Page 2 of 7 FirstFirst 123456 ... LastLast
Results 11 to 20 of 63

Thread: Trovi Attached

  1. #11
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I would like to see the results of the first scan you ran with Malwarebytes that removed the 5 items so I can see what was removed

    Open Malwarebytes and click on the History tab, then Application Logs, select the log that had the 5 entries removed, then click on View > Copy to Clipboard and paste it in this thread please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  2. #12
    Member Beadbud5000's Avatar
    Join Date
    Nov 2010
    Location
    Saint Petersburg, FL - USA
    Posts
    72

    Default 1st Scan results

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/1/2014
    Scan Time: 7:19:35 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.05.01.07
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows Vista
    CPU: x86
    File System: NTFS
    User: budzone

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 217567
    Time Elapsed: 4 min, 42 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[5cdf004c6d0e6acc6581b2b0a163be42]

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Quote Originally Posted by ken545 View Post
    I would like to see the results of the first scan you ran with Malwarebytes that removed the 5 items so I can see what was removed

    Open Malwarebytes and click on the History tab, then Application Logs, select the log that had the 5 entries removed, then click on View > Copy to Clipboard and paste it in this thread please
    Bud

  3. #13
    Member Beadbud5000's Avatar
    Join Date
    Nov 2010
    Location
    Saint Petersburg, FL - USA
    Posts
    72

    Default

    FYI
    It has quarantined 6 items now. I could not get the scan log from 6:54 to copy on to text.
    I will keep trying asw time allows
    Bud

  4. #14
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Thats the same report you posted originally that showed only one entry found, I really wanted to see the one that you said found 5 items

    How are things running now ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #15
    Member Beadbud5000's Avatar
    Join Date
    Nov 2010
    Location
    Saint Petersburg, FL - USA
    Posts
    72

    Default 7 now!

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/1/2014
    Scan Time: 4:39:14 PM
    Logfile: 5-1-14.txt
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.05.01.12
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows Vista
    CPU: x86
    File System: NTFS
    User: budzone

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 217855
    Time Elapsed: 9 min, 24 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[f64ac785ea9170c678fbef748e76d42c]

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    Quote Originally Posted by Beadbud5000 View Post
    FYI
    It has quarantined 6 items now. I could not get the scan log from 6:54 to copy on to text.
    I will keep trying as time allows
    Bud

  6. #16
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Still same report

    Scan Date: 5/1/2014
    Scan Time: 4:39:14 PM

    Logfile: 5-1-14.txt
    Administrator: Yes
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #17
    Member Beadbud5000's Avatar
    Join Date
    Nov 2010
    Location
    Saint Petersburg, FL - USA
    Posts
    72

    Default

    I tried to go in manually.
    C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

    But I have no folder called ProgramData - so I looked in Program Files\MalwareBytes\Anti-Malware and there were no log files.
    Are you sure MalwareBytes is not a trick site? Every time I have my PC running, even when I am not directly online, MalwareBytes keeps finding a malicious thread without being run once, then it found another during a scan run, and then it found nothing...

    Spybot is fine. My pc is quirky since I changed to Vista after 7 or 8 years of XP. I hate Vista!! I have installed some Unix systems but I really do not know how to use those yet.
    Any ideas?




    Quote Originally Posted by ken545 View Post
    Thats the same report you posted originally that showed only one entry found, I really wanted to see the one that you said found 5 items

    How are things running now ?
    Bud

  8. #18
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I have seen reports of a bogus Malwarebytes download, but the links I provided are safe, did you use one of them or go out on your own to find Malwarebytes

    You wont find the logs in program data, just the way I posted previously

    Vista was not one of the best OS to ever come down the pike, have you tried upgrading to Windows 7, its a very nice OS, here is a link to the Win 7 Upgrade Advisor to see if your system can be upgraded

    http://www.microsoft.com/en-us/downl...ils.aspx?id=20



    Run this scanner and lets see if anything else shows up

    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #19
    Member Beadbud5000's Avatar
    Join Date
    Nov 2010
    Location
    Saint Petersburg, FL - USA
    Posts
    72

    Default MalwareBytes issue OTL scan results

    Hi
    I think I have a ghost screen in my pc. I got your malwarebytes from the reply you sent yesterday Yesterday when downloading, i noticed flash screens or "flutter". I have been slaped with many malware issue on various computers since 2004. I have been through 5 or 6 donated computers after the buiness computer I bought in 2003 fried in 2005. I'd say I have a bogus Malware Bytes.

    Also, I technically am legally blind (MS related)
    Here is the results for the OTL data scans and thanks for your help!

    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

    5-2-14 result
    OTL Notepad
    OTL logfile created on: 5/2/2014 7:34:13 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\budzone\Downloads
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16386)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 45.94% Memory free
    4.20 Gb Paging File | 3.02 Gb Available in Paging File | 71.95% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 297.73 Gb Total Space | 197.07 Gb Free Space | 66.19% Space Free | Partition Type: NTFS

    Computer Name: HOMEPC | User Name: budzone | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\budzone\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()


    ========== Services (SafeList) ==========

    SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
    SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (USBSTOR) -- C:\Windows\system32\drivers\usbstor.sys File not found
    DRV - (SDHookDriver) -- C:\Program Files\Spybot File not found
    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
    DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
    DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc. )
    DRV - (es1371) -- C:\Windows\System32\drivers\es1371mp.sys (Creative Technology Ltd.)
    DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
    IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
    IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledAddons: s3google%40translator:2.14
    FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2014/03/30 14:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Extensions
    [2014/04/24 16:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions
    [2014/04/24 16:51:09 | 000,178,612 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
    [2014/04/03 10:02:01 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\newtabgoogle@graememcc.co.uk.xpi
    [2014/04/03 09:58:26 | 000,081,138 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\s3google@translator.xpi
    [2014/04/29 11:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2014/04/29 11:19:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage:
    CHR - plugin: Error reading preferences file
    CHR - Extension: Google Docs = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Wallet = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Gmail = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2014/04/27 12:33:44 | 000,450,628 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 15471 more lines...
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A0C729-663E-455B-B1FD-4EA2B468DA2F}: DhcpNameServer = 65.32.5.111 65.32.5.112
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O24 - Desktop WallPaper: C:\Users\budzone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\budzone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/05/01 07:22:00 | 000,000,000 | ---D | C] -- C:\MalWtext
    [2014/05/01 06:54:34 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/05/01 06:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/05/01 06:53:55 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/05/01 06:53:55 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/05/01 06:53:55 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2014/05/01 06:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
    [2014/05/01 06:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/04/30 11:18:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/04/29 16:56:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
    [2014/04/29 16:55:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/04/29 06:26:57 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
    [2014/04/29 06:26:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
    [2014/04/29 06:26:56 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
    [2014/04/29 06:26:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
    [2014/04/29 06:26:56 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
    [2014/04/28 16:16:35 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
    [2014/04/28 11:30:23 | 000,000,000 | ---D | C] -- C:\Users\budzone\Documents\Album Covers
    [2014/04/26 06:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
    [2014/04/26 06:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Real
    [2014/04/26 06:54:26 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Roaming\Real
    [2014/04/26 06:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2014/04/26 06:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
    [2014/04/24 08:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2014/04/24 08:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2014/04/24 08:42:47 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Local\Google
    [2014/04/13 13:56:25 | 000,000,000 | ---D | C] -- C:\ubuntu
    [2014/04/12 08:14:25 | 000,000,000 | ---D | C] -- C:\mint
    [2014/04/09 22:15:47 | 000,000,000 | ---D | C] -- C:\bud
    [2014/04/09 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2014/04/08 12:08:13 | 000,000,000 | ---D | C] -- C:\787a51d3de09fd4ab9
    [2014/04/07 20:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2014/04/07 20:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2014/04/07 20:32:44 | 000,000,000 | ---D | C] -- C:\3a0cf218a18bad4512376e
    [2014/04/07 20:29:38 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
    [2014/04/05 06:25:05 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
    [2014/04/05 06:25:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
    [2014/04/05 06:25:04 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
    [2014/04/05 06:25:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
    [2014/04/05 06:25:04 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
    [2014/04/05 06:25:04 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
    [2014/04/05 06:24:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
    [2014/04/05 06:24:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
    [2014/04/05 06:24:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
    [2014/04/05 06:23:52 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
    [2014/04/05 06:23:51 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
    [2014/04/05 06:23:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
    [2014/04/05 06:23:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
    [2014/04/05 06:23:14 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
    [2014/04/05 06:23:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
    [2014/04/05 06:23:13 | 001,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
    [2014/04/05 06:23:11 | 008,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
    [2014/04/05 06:22:32 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
    [2014/04/05 06:22:13 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2014/04/05 06:21:53 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
    [2014/04/05 06:21:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
    [2014/04/05 06:21:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
    [2014/04/05 06:21:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
    [2014/04/05 06:20:32 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
    [2014/04/05 06:20:31 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
    [2014/04/05 06:20:31 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
    [2014/04/05 06:20:30 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
    [2014/04/05 06:20:30 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
    [2014/04/05 06:20:30 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
    [2014/04/05 06:20:30 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
    [2014/04/05 06:20:30 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
    [2014/04/05 06:20:29 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
    [2014/04/04 19:19:07 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
    [2014/04/04 19:19:07 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
    [2014/04/04 19:19:07 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
    [2014/04/04 19:19:07 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
    [2014/04/04 19:19:02 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
    [2014/04/04 19:19:02 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
    [2014/04/04 19:19:02 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    [2014/04/04 19:19:02 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
    [2014/04/03 10:02:51 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Local\Adobe
    [1 C:\Users\budzone\Documents\*.tmp files -> C:\Users\budzone\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/05/02 07:18:01 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/05/02 06:48:48 | 000,620,920 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/05/02 06:48:48 | 000,105,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/05/02 06:48:10 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/05/02 06:45:06 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2014/05/02 06:45:05 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2014/05/02 06:44:51 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2014/05/02 06:44:44 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/05/02 06:42:01 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/05/02 06:42:01 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/05/02 06:41:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/05/01 22:37:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/05/01 11:51:35 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60275C0-30FF-447D-BD78-2B0F74F7F890}.job
    [2014/05/01 06:53:59 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/30 17:26:35 | 000,002,595 | ---- | M] () -- C:\Users\budzone\Desktop\Microsoft Word.lnk
    [2014/04/30 15:37:30 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2014/04/30 15:37:30 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2014/04/29 11:19:29 | 000,000,870 | ---- | M] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2014/04/29 11:19:21 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2014/04/28 06:57:49 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/04/27 12:33:44 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2014/04/27 11:31:53 | 000,003,584 | ---- | M] () -- C:\Users\budzone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/04/26 15:48:24 | 201,952,749 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2014/04/26 07:35:12 | 000,034,612 | ---- | M] () -- C:\Windows\wininit.ini
    [2014/04/24 08:47:58 | 000,001,995 | ---- | M] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/04/22 21:56:45 | 023,936,943 | ---- | M] () -- C:\Users\budzone\Desktop\stereo - The BEATLES 'White Album' - The Beatles (Analog).3gp
    [2014/04/21 14:29:05 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140427-123344.backup
    [2014/04/16 22:04:46 | 000,029,755 | ---- | M] () -- C:\Users\budzone\1401208_312493.jpg
    [2014/04/15 08:49:10 | 000,002,593 | ---- | M] () -- C:\Users\budzone\Desktop\Microsoft Excel.lnk
    [2014/04/13 13:59:24 | 000,197,915 | ---- | M] () -- C:\wubildr
    [2014/04/13 13:59:24 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
    [2014/04/09 14:30:23 | 000,000,618 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2014/04/09 14:30:23 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2014/04/09 00:30:23 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140421-142905.backup
    [2014/04/08 11:06:00 | 000,042,187 | ---- | M] () -- C:\Users\budzone\5 inner planets.jpg
    [2014/04/07 06:51:00 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140409-003023.backup
    [2014/04/05 06:30:47 | 000,368,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2014/04/05 06:25:05 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
    [2014/04/05 06:25:05 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
    [2014/04/05 06:25:04 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
    [2014/04/05 06:25:04 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
    [2014/04/05 06:25:04 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
    [2014/04/05 06:25:04 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
    [2014/04/05 06:24:31 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\http.sys.mui
    [2014/04/05 06:24:05 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
    [2014/04/05 06:24:05 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
    [2014/04/05 06:24:05 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
    [2014/04/05 06:23:52 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
    [2014/04/05 06:23:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
    [2014/04/05 06:23:15 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
    [2014/04/05 06:23:15 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
    [2014/04/05 06:23:14 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
    [2014/04/05 06:23:14 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
    [2014/04/05 06:23:13 | 001,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
    [2014/04/05 06:23:11 | 008,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
    [2014/04/05 06:22:32 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
    [2014/04/05 06:22:13 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2014/04/05 06:21:53 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
    [2014/04/05 06:21:53 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
    [2014/04/05 06:21:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
    [2014/04/05 06:21:24 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
    [2014/04/05 06:20:32 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
    [2014/04/05 06:20:31 | 000,435,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
    [2014/04/05 06:20:31 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
    [2014/04/05 06:20:30 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
    [2014/04/05 06:20:30 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
    [2014/04/05 06:20:30 | 000,473,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
    [2014/04/05 06:20:30 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
    [2014/04/05 06:20:30 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
    [2014/04/05 06:20:30 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
    [2014/04/04 19:19:07 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
    [2014/04/04 19:19:07 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
    [2014/04/04 19:19:07 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
    [2014/04/04 19:19:07 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
    [2014/04/04 19:19:02 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
    [2014/04/04 19:19:02 | 000,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
    [2014/04/04 19:19:02 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    [2014/04/04 19:19:02 | 000,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
    [2014/04/04 19:10:12 | 031,195,136 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
    [2014/04/04 19:10:12 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
    [2014/04/04 19:10:12 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
    [2014/04/03 09:51:10 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/04/03 09:51:00 | 000,073,432 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2014/04/02 10:29:43 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140407-065100.backup
    [2014/04/02 10:20:36 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140402-102943.backup
    [1 C:\Users\budzone\Documents\*.tmp files -> C:\Users\budzone\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/05/01 06:53:59 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/29 08:59:28 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60275C0-30FF-447D-BD78-2B0F74F7F890}.job
    [2014/04/29 06:26:56 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
    [2014/04/27 11:31:51 | 000,003,584 | ---- | C] () -- C:\Users\budzone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/04/26 15:48:05 | 201,952,749 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2014/04/24 08:44:13 | 000,001,995 | ---- | C] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/04/24 08:44:13 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/04/24 08:43:00 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/04/24 08:42:58 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/04/22 21:53:03 | 023,936,943 | ---- | C] () -- C:\Users\budzone\Desktop\stereo - The BEATLES 'White Album' - The Beatles (Analog).3gp
    [2014/04/16 22:04:46 | 000,029,755 | ---- | C] () -- C:\Users\budzone\1401208_312493.jpg
    [2014/04/12 08:19:45 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
    [2014/04/12 08:19:43 | 000,197,915 | ---- | C] () -- C:\wubildr
    [2014/04/10 10:14:21 | 000,001,273 | ---- | C] () -- C:\Users\budzone\Authorization.xml
    [2014/04/08 11:06:00 | 000,042,187 | ---- | C] () -- C:\Users\budzone\5 inner planets.jpg
    [2014/04/08 09:25:34 | 000,024,459 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Straprevised.rtf
    [2014/04/08 09:25:34 | 000,024,056 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Strap.rtf
    [2014/04/08 09:25:34 | 000,019,927 | ---- | C] () -- C:\Users\budzone\Documents\The Minister wrath.rtf
    [2014/04/08 09:25:34 | 000,017,840 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Strap-.rtf
    [2014/04/08 09:25:34 | 000,013,711 | ---- | C] () -- C:\Users\budzone\Documents\Triangular Foundations.rtf
    [2014/04/08 09:25:34 | 000,010,245 | ---- | C] () -- C:\Users\budzone\Documents\TheJoeKirksonP3.rtf
    [2014/04/08 09:25:34 | 000,008,827 | ---- | C] () -- C:\Users\budzone\Documents\Trevor is waiting.rtf
    [2014/04/08 09:25:34 | 000,004,989 | ---- | C] () -- C:\Users\budzone\Documents\troubledlines.rtf
    [2014/04/08 09:25:33 | 000,096,776 | ---- | C] () -- C:\Users\budzone\Documents\teachers.rtf
    [2014/04/08 09:25:33 | 000,045,431 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop2.rtf
    [2014/04/08 09:25:33 | 000,039,551 | ---- | C] () -- C:\Users\budzone\Documents\the joe kirkson meetings.rtf
    [2014/04/08 09:25:33 | 000,037,466 | ---- | C] () -- C:\Users\budzone\Documents\The Boss--.rtf
    [2014/04/08 09:25:33 | 000,031,779 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop.rtf
    [2014/04/08 09:25:33 | 000,031,317 | ---- | C] () -- C:\Users\budzone\Documents\The Bar-.rtf
    [2014/04/08 09:25:33 | 000,018,892 | ---- | C] () -- C:\Users\budzone\Documents\teachers-.rtf
    [2014/04/08 09:25:33 | 000,009,388 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop 2final.rtf
    [2014/04/08 09:25:33 | 000,007,066 | ---- | C] () -- C:\Users\budzone\Documents\The Bar.rtf
    [2014/04/08 09:25:33 | 000,006,820 | ---- | C] () -- C:\Users\budzone\Documents\The Blond Man with the Gold Band Wristwatch.rtf
    [2014/04/08 09:25:32 | 000,037,948 | ---- | C] () -- C:\Users\budzone\Documents\Summer Adjustments P1.rtf
    [2014/04/08 09:25:32 | 000,018,889 | ---- | C] () -- C:\Users\budzone\Documents\Summer revisedfinal2-10.rtf
    [2014/04/08 09:25:32 | 000,012,982 | ---- | C] () -- C:\Users\budzone\Documents\spatula.rtf
    [2014/04/08 09:25:32 | 000,009,453 | ---- | C] () -- C:\Users\budzone\Documents\SD Belt Fantasy.rtf
    [2014/04/08 09:25:32 | 000,008,344 | ---- | C] () -- C:\Users\budzone\Documents\SouthernCharm.rtf
    [2014/04/08 09:25:32 | 000,005,939 | ---- | C] () -- C:\Users\budzone\Documents\Summer Adjustments Part 2.rtf
    [2014/04/08 09:25:32 | 000,004,298 | ---- | C] () -- C:\Users\budzone\Documents\Small Ornamental Mask.rtf
    [2014/04/08 09:25:32 | 000,000,393 | ---- | C] () -- C:\Users\budzone\Documents\spankingad.rtf
    [2014/04/08 09:25:31 | 000,026,001 | ---- | C] () -- C:\Users\budzone\Documents\nedP2.rtf
    [2014/04/08 09:25:31 | 000,011,847 | ---- | C] () -- C:\Users\budzone\Documents\mohammed.rtf
    [2014/04/08 09:25:30 | 000,035,182 | ---- | C] () -- C:\Users\budzone\Documents\joekirksonp3.rtf
    [2014/04/08 09:25:30 | 000,017,527 | ---- | C] () -- C:\Users\budzone\Documents\Lew.rtf
    [2014/04/08 09:25:30 | 000,004,256 | ---- | C] () -- C:\Users\budzone\Documents\Jk alt.rtf
    [2014/04/08 09:25:29 | 000,033,139 | ---- | C] () -- C:\Users\budzone\Documents\James Kirkson2012.rtf
    [2014/04/08 09:25:29 | 000,032,544 | ---- | C] () -- C:\Users\budzone\Documents\Into Old Cars revised.rtf
    [2014/04/08 09:25:29 | 000,025,487 | ---- | C] () -- C:\Users\budzone\Documents\James Kirkson Meetings.rtf
    [2014/04/08 09:25:29 | 000,005,213 | ---- | C] () -- C:\Users\budzone\Documents\Fertility Mask.rtf
    [2014/04/08 09:25:29 | 000,004,146 | ---- | C] () -- C:\Users\budzone\Documents\It happened slowly over a relatively brief amount of time.rtf
    [2014/04/08 09:25:28 | 000,031,014 | ---- | C] () -- C:\Users\budzone\Documents\Father.rtf
    [2014/04/08 09:25:28 | 000,030,895 | ---- | C] () -- C:\Users\budzone\Documents\DadSexLesf.rtf
    [2014/04/08 09:25:28 | 000,023,257 | ---- | C] () -- C:\Users\budzone\Documents\Father2.rtf
    [2014/04/08 09:25:28 | 000,022,699 | ---- | C] () -- C:\Users\budzone\Documents\Father-.rtf
    [2014/04/08 09:25:28 | 000,021,271 | ---- | C] () -- C:\Users\budzone\Documents\Curt2.rtf
    [2014/04/08 09:25:28 | 000,019,967 | ---- | C] () -- C:\Users\budzone\Documents\dad sex lesson 3-22-13.rtf
    [2014/04/08 09:25:28 | 000,019,131 | ---- | C] () -- C:\Users\budzone\Documents\dadsexlessonrevised.rtf
    [2014/04/08 09:25:28 | 000,019,061 | ---- | C] () -- C:\Users\budzone\Documents\Father Part II1.rtf
    [2014/04/08 09:25:28 | 000,016,899 | ---- | C] () -- C:\Users\budzone\Documents\Curt.rtf
    [2014/04/08 09:25:28 | 000,010,478 | ---- | C] () -- C:\Users\budzone\Documents\ebaytemp.rtf
    [2014/04/08 09:25:28 | 000,008,874 | ---- | C] () -- C:\Users\budzone\Documents\delZip179.rtf
    [2014/04/08 09:25:25 | 000,016,385 | ---- | C] () -- C:\Users\budzone\Documents\Camping-.rtf
    [2014/04/08 09:25:25 | 000,015,593 | ---- | C] () -- C:\Users\budzone\Documents\Campingrev.rtf
    [2014/04/08 09:25:25 | 000,014,752 | ---- | C] () -- C:\Users\budzone\Documents\Camping.rtf
    [2014/04/08 09:25:25 | 000,004,028 | ---- | C] () -- C:\Users\budzone\Documents\Compote Frosted Pink Fostoria.rtf
    [2014/04/08 09:25:24 | 000,049,664 | ---- | C] () -- C:\Users\budzone\Documents\Business cards.pub
    [2014/04/08 09:25:24 | 000,044,491 | ---- | C] () -- C:\Users\budzone\Documents\Bondingrevised.rtf
    [2014/04/08 09:25:24 | 000,026,164 | ---- | C] () -- C:\Users\budzone\Documents\CalbertandMe.rtf
    [2014/04/08 09:25:24 | 000,024,765 | ---- | C] () -- C:\Users\budzone\Documents\calbertandmepart2.rtf
    [2014/04/08 09:25:24 | 000,022,485 | ---- | C] () -- C:\Users\budzone\Documents\CalbertandMeP2.rtf
    [2014/04/08 09:25:24 | 000,021,159 | ---- | C] () -- C:\Users\budzone\Documents\Bill's Surprise2-4-13.rtf
    [2014/04/08 09:25:24 | 000,019,427 | ---- | C] () -- C:\Users\budzone\Documents\Bill's Surprise.rtf
    [2014/04/08 09:25:24 | 000,018,111 | ---- | C] () -- C:\Users\budzone\Documents\CalAlan.rtf
    [2014/04/08 09:25:24 | 000,013,015 | ---- | C] () -- C:\Users\budzone\Documents\Blond Boys in the Theatrefinal.rtf
    [2014/04/08 09:25:24 | 000,010,919 | ---- | C] () -- C:\Users\budzone\Documents\Backup of The Bar-.wbk
    [2014/04/08 09:25:23 | 000,055,959 | ---- | C] () -- C:\Users\budzone\Documents\A Fake.rtf
    [2014/04/08 09:25:23 | 000,037,433 | ---- | C] () -- C:\Users\budzone\Documents\A Salacious Affair.rtf
    [2014/04/08 09:25:23 | 000,022,124 | ---- | C] () -- C:\Users\budzone\Documents\Agreements (Part 2).rtf
    [2014/04/08 09:25:23 | 000,019,745 | ---- | C] () -- C:\Users\budzone\Documents\A Time For Passion.rtf
    [2014/04/08 09:25:23 | 000,018,166 | ---- | C] () -- C:\Users\budzone\Documents\AlanRobert.rtf
    [2014/04/08 09:25:23 | 000,015,959 | ---- | C] () -- C:\Users\budzone\Documents\AdiffMattdaly.rtf
    [2014/04/08 09:25:23 | 000,014,448 | ---- | C] () -- C:\Users\budzone\Documents\Agreementsp1.rtf
    [2014/04/08 09:25:23 | 000,006,409 | ---- | C] () -- C:\Users\budzone\Documents\21st century Poem.rtf
    [2014/04/08 09:25:23 | 000,005,561 | ---- | C] () -- C:\Users\budzone\Documents\21st Century Salutations.rtf
    [2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$Time For Passion.rtf
    [2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$reements (Part 2).rtf
    [2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$mes Kirkson2012.rtf
    [2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$e Leather Shop2.rtf
    [2014/04/08 09:25:22 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$A Fake.rtf
    [2014/04/07 20:37:54 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2014/04/07 20:37:51 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2014/03/31 14:21:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2014/03/30 18:26:49 | 000,034,612 | ---- | C] () -- C:\Windows\wininit.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/31 18:41:32 | 011,315,712 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2014/04/05 06:25:05 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 05:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2014/03/31 11:15:30 | 000,000,000 | ---D | M] -- C:\Users\budzone\AppData\Roaming\DriverFinder

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

    < End of report >
    Extras Notepad

    OTL Extras logfile created on: 5/2/2014 7:34:13 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\budzone\Downloads
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16386)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 45.94% Memory free
    4.20 Gb Paging File | 3.02 Gb Available in Paging File | 71.95% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 297.73 Gb Total Space | 197.07 Gb Free Space | 66.19% Space Free | Partition Type: NTFS

    Computer Name: HOMEPC | User Name: budzone | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{398CC83A-9771-44AB-B689-656418DCE800}C:\program files\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdupdate.exe |
    "UDP Query User{D270D848-44E9-4FE5-AD5D-C9BA3A47DF88}C:\program files\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdupdate.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
    "Google Chrome" = Google Chrome
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "mint4win" = Linux_Mint_Main
    "Mozilla Firefox 29.0 (x86 en-US)" = Mozilla Firefox 29.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
    "Wubi" = Ubuntu

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 4/30/2014 3:56:15 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
    Description = Faulting application wevtutil.exe, version 6.0.6000.16386, time stamp
    0x4549af1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
    exception code 0xc0000142, fault offset 0x00008fc7, process id 0x10d20, application
    start time 0x01cf64ae3bd3c7a4.

    Error - 4/30/2014 3:56:52 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
    Description = Faulting application wevtutil.exe, version 6.0.6000.16386, time stamp
    0x4549af1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
    exception code 0xc0000142, fault offset 0x00008fc7, process id 0x11bb0, application
    start time 0x01cf64ae411b4e4e.

    Error - 4/30/2014 4:08:57 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
    Description = Faulting application wevtutil.exe, version 6.0.6000.16386, time stamp
    0x4549af1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
    exception code 0xc0000142, fault offset 0x00008fc7, process id 0x12a08, application
    start time 0x01cf64ae57d92e26.

    Error - 4/30/2014 4:20:52 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
    Description = Faulting application wevtutil.exe, version 6.0.6000.16386, time stamp
    0x4549af1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
    exception code 0xc0000142, fault offset 0x00008fc7, process id 0x12ec4, application
    start time 0x01cf64b00812ef7e.

    Error - 4/30/2014 5:19:58 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
    Description = Faulting application SDWelcome.exe, version 2.2.21.129, time stamp
    0x51dd1105, faulting module kernel32.dll, version 6.0.6000.16820, time stamp 0x49952034,
    exception code 0xc0000005, fault offset 0x0004fcac, process id 0x25bc, application
    start time 0x01cf64b9f0288f0e.

    Error - 4/30/2014 5:23:20 PM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

    Error - 5/1/2014 6:26:40 AM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

    Error - 5/1/2014 6:50:56 PM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

    Error - 5/1/2014 8:44:30 PM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

    Error - 5/2/2014 6:42:59 AM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

    [ System Events ]
    Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4385
    Description =

    Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4385
    Description =

    Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =

    Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
    Description =


    < End of report >
    Bud

  10. #20
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Bud, sorry for your health issues, myself I lost my hearing about 20 years ago and have Cochlear Implants

    The problem your having is because your hosts file is infected, after you run this fix post the log from the fix, then go open Internet Explorer and change your start page to anyone you like, then run a new scan with OTL and post the new log, you wont get an extras log on the second run so dont knock yourself out looking for it. Your copy of Malwarebytes is legit by the way



    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
      IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
      IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
      [2014/04/21 14:29:05 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140427-123344.backup
      [2014/04/09 00:30:23 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140421-142905.backup
      [2014/04/07 06:51:00 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140409-003023.backup
      [2014/04/02 10:29:43 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140407-065100.backup
      [2014/04/02 10:20:36 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140402-102943.backup
      
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /flushdns /c
      
      
      :Commands
      [purity]
      [resethosts]
      [EMPTYJAVA] 
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces


    Then run a new scan with OTL and post the new log please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •