Page 3 of 7 FirstFirst 1234567 LastLast
Results 21 to 30 of 63

Thread: Trovi Attached

  1. #21
    Member Beadbud5000's Avatar
    Join Date
    Nov 2010
    Location
    Saint Petersburg, FL - USA
    Posts
    72

    Default

    It was very fast! It gave me the OTL txt file below

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
    HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    C:\Windows\System32\drivers\etc\hosts.20140427-123344.backup moved successfully.
    C:\Windows\System32\drivers\etc\hosts.20140421-142905.backup moved successfully.
    C:\Windows\System32\drivers\etc\hosts.20140409-003023.backup moved successfully.
    C:\Windows\System32\drivers\etc\hosts.20140407-065100.backup moved successfully.
    C:\Windows\System32\drivers\etc\hosts.20140402-102943.backup moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\budzone\Downloads\cmd.bat deleted successfully.
    C:\Users\budzone\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: budzone

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: budzone
    ->Temp folder emptied: 2296684 bytes
    ->Temporary Internet Files folder emptied: 188857 bytes
    ->FireFox cache emptied: 371653716 bytes
    ->Google Chrome cache emptied: 381710367 bytes
    ->Flash cache emptied: 7621 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 169769 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 721.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 05022014_094049

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    Quote Originally Posted by ken545 View Post
    Bud, sorry for your health issues, myself I lost my hearing about 20 years ago and have Cochlear Implants

    The problem your having is because your hosts file is infected, after you run this fix post the log from the fix, then go open Internet Explorer and change your start page to anyone you like, then run a new scan with OTL and post the new log, you wont get an extras log on the second run so dont knock yourself out looking for it. Your copy of Malwarebytes is legit by the way



    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
      IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
      IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
      [2014/04/21 14:29:05 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140427-123344.backup
      [2014/04/09 00:30:23 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140421-142905.backup
      [2014/04/07 06:51:00 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140409-003023.backup
      [2014/04/02 10:29:43 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140407-065100.backup
      [2014/04/02 10:20:36 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140402-102943.backup
      
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /flushdns /c
      
      
      :Commands
      [purity]
      [resethosts]
      [EMPTYJAVA] 
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces


    Then run a new scan with OTL and post the new log please
    Bud

  2. #22
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Bud, no need to quote what I post, its just taking up valuable room on the forum.

    Change your homepage with IE and then run a new scan with OTL and lets see where we stand
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #23
    Member Beadbud5000's Avatar
    Join Date
    Nov 2010
    Location
    Saint Petersburg, FL - USA
    Posts
    72

    Default 2 scan txt

    OTL logfile created on: 5/2/2014 9:55:57 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\budzone\Downloads
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16386)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 61.50% Memory free
    4.20 Gb Paging File | 3.21 Gb Available in Paging File | 76.43% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 297.73 Gb Total Space | 198.21 Gb Free Space | 66.57% Space Free | Partition Type: NTFS

    Computer Name: HOMEPC | User Name: budzone | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\budzone\Downloads\OTL(2).exe (OldTimer Tools)
    PRC - C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()


    ========== Services (SafeList) ==========

    SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
    SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (USBSTOR) -- C:\Windows\system32\drivers\usbstor.sys File not found
    DRV - (SDHookDriver) -- C:\Program Files\Spybot File not found
    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
    DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
    DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc. )
    DRV - (es1371) -- C:\Windows\System32\drivers\es1371mp.sys (Creative Technology Ltd.)
    DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledAddons: s3google%40translator:2.14
    FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2014/03/30 14:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Extensions
    [2014/04/24 16:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions
    [2014/04/24 16:51:09 | 000,178,612 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
    [2014/04/03 10:02:01 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\newtabgoogle@graememcc.co.uk.xpi
    [2014/04/03 09:58:26 | 000,081,138 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\s3google@translator.xpi
    [2014/04/29 11:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2014/04/29 11:19:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage:
    CHR - plugin: Error reading preferences file
    CHR - Extension: Google Docs = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Wallet = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Gmail = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2014/05/02 09:40:54 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A0C729-663E-455B-B1FD-4EA2B468DA2F}: DhcpNameServer = 65.32.5.111 65.32.5.112
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O24 - Desktop WallPaper: C:\Users\budzone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\budzone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/05/02 09:40:49 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/05/01 07:22:00 | 000,000,000 | ---D | C] -- C:\MalWtext
    [2014/05/01 06:54:34 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/05/01 06:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/05/01 06:53:55 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/05/01 06:53:55 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/05/01 06:53:55 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2014/05/01 06:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
    [2014/05/01 06:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/04/30 11:18:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/04/29 16:56:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
    [2014/04/29 16:55:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/04/29 06:26:57 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
    [2014/04/29 06:26:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
    [2014/04/29 06:26:56 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
    [2014/04/29 06:26:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
    [2014/04/29 06:26:56 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
    [2014/04/28 16:16:35 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
    [2014/04/28 11:30:23 | 000,000,000 | ---D | C] -- C:\Users\budzone\Documents\Album Covers
    [2014/04/26 06:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
    [2014/04/26 06:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Real
    [2014/04/26 06:54:26 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Roaming\Real
    [2014/04/26 06:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2014/04/26 06:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
    [2014/04/24 08:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2014/04/24 08:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2014/04/24 08:42:47 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Local\Google
    [2014/04/13 13:56:25 | 000,000,000 | ---D | C] -- C:\ubuntu
    [2014/04/12 08:14:25 | 000,000,000 | ---D | C] -- C:\mint
    [2014/04/09 22:15:47 | 000,000,000 | ---D | C] -- C:\bud
    [2014/04/09 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2014/04/08 12:08:13 | 000,000,000 | ---D | C] -- C:\787a51d3de09fd4ab9
    [2014/04/07 20:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2014/04/07 20:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2014/04/07 20:32:44 | 000,000,000 | ---D | C] -- C:\3a0cf218a18bad4512376e
    [2014/04/07 20:29:38 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
    [2014/04/05 06:25:05 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
    [2014/04/05 06:25:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
    [2014/04/05 06:25:04 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
    [2014/04/05 06:25:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
    [2014/04/05 06:25:04 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
    [2014/04/05 06:25:04 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
    [2014/04/05 06:24:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
    [2014/04/05 06:24:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
    [2014/04/05 06:24:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
    [2014/04/05 06:23:52 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
    [2014/04/05 06:23:51 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
    [2014/04/05 06:23:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
    [2014/04/05 06:23:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
    [2014/04/05 06:23:14 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
    [2014/04/05 06:23:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
    [2014/04/05 06:23:13 | 001,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
    [2014/04/05 06:23:11 | 008,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
    [2014/04/05 06:22:32 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
    [2014/04/05 06:22:13 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2014/04/05 06:21:53 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
    [2014/04/05 06:21:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
    [2014/04/05 06:21:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
    [2014/04/05 06:21:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
    [2014/04/05 06:20:32 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
    [2014/04/05 06:20:31 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
    [2014/04/05 06:20:31 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
    [2014/04/05 06:20:30 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
    [2014/04/05 06:20:30 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
    [2014/04/05 06:20:30 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
    [2014/04/05 06:20:30 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
    [2014/04/05 06:20:30 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
    [2014/04/05 06:20:29 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
    [2014/04/04 19:19:07 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
    [2014/04/04 19:19:07 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
    [2014/04/04 19:19:07 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
    [2014/04/04 19:19:07 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
    [2014/04/04 19:19:02 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
    [2014/04/04 19:19:02 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
    [2014/04/04 19:19:02 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    [2014/04/04 19:19:02 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
    [2014/04/03 10:02:51 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Local\Adobe
    [1 C:\Users\budzone\Documents\*.tmp files -> C:\Users\budzone\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/05/02 09:51:22 | 000,620,920 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/05/02 09:51:21 | 000,105,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/05/02 09:48:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/05/02 09:46:30 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2014/05/02 09:46:30 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2014/05/02 09:46:29 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2014/05/02 09:46:01 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/05/02 09:45:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/05/02 09:43:53 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/05/02 09:43:53 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/05/02 09:43:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/05/02 09:40:54 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2014/05/02 09:37:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/05/01 11:51:35 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60275C0-30FF-447D-BD78-2B0F74F7F890}.job
    [2014/05/01 06:53:59 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/30 17:26:35 | 000,002,595 | ---- | M] () -- C:\Users\budzone\Desktop\Microsoft Word.lnk
    [2014/04/30 15:37:30 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2014/04/30 15:37:30 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2014/04/29 11:19:29 | 000,000,870 | ---- | M] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2014/04/29 11:19:21 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2014/04/28 06:57:49 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/04/27 11:31:53 | 000,003,584 | ---- | M] () -- C:\Users\budzone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/04/26 15:48:24 | 201,952,749 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2014/04/26 07:35:12 | 000,034,612 | ---- | M] () -- C:\Windows\wininit.ini
    [2014/04/24 08:47:58 | 000,001,995 | ---- | M] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/04/22 21:56:45 | 023,936,943 | ---- | M] () -- C:\Users\budzone\Desktop\stereo - The BEATLES 'White Album' - The Beatles (Analog).3gp
    [2014/04/16 22:04:46 | 000,029,755 | ---- | M] () -- C:\Users\budzone\1401208_312493.jpg
    [2014/04/15 08:49:10 | 000,002,593 | ---- | M] () -- C:\Users\budzone\Desktop\Microsoft Excel.lnk
    [2014/04/13 13:59:24 | 000,197,915 | ---- | M] () -- C:\wubildr
    [2014/04/13 13:59:24 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
    [2014/04/09 14:30:23 | 000,000,618 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2014/04/09 14:30:23 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2014/04/08 11:06:00 | 000,042,187 | ---- | M] () -- C:\Users\budzone\5 inner planets.jpg
    [2014/04/05 06:30:47 | 000,368,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2014/04/05 06:25:05 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
    [2014/04/05 06:25:05 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
    [2014/04/05 06:25:04 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
    [2014/04/05 06:25:04 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
    [2014/04/05 06:25:04 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
    [2014/04/05 06:25:04 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
    [2014/04/05 06:24:31 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\http.sys.mui
    [2014/04/05 06:24:05 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
    [2014/04/05 06:24:05 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
    [2014/04/05 06:24:05 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
    [2014/04/05 06:23:52 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
    [2014/04/05 06:23:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
    [2014/04/05 06:23:15 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
    [2014/04/05 06:23:15 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
    [2014/04/05 06:23:14 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
    [2014/04/05 06:23:14 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
    [2014/04/05 06:23:13 | 001,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
    [2014/04/05 06:23:11 | 008,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
    [2014/04/05 06:22:32 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
    [2014/04/05 06:22:13 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2014/04/05 06:21:53 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
    [2014/04/05 06:21:53 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
    [2014/04/05 06:21:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
    [2014/04/05 06:21:24 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
    [2014/04/05 06:20:32 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
    [2014/04/05 06:20:31 | 000,435,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
    [2014/04/05 06:20:31 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
    [2014/04/05 06:20:30 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
    [2014/04/05 06:20:30 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
    [2014/04/05 06:20:30 | 000,473,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
    [2014/04/05 06:20:30 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
    [2014/04/05 06:20:30 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
    [2014/04/05 06:20:30 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
    [2014/04/04 19:19:07 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
    [2014/04/04 19:19:07 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
    [2014/04/04 19:19:07 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
    [2014/04/04 19:19:07 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
    [2014/04/04 19:19:02 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
    [2014/04/04 19:19:02 | 000,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
    [2014/04/04 19:19:02 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    [2014/04/04 19:19:02 | 000,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
    [2014/04/04 19:10:12 | 031,195,136 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
    [2014/04/04 19:10:12 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
    [2014/04/04 19:10:12 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
    [2014/04/03 09:51:10 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/04/03 09:51:00 | 000,073,432 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [1 C:\Users\budzone\Documents\*.tmp files -> C:\Users\budzone\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/05/01 06:53:59 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/29 08:59:28 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60275C0-30FF-447D-BD78-2B0F74F7F890}.job
    [2014/04/29 06:26:56 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
    [2014/04/27 11:31:51 | 000,003,584 | ---- | C] () -- C:\Users\budzone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/04/26 15:48:05 | 201,952,749 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2014/04/24 08:44:13 | 000,001,995 | ---- | C] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/04/24 08:44:13 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/04/24 08:43:00 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/04/24 08:42:58 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/04/22 21:53:03 | 023,936,943 | ---- | C] () -- C:\Users\budzone\Desktop\stereo - The BEATLES 'White Album' - The Beatles (Analog).3gp
    [2014/04/16 22:04:46 | 000,029,755 | ---- | C] () -- C:\Users\budzone\1401208_312493.jpg
    [2014/04/12 08:19:45 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
    [2014/04/12 08:19:43 | 000,197,915 | ---- | C] () -- C:\wubildr
    [2014/04/10 10:14:21 | 000,001,273 | ---- | C] () -- C:\Users\budzone\Authorization.xml
    [2014/04/08 11:06:00 | 000,042,187 | ---- | C] () -- C:\Users\budzone\5 inner planets.jpg
    [2014/04/08 09:25:34 | 000,024,459 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Straprevised.rtf
    [2014/04/08 09:25:34 | 000,024,056 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Strap.rtf
    [2014/04/08 09:25:34 | 000,019,927 | ---- | C] () -- C:\Users\budzone\Documents\The Minister wrath.rtf
    [2014/04/08 09:25:34 | 000,017,840 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Strap-.rtf
    [2014/04/08 09:25:34 | 000,013,711 | ---- | C] () -- C:\Users\budzone\Documents\Triangular Foundations.rtf
    [2014/04/08 09:25:34 | 000,010,245 | ---- | C] () -- C:\Users\budzone\Documents\TheJoeKirksonP3.rtf
    [2014/04/08 09:25:34 | 000,008,827 | ---- | C] () -- C:\Users\budzone\Documents\Trevor is waiting.rtf
    [2014/04/08 09:25:34 | 000,004,989 | ---- | C] () -- C:\Users\budzone\Documents\troubledlines.rtf
    [2014/04/08 09:25:33 | 000,096,776 | ---- | C] () -- C:\Users\budzone\Documents\teachers.rtf
    [2014/04/08 09:25:33 | 000,045,431 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop2.rtf
    [2014/04/08 09:25:33 | 000,039,551 | ---- | C] () -- C:\Users\budzone\Documents\the joe kirkson meetings.rtf
    [2014/04/08 09:25:33 | 000,037,466 | ---- | C] () -- C:\Users\budzone\Documents\The Boss--.rtf
    [2014/04/08 09:25:33 | 000,031,779 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop.rtf
    [2014/04/08 09:25:33 | 000,031,317 | ---- | C] () -- C:\Users\budzone\Documents\The Bar-.rtf
    [2014/04/08 09:25:33 | 000,018,892 | ---- | C] () -- C:\Users\budzone\Documents\teachers-.rtf
    [2014/04/08 09:25:33 | 000,009,388 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop 2final.rtf
    [2014/04/08 09:25:33 | 000,007,066 | ---- | C] () -- C:\Users\budzone\Documents\The Bar.rtf
    [2014/04/08 09:25:33 | 000,006,820 | ---- | C] () -- C:\Users\budzone\Documents\The Blond Man with the Gold Band Wristwatch.rtf
    [2014/04/08 09:25:32 | 000,037,948 | ---- | C] () -- C:\Users\budzone\Documents\Summer Adjustments P1.rtf
    [2014/04/08 09:25:32 | 000,018,889 | ---- | C] () -- C:\Users\budzone\Documents\Summer revisedfinal2-10.rtf
    [2014/04/08 09:25:32 | 000,012,982 | ---- | C] () -- C:\Users\budzone\Documents\spatula.rtf
    [2014/04/08 09:25:32 | 000,009,453 | ---- | C] () -- C:\Users\budzone\Documents\SD Belt Fantasy.rtf
    [2014/04/08 09:25:32 | 000,008,344 | ---- | C] () -- C:\Users\budzone\Documents\SouthernCharm.rtf
    [2014/04/08 09:25:32 | 000,005,939 | ---- | C] () -- C:\Users\budzone\Documents\Summer Adjustments Part 2.rtf
    [2014/04/08 09:25:32 | 000,004,298 | ---- | C] () -- C:\Users\budzone\Documents\Small Ornamental Mask.rtf
    [2014/04/08 09:25:32 | 000,000,393 | ---- | C] () -- C:\Users\budzone\Documents\spankingad.rtf
    [2014/04/08 09:25:31 | 000,026,001 | ---- | C] () -- C:\Users\budzone\Documents\nedP2.rtf
    [2014/04/08 09:25:31 | 000,011,847 | ---- | C] () -- C:\Users\budzone\Documents\mohammed.rtf
    [2014/04/08 09:25:30 | 000,035,182 | ---- | C] () -- C:\Users\budzone\Documents\joekirksonp3.rtf
    [2014/04/08 09:25:30 | 000,017,527 | ---- | C] () -- C:\Users\budzone\Documents\Lew.rtf
    [2014/04/08 09:25:30 | 000,004,256 | ---- | C] () -- C:\Users\budzone\Documents\Jk alt.rtf
    [2014/04/08 09:25:29 | 000,033,139 | ---- | C] () -- C:\Users\budzone\Documents\James Kirkson2012.rtf
    [2014/04/08 09:25:29 | 000,032,544 | ---- | C] () -- C:\Users\budzone\Documents\Into Old Cars revised.rtf
    [2014/04/08 09:25:29 | 000,025,487 | ---- | C] () -- C:\Users\budzone\Documents\James Kirkson Meetings.rtf
    [2014/04/08 09:25:29 | 000,005,213 | ---- | C] () -- C:\Users\budzone\Documents\Fertility Mask.rtf
    [2014/04/08 09:25:29 | 000,004,146 | ---- | C] () -- C:\Users\budzone\Documents\It happened slowly over a relatively brief amount of time.rtf
    [2014/04/08 09:25:28 | 000,031,014 | ---- | C] () -- C:\Users\budzone\Documents\Father.rtf
    [2014/04/08 09:25:28 | 000,030,895 | ---- | C] () -- C:\Users\budzone\Documents\DadSexLesf.rtf
    [2014/04/08 09:25:28 | 000,023,257 | ---- | C] () -- C:\Users\budzone\Documents\Father2.rtf
    [2014/04/08 09:25:28 | 000,022,699 | ---- | C] () -- C:\Users\budzone\Documents\Father-.rtf
    [2014/04/08 09:25:28 | 000,021,271 | ---- | C] () -- C:\Users\budzone\Documents\Curt2.rtf
    [2014/04/08 09:25:28 | 000,019,967 | ---- | C] () -- C:\Users\budzone\Documents\dad sex lesson 3-22-13.rtf
    [2014/04/08 09:25:28 | 000,019,131 | ---- | C] () -- C:\Users\budzone\Documents\dadsexlessonrevised.rtf
    [2014/04/08 09:25:28 | 000,019,061 | ---- | C] () -- C:\Users\budzone\Documents\Father Part II1.rtf
    [2014/04/08 09:25:28 | 000,016,899 | ---- | C] () -- C:\Users\budzone\Documents\Curt.rtf
    [2014/04/08 09:25:28 | 000,010,478 | ---- | C] () -- C:\Users\budzone\Documents\ebaytemp.rtf
    [2014/04/08 09:25:28 | 000,008,874 | ---- | C] () -- C:\Users\budzone\Documents\delZip179.rtf
    [2014/04/08 09:25:25 | 000,016,385 | ---- | C] () -- C:\Users\budzone\Documents\Camping-.rtf
    [2014/04/08 09:25:25 | 000,015,593 | ---- | C] () -- C:\Users\budzone\Documents\Campingrev.rtf
    [2014/04/08 09:25:25 | 000,014,752 | ---- | C] () -- C:\Users\budzone\Documents\Camping.rtf
    [2014/04/08 09:25:25 | 000,004,028 | ---- | C] () -- C:\Users\budzone\Documents\Compote Frosted Pink Fostoria.rtf
    [2014/04/08 09:25:24 | 000,049,664 | ---- | C] () -- C:\Users\budzone\Documents\Business cards.pub
    [2014/04/08 09:25:24 | 000,044,491 | ---- | C] () -- C:\Users\budzone\Documents\Bondingrevised.rtf
    [2014/04/08 09:25:24 | 000,026,164 | ---- | C] () -- C:\Users\budzone\Documents\CalbertandMe.rtf
    [2014/04/08 09:25:24 | 000,024,765 | ---- | C] () -- C:\Users\budzone\Documents\calbertandmepart2.rtf
    [2014/04/08 09:25:24 | 000,022,485 | ---- | C] () -- C:\Users\budzone\Documents\CalbertandMeP2.rtf
    [2014/04/08 09:25:24 | 000,021,159 | ---- | C] () -- C:\Users\budzone\Documents\Bill's Surprise2-4-13.rtf
    [2014/04/08 09:25:24 | 000,019,427 | ---- | C] () -- C:\Users\budzone\Documents\Bill's Surprise.rtf
    [2014/04/08 09:25:24 | 000,018,111 | ---- | C] () -- C:\Users\budzone\Documents\CalAlan.rtf
    [2014/04/08 09:25:24 | 000,013,015 | ---- | C] () -- C:\Users\budzone\Documents\Blond Boys in the Theatrefinal.rtf
    [2014/04/08 09:25:24 | 000,010,919 | ---- | C] () -- C:\Users\budzone\Documents\Backup of The Bar-.wbk
    [2014/04/08 09:25:23 | 000,055,959 | ---- | C] () -- C:\Users\budzone\Documents\A Fake.rtf
    [2014/04/08 09:25:23 | 000,037,433 | ---- | C] () -- C:\Users\budzone\Documents\A Salacious Affair.rtf
    [2014/04/08 09:25:23 | 000,022,124 | ---- | C] () -- C:\Users\budzone\Documents\Agreements (Part 2).rtf
    [2014/04/08 09:25:23 | 000,019,745 | ---- | C] () -- C:\Users\budzone\Documents\A Time For Passion.rtf
    [2014/04/08 09:25:23 | 000,018,166 | ---- | C] () -- C:\Users\budzone\Documents\AlanRobert.rtf
    [2014/04/08 09:25:23 | 000,015,959 | ---- | C] () -- C:\Users\budzone\Documents\AdiffMattdaly.rtf
    [2014/04/08 09:25:23 | 000,014,448 | ---- | C] () -- C:\Users\budzone\Documents\Agreementsp1.rtf
    [2014/04/08 09:25:23 | 000,006,409 | ---- | C] () -- C:\Users\budzone\Documents\21st century Poem.rtf
    [2014/04/08 09:25:23 | 000,005,561 | ---- | C] () -- C:\Users\budzone\Documents\21st Century Salutations.rtf
    [2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$Time For Passion.rtf
    [2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$reements (Part 2).rtf
    [2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$mes Kirkson2012.rtf
    [2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$e Leather Shop2.rtf
    [2014/04/08 09:25:22 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$A Fake.rtf
    [2014/04/07 20:37:54 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2014/04/07 20:37:51 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2014/03/31 14:21:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2014/03/30 18:26:49 | 000,034,612 | ---- | C] () -- C:\Windows\wininit.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/31 18:41:32 | 011,315,712 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2014/04/05 06:25:05 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 05:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2014/03/31 11:15:30 | 000,000,000 | ---D | M] -- C:\Users\budzone\AppData\Roaming\DriverFinder

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

    < End of report >
    Bud

  4. #24
    Member Beadbud5000's Avatar
    Join Date
    Nov 2010
    Location
    Saint Petersburg, FL - USA
    Posts
    72

    Default 3rd OTL scan performed. TXT

    I did another scan changing from Minimal to Standard scan mode.

    OTL logfile created on: 5/2/2014 10:18:27 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\budzone\Downloads
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16386)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.33% Memory free
    4.20 Gb Paging File | 3.17 Gb Available in Paging File | 75.47% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 297.73 Gb Total Space | 198.20 Gb Free Space | 66.57% Space Free | Partition Type: NTFS

    Computer Name: HOMEPC | User Name: budzone | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/05/02 09:55:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\budzone\Downloads\OTL(2).exe
    PRC - [2014/04/24 08:42:53 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
    PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    PRC - [2014/03/31 18:52:59 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2014/03/31 18:38:28 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
    SRV - [2014/04/30 15:37:31 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/04/09 18:59:03 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2014/03/31 18:52:59 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2014/03/30 14:27:52 | 000,322,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\usbstor.sys -- (USBSTOR)
    DRV - File not found [Kernel | System | Running] -- C:\Program Files\Spybot -- (SDHookDriver)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2014/05/02 09:46:01 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
    DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/01/12 12:03:34 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/05/15 05:17:40 | 000,043,520 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)
    DRV - [2007/11/21 21:15:44 | 000,037,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\es1371mp.sys -- (es1371)
    DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
    IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
    IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledAddons: s3google%40translator:2.14
    FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2014/04/07 07:06:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2014/03/30 14:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Extensions
    [2014/04/24 16:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions
    [2014/04/24 16:51:09 | 000,178,612 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
    [2014/04/03 10:02:01 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\newtabgoogle@graememcc.co.uk.xpi
    [2014/04/03 09:58:26 | 000,081,138 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\s3google@translator.xpi
    [2014/04/29 11:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2014/04/29 11:19:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage:
    CHR - plugin: Error reading preferences file
    CHR - Extension: Google Docs = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Wallet = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Gmail = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2014/05/02 09:40:54 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O7 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A0C729-663E-455B-B1FD-4EA2B468DA2F}: DhcpNameServer = 65.32.5.111 65.32.5.112
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\budzone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\budzone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/05/02 09:40:49 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/05/01 07:22:00 | 000,000,000 | ---D | C] -- C:\MalWtext
    [2014/05/01 06:54:34 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/05/01 06:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/05/01 06:53:55 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/05/01 06:53:55 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/05/01 06:53:55 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2014/05/01 06:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
    [2014/05/01 06:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/04/30 11:18:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/04/29 16:56:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
    [2014/04/29 16:55:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/04/29 06:26:57 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
    [2014/04/29 06:26:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
    [2014/04/29 06:26:56 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
    [2014/04/29 06:26:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
    [2014/04/29 06:26:56 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
    [2014/04/28 16:16:35 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
    [2014/04/28 11:30:23 | 000,000,000 | ---D | C] -- C:\Users\budzone\Documents\Album Covers
    [2014/04/26 06:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
    [2014/04/26 06:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Real
    [2014/04/26 06:54:26 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Roaming\Real
    [2014/04/26 06:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2014/04/26 06:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
    [2014/04/24 08:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2014/04/24 08:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2014/04/24 08:42:47 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Local\Google
    [2014/04/13 13:56:25 | 000,000,000 | ---D | C] -- C:\ubuntu
    [2014/04/12 08:14:25 | 000,000,000 | ---D | C] -- C:\mint
    [2014/04/09 22:15:47 | 000,000,000 | ---D | C] -- C:\bud
    [2014/04/09 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2014/04/08 12:08:13 | 000,000,000 | ---D | C] -- C:\787a51d3de09fd4ab9
    [2014/04/07 20:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2014/04/07 20:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2014/04/07 20:32:44 | 000,000,000 | ---D | C] -- C:\3a0cf218a18bad4512376e
    [2014/04/07 20:29:38 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
    [2014/04/05 06:25:05 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
    [2014/04/05 06:25:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
    [2014/04/05 06:25:04 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
    [2014/04/05 06:25:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
    [2014/04/05 06:25:04 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
    [2014/04/05 06:25:04 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
    [2014/04/05 06:24:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
    [2014/04/05 06:24:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
    [2014/04/05 06:24:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
    [2014/04/05 06:23:52 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
    [2014/04/05 06:23:51 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
    [2014/04/05 06:23:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
    [2014/04/05 06:23:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
    [2014/04/05 06:23:14 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
    [2014/04/05 06:23:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
    [2014/04/05 06:23:13 | 001,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
    [2014/04/05 06:23:11 | 008,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
    [2014/04/05 06:22:32 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
    [2014/04/05 06:22:13 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2014/04/05 06:21:53 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
    [2014/04/05 06:21:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
    [2014/04/05 06:21:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
    [2014/04/05 06:21:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
    [2014/04/05 06:20:32 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
    [2014/04/05 06:20:31 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
    [2014/04/05 06:20:31 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
    [2014/04/05 06:20:30 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
    [2014/04/05 06:20:30 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
    [2014/04/05 06:20:30 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
    [2014/04/05 06:20:30 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
    [2014/04/05 06:20:30 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
    [2014/04/05 06:20:29 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
    [2014/04/04 19:19:07 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
    [2014/04/04 19:19:07 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
    [2014/04/04 19:19:07 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
    [2014/04/04 19:19:07 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
    [2014/04/04 19:19:02 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
    [2014/04/04 19:19:02 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
    [2014/04/04 19:19:02 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    [2014/04/04 19:19:02 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
    [2014/04/03 10:02:51 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Local\Adobe
    [1 C:\Users\budzone\Documents\*.tmp files -> C:\Users\budzone\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/05/02 09:51:22 | 000,620,920 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/05/02 09:51:21 | 000,105,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/05/02 09:48:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/05/02 09:46:30 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2014/05/02 09:46:30 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2014/05/02 09:46:29 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2014/05/02 09:46:01 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/05/02 09:45:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/05/02 09:43:53 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/05/02 09:43:53 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/05/02 09:43:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/05/02 09:40:54 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2014/05/02 09:37:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/05/01 11:51:35 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60275C0-30FF-447D-BD78-2B0F74F7F890}.job
    [2014/05/01 06:53:59 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/30 17:26:35 | 000,002,595 | ---- | M] () -- C:\Users\budzone\Desktop\Microsoft Word.lnk
    [2014/04/30 15:37:30 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2014/04/30 15:37:30 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2014/04/29 11:19:29 | 000,000,870 | ---- | M] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2014/04/29 11:19:21 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2014/04/28 06:57:49 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/04/27 11:31:53 | 000,003,584 | ---- | M] () -- C:\Users\budzone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/04/26 15:48:24 | 201,952,749 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2014/04/26 07:35:12 | 000,034,612 | ---- | M] () -- C:\Windows\wininit.ini
    [2014/04/24 08:47:58 | 000,001,995 | ---- | M] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/04/22 21:56:45 | 023,936,943 | ---- | M] () -- C:\Users\budzone\Desktop\stereo - The BEATLES 'White Album' - The Beatles (Analog).3gp
    [2014/04/16 22:04:46 | 000,029,755 | ---- | M] () -- C:\Users\budzone\1401208_312493.jpg
    [2014/04/15 08:49:10 | 000,002,593 | ---- | M] () -- C:\Users\budzone\Desktop\Microsoft Excel.lnk
    [2014/04/13 13:59:24 | 000,197,915 | ---- | M] () -- C:\wubildr
    [2014/04/13 13:59:24 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
    [2014/04/09 14:30:23 | 000,000,618 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2014/04/09 14:30:23 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2014/04/08 11:06:00 | 000,042,187 | ---- | M] () -- C:\Users\budzone\5 inner planets.jpg
    [2014/04/05 06:30:47 | 000,368,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2014/04/05 06:25:05 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
    [2014/04/05 06:25:05 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
    [2014/04/05 06:25:04 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
    [2014/04/05 06:25:04 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
    [2014/04/05 06:25:04 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
    [2014/04/05 06:25:04 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
    [2014/04/05 06:24:31 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\http.sys.mui
    [2014/04/05 06:24:05 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
    [2014/04/05 06:24:05 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
    [2014/04/05 06:24:05 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
    [2014/04/05 06:23:52 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
    [2014/04/05 06:23:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
    [2014/04/05 06:23:15 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
    [2014/04/05 06:23:15 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
    [2014/04/05 06:23:14 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
    [2014/04/05 06:23:14 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
    [2014/04/05 06:23:13 | 001,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
    [2014/04/05 06:23:11 | 008,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
    [2014/04/05 06:22:32 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
    [2014/04/05 06:22:13 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2014/04/05 06:21:53 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
    [2014/04/05 06:21:53 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
    [2014/04/05 06:21:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
    [2014/04/05 06:21:24 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
    [2014/04/05 06:20:32 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
    [2014/04/05 06:20:31 | 000,435,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
    [2014/04/05 06:20:31 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
    [2014/04/05 06:20:30 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
    [2014/04/05 06:20:30 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
    [2014/04/05 06:20:30 | 000,473,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
    [2014/04/05 06:20:30 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
    [2014/04/05 06:20:30 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
    [2014/04/05 06:20:30 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
    [2014/04/04 19:19:07 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
    [2014/04/04 19:19:07 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
    [2014/04/04 19:19:07 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
    [2014/04/04 19:19:07 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
    [2014/04/04 19:19:02 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
    [2014/04/04 19:19:02 | 000,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
    [2014/04/04 19:19:02 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    [2014/04/04 19:19:02 | 000,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
    [2014/04/04 19:10:12 | 031,195,136 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
    [2014/04/04 19:10:12 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
    [2014/04/04 19:10:12 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
    [2014/04/03 09:51:10 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/04/03 09:51:00 | 000,073,432 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [1 C:\Users\budzone\Documents\*.tmp files -> C:\Users\budzone\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/05/01 06:53:59 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/29 08:59:28 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60275C0-30FF-447D-BD78-2B0F74F7F890}.job
    [2014/04/29 06:26:56 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
    [2014/04/27 11:31:51 | 000,003,584 | ---- | C] () -- C:\Users\budzone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/04/26 15:48:05 | 201,952,749 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2014/04/24 08:44:13 | 000,001,995 | ---- | C] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2014/04/24 08:44:13 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/04/24 08:43:00 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/04/24 08:42:58 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/04/22 21:53:03 | 023,936,943 | ---- | C] () -- C:\Users\budzone\Desktop\stereo - The BEATLES 'White Album' - The Beatles (Analog).3gp
    [2014/04/16 22:04:46 | 000,029,755 | ---- | C] () -- C:\Users\budzone\1401208_312493.jpg
    [2014/04/12 08:19:45 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
    [2014/04/12 08:19:43 | 000,197,915 | ---- | C] () -- C:\wubildr
    [2014/04/10 10:14:21 | 000,001,273 | ---- | C] () -- C:\Users\budzone\Authorization.xml
    [2014/04/08 11:06:00 | 000,042,187 | ---- | C] () -- C:\Users\budzone\5 inner planets.jpg
    [2014/04/08 09:25:34 | 000,024,459 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Straprevised.rtf
    [2014/04/08 09:25:34 | 000,024,056 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Strap.rtf
    [2014/04/08 09:25:34 | 000,019,927 | ---- | C] () -- C:\Users\budzone\Documents\The Minister wrath.rtf
    [2014/04/08 09:25:34 | 000,017,840 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Strap-.rtf
    [2014/04/08 09:25:34 | 000,013,711 | ---- | C] () -- C:\Users\budzone\Documents\Triangular Foundations.rtf
    [2014/04/08 09:25:34 | 000,010,245 | ---- | C] () -- C:\Users\budzone\Documents\TheJoeKirksonP3.rtf
    [2014/04/08 09:25:34 | 000,008,827 | ---- | C] () -- C:\Users\budzone\Documents\Trevor is waiting.rtf
    [2014/04/08 09:25:34 | 000,004,989 | ---- | C] () -- C:\Users\budzone\Documents\troubledlines.rtf
    [2014/04/08 09:25:33 | 000,096,776 | ---- | C] () -- C:\Users\budzone\Documents\teachers.rtf
    [2014/04/08 09:25:33 | 000,045,431 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop2.rtf
    [2014/04/08 09:25:33 | 000,039,551 | ---- | C] () -- C:\Users\budzone\Documents\the joe kirkson meetings.rtf
    [2014/04/08 09:25:33 | 000,037,466 | ---- | C] () -- C:\Users\budzone\Documents\The Boss--.rtf
    [2014/04/08 09:25:33 | 000,031,779 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop.rtf
    [2014/04/08 09:25:33 | 000,031,317 | ---- | C] () -- C:\Users\budzone\Documents\The Bar-.rtf
    [2014/04/08 09:25:33 | 000,018,892 | ---- | C] () -- C:\Users\budzone\Documents\teachers-.rtf
    [2014/04/08 09:25:33 | 000,009,388 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop 2final.rtf
    [2014/04/08 09:25:33 | 000,007,066 | ---- | C] () -- C:\Users\budzone\Documents\The Bar.rtf
    [2014/04/08 09:25:33 | 000,006,820 | ---- | C] () -- C:\Users\budzone\Documents\The Blond Man with the Gold Band Wristwatch.rtf
    [2014/04/08 09:25:32 | 000,037,948 | ---- | C] () -- C:\Users\budzone\Documents\Summer Adjustments P1.rtf
    [2014/04/08 09:25:32 | 000,018,889 | ---- | C] () -- C:\Users\budzone\Documents\Summer revisedfinal2-10.rtf
    [2014/04/08 09:25:32 | 000,012,982 | ---- | C] () -- C:\Users\budzone\Documents\spatula.rtf
    [2014/04/08 09:25:32 | 000,009,453 | ---- | C] () -- C:\Users\budzone\Documents\SD Belt Fantasy.rtf
    [2014/04/08 09:25:32 | 000,008,344 | ---- | C] () -- C:\Users\budzone\Documents\SouthernCharm.rtf
    [2014/04/08 09:25:32 | 000,005,939 | ---- | C] () -- C:\Users\budzone\Documents\Summer Adjustments Part 2.rtf
    [2014/04/08 09:25:32 | 000,004,298 | ---- | C] () -- C:\Users\budzone\Documents\Small Ornamental Mask.rtf
    [2014/04/08 09:25:32 | 000,000,393 | ---- | C] () -- C:\Users\budzone\Documents\spankingad.rtf
    [2014/04/08 09:25:31 | 000,026,001 | ---- | C] () -- C:\Users\budzone\Documents\nedP2.rtf
    [2014/04/08 09:25:31 | 000,011,847 | ---- | C] () -- C:\Users\budzone\Documents\mohammed.rtf
    [2014/04/08 09:25:30 | 000,035,182 | ---- | C] () -- C:\Users\budzone\Documents\joekirksonp3.rtf
    [2014/04/08 09:25:30 | 000,017,527 | ---- | C] () -- C:\Users\budzone\Documents\Lew.rtf
    [2014/04/08 09:25:30 | 000,004,256 | ---- | C] () -- C:\Users\budzone\Documents\Jk alt.rtf
    [2014/04/08 09:25:29 | 000,033,139 | ---- | C] () -- C:\Users\budzone\Documents\James Kirkson2012.rtf
    [2014/04/08 09:25:29 | 000,032,544 | ---- | C] () -- C:\Users\budzone\Documents\Into Old Cars revised.rtf
    [2014/04/08 09:25:29 | 000,025,487 | ---- | C] () -- C:\Users\budzone\Documents\James Kirkson Meetings.rtf
    [2014/04/08 09:25:29 | 000,005,213 | ---- | C] () -- C:\Users\budzone\Documents\Fertility Mask.rtf
    [2014/04/08 09:25:29 | 000,004,146 | ---- | C] () -- C:\Users\budzone\Documents\It happened slowly over a relatively brief amount of time.rtf
    [2014/04/08 09:25:28 | 000,031,014 | ---- | C] () -- C:\Users\budzone\Documents\Father.rtf
    [2014/04/08 09:25:28 | 000,030,895 | ---- | C] () -- C:\Users\budzone\Documents\DadSexLesf.rtf
    [2014/04/08 09:25:28 | 000,023,257 | ---- | C] () -- C:\Users\budzone\Documents\Father2.rtf
    [2014/04/08 09:25:28 | 000,022,699 | ---- | C] () -- C:\Users\budzone\Documents\Father-.rtf
    [2014/04/08 09:25:28 | 000,021,271 | ---- | C] () -- C:\Users\budzone\Documents\Curt2.rtf
    [2014/04/08 09:25:28 | 000,019,967 | ---- | C] () -- C:\Users\budzone\Documents\dad sex lesson 3-22-13.rtf
    [2014/04/08 09:25:28 | 000,019,131 | ---- | C] () -- C:\Users\budzone\Documents\dadsexlessonrevised.rtf
    [2014/04/08 09:25:28 | 000,019,061 | ---- | C] () -- C:\Users\budzone\Documents\Father Part II1.rtf
    [2014/04/08 09:25:28 | 000,016,899 | ---- | C] () -- C:\Users\budzone\Documents\Curt.rtf
    [2014/04/08 09:25:28 | 000,010,478 | ---- | C] () -- C:\Users\budzone\Documents\ebaytemp.rtf
    [2014/04/08 09:25:28 | 000,008,874 | ---- | C] () -- C:\Users\budzone\Documents\delZip179.rtf
    [2014/04/08 09:25:25 | 000,016,385 | ---- | C] () -- C:\Users\budzone\Documents\Camping-.rtf
    [2014/04/08 09:25:25 | 000,015,593 | ---- | C] () -- C:\Users\budzone\Documents\Campingrev.rtf
    [2014/04/08 09:25:25 | 000,014,752 | ---- | C] () -- C:\Users\budzone\Documents\Camping.rtf
    [2014/04/08 09:25:25 | 000,004,028 | ---- | C] () -- C:\Users\budzone\Documents\Compote Frosted Pink Fostoria.rtf
    [2014/04/08 09:25:24 | 000,049,664 | ---- | C] () -- C:\Users\budzone\Documents\Business cards.pub
    [2014/04/08 09:25:24 | 000,044,491 | ---- | C] () -- C:\Users\budzone\Documents\Bondingrevised.rtf
    [2014/04/08 09:25:24 | 000,026,164 | ---- | C] () -- C:\Users\budzone\Documents\CalbertandMe.rtf
    [2014/04/08 09:25:24 | 000,024,765 | ---- | C] () -- C:\Users\budzone\Documents\calbertandmepart2.rtf
    [2014/04/08 09:25:24 | 000,022,485 | ---- | C] () -- C:\Users\budzone\Documents\CalbertandMeP2.rtf
    [2014/04/08 09:25:24 | 000,021,159 | ---- | C] () -- C:\Users\budzone\Documents\Bill's Surprise2-4-13.rtf
    [2014/04/08 09:25:24 | 000,019,427 | ---- | C] () -- C:\Users\budzone\Documents\Bill's Surprise.rtf
    [2014/04/08 09:25:24 | 000,018,111 | ---- | C] () -- C:\Users\budzone\Documents\CalAlan.rtf
    [2014/04/08 09:25:24 | 000,013,015 | ---- | C] () -- C:\Users\budzone\Documents\Blond Boys in the Theatrefinal.rtf
    [2014/04/08 09:25:24 | 000,010,919 | ---- | C] () -- C:\Users\budzone\Documents\Backup of The Bar-.wbk
    [2014/04/08 09:25:23 | 000,055,959 | ---- | C] () -- C:\Users\budzone\Documents\A Fake.rtf
    [2014/04/08 09:25:23 | 000,037,433 | ---- | C] () -- C:\Users\budzone\Documents\A Salacious Affair.rtf
    [2014/04/08 09:25:23 | 000,022,124 | ---- | C] () -- C:\Users\budzone\Documents\Agreements (Part 2).rtf
    [2014/04/08 09:25:23 | 000,019,745 | ---- | C] () -- C:\Users\budzone\Documents\A Time For Passion.rtf
    [2014/04/08 09:25:23 | 000,018,166 | ---- | C] () -- C:\Users\budzone\Documents\AlanRobert.rtf
    [2014/04/08 09:25:23 | 000,015,959 | ---- | C] () -- C:\Users\budzone\Documents\AdiffMattdaly.rtf
    [2014/04/08 09:25:23 | 000,014,448 | ---- | C] () -- C:\Users\budzone\Documents\Agreementsp1.rtf
    [2014/04/08 09:25:23 | 000,006,409 | ---- | C] () -- C:\Users\budzone\Documents\21st century Poem.rtf
    [2014/04/08 09:25:23 | 000,005,561 | ---- | C] () -- C:\Users\budzone\Documents\21st Century Salutations.rtf
    [2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$Time For Passion.rtf
    [2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$reements (Part 2).rtf
    [2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$mes Kirkson2012.rtf
    [2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$e Leather Shop2.rtf
    [2014/04/08 09:25:22 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$A Fake.rtf
    [2014/04/07 20:37:54 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2014/04/07 20:37:51 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2014/03/31 14:21:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2014/03/30 18:26:49 | 000,034,612 | ---- | C] () -- C:\Windows\wininit.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/31 18:41:32 | 011,315,712 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2014/04/05 06:25:05 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 05:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2014/03/31 11:15:30 | 000,000,000 | ---D | M] -- C:\Users\budzone\AppData\Roaming\DriverFinder

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

    < End of report >
    Bud

  5. #25
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Looking good Bud, how is your system behaving now ??
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #26
    Member Beadbud5000's Avatar
    Join Date
    Nov 2010
    Location
    Saint Petersburg, FL - USA
    Posts
    72

    Default Status

    Ken-

    My PC is doing better! Much better!!!
    Bud

  7. #27
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Great, lets keep an eye on it, post back if any other issues , if not i will close this thread in a couple of days

    Double click on AdwCleaner.exe to run the tool again.
    • Click on the Uninstall button.
    • Click Yes when asked are you sure you want to uninstall.
    • Both AdwCleaner.exe, its folder and all logs will be removed.








    Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


    Malwarebytes is the free version and yours to keep and will not be removed





    Safe Surfn
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #28
    Member Beadbud5000's Avatar
    Join Date
    Nov 2010
    Location
    Saint Petersburg, FL - USA
    Posts
    72

    Default a Paranoid Check !!!

    Ken

    I ran two malwarebytes checks, the first last and the second this morning. This frst found a non-malware threat which I have seem before, The second was clean run this morning.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/2/2014
    Scan Time: 6:00:14 PM
    Logfile: 5-12-14 6pm.txt
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.05.02.12
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows Vista
    CPU: x86
    File System: NTFS
    User: budzone

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 218589
    Time Elapsed: 7 min, 11 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[946c60a0b64a6a96fcf0e87c42c2d729]

    Physical Sectors: 0
    (No malicious items detected)


    (end)
    Then this morning was clean after a fix last night

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/3/2014
    Scan Time: 6:58:26 AM
    Logfile: 5-3-14.txt
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.05.03.02
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows Vista
    CPU: x86
    File System: NTFS
    User: budzone

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 218689
    Time Elapsed: 6 min, 12 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Should I try not to use Chrome?
    Thanks,
    Bud


    Quote Originally Posted by ken545 View Post
    Looking good Bud, how is your system behaving now ??
    Bud

  9. #29
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello Bud,

    Second run of Malwarebytes was clean, thats good, what it removed was just a leftover entry for conduit which was not removed by AdwCleaner as is may not have been in the database yet

    Chome <-- This is my default browser and I really like it. Just dont use Internet Explorer as there is a new vulnerability that targets IE users and Microsoft has not issued a patch for it yet

    Firefox has a new version that you may like also, both these browsers are more secure than IE
    https://www.mozilla.org/en-US/firefo...-requirements/
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #30
    Member Beadbud5000's Avatar
    Join Date
    Nov 2010
    Location
    Saint Petersburg, FL - USA
    Posts
    72

    Default Chrome issue again

    Ken

    Malwarebytes found this PUP again today. What is interesting is that I have not used the Chrome browser all weekend... Here is the scan log.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/5/2014
    Scan Time: 6:32:25 AM
    Logfile: 5-5-14.txt
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.05.05.04
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows Vista
    CPU: x86
    File System: NTFS
    User: budzone

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 218829
    Time Elapsed: 6 min, 7 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[ff018977b24e41bf2045ff675da77c84]

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Thanks! Bud
    Bud

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •