Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to download or update anything


  • This topic is locked This topic is locked
18 replies to this topic

#1 NextLevelNick

NextLevelNick

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 27 November 2013 - 11:19 PM

I'm not able to download anything. Tried to download hearthstone: nothing. Tried to update chrome: nothing. Tried to update bit defender: nada. What do I do?

BC AdBot (Login to Remove)

 


#2 NextLevelNick

NextLevelNick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 27 November 2013 - 11:32 PM

Worth adding: it occasionally allows a download to go for like a few seconds and then stops. It also has a lot of trouble loading almost any website that has computer virus help. I'll be posting my logs shortly.



#3 NextLevelNick

NextLevelNick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 27 November 2013 - 11:43 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-11-2013 01
Ran by Lil' Mamma (administrator) on BIGPAPA on 27-11-2013 23:39:32
Running from C:\Users\Lil' Mamma\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(BitDefender S.R.L.) C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
(BitDefender S.R.L.) C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\lxdncoms.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(BitDefender S.R.L.) C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
(BitDefender S.R.L.) C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{B04D6F74-A91F-46A0-9DAE-C2E80E6BCDFF}\31.0.1650.57_chrome_installer.exe
(Google Inc.) C:\Users\Lil' Mamma\AppData\Local\Temp\CR_220E0.tmp\setup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitDefender S.R.L.) C:\Program Files\BitDefender\BitDefender 2010\bdwizreg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [BitDefender Antiphishing Helper 32] - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\ieshow.exe [71152 2009-10-19] (BitDefender S.R.L.)
HKLM\...\Run: [BitDefender Antiphishing Helper] - C:\Program Files\BitDefender\BitDefender 2010\ieshow.exe [76296 2009-10-19] (BitDefender S.R.L.)
HKLM\...\Run: [BDAgent] - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe [1571416 2010-04-01] (BitDefender S.R.L.)
HKLM-x32\...\Runonce: [Launcher] - %WINDIR%\SMINST\launcher.exe [x]
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [138240 2008-01-20] (Microsoft Corporation)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {ea33848d-abd6-11df-aaa1-7a8020000200} - G:\LaunchU3.exe -a
MountPoints2: {eebc666d-586b-11dd-896e-001c25e904bd} - L:\Autorun.exe /run
MountPoints2: {f25cdc5d-973a-11dd-ba7c-001c25e904bd} - G:\LaunchU3.exe -a
HKLM-x32\...\Run: [jswtrayutil] - "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKU\BIG PAPA\...\Run: [MsnMsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\BIG PAPA\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-22] (Google Inc.)
HKU\BIG PAPA\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\BIG PAPA\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\BIG PAPA\...\Policies\system: [LogonHoursAction] 2
HKU\BIG PAPA\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\BIG PAPA.BIGPAPA\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-22] (Google Inc.)
HKU\BIG PAPA.BIGPAPA\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\BIG PAPA.BIGPAPA\...\Policies\system: [LogonHoursAction] 2
HKU\BIG PAPA.BIGPAPA\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx1\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx1\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Mcx1\...\Policies\system: [LogonHoursAction] 2
HKU\Mcx1\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [196608 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.julielewis.acnibo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5694
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5694
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM-x32 - BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\ietoolbar.dll (BitDefender S.R.L.)
Toolbar: HKLM-x32 - No Name - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File
Toolbar: HKLM-x32 - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {8ED1093F-319E-48EC-A9F2-971236F0CC21} http://alleyesltommy.linksys-cam.com/UltraCamX.cab
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: HKLM-x32 {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://sounds.myvnc.com:9999/WebClient.cab
DPF: HKLM-x32 {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: HKLM-x32 {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
DPF: HKLM-x32 {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FB6D127E-1638-46AA-BE60-19496E8DBAD3}: [NameServer]4.2.2.1,4.2.2.2
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll No File
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U39) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (PlanB Launcher) - C:\Program Files (x86)\PlanB\bin\nppb.dll (PlanB)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle Broadcaster Plugin) - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Lil' Mamma\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Java Deployment Toolkit 6.0.390.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
 
==================== Services (Whitelisted) =================
 
S3 Arrakis3; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [278224 2009-10-19] (BitDefender S.R.L. http://www.bitdefender.com)
R2 LIVESRV; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [405920 2010-03-21] (BitDefender S.R.L.)
S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1044648 2008-02-27] ( )
R2 lxdn_device; C:\Windows\SysWow64\lxdncoms.exe [594600 2008-02-27] ( )
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [120592 2013-05-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3461068 2010-02-01] (INCA Internet Co., Ltd.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2010-09-16] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2010-05-10] ()
S3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [393728 2010-04-01] (S.C. BitDefender S.R.L)
R2 VSSERV; C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe [2299656 2010-04-01] (BitDefender S.R.L.)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] ()
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 BDFM; C:\Windows\System32\DRIVERS\bdfm.sys [163936 2010-03-10] (BitDefender S.R.L. Bucharest, ROMANIA)
R1 BdfNdisf; C:\Windows\System32\DRIVERS\BdfNdisf6.sys [87048 2010-04-09] (BitDefender LLC)
R0 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [347336 2010-04-01] (BitDefender)
R1 bdftdif; C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [105992 2010-04-01] (BitDefender LLC)
R2 BDVEDISK; C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys [103432 2009-09-22] (BitDefender)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [269824 2006-03-29] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [48640 2006-08-26] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [33280 2006-03-29] (HP)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.)
S3 PTDMBus; C:\Windows\System32\DRIVERS\PTDMBus.sys [69264 2009-11-02] (DEVGURU Co., LTD.)
S3 PTDMMdm; C:\Windows\System32\DRIVERS\PTDMMdm.sys [177040 2009-11-02] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTDMVsp; C:\Windows\System32\DRIVERS\PTDMVsp.sys [177040 2009-11-02] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTDMWFLT; C:\Windows\System32\DRIVERS\PTDMWFLT.sys [14992 2009-11-02] (DEVGURU Co., LTD.)
S3 PTDMWWAN; C:\Windows\System32\DRIVERS\PTDMWWAN.sys [142864 2009-11-02] (DEVGURU Co., LTD.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [420864 2010-03-31] (Realtek Semiconductor Corporation                           )
S3 RTL8187B; C:\Windows\SysWow64\DRIVERS\RTL8187B.sys [340000 2008-03-16] (Realtek Semiconductor Corporation                           )
S3 SMSIVZAM5X64; C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys [43032 2009-05-25] (Smith Micro Inc.)
S3 dump_wmimmc; \??\C:\9Dragons\GameGuard\dump_wmimmc.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-27 23:38 - 2013-11-27 23:39 - 00022533 _____ C:\Users\Lil' Mamma\Desktop\FRST.txt
2013-11-27 23:30 - 2013-11-27 23:30 - 00000000 ____D C:\FRST
2013-11-27 23:29 - 2013-11-27 23:23 - 01958850 _____ (Farbar) C:\Users\Lil' Mamma\Desktop\FRST64.exe
2013-11-27 22:47 - 2013-11-27 22:47 - 05860548 _____ (Blizzard Entertainment) C:\Users\Lil' Mamma\Downloads\Unconfirmed 98446.crdownload
2013-11-27 21:34 - 2013-10-13 10:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-27 21:34 - 2013-10-13 10:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-27 21:34 - 2013-10-13 09:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-27 21:34 - 2013-10-13 09:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-27 21:34 - 2013-10-13 09:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-27 21:34 - 2013-10-13 09:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-27 21:34 - 2013-10-13 09:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-27 21:34 - 2013-10-13 09:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-27 21:34 - 2013-10-13 09:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-27 21:34 - 2013-10-13 09:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-27 21:34 - 2013-10-13 09:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-27 21:34 - 2013-10-13 09:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-27 21:34 - 2013-10-13 09:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-27 21:34 - 2013-10-13 09:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-27 21:34 - 2013-10-13 09:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-27 21:34 - 2013-10-13 09:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-27 21:34 - 2013-10-13 05:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-27 21:34 - 2013-10-13 05:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-27 21:34 - 2013-10-13 04:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-27 21:34 - 2013-10-13 04:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-27 21:34 - 2013-10-13 04:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-27 21:34 - 2013-10-13 04:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-27 21:34 - 2013-10-13 04:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-27 21:34 - 2013-10-13 04:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-27 21:34 - 2013-10-13 04:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-27 21:34 - 2013-10-13 04:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-27 21:34 - 2013-10-13 04:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-27 21:34 - 2013-10-13 04:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-27 21:34 - 2013-10-13 04:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-27 21:34 - 2013-10-13 04:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-27 21:34 - 2013-10-13 04:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-27 21:34 - 2013-10-13 04:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-27 20:58 - 2013-11-27 20:58 - 00983040 _____ C:\Users\Lil' Mamma\Downloads\Unconfirmed 207626.crdownload
2013-11-27 20:34 - 2013-08-29 02:48 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-11-27 20:34 - 2013-08-02 09:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-11-27 20:34 - 2013-08-01 23:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-11-27 20:33 - 2013-11-27 20:33 - 00873330 _____ C:\Users\Lil' Mamma\Downloads\Unconfirmed 139575.crdownload
2013-11-27 20:33 - 2013-10-10 23:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-27 20:33 - 2013-10-10 23:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-27 20:33 - 2013-10-10 21:29 - 00217074 _____ C:\Windows\system32\WFP.TMF
2013-11-27 20:33 - 2013-10-10 21:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-27 20:33 - 2013-10-03 10:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-27 20:33 - 2013-10-03 10:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-27 20:33 - 2013-10-03 07:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-27 20:33 - 2013-10-03 07:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-27 20:33 - 2013-09-03 21:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-27 20:33 - 2013-08-26 22:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-11-27 20:33 - 2013-08-26 22:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-11-27 20:33 - 2013-08-26 22:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-11-27 20:33 - 2013-08-26 22:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-11-27 20:33 - 2013-08-26 21:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-11-27 20:33 - 2013-08-26 21:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-11-27 20:33 - 2013-08-26 21:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-11-27 20:33 - 2013-08-26 21:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-11-27 20:33 - 2013-08-26 21:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-11-27 20:33 - 2013-08-26 21:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-11-27 20:33 - 2013-08-26 21:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-11-27 20:33 - 2013-08-26 21:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-27 20:33 - 2013-08-26 21:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-27 20:33 - 2013-08-26 20:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-11-27 20:33 - 2013-08-26 20:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-11-27 20:33 - 2013-08-26 20:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-11-27 20:33 - 2013-08-26 20:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-27 20:33 - 2013-07-31 23:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-27 20:33 - 2013-07-31 22:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-11-27 20:33 - 2013-07-20 05:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-27 20:33 - 2013-07-20 05:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-11-27 20:33 - 2013-07-16 04:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-11-27 20:33 - 2013-07-15 23:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-11-27 20:33 - 2013-07-12 04:19 - 00099200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-11-27 20:33 - 2013-07-03 23:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-11-27 20:33 - 2013-07-03 23:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-27 20:33 - 2013-07-02 23:24 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\wiafbdrv.dll
2013-11-27 20:33 - 2013-07-02 21:55 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-11-27 20:33 - 2013-07-02 21:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-27 20:33 - 2013-06-26 18:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-27 20:33 - 2013-06-03 23:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-27 20:33 - 2013-06-03 23:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-11-27 20:33 - 2013-06-03 21:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-27 20:33 - 2013-06-03 20:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-11-27 20:32 - 2013-06-28 21:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-27 20:32 - 2013-06-28 21:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-27 20:32 - 2013-06-28 21:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-27 20:32 - 2013-06-28 21:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-27 20:32 - 2011-05-05 09:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-27 20:32 - 2011-05-05 09:17 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-27 20:24 - 2013-11-27 20:24 - 00036218 _____ C:\Users\Lil' Mamma\Downloads\Unconfirmed 921371.crdownload
 
==================== One Month Modified Files and Folders =======
 
2013-11-27 23:39 - 2013-11-27 23:38 - 00022533 _____ C:\Users\Lil' Mamma\Desktop\FRST.txt
2013-11-27 23:36 - 2009-11-06 17:22 - 00000440 ____H C:\Windows\Tasks\User_Feed_Synchronization-{BC7B34D5-0ECB-48B1-B2C2-7319B943E4DF}.job
2013-11-27 23:32 - 2011-07-21 11:36 - 01158987 _____ C:\Windows\WindowsUpdate.log
2013-11-27 23:30 - 2013-11-27 23:30 - 00000000 ____D C:\FRST
2013-11-27 23:23 - 2013-11-27 23:29 - 01958850 _____ (Farbar) C:\Users\Lil' Mamma\Desktop\FRST64.exe
2013-11-27 23:09 - 2006-11-02 10:22 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-27 23:09 - 2006-11-02 10:22 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-27 22:50 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache
2013-11-27 22:47 - 2013-11-27 22:47 - 05860548 _____ (Blizzard Entertainment) C:\Users\Lil' Mamma\Downloads\Unconfirmed 98446.crdownload
2013-11-27 22:41 - 2010-02-04 10:14 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-27 22:31 - 2010-02-04 10:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-27 22:27 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-27 22:27 - 2006-11-02 10:21 - 00330032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-27 22:24 - 2006-11-02 10:42 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-27 22:20 - 2011-09-14 11:44 - 00044828 _____ C:\Windows\PFRO.log
2013-11-27 22:20 - 2008-07-22 18:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-27 21:49 - 2010-03-12 10:10 - 00000052 _____ C:\Windows\system32\ashttpstats.csv
2013-11-27 21:46 - 2008-05-06 21:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-27 21:24 - 2013-07-13 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-11-27 20:58 - 2013-11-27 20:58 - 00983040 _____ C:\Users\Lil' Mamma\Downloads\Unconfirmed 207626.crdownload
2013-11-27 20:36 - 2010-02-04 10:14 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-27 20:36 - 2010-02-04 10:14 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-27 20:33 - 2013-11-27 20:33 - 00873330 _____ C:\Users\Lil' Mamma\Downloads\Unconfirmed 139575.crdownload
2013-11-27 20:24 - 2013-11-27 20:24 - 00036218 _____ C:\Users\Lil' Mamma\Downloads\Unconfirmed 921371.crdownload
2013-11-27 20:09 - 2010-04-08 20:21 - 00000376 _____ C:\Users\Lil' Mamma\AppData\Roamingprivacy.xml
2013-11-11 05:50 - 2009-10-08 21:37 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-07 16:00 - 2006-11-02 07:35 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
ZeroAccess:
C:\Users\Lil' Mamma\AppData\Local\85d3e1c9
C:\Users\Lil' Mamma\AppData\Local\85d3e1c9\@
 
Files to move or delete:
====================
C:\Users\Lil' Mamma\AppData\Roaming\desktop.ini
C:\Users\Lil' Mamma\gotomypc_540.exe
C:\Users\Public\rkill.exe
 
 
Some content of TEMP:
====================
C:\Users\BIG PAPA\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\BIG PAPA\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\BIG PAPA\AppData\Local\Temp\SkypeSetup.exe
C:\Users\BIG PAPA\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\BIG PAPA.BIGPAPA\AppData\Local\Temp\drm_dialogs.dll
C:\Users\BIG PAPA.BIGPAPA\AppData\Local\Temp\drm_dyndata_7400008.dll
C:\Users\Lil' Mamma\AppData\Local\Temp\contentDATs.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Lil' Mamma\AppData\Local\Temp\drm_dyndata_7400008.dll
C:\Users\Lil' Mamma\AppData\Local\Temp\eauninstall.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chrd_aih.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\mssinstaller.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\The Battle for Middle-earth_uninst.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\UnityWebPlayer7026030131388131944.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\uttD83F.tmp.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\_is298F.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\_is5FBC.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\_is6B8E.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\_is88ED.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\_is9D48.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\_is9F37.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\_isB7AA.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\_isCBC7.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\_isD36C.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\_isDAB5.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\_isE761.exe
C:\Users\Lil' Mamma\AppData\Local\Temp\_isF2E6.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-27 22:35
 
==================== End Of Log ============================

I had to run it twice because copy pasting to my sd card proved problematic. Addition.txt didn't come through the second time. Don't know if you needed it



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:13 AM

Posted 28 November 2013 - 01:22 AM


Hello NextLevelNick

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
C:\Users\Lil' Mamma\AppData\Local\85d3e1c9 
C:\Users\Lil' Mamma\AppData\Local\85d3e1c9\@ 
C:\Users\Lil' Mamma\AppData\Roaming\desktop.ini 
C:\Users\Lil' Mamma\gotomypc_540.exe 
C:\Users\Public\rkill.exe 
C:\Users\BIG PAPA\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe 
C:\Users\BIG PAPA\AppData\Local\Temp\SearchWithGoogleUpdate.exe 
C:\Users\BIG PAPA\AppData\Local\Temp\SkypeSetup.exe 
C:\Users\BIG PAPA\AppData\Local\Temp\swt-win32-3349.dll 
C:\Users\BIG PAPA.BIGPAPA\AppData\Local\Temp\drm_dialogs.dll 
C:\Users\BIG PAPA.BIGPAPA\AppData\Local\Temp\drm_dyndata_7400008.dll 
C:\Users\Lil' Mamma\AppData\Local\Temp\contentDATs.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\drm_dialogs.dll 
C:\Users\Lil' Mamma\AppData\Local\Temp\drm_dyndata_7400008.dll 
C:\Users\Lil' Mamma\AppData\Local\Temp\eauninstall.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chrd_aih.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\mssinstaller.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\SearchWithGoogleUpdate.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\SecurityScan_Release.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\SkypeSetup.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\The Battle for Middle-earth_uninst.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\UnityWebPlayer7026030131388131944.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\uttD83F.tmp.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_is298F.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_is5FBC.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_is6B8E.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_is88ED.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_is9D48.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_is9F37.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_isB7AA.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_isCBC7.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_isD36C.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_isDAB5.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_isE761.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_isF2E6.exe 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system



Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 NextLevelNick

NextLevelNick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 28 November 2013 - 03:01 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-11-2013 01
Ran by Lil' Mamma at 2013-11-28 02:49:54 Run:2
Running from C:\Users\Lil' Mamma\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Users\Lil' Mamma\AppData\Local\85d3e1c9 
C:\Users\Lil' Mamma\AppData\Local\85d3e1c9\@ 
C:\Users\Lil' Mamma\AppData\Roaming\desktop.ini 
C:\Users\Lil' Mamma\gotomypc_540.exe 
C:\Users\Public\rkill.exe 
C:\Users\BIG PAPA\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe 
C:\Users\BIG PAPA\AppData\Local\Temp\SearchWithGoogleUpdate.exe 
C:\Users\BIG PAPA\AppData\Local\Temp\SkypeSetup.exe 
C:\Users\BIG PAPA\AppData\Local\Temp\swt-win32-3349.dll 
C:\Users\BIG PAPA.BIGPAPA\AppData\Local\Temp\drm_dialogs.dll 
C:\Users\BIG PAPA.BIGPAPA\AppData\Local\Temp\drm_dyndata_7400008.dll 
C:\Users\Lil' Mamma\AppData\Local\Temp\contentDATs.exe
 
C:\Users\Lil' Mamma\AppData\Local\Temp\drm_dialogs.dll 
C:\Users\Lil' Mamma\AppData\Local\Temp\drm_dyndata_7400008.dll 
C:\Users\Lil' Mamma\AppData\Local\Temp\eauninstall.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chrd_aih.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\mssinstaller.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\SearchWithGoogleUpdate.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\SecurityScan_Release.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\SkypeSetup.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\The Battle for Middle-earth_uninst.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\UnityWebPlayer7026030131388131944.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\uttD83F.tmp.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_is298F.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_is5FBC.exe 
C:\Users\Lil'
Mamma\AppData\Local\Temp\_is6B8E.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_is88ED.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_is9D48.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_is9F37.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_isB7AA.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_isCBC7.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_isD36C.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_isDAB5.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_isE761.exe 
C:\Users\Lil' Mamma\AppData\Local\Temp\_isF2E6.exe
*****************
 
"C:\Users\Lil' Mamma\AppData\Local\85d3e1c9 " => File/Directory not found.
"C:\Users\Lil' Mamma\AppData\Local\85d3e1c9\@ " => File/Directory not found.
C:\Users\Lil' Mamma\AppData\Roaming\desktop.ini  => Moved successfully.
C:\Users\Lil' Mamma\gotomypc_540.exe  => Moved successfully.
C:\Users\Public\rkill.exe  => Moved successfully.
C:\Users\BIG PAPA\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe  => Moved successfully.
C:\Users\BIG PAPA\AppData\Local\Temp\SearchWithGoogleUpdate.exe  => Moved successfully.
C:\Users\BIG PAPA\AppData\Local\Temp\SkypeSetup.exe  => Moved successfully.
C:\Users\BIG PAPA\AppData\Local\Temp\swt-win32-3349.dll  => Moved successfully.
C:\Users\BIG PAPA.BIGPAPA\AppData\Local\Temp\drm_dialogs.dll  => Moved successfully.
C:\Users\BIG PAPA.BIGPAPA\AppData\Local\Temp\drm_dyndata_7400008.dll  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\drm_dialogs.dll  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\drm_dyndata_7400008.dll  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\eauninstall.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chrd_aih.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\mssinstaller.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\SearchWithGoogleUpdate.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\SecurityScan_Release.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\SkypeSetup.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\The Battle for Middle-earth_uninst.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\UnityWebPlayer7026030131388131944.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\uttD83F.tmp.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\_is298F.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\_is5FBC.exe  => Moved successfully.
"C:\Users\Lil'" => File/Directory not found.
C:\Users\Lil' Mamma\AppData\Local\Temp\_is88ED.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\_is9D48.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\_is9F37.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\_isB7AA.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\_isCBC7.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\_isD36C.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\_isDAB5.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\_isE761.exe  => Moved successfully.
C:\Users\Lil' Mamma\AppData\Local\Temp\_isF2E6.exe => Moved successfully.
 
==== End of Fixlog ====


#6 NextLevelNick

NextLevelNick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 28 November 2013 - 03:04 AM

I THINK things are downloading fine now. Bitdefender is updating and Chrome finally updated to the newest version (which kinda sucked because I lost all my tabs)


What exactly did this process you made me go through do?



#7 NextLevelNick

NextLevelNick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 28 November 2013 - 03:07 AM

Scratch that, Bitdefender is still having issues updating. Gonna try updating again. Will keep you posted.



#8 NextLevelNick

NextLevelNick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 28 November 2013 - 03:12 AM

It seems I still can't perform a virus scan nor update Bitdefender.



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:13 AM

Posted 28 November 2013 - 12:48 PM



Hello NextLevelNick

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 NextLevelNick

NextLevelNick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 28 November 2013 - 01:31 PM

# AdwCleaner v3.013 - Report created 28/11/2013 at 13:01:25
# Updated 24/11/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Lil' Mamma - BIGPAPA
# Running from : C:\Users\Lil' Mamma\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\ConduitEngine
[!] Folder Deleted : C:\Program Files (x86)\uTorrentBar
[!] Folder Deleted : C:\Users\Lil' Mamma\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\Lil' Mamma\AppData\LocalLow\ConduitEngine
[!] Folder Deleted : C:\Users\Lil' Mamma\AppData\LocalLow\FunWebProducts
[!] Folder Deleted : C:\Users\Lil' Mamma\AppData\LocalLow\MyWebSearch
[!] Folder Deleted : C:\Users\Lil' Mamma\AppData\LocalLow\PriceGong
[!] Folder Deleted : C:\Users\Lil' Mamma\AppData\LocalLow\uTorrentBar
[!] Folder Deleted : C:\Users\BIG PAPA.BIGPAPA\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\BIG PAPA.BIGPAPA\AppData\LocalLow\ConduitEngine
[!] Folder Deleted : C:\Users\BIG PAPA.BIGPAPA\AppData\LocalLow\PriceGong
[!] Folder Deleted : C:\Users\BIG PAPA.BIGPAPA\AppData\LocalLow\uTorrentBar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F8DAA357-E404-4ABB-82D3-551E243194F0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F8DAA357-E404-4ABB-82D3-551E243194F0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1EDDAF5-65D0-4383-A734-449076F0B853}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F99B852F-F678-4323-B48C-08430CF690D3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16520
 
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\Lil' Mamma\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\BIG PAPA.BIGPAPA\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5562 octets] - [28/11/2013 12:58:14]
AdwCleaner[S0].txt - [5095 octets] - [28/11/2013 13:01:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5155 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows ™ Vista Home Premium x64
Ran by Lil' Mamma on Thu 11/28/2013 at 13:09:25.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{01847689-9591-4EFE-85CC-33B2B97226B2}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{01A87998-6B70-4886-AC05-038F6C88F810}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{0373DFE5-F64B-4D87-A317-7B4B30F30477}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{059144A4-0E5D-42F1-8FEC-04C6473EE7FA}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{085488E7-3987-4A13-82F5-B8D925E04AC2}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{0A6C4000-763E-4A0D-B9BC-01BBD3B15FE5}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{11A91D06-E12C-4395-851A-8FB54F81D5A2}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{153611DF-5FCF-4AFC-A595-1B7ED4996AB8}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{15899206-011C-4CBF-9768-3B9361080FA3}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{16217973-43E2-4466-AC6A-6546508870F5}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{16600DAF-588A-47DE-AB70-9224EB95D4D2}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{16AE1075-85AC-4CD5-A0EB-BBC46CF101E0}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{1F19A63E-665D-49EC-8BE0-F0396EDF5EA1}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{1F8A92A3-D938-4E3E-A87D-E059B20DE5EA}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{23742A10-12AE-4B39-A7D9-3F7021452B31}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{242EDB1D-A32D-4383-B8B9-43C397DAA79C}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{26910536-DD24-41C3-BE21-092F2271CD1C}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{2A223A4D-9921-4BF5-9C5A-6C3FBC93C573}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{2A3294BB-3075-46D8-9FB7-2B726E854CED}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{2CFEBA99-7B16-45BA-95B2-F589D2C41907}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{2E76CC04-D1A9-4CCF-B461-08CA2C32DC26}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{2FE37CDA-CAA8-4FB5-88EF-012F27DA9954}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{35B7A1D1-4EA4-4020-A717-C178BB3D61CA}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{369F7945-015B-42A6-9678-7A2F02814855}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{36E7E847-F33B-43E2-8092-D0EE2501AC5D}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{407B091A-079F-4C77-92EA-3CB5FFA1DE92}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{421A0ECF-16AF-459F-AF23-36C20413FBAD}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{43169422-5FC1-426F-8614-63E42A8A6595}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{46223216-6814-451C-8839-A61B6EC9C7EB}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{46755641-8C3C-4A36-9441-9A0ED297DBE6}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{4764D80F-DF2D-4F9F-B494-948B7D6DD8ED}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{482F6C91-7F86-4C6E-89AE-2BB9C75DFE53}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{48EBBB9D-4E4F-4B65-B767-56D3FAC84D13}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{4954C343-F533-4470-87B8-A77A7819C8FD}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{4C9E978C-8B72-4292-AE52-C66B9940CC5C}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{4FD313F8-5764-45D5-856E-7162C35E4CDD}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{537E61F1-4410-4D24-A968-E90E32495C97}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{63894D5B-2620-4C58-8585-88A4506BAEA8}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{645C9937-004F-47C7-9421-C0237097099A}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{6CF91844-64BB-4490-9407-7589F2731702}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{6F583D28-5046-48B2-A866-D6777823F789}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{6FB47C49-B1C2-424B-8170-AF1B9E3426C6}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{70DAD6BB-DB36-4B7D-ABE8-402840A039E8}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{74608985-BB59-4F01-8C0C-1F2A022B30BA}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{75C46737-A67E-4A04-A317-C7A30BFD82AC}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{7CA5E330-257A-4A4A-919F-2B864A6C3FEC}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{7E94EDDB-8900-4C91-AD25-307DBE5DC85B}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{8416EA99-2153-48DB-9101-7811BCF2FF61}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{84631A07-B7C4-43AA-81CC-D6A25E1FA504}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{8486D494-C953-437E-B81D-B6295EFBCC8F}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{94809BE1-8D54-482C-A201-56C30A47817E}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{9952F711-AC21-4712-A301-885A3861978F}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{9A9B2388-FE2C-42AB-B3EF-9CFE342331BE}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{A5A68EB7-D9EF-41E2-87E7-F9B34F311D2C}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{AD7740E6-D3F6-4666-8755-8FF3563E7C09}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{BAFBE303-599C-42C5-AA01-A9EF98986A7A}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{BAFD5238-65DE-4DF4-A54B-83DF33937F71}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{C6022071-DA96-49CC-9D3E-8BAF36B18AA9}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{CE7F8A56-8CBB-47D9-8BF4-8E8F8BA4CDBD}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{D0FD83CB-F8A0-4CBD-AB8D-E51FA51636EE}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{D3CABE85-EB58-4040-9611-29E8C6DE0DDD}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{DAB752A0-F942-4D6A-BC28-2DAE10284D67}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{DAB9C70D-E9D0-4FB3-BCD4-9EE56E8F1A63}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{DCC6A543-9FFF-45CE-8CB3-3180DFD517CE}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{DD23B87E-70B6-46A0-BC55-B255CACD9DF8}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{EF41CA79-F7E1-4604-B7E3-848CEC19CFE6}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{EFE2D1F3-8544-4C4D-95B7-D8A1040777BD}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{F3E9F163-6222-4002-9316-18E21E396DF2}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{F70AAC77-F7D1-460A-9EE6-ED427AB32D84}
Successfully deleted: [Empty Folder] C:\Users\Lil' Mamma\appdata\local\{FACD07B1-7781-402F-93EA-32D3DF1D529D}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/28/2013 at 13:23:04.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#11 NextLevelNick

NextLevelNick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 28 November 2013 - 01:32 PM

Still having the issue of not being able to run a virus scan and downloading things is still hit or miss, but things seem to be running a little....smoother (?)



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:13 AM

Posted 29 November 2013 - 10:31 AM


Hello NextLevelNick

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 NextLevelNick

NextLevelNick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 29 November 2013 - 07:22 PM

ComboFix 13-11-27.01 - Lil' Mamma 11/29/2013  18:34:26.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3838.2047 [GMT -5:00]
Running from: c:\users\Lil' Mamma\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Outdated* {982ADE23-275B-0766-37C5-DE01A484098E}
FW: BitDefender Firewall *Enabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
SP: BitDefender Antispyware *Disabled/Outdated* {234B3FC7-0161-08E8-0D75-E573DF034333}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL112F.tmp
c:\programdata\SPL269.tmp
c:\programdata\SPL27EE.tmp
c:\programdata\SPL639E.tmp
c:\programdata\SPL7265.tmp
c:\programdata\SPL9090.tmp
c:\programdata\SPL9176.tmp
c:\programdata\SPL93EA.tmp
c:\programdata\SPL9F2.tmp
c:\programdata\SPLA13E.tmp
c:\programdata\SPLCBC8.tmp
c:\programdata\SPLD649.tmp
c:\programdata\SPLF977.tmp
c:\users\Lil' Mamma\AppData\Roaming\A8C176EE.reg
c:\users\Lil' Mamma\Desktop\Documents\~WRL0003.tmp
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-28 to 2013-11-30  )))))))))))))))))))))))))))))))
.
.
2013-11-30 00:03 . 2013-11-30 00:03 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2013-11-30 00:03 . 2013-11-30 00:03 -------- d-----w- c:\users\Lil' Mamma\AppData\Local\temp
2013-11-30 00:03 . 2013-11-30 00:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-30 00:03 . 2013-11-30 00:03 -------- d-----w- c:\users\BIG PAPA\AppData\Local\temp
2013-11-30 00:03 . 2013-11-30 00:03 -------- d-----w- c:\users\BIG PAPA.BIGPAPA\AppData\Local\temp
2013-11-28 18:09 . 2013-11-28 18:09 -------- d-----w- c:\windows\ERUNT
2013-11-28 17:57 . 2013-11-28 18:01 -------- d-----w- C:\AdwCleaner
2013-11-28 05:30 . 2013-11-28 05:30 -------- d-----w- c:\users\Lil' Mamma\AppData\Local\Blizzard
2013-11-28 04:53 . 2013-11-28 05:31 -------- d-----w- c:\program files (x86)\Hearthstone
2013-11-28 04:52 . 2013-11-28 04:52 -------- d-----w- c:\users\Lil' Mamma\AppData\Local\Blizzard Entertainment
2013-11-28 04:52 . 2013-11-29 23:23 -------- d-----w- c:\users\Lil' Mamma\AppData\Local\Battle.net
2013-11-28 04:52 . 2013-11-28 07:53 -------- d-----w- c:\users\Lil' Mamma\AppData\Roaming\Battle.net
2013-11-28 04:52 . 2013-11-28 04:53 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2013-11-28 04:52 . 2013-11-28 04:52 -------- d-----w- c:\program files (x86)\Battle.net
2013-11-28 04:52 . 2013-11-28 04:52 -------- d-----w- c:\programdata\Blizzard Entertainment
2013-11-28 04:49 . 2013-11-28 04:49 -------- d-----w- c:\programdata\Battle.net
2013-11-28 04:30 . 2013-11-28 04:30 -------- d-----w- C:\FRST
2013-11-28 02:07 . 2013-11-28 02:07 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D4A7FF-2B7C-438D-8857-C882C7554689}\offreg.dll
2013-11-28 01:34 . 2013-08-29 07:48 2775552 ----a-w- c:\windows\system32\win32k.sys
2013-11-28 01:34 . 2013-08-02 14:06 1706496 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-11-28 01:34 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-11-28 01:32 . 2013-06-29 02:25 274944 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-28 01:32 . 2013-06-29 02:25 95744 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-28 01:32 . 2013-06-29 02:25 259584 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-28 01:32 . 2013-06-29 02:25 7552 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-28 01:32 . 2011-05-05 14:17 49664 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-28 01:32 . 2011-05-05 14:17 24064 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-28 01:28 . 2013-11-18 06:28 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D4A7FF-2B7C-438D-8857-C882C7554689}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-11 10:50 . 2009-10-09 02:37 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-07 21:00 . 2006-11-02 12:35 82896128 ----a-w- c:\windows\system32\mrt.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-12-28 4545024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-28 03:32 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-21 c:\windows\Tasks\Bomgar Task 507330.job
- c:\program files (x86)\Internet Explorer\iexplore.exe [2013-11-28 10:49]
.
2013-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 15:14]
.
2013-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 15:14]
.
2013-11-30 c:\windows\Tasks\User_Feed_Synchronization-{BC7B34D5-0ECB-48B1-B2C2-7319B943E4DF}.job
- c:\windows\system32\msfeedssync.exe [2012-02-17 08:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper 32"="c:\program files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe" [2009-10-19 71152]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-20 76296]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-01 1571416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.julielewis.acnibo.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5694
Trusted Zone: intuit.com\ttlc
Trusted Zone: mosw.com\free-game-downloads
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FB6D127E-1638-46AA-BE60-19496E8DBAD3}: NameServer = 4.2.2.1,4.2.2.2
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {8ED1093F-319E-48EC-A9F2-971236F0CC21} - hxxp://alleyesltommy.linksys-cam.com/UltraCamX.cab
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://sounds.myvnc.com:9999/WebClient.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WNA1100\jswtrayutil.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
Toolbar-Locked - (no file)
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
AddRemove-PowerISO - c:\program files (x86)\PowerISO\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_heroes.exe
AddRemove-Sparkplayer (Beta) - c:\users\Lil' Mamma\Documents\Sparkplay Media\Sparkplayer (Beta)\Update.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
.
[HKEY_USERS\S-1-5-21-2932777127-504153465-3726424614-1001\Software\SecuROM\License information*]
"datasecu"=hex:e9,bd,92,44,fc,fb,a3,70,4a,86,6a,12,85,1d,f3,ba,b0,60,f9,13,df,
   d4,18,28,4a,b6,9b,56,83,d6,57,fc,18,4f,ae,77,18,d6,e2,ec,89,ab,40,4c,e7,12,\
"rkeysecu"=hex:3e,4b,67,38,84,d4,ff,1e,0c,cf,92,12,68,57,65,97
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-11-29  19:09:51
ComboFix-quarantined-files.txt  2013-11-30 00:09
.
Pre-Run: 170,607,898,624 bytes free
Post-Run: 171,438,616,576 bytes free
.
- - End Of File - - 760A1B117FAF8004620D53BC2391AF00
5C616939100B85E558DA92B899A0FC36

I'm still unable to update my BitDefender or make a virus scan



#14 NextLevelNick

NextLevelNick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 29 November 2013 - 07:48 PM

I'm also unable to download things still



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:13 AM

Posted 29 November 2013 - 10:02 PM


Hello NextLevelNick

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following
  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users