\The Boss Family\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\RobotBoom_60\bar\1.bin\NP60Stub.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\Zwinky_5q\bar\1.bin\NP5qStub.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\The Boss Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\The Boss Family\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\The Boss Family\AppData\Local\Roblox\Versions\version-ccfce68b6145482d\\NPRobloxProxy.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: No name found = C:\Users\The Boss Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\
CHR - Extension: Logitech SetPoint = C:\Users\The Boss Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\
CHR - Extension: FoxyProxy Standard = C:\Users\The Boss Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp\2.9_0\
CHR - Extension: RealDownloader = C:\Users\The Boss Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Lightning Newtab = C:\Users\The Boss Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.8.4_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\The Boss Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0\
CHR - Extension: Google Wallet = C:\Users\The Boss Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (MixiDJ V36 Toolbar) - {587d8d3d-079b-49d0-b54d-dd2a9911fffb} - C:\Program Files (x86)\MixiDJ_V36\prxtbMix2.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Assistant BHO) - {702bc894-bcc3-4eed-b144-68f8e6084cd4} - C:\Program Files (x86)\RobotBoom_60\bar\1.bin\60SrcAs.dll (MindSpark)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Toolbar BHO) - {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll (MindSpark)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\The Boss Family\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
O2 - BHO: (Search Assistant BHO) - {ab5d199e-9659-47a2-930b-fc3b69061353} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll (MindSpark)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Toolbar BHO) - {c12d1a32-d0ce-4073-8386-fe9489455898} - C:\Program Files (x86)\RobotBoom_60\bar\1.bin\60bar.dll (MindSpark)
O2 - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Zwinky) - {3033124f-06bf-4829-873a-310a125b4d4c} - C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbar.dll File not found
O3 - HKLM\..\Toolbar: (MixiDJ V36 Toolbar) - {587d8d3d-079b-49d0-b54d-dd2a9911fffb} - C:\Program Files (x86)\MixiDJ_V36\prxtbMix2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (GamingWonderland) - {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Robot Boom) - {bb3f7563-e9a4-43bc-9a7c-94a642dd1ffa} - C:\Program Files (x86)\RobotBoom_60\bar\1.bin\60bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MixiDJ V36 Toolbar) - {587D8D3D-079B-49D0-B54D-DD2A9911FFFB} - C:\Program Files (x86)\MixiDJ_V36\prxtbMix2.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP6366] c:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StickyNotesWidget] c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\The Boss Family\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [BackgroundContainer] C:\Users\The Boss Family\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} https://us.shop.popc...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45BB4804-72FB-4B77-B9EF-468341B6FE45}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4844AE1C-1FC7-49DD-8790-88ABC9201436}: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4844AE1C-1FC7-49DD-8790-88ABC9201436}: NameServer = 68.190.192.35,71.9.127.107,24.205.224.36
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{69bcb4c9-33f1-11e3-8faa-18037312855a}\Shell - "" = AutoRun
O33 - MountPoints2\{69bcb4c9-33f1-11e3-8faa-18037312855a}\Shell\AutoRun\command - "" = D:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/29 16:12:01 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/12/29 14:24:39 | 000,000,000 | ---D | C] -- C:\Users\The Boss Family\AppData\Roaming\Roxio Log Files
[2013/12/28 11:44:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/12/25 01:19:08 | 000,000,000 | ---D | C] -- C:\Users\The Boss Family\AppData\Local\Logitech
[2013/12/25 01:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2013/12/24 17:56:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect
[2013/12/24 02:03:46 | 000,000,000 | ---D | C] -- C:\Users\The Boss Family\AppData\Local\playnowradio
[2013/12/23 14:58:46 | 000,000,000 | ---D | C] -- C:\Users\The Boss Family\Desktop\New folder
[2013/12/15 23:37:10 | 000,000,000 | ---D | C] -- C:\Users\The Boss Family\Desktop\new [bleep]
[2013/12/15 23:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecretSauce
[2013/12/15 23:26:02 | 000,000,000 | ---D | C] -- C:\Users\The Boss Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[2013/12/12 17:32:53 | 000,000,000 | ---D | C] -- C:\Users\The Boss Family\Desktop\terraria
[2013/12/09 09:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/12/09 09:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/12/08 15:56:16 | 000,000,000 | ---D | C] -- C:\Users\The Boss Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
[2013/12/08 15:56:15 | 000,000,000 | ---D | C] -- C:\Users\The Boss Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs
[2013/12/08 15:27:35 | 000,000,000 | ---D | C] -- C:\2-click run
[2013/12/07 00:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\337
[2013/12/07 00:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM
[2013/12/07 00:22:05 | 000,000,000 | ---D | C] -- C:\Users\The Boss Family\Desktop\pro
[2013/12/07 00:21:06 | 000,000,000 | ---D | C] -- C:\Users\The Boss Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2013/12/07 00:21:04 | 000,000,000 | ---D | C] -- C:\Users\The Boss Family\AppData\Local\DealPlyLive
[2013/12/07 00:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/12/07 00:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DealPlyLive
[2013/12/07 00:20:49 | 000,000,000 | ---D | C] -- C:\Users\The Boss Family\AppData\Roaming\Dealply
[2013/07/29 09:59:45 | 000,051,992 | ---- | C] (cake bake) -- C:\Program Files (x86)\WDesktop.Updater.exe
[2013/07/27 08:38:06 | 000,050,968 | ---- | C] (cake bake) -- C:\Program Files (x86)\WCDesktop.Updater.exe
[2012/08/17 22:35:15 | 000,442,560 | ---- | C] (Shlemoon Media Inc) -- C:\Users\The Boss Family\AppData\Roaming\fdmer.exe
[2012/08/17 22:35:13 | 000,525,312 | ---- | C] (BrowserSetter) -- C:\Users\The Boss Family\AppData\Roaming\bsetter-own.exe
[2012/08/17 22:35:11 | 000,457,789 | ---- | C] (Freedom Download Manager ) -- C:\Users\The Boss Family\AppData\Roaming\fdm-setup.exe
[2012/08/17 22:35:09 | 000,419,554 | ---- | C] (SearchAmong ) -- C:\Users\The Boss Family\AppData\Roaming\satoolbar.exe
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/29 16:15:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/29 16:15:19 | 3016,712,192 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/29 16:05:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2777089751-2650874687-325508363-1001UA.job
[2013/12/29 16:03:12 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/29 16:03:12 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/29 15:52:23 | 000,318,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/29 14:09:43 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/29 14:09:29 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\TopArcadeHits.job
[2013/12/29 03:07:32 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2777089751-2650874687-325508363-1001Core.job
[2013/12/28 11:44:54 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/12/28 11:11:16 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Dealply.job
[2013/12/24 02:03:44 | 000,000,794 | ---- | M] () -- C:\Users\The Boss Family\Desktop\TornTV.lnk
[2013/12/19 01:06:47 | 000,000,027 | ---- | M] () -- C:\Users\The Boss Family\AppData\Roaming\WB.CFG
[2013/12/18 18:58:45 | 000,773,064 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/18 18:58:45 | 000,656,324 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/18 18:58:45 | 000,119,192 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/18 18:32:45 | 000,000,022 | ---- | M] () -- C:\Users\The Boss Family\Desktop\Steins;Gate.zip
[2013/12/18 18:29:55 | 000,000,020 | ---- | M] () -- C:\Users\The Boss Family\Desktop\Steins;Gate 1-24 Dubbed + Movie + OVA.rar
[2013/12/13 17:35:44 | 000,000,258 | RHS- | M] () -- C:\Users\The Boss Family\ntuser.pol
[2013/12/12 03:02:26 | 1369,232,243 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/07 00:21:37 | 000,001,631 | ---- | M] () -- C:\Users\The Boss Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/07 00:21:08 | 000,001,089 | ---- | M] () -- C:\Users\The Boss Family\Desktop\MyPC Backup.lnk
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/19 01:06:47 | 000,000,027 | ---- | C] () -- C:\Users\The Boss Family\AppData\Roaming\WB.CFG
[2013/12/18 18:32:45 | 000,000,022 | ---- | C] () -- C:\Users\The Boss Family\Desktop\Steins;Gate.zip
[2013/12/18 18:29:55 | 000,000,020 | ---- | C] () -- C:\Users\The Boss Family\Desktop\Steins;Gate 1-24 Dubbed + Movie + OVA.rar
[2013/12/15 23:26:02 | 000,000,794 | ---- | C] () -- C:\Users\The Boss Family\Desktop\TornTV.lnk
[2013/12/07 00:21:08 | 000,001,089 | ---- | C] () -- C:\Users\The Boss Family\Desktop\MyPC Backup.lnk
[2013/12/07 00:20:52 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\Dealply.job
[2013/08/13 22:17:11 | 000,000,258 | RHS- | C] () -- C:\Users\The Boss Family\ntuser.pol
[2013/08/11 22:38:38 | 000,721,917 | ---- | C] () -- C:\Windows\SysWow64\AiCM64.dll
[2013/08/11 22:38:38 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\AiCM32.dll
[2013/03/28 22:38:56 | 000,000,408 | ---- | C] () -- C:\Users\The Boss Family\AppData\Roaming\CamShapes.ini
[2013/03/28 22:38:56 | 000,000,408 | ---- | C] () -- C:\Users\The Boss Family\AppData\Roaming\CamLayout.ini
[2013/03/28 22:38:56 | 000,000,096 | ---- | C] () -- C:\Users\The Boss Family\AppData\Roaming\Camdata.ini
[2013/03/28 22:37:22 | 000,004,509 | ---- | C] () -- C:\Users\The Boss Family\AppData\Roaming\CamStudio.cfg
[2013/02/10 04:04:23 | 000,000,054 | ---- | C] () -- C:\Users\The Boss Family\jagex_cl_runescape_LIVE.dat
[2013/02/10 04:04:23 | 000,000,024 | ---- | C] () -- C:\Users\The Boss Family\random.dat
[2013/01/29 17:44:25 | 000,000,017 | ---- | C] () -- C:\Users\The Boss Family\AppData\Local\resmon.resmoncfg
[2012/11/13 21:09:04 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/11/13 21:09:04 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\¸´¼₫ BootMan.exe
[2012/11/13 21:09:04 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/11/13 21:09:04 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/11/13 21:09:04 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/11/13 21:09:04 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012/10/27 15:10:59 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/10/27 15:10:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/10/27 15:10:53 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/10/11 23:40:46 | 000,007,680 | ---- | C] () -- C:\Users\The Boss Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/09 15:21:21 | 000,183,569 | ---- | C] () -- C:\Users\The Boss Family\Picture of me 2.png
[2012/10/09 15:15:40 | 000,200,856 | ---- | C] () -- C:\Users\The Boss Family\Picture of me 1.png
[2012/09/28 17:31:26 | 000,000,008 | ---- | C] () -- C:\Users\The Boss Family\legit.exe.exe
[2012/09/24 15:55:25 | 000,071,043 | ---- | C] () -- C:\Users\The Boss Family\troll2.png
[2012/09/24 15:49:13 | 000,063,566 | ---- | C] () -- C:\Users\The Boss Family\troll.png
[2012/09/19 22:44:00 | 000,010,802 | ---- | C] () -- C:\Users\The Boss Family\2.jpg
[2012/09/19 22:43:28 | 000,009,780 | ---- | C] () -- C:\Users\The Boss Family\images.jpg
[2012/03/18 11:31:56 | 000,001,136 | ---- | C] () -- C:\Users\The Boss Family\Documents - Shortcut.lnk
[2012/03/08 16:52:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/02/04 14:19:06 | 000,000,734 | ---- | C] () -- C:\Users\The Boss Family\The Boss Family - Shortcut.lnk

========== ZeroAccess Check ==========

[2011/11/16 22:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\The Boss Family\AppData\Local\{8145d2e7-1baf-0925-4f73-cffddf2dca56}\@
[2012/07/23 10:46:11 | 000,000,000 | -HSD | M] -- C:\Users\The Boss Family\AppData\Local\{8145d2e7-1baf-0925-4f73-cffddf2dca56}\L
[2012/07/27 22:32:44 | 000,000,000 | -HSD | M] -- C:\Users\The Boss Family\AppData\Local\{8145d2e7-1baf-0925-4f73-cffddf2dca56}\U
[2012/07/23 10:46:11 | 000,000,804 | ---- | M] () -- C:\Users\The Boss Family\AppData\Local\{8145d2e7-1baf-0925-4f73-cffddf2dca56}\L\[email protected]
[2012/07/23 10:46:09 | 000,002,048 | ---- | M] () -- C:\Users\The Boss Family\AppData\Local\{8145d2e7-1baf-0925-4f73-cffddf2dca56}\U\[email protected]
[2012/07/23 10:46:12 | 000,232,960 | ---- | M] () -- C:\Users\The Boss Family\AppData\Local\{8145d2e7-1baf-0925-4f73-cffddf2dca56}\U\[email protected]
[2012/07/23 10:46:09 | 000,001,632 | ---- | M] () -- C:\Users\The Boss Family\AppData\Local\{8145d2e7-1baf-0925-4f73-cffddf2dca56}\U\[email protected]
[2012/07/23 10:46:10 | 000,016,896 | ---- | M] () -- C:\Users\The Boss Family\AppData\Local\{8145d2e7-1baf-0925-4f73-cffddf2dca56}\U\[email protected]
[2012/07/27 22:32:44 | 000,092,160 | ---- | M] () -- C:\Users\The Boss Family\AppData\Local\{8145d2e7-1baf-0925-4f73-cffddf2dca56}\U\[email protected]
[2012/07/23 10:46:11 | 000,080,896 | ---- | M] () -- C:\Users\The Boss Family\AppData\Local\{8145d2e7-1baf-0925-4f73-cffddf2dca56}\U\[email protected]
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\The Boss Family\AppData\Local\{8145d2e7-1baf-0925-4f73-cffddf2dca56}\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/08 23:05:21 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\.minecraft
[2012/06/03 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\.Nitrous
[2012/10/27 14:19:24 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\.spoutcraft
[2013/09/13 19:38:56 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\.technic
[2013/09/13 19:35:53 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\.techniclauncher
[2012/10/05 15:38:21 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\Alekz's Massive Anonymous Hacking Files
[2013/06/06 23:22:16 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\Awesomium
[2012/10/02 17:52:06 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\Babylon
[2013/12/28 11:11:00 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\Betcat
[2013/12/24 02:34:42 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\BitTorrent
[2013/06/27 21:21:16 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\BoL
[2013/03/15 18:07:30 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\Call Graph
[2013/12/07 00:20:49 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\Dealply
[2013/03/24 12:46:52 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\Downloaded Installations
[2013/08/24 10:45:22 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\FileZilla
[2012/02/04 12:20:52 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\Fingertapps
[2013/12/09 15:03:53 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\ftblauncher
[2013/06/11 16:51:05 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\Iminent
[2012/06/01 20:24:05 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\KlLauncherST
[2012/02/04 12:20:38 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\Leadertech
[2012/10/05 14:17:59 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\LolClient
[2013/03/15 16:54:09 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\MP3SkypeRecorder
[2012/08/25 15:33:15 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\Mumble
[2013/08/14 14:53:21 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\Notepad++
[2012/02/05 13:03:15 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\PCDr
[2013/03/16 17:34:32 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\PFStaticIP
[2013/08/18 22:56:56 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\raidcall
[2013/11/23 00:17:11 | 000,000,000 | -H-D | M] -- C:\Users\The Boss Family\AppData\Roaming\RPPrivate
[2012/09/08 19:05:07 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\six-zsync
[2013/01/27 01:14:47 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\SoftGrid Client
[2013/12/26 20:36:22 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\Spotify
[2013/11/25 21:55:49 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\TeamViewer
[2012/11/22 23:42:53 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\TP
[2013/12/08 21:49:42 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\TS3Client
[2012/06/06 22:43:49 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\Unity
[2013/08/11 17:57:23 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\Web Cake
[2013/08/11 22:40:02 | 000,000,000 | ---D | M] -- C:\Users\The Boss Family\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/09/23 17:55:23 | 000,000,000 | ---D | M](C:\Users\The Boss Family\Desktop\?) -- C:\Users\The Boss Family\Desktop\�
[2013/09/23 17:55:23 | 000,000,000 | ---D | C](C:\Users\The Boss Family\Desktop\?) -- C:\Users\The Boss Family\Desktop\�

< End of report >


Thanks for your time.
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello valgalvez, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

The computer has a zeroaccess rootkit infection. I'm sure the lack of an antivirus program contributed greatly to the severity of infections on this machine.
Because of the nature of this infection I would be doing you a disservice if I didn't apprise you of the following:


:alarm:
Warning: One or more of the identified infections on your computer is known to use a backdoor!
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:
  • All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall


We can still clean this machine but I can't guarantee that it will be 100% secure afterward. Let me know if you want to try cleaning the computer or if you would rather reinstall Windows.
  • 0

#3
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Sounds awesome. -__-

Well, I would like to try cleaning it, but are other computers or devices on the same wireless network compromised as well?
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Are you having problems with other computers on the network? I would disconnect this computer, except to come here and read / answer posts or download the tools we need until it is clean and you have an antivirus program on it.
Is there any reason that there wasn't an antivirus program on the machine?
  • 0

#5
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Sorry for the delay in responding, hope you had a Happy New Year!

Now that you mention it, I do have some adware issues with the other computer but I would like to say it's not related..We don't use the other computer for anything other than watching movies and listening to music, but who knows.

When I first purchased the computer I installed a paid version of Malwarebytes, and since my son is the main user of this computer I don't think he kept up with the scans and what not. :/
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
My New Years was great.

Now that you mention it, I do have some adware issues with the other computer but I would like to say it's not related..We don't use the other computer for anything other than watching movies and listening to music, but who knows.

Then just keep the sick computer disconnected from the network except ot come here or to download the tools we will need.

When I first purchased the computer I installed a paid version of Malwarebytes, and since my son is the main user of this computer I don't think he kept up with the scans and what not. :/

MBAM is not an antivirus program. It is an antispyware program. And you don't really need the paid version. The free version is a full version, except for the real-time scanning (which I don't see running at this time). All you have to do is open the program and update it and run scans . We will get to that.


When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from (the C:\Users\The Boss Family\Downloads folder). Please post the contents of that file.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2013/12/07 00:22:51 | 000,499,856 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\WPM\wprotectmanager.exe
PRC - [2013/08/15 06:45:56 | 000,051,992 | ---- | M] (cake bake) -- C:\Program Files (x86)\Betcat\WBDesktop.Updater.1.0.0.16.exe
PRC - [2013/01/30 19:26:30 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbarsvc.exe
PRC - [2013/01/30 18:42:20 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\RobotBoom_60\bar\1.bin\60barsvc.exe
PRC - [2012/07/01 10:42:27 | 000,042,528 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbarsvc.exe
SRV - [2013/09/19 14:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/08/15 06:45:56 | 000,051,992 | ---- | M] (cake bake) [Auto | Running] -- C:\Program Files (x86)\Betcat\WBDesktop.Updater.1.0.0.16.exe -- (WebCake Desktop Updater)
SRV - [2013/04/01 18:15:43 | 003,907,888 | ---- | M] (MediaMall Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2013/01/30 19:26:30 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbarsvc.exe -- (GamingWonderlandService)
SRV - [2013/01/30 18:42:20 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\RobotBoom_60\bar\1.bin\60barsvc.exe -- (RobotBoom_60Service)
SRV - [2012/07/01 10:42:27 | 000,042,528 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbarsvc.exe -- (Zwinky_5qService)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoo...5W2XXXXZ2A8C5W2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoo...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoo...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoo...5W2XXXXZ2A8C5W2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.nationzoo...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoo...5W2XXXXZ2A8C5W2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoo...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoo...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoo...5W2XXXXZ2A8C5W2
IE - HKLM\..\URLSearchHook: {587d8d3d-079b-49d0-b54d-dd2a9911fffb} - C:\Program Files (x86)\MixiDJ_V36\prxtbMix2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.nationzoo...q={searchTerms}
IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoo...5W2XXXXZ2A8C5W2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...Date=11/06/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=11/06/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.53searchengines.com/?op [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchr...om/?c=9001&t=03
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...Date=11/06/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...Date=11/06/2013
IE - HKCU\..\URLSearchHook: {a8625cb7-85fe-4936-92a4-b2a7c925209e} - No CLSID value found
IE - HKCU\..\URLSearchHook: {e5432fba-1139-40d2-9607-7f4294470559} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {21D200EA-BE5D-4C81-A499-3741135FE1CC}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=11/06/2013
IE - HKCU\..\SearchScopes\{21D200EA-BE5D-4C81-A499-3741135FE1CC}: "URL" = http://search.condui...3122775798&UM=2
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.nationzoo...q={searchTerms}
IE - HKCU\..\SearchScopes\{7A5CF7FA-ACC6-488B-B91A-20EEC7E62A9E}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebs...r={searchTerms}
FF - HKLM\Software\MozillaPlugins\@GamingWonderland.com/Plugin: C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@RobotBoom_60.com/Plugin: C:\Program Files (x86)\RobotBoom_60\bar\1.bin\NP60Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@Zwinky_5q.com/Plugin: C:\Program Files (x86)\Zwinky_5q\bar\1.bin\NP5qStub.dll (MindSpark)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_5q.com: C:\Program Files (x86)\Zwinky_5q\bar\1.bin [2012/09/26 17:39:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_60.com: C:\Program Files (x86)\RobotBoom_60\bar\1.bin [2013/01/30 18:42:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\GamingWonderland\bar\1.bin [2013/01/30 19:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\RelevantKnowledge\firefox
[2013/11/27 22:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\eerygphz.default\extensions
[2012/07/01 10:42:32 | 000,000,000 | ---D | M] (Zwinky) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\eerygphz.default\extensions\[email protected]_5q.com
[2013/01/30 18:42:26 | 000,000,000 | ---D | M] (Robot Boom) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\eerygphz.default\extensions\[email protected]_60.com
[2013/01/30 19:26:35 | 000,000,000 | ---D | M] (GamingWonderland) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\eerygphz.default\extensions\[email protected]
[2013/12/28 11:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\eerygphz.default\extensions\staged
[2013/12/28 11:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\hkfwdbq1.default\extensions
[2013/06/11 16:46:11 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\hkfwdbq1.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
[2013/06/11 16:44:14 | 000,000,000 | ---D | M] (MixiDJ V36) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\hkfwdbq1.default\extensions\{587d8d3d-079b-49d0-b54d-dd2a9911fffb}
[2013/06/25 13:32:33 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\hkfwdbq1.default\extensions\{9ee505b9-78f6-45e9-9745-57cbade91206}
[2013/01/30 18:42:14 | 000,000,000 | ---D | M] (Robot Boom) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\hkfwdbq1.default\extensions\[email protected]_60.com
[2013/01/30 19:26:25 | 000,000,000 | ---D | M] (GamingWonderland) -- C:\Users\The Boss Family\AppData\Roaming\Mozilla\Firefox\Profiles\hkfwdbq1.default\extensions\[email protected]
[2013/12/07 00:21:37 | 000,000,561 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (MixiDJ V36 Toolbar) - {587d8d3d-079b-49d0-b54d-dd2a9911fffb} - C:\Program Files (x86)\MixiDJ_V36\prxtbMix2.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Assistant BHO) - {702bc894-bcc3-4eed-b144-68f8e6084cd4} - C:\Program Files (x86)\RobotBoom_60\bar\1.bin\60SrcAs.dll (MindSpark)
O2 - BHO: (Toolbar BHO) - {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll (MindSpark)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\The Boss Family\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
O2 - BHO: (Search Assistant BHO) - {ab5d199e-9659-47a2-930b-fc3b69061353} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll (MindSpark)
O2 - BHO: (Toolbar BHO) - {c12d1a32-d0ce-4073-8386-fe9489455898} - C:\Program Files (x86)\RobotBoom_60\bar\1.bin\60bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Zwinky) - {3033124f-06bf-4829-873a-310a125b4d4c} - C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbar.dll File not found
O3 - HKLM\..\Toolbar: (MixiDJ V36 Toolbar) - {587d8d3d-079b-49d0-b54d-dd2a9911fffb} - C:\Program Files (x86)\MixiDJ_V36\prxtbMix2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (GamingWonderland) - {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Robot Boom) - {bb3f7563-e9a4-43bc-9a7c-94a642dd1ffa} - C:\Program Files (x86)\RobotBoom_60\bar\1.bin\60bar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MixiDJ V36 Toolbar) - {587D8D3D-079B-49D0-B54D-DD2A9911FFFB} - C:\Program Files (x86)\MixiDJ_V36\prxtbMix2.dll (Conduit Ltd.)
O4 - HKCU..\Run: [BackgroundContainer] C:\Users\The Boss Family\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.13.2)
O33 - MountPoints2\{69bcb4c9-33f1-11e3-8faa-18037312855a}\Shell - "" = AutoRun
O33 - MountPoints2\{69bcb4c9-33f1-11e3-8faa-18037312855a}\Shell\AutoRun\command - "" = D:\TL-Bootstrap.exe
[2013/12/24 17:56:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect
[2013/07/29 09:59:45 | 000,051,992 | ---- | C] (cake bake) -- C:\Program Files (x86)\WDesktop.Updater.exe
[2013/07/27 08:38:06 | 000,050,968 | ---- | C] (cake bake) -- C:\Program Files (x86)\WCDesktop.Updater.exe
[2012/08/17 22:35:15 | 000,442,560 | ---- | C] (Shlemoon Media Inc) -- C:\Users\The Boss Family\AppData\Roaming\fdmer.exe
[2012/08/17 22:35:13 | 000,525,312 | ---- | C] (BrowserSetter) -- C:\Users\The Boss Family\AppData\Roaming\bsetter-own.exe
[2012/08/17 22:35:11 | 000,457,789 | ---- | C] (Freedom Download Manager ) -- C:\Users\The Boss Family\AppData\Roaming\fdm-setup.exe
[2012/08/17 22:35:09 | 000,419,554 | ---- | C] (SearchAmong ) -- C:\Users\The Boss Family\AppData\Roaming\satoolbar.exe
[2013/12/29 14:09:29 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\TopArcadeHits.job
[2013/12/28 11:11:16 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Dealply.job
[2013/09/23 17:55:23 | 000,000,000 | ---D | M](C:\Users\The Boss Family\Desktop\?) -- C:\Users\The Boss Family\Desktop\?
[2013/09/23 17:55:23 | 000,000,000 | ---D | C](C:\Users\The Boss Family\Desktop\?) -- C:\Users\The Boss Family\Desktop\?

:FILES
C:\Users\The Boss Family\AppData\Local\{8145d2e7-1baf-0925-4f73-cffddf2dca56}
ipconfig /flushdns /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • ComboFix will then extract it's files before beginning the scan.

    Posted Image
  • When the scan begins you will see a window like the image below. Although the program states that the scan typically doesn't take more than 10 minutes there are 50 stages or so that it goes through. On a severely infected machine it can take much longer so please be patient.

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to reenable your Anti-Virus


Step-3.

Posted Image TDSSKiller

Please read carefully and follow these steps.

Download the latest version of TDSSKiller from here and save it to your Desktop.

OR

Click here to go to the TDSSKiller download page. Click tthe Download Now EXE Version button and save the tdsskiller.exe file to the desktop.

  • Double click the TDSSKiller.exe file to run the application

    Posted Image
  • Then click on Change parameters. A settings page will open.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The ComboFix log
3. The TDSSKiller log
4. The Extras.txt log
  • 0

#7
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP