Thats the same report you posted originally that showed only one entry found, I really wanted to see the one that you said found 5 items
How are things running now ?
Thats the same report you posted originally that showed only one entry found, I really wanted to see the one that you said found 5 items
How are things running now ?
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
I tried to go in manually.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
But I have no folder called ProgramData - so I looked in Program Files\MalwareBytes\Anti-Malware and there were no log files.
Are you sure MalwareBytes is not a trick site? Every time I have my PC running, even when I am not directly online, MalwareBytes keeps finding a malicious thread without being run once, then it found another during a scan run, and then it found nothing...
Spybot is fine. My pc is quirky since I changed to Vista after 7 or 8 years of XP. I hate Vista!! I have installed some Unix systems but I really do not know how to use those yet.
Any ideas?
Bud
I have seen reports of a bogus Malwarebytes download, but the links I provided are safe, did you use one of them or go out on your own to find Malwarebytes
You wont find the logs in program data, just the way I posted previously
Vista was not one of the best OS to ever come down the pike, have you tried upgrading to Windows 7, its a very nice OS, here is a link to the Win 7 Upgrade Advisor to see if your system can be upgraded
http://www.microsoft.com/en-us/downl...ils.aspx?id=20
Run this scanner and lets see if anything else shows up
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Hi
I think I have a ghost screen in my pc. I got your malwarebytes from the reply you sent yesterday Yesterday when downloading, i noticed flash screens or "flutter". I have been slaped with many malware issue on various computers since 2004. I have been through 5 or 6 donated computers after the buiness computer I bought in 2003 fried in 2005. I'd say I have a bogus Malware Bytes.
Also, I technically am legally blind (MS related)
Here is the results for the OTL data scans and thanks for your help!
OTL by OldTimer
• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
5-2-14 result
OTL Notepad
OTL logfile created on: 5/2/2014 7:34:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\budzone\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 45.94% Memory free
4.20 Gb Paging File | 3.02 Gb Available in Paging File | 71.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.73 Gb Total Space | 197.07 Gb Free Space | 66.19% Space Free | Partition Type: NTFS
Computer Name: HOMEPC | User Name: budzone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\budzone\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
========== Services (SafeList) ==========
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (USBSTOR) -- C:\Windows\system32\drivers\usbstor.sys File not found
DRV - (SDHookDriver) -- C:\Program Files\Spybot File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc. )
DRV - (es1371) -- C:\Windows\System32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: s3google%40translator:2.14
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2014/03/30 14:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Extensions
[2014/04/24 16:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions
[2014/04/24 16:51:09 | 000,178,612 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
[2014/04/03 10:02:01 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\newtabgoogle@graememcc.co.uk.xpi
[2014/04/03 09:58:26 | 000,081,138 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\s3google@translator.xpi
[2014/04/29 11:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/04/29 11:19:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/04/27 12:33:44 | 000,450,628 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15471 more lines...
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A0C729-663E-455B-B1FD-4EA2B468DA2F}: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\budzone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\budzone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/05/01 07:22:00 | 000,000,000 | ---D | C] -- C:\MalWtext
[2014/05/01 06:54:34 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/05/01 06:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/01 06:53:55 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/05/01 06:53:55 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/05/01 06:53:55 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/05/01 06:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/05/01 06:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/30 11:18:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/29 16:56:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/04/29 16:55:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/29 06:26:57 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2014/04/29 06:26:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2014/04/29 06:26:56 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2014/04/29 06:26:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2014/04/29 06:26:56 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2014/04/28 16:16:35 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
[2014/04/28 11:30:23 | 000,000,000 | ---D | C] -- C:\Users\budzone\Documents\Album Covers
[2014/04/26 06:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
[2014/04/26 06:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2014/04/26 06:54:26 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Roaming\Real
[2014/04/26 06:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/04/26 06:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2014/04/24 08:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/04/24 08:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/04/24 08:42:47 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Local\Google
[2014/04/13 13:56:25 | 000,000,000 | ---D | C] -- C:\ubuntu
[2014/04/12 08:14:25 | 000,000,000 | ---D | C] -- C:\mint
[2014/04/09 22:15:47 | 000,000,000 | ---D | C] -- C:\bud
[2014/04/09 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/04/08 12:08:13 | 000,000,000 | ---D | C] -- C:\787a51d3de09fd4ab9
[2014/04/07 20:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/04/07 20:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/04/07 20:32:44 | 000,000,000 | ---D | C] -- C:\3a0cf218a18bad4512376e
[2014/04/07 20:29:38 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2014/04/05 06:25:05 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014/04/05 06:25:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014/04/05 06:25:04 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014/04/05 06:25:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014/04/05 06:25:04 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014/04/05 06:25:04 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014/04/05 06:24:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2014/04/05 06:24:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2014/04/05 06:24:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2014/04/05 06:23:52 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2014/04/05 06:23:51 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/04/05 06:23:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2014/04/05 06:23:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2014/04/05 06:23:14 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2014/04/05 06:23:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2014/04/05 06:23:13 | 001,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/04/05 06:23:11 | 008,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2014/04/05 06:22:32 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014/04/05 06:22:13 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/04/05 06:21:53 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014/04/05 06:21:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2014/04/05 06:21:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2014/04/05 06:21:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2014/04/05 06:20:32 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/04/05 06:20:31 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/04/05 06:20:31 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/04/05 06:20:30 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/04/05 06:20:30 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/04/05 06:20:30 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/04/05 06:20:30 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/04/05 06:20:30 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/04/05 06:20:29 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/04/04 19:19:07 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/04/04 19:19:07 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/04/04 19:19:07 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2014/04/04 19:19:07 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/04/04 19:19:02 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2014/04/04 19:19:02 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2014/04/04 19:19:02 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/04/04 19:19:02 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2014/04/03 10:02:51 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Local\Adobe
[1 C:\Users\budzone\Documents\*.tmp files -> C:\Users\budzone\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/05/02 07:18:01 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/05/02 06:48:48 | 000,620,920 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/02 06:48:48 | 000,105,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/02 06:48:10 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/02 06:45:06 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/05/02 06:45:05 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/05/02 06:44:51 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/05/02 06:44:44 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/02 06:42:01 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/02 06:42:01 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/02 06:41:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/01 22:37:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/01 11:51:35 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60275C0-30FF-447D-BD78-2B0F74F7F890}.job
[2014/05/01 06:53:59 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/30 17:26:35 | 000,002,595 | ---- | M] () -- C:\Users\budzone\Desktop\Microsoft Word.lnk
[2014/04/30 15:37:30 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/04/30 15:37:30 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/04/29 11:19:29 | 000,000,870 | ---- | M] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/04/29 11:19:21 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/28 06:57:49 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/27 12:33:44 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/04/27 11:31:53 | 000,003,584 | ---- | M] () -- C:\Users\budzone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/26 15:48:24 | 201,952,749 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/26 07:35:12 | 000,034,612 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/24 08:47:58 | 000,001,995 | ---- | M] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/22 21:56:45 | 023,936,943 | ---- | M] () -- C:\Users\budzone\Desktop\stereo - The BEATLES 'White Album' - The Beatles (Analog).3gp
[2014/04/21 14:29:05 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140427-123344.backup
[2014/04/16 22:04:46 | 000,029,755 | ---- | M] () -- C:\Users\budzone\1401208_312493.jpg
[2014/04/15 08:49:10 | 000,002,593 | ---- | M] () -- C:\Users\budzone\Desktop\Microsoft Excel.lnk
[2014/04/13 13:59:24 | 000,197,915 | ---- | M] () -- C:\wubildr
[2014/04/13 13:59:24 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2014/04/09 14:30:23 | 000,000,618 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/04/09 14:30:23 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/04/09 00:30:23 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140421-142905.backup
[2014/04/08 11:06:00 | 000,042,187 | ---- | M] () -- C:\Users\budzone\5 inner planets.jpg
[2014/04/07 06:51:00 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140409-003023.backup
[2014/04/05 06:30:47 | 000,368,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/05 06:25:05 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014/04/05 06:25:05 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014/04/05 06:25:04 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014/04/05 06:25:04 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014/04/05 06:25:04 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014/04/05 06:25:04 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014/04/05 06:24:31 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\http.sys.mui
[2014/04/05 06:24:05 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2014/04/05 06:24:05 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2014/04/05 06:24:05 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2014/04/05 06:23:52 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2014/04/05 06:23:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/04/05 06:23:15 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2014/04/05 06:23:15 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2014/04/05 06:23:14 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2014/04/05 06:23:14 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2014/04/05 06:23:13 | 001,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/04/05 06:23:11 | 008,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2014/04/05 06:22:32 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014/04/05 06:22:13 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/04/05 06:21:53 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014/04/05 06:21:53 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2014/04/05 06:21:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2014/04/05 06:21:24 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2014/04/05 06:20:32 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/04/05 06:20:31 | 000,435,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/04/05 06:20:31 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/04/05 06:20:30 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/04/05 06:20:30 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/04/05 06:20:30 | 000,473,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/04/05 06:20:30 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/04/05 06:20:30 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/04/05 06:20:30 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/04/04 19:19:07 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/04/04 19:19:07 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/04/04 19:19:07 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2014/04/04 19:19:07 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/04/04 19:19:02 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2014/04/04 19:19:02 | 000,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2014/04/04 19:19:02 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/04/04 19:19:02 | 000,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2014/04/04 19:10:12 | 031,195,136 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2014/04/04 19:10:12 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2014/04/04 19:10:12 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2014/04/03 09:51:10 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/04/03 09:51:00 | 000,073,432 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/04/02 10:29:43 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140407-065100.backup
[2014/04/02 10:20:36 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140402-102943.backup
[1 C:\Users\budzone\Documents\*.tmp files -> C:\Users\budzone\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/05/01 06:53:59 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/29 08:59:28 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60275C0-30FF-447D-BD78-2B0F74F7F890}.job
[2014/04/29 06:26:56 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2014/04/27 11:31:51 | 000,003,584 | ---- | C] () -- C:\Users\budzone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/26 15:48:05 | 201,952,749 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/04/24 08:44:13 | 000,001,995 | ---- | C] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/24 08:44:13 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/24 08:43:00 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/24 08:42:58 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/22 21:53:03 | 023,936,943 | ---- | C] () -- C:\Users\budzone\Desktop\stereo - The BEATLES 'White Album' - The Beatles (Analog).3gp
[2014/04/16 22:04:46 | 000,029,755 | ---- | C] () -- C:\Users\budzone\1401208_312493.jpg
[2014/04/12 08:19:45 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2014/04/12 08:19:43 | 000,197,915 | ---- | C] () -- C:\wubildr
[2014/04/10 10:14:21 | 000,001,273 | ---- | C] () -- C:\Users\budzone\Authorization.xml
[2014/04/08 11:06:00 | 000,042,187 | ---- | C] () -- C:\Users\budzone\5 inner planets.jpg
[2014/04/08 09:25:34 | 000,024,459 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Straprevised.rtf
[2014/04/08 09:25:34 | 000,024,056 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Strap.rtf
[2014/04/08 09:25:34 | 000,019,927 | ---- | C] () -- C:\Users\budzone\Documents\The Minister wrath.rtf
[2014/04/08 09:25:34 | 000,017,840 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Strap-.rtf
[2014/04/08 09:25:34 | 000,013,711 | ---- | C] () -- C:\Users\budzone\Documents\Triangular Foundations.rtf
[2014/04/08 09:25:34 | 000,010,245 | ---- | C] () -- C:\Users\budzone\Documents\TheJoeKirksonP3.rtf
[2014/04/08 09:25:34 | 000,008,827 | ---- | C] () -- C:\Users\budzone\Documents\Trevor is waiting.rtf
[2014/04/08 09:25:34 | 000,004,989 | ---- | C] () -- C:\Users\budzone\Documents\troubledlines.rtf
[2014/04/08 09:25:33 | 000,096,776 | ---- | C] () -- C:\Users\budzone\Documents\teachers.rtf
[2014/04/08 09:25:33 | 000,045,431 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop2.rtf
[2014/04/08 09:25:33 | 000,039,551 | ---- | C] () -- C:\Users\budzone\Documents\the joe kirkson meetings.rtf
[2014/04/08 09:25:33 | 000,037,466 | ---- | C] () -- C:\Users\budzone\Documents\The Boss--.rtf
[2014/04/08 09:25:33 | 000,031,779 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop.rtf
[2014/04/08 09:25:33 | 000,031,317 | ---- | C] () -- C:\Users\budzone\Documents\The Bar-.rtf
[2014/04/08 09:25:33 | 000,018,892 | ---- | C] () -- C:\Users\budzone\Documents\teachers-.rtf
[2014/04/08 09:25:33 | 000,009,388 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop 2final.rtf
[2014/04/08 09:25:33 | 000,007,066 | ---- | C] () -- C:\Users\budzone\Documents\The Bar.rtf
[2014/04/08 09:25:33 | 000,006,820 | ---- | C] () -- C:\Users\budzone\Documents\The Blond Man with the Gold Band Wristwatch.rtf
[2014/04/08 09:25:32 | 000,037,948 | ---- | C] () -- C:\Users\budzone\Documents\Summer Adjustments P1.rtf
[2014/04/08 09:25:32 | 000,018,889 | ---- | C] () -- C:\Users\budzone\Documents\Summer revisedfinal2-10.rtf
[2014/04/08 09:25:32 | 000,012,982 | ---- | C] () -- C:\Users\budzone\Documents\spatula.rtf
[2014/04/08 09:25:32 | 000,009,453 | ---- | C] () -- C:\Users\budzone\Documents\SD Belt Fantasy.rtf
[2014/04/08 09:25:32 | 000,008,344 | ---- | C] () -- C:\Users\budzone\Documents\SouthernCharm.rtf
[2014/04/08 09:25:32 | 000,005,939 | ---- | C] () -- C:\Users\budzone\Documents\Summer Adjustments Part 2.rtf
[2014/04/08 09:25:32 | 000,004,298 | ---- | C] () -- C:\Users\budzone\Documents\Small Ornamental Mask.rtf
[2014/04/08 09:25:32 | 000,000,393 | ---- | C] () -- C:\Users\budzone\Documents\spankingad.rtf
[2014/04/08 09:25:31 | 000,026,001 | ---- | C] () -- C:\Users\budzone\Documents\nedP2.rtf
[2014/04/08 09:25:31 | 000,011,847 | ---- | C] () -- C:\Users\budzone\Documents\mohammed.rtf
[2014/04/08 09:25:30 | 000,035,182 | ---- | C] () -- C:\Users\budzone\Documents\joekirksonp3.rtf
[2014/04/08 09:25:30 | 000,017,527 | ---- | C] () -- C:\Users\budzone\Documents\Lew.rtf
[2014/04/08 09:25:30 | 000,004,256 | ---- | C] () -- C:\Users\budzone\Documents\Jk alt.rtf
[2014/04/08 09:25:29 | 000,033,139 | ---- | C] () -- C:\Users\budzone\Documents\James Kirkson2012.rtf
[2014/04/08 09:25:29 | 000,032,544 | ---- | C] () -- C:\Users\budzone\Documents\Into Old Cars revised.rtf
[2014/04/08 09:25:29 | 000,025,487 | ---- | C] () -- C:\Users\budzone\Documents\James Kirkson Meetings.rtf
[2014/04/08 09:25:29 | 000,005,213 | ---- | C] () -- C:\Users\budzone\Documents\Fertility Mask.rtf
[2014/04/08 09:25:29 | 000,004,146 | ---- | C] () -- C:\Users\budzone\Documents\It happened slowly over a relatively brief amount of time.rtf
[2014/04/08 09:25:28 | 000,031,014 | ---- | C] () -- C:\Users\budzone\Documents\Father.rtf
[2014/04/08 09:25:28 | 000,030,895 | ---- | C] () -- C:\Users\budzone\Documents\DadSexLesf.rtf
[2014/04/08 09:25:28 | 000,023,257 | ---- | C] () -- C:\Users\budzone\Documents\Father2.rtf
[2014/04/08 09:25:28 | 000,022,699 | ---- | C] () -- C:\Users\budzone\Documents\Father-.rtf
[2014/04/08 09:25:28 | 000,021,271 | ---- | C] () -- C:\Users\budzone\Documents\Curt2.rtf
[2014/04/08 09:25:28 | 000,019,967 | ---- | C] () -- C:\Users\budzone\Documents\dad sex lesson 3-22-13.rtf
[2014/04/08 09:25:28 | 000,019,131 | ---- | C] () -- C:\Users\budzone\Documents\dadsexlessonrevised.rtf
[2014/04/08 09:25:28 | 000,019,061 | ---- | C] () -- C:\Users\budzone\Documents\Father Part II1.rtf
[2014/04/08 09:25:28 | 000,016,899 | ---- | C] () -- C:\Users\budzone\Documents\Curt.rtf
[2014/04/08 09:25:28 | 000,010,478 | ---- | C] () -- C:\Users\budzone\Documents\ebaytemp.rtf
[2014/04/08 09:25:28 | 000,008,874 | ---- | C] () -- C:\Users\budzone\Documents\delZip179.rtf
[2014/04/08 09:25:25 | 000,016,385 | ---- | C] () -- C:\Users\budzone\Documents\Camping-.rtf
[2014/04/08 09:25:25 | 000,015,593 | ---- | C] () -- C:\Users\budzone\Documents\Campingrev.rtf
[2014/04/08 09:25:25 | 000,014,752 | ---- | C] () -- C:\Users\budzone\Documents\Camping.rtf
[2014/04/08 09:25:25 | 000,004,028 | ---- | C] () -- C:\Users\budzone\Documents\Compote Frosted Pink Fostoria.rtf
[2014/04/08 09:25:24 | 000,049,664 | ---- | C] () -- C:\Users\budzone\Documents\Business cards.pub
[2014/04/08 09:25:24 | 000,044,491 | ---- | C] () -- C:\Users\budzone\Documents\Bondingrevised.rtf
[2014/04/08 09:25:24 | 000,026,164 | ---- | C] () -- C:\Users\budzone\Documents\CalbertandMe.rtf
[2014/04/08 09:25:24 | 000,024,765 | ---- | C] () -- C:\Users\budzone\Documents\calbertandmepart2.rtf
[2014/04/08 09:25:24 | 000,022,485 | ---- | C] () -- C:\Users\budzone\Documents\CalbertandMeP2.rtf
[2014/04/08 09:25:24 | 000,021,159 | ---- | C] () -- C:\Users\budzone\Documents\Bill's Surprise2-4-13.rtf
[2014/04/08 09:25:24 | 000,019,427 | ---- | C] () -- C:\Users\budzone\Documents\Bill's Surprise.rtf
[2014/04/08 09:25:24 | 000,018,111 | ---- | C] () -- C:\Users\budzone\Documents\CalAlan.rtf
[2014/04/08 09:25:24 | 000,013,015 | ---- | C] () -- C:\Users\budzone\Documents\Blond Boys in the Theatrefinal.rtf
[2014/04/08 09:25:24 | 000,010,919 | ---- | C] () -- C:\Users\budzone\Documents\Backup of The Bar-.wbk
[2014/04/08 09:25:23 | 000,055,959 | ---- | C] () -- C:\Users\budzone\Documents\A Fake.rtf
[2014/04/08 09:25:23 | 000,037,433 | ---- | C] () -- C:\Users\budzone\Documents\A Salacious Affair.rtf
[2014/04/08 09:25:23 | 000,022,124 | ---- | C] () -- C:\Users\budzone\Documents\Agreements (Part 2).rtf
[2014/04/08 09:25:23 | 000,019,745 | ---- | C] () -- C:\Users\budzone\Documents\A Time For Passion.rtf
[2014/04/08 09:25:23 | 000,018,166 | ---- | C] () -- C:\Users\budzone\Documents\AlanRobert.rtf
[2014/04/08 09:25:23 | 000,015,959 | ---- | C] () -- C:\Users\budzone\Documents\AdiffMattdaly.rtf
[2014/04/08 09:25:23 | 000,014,448 | ---- | C] () -- C:\Users\budzone\Documents\Agreementsp1.rtf
[2014/04/08 09:25:23 | 000,006,409 | ---- | C] () -- C:\Users\budzone\Documents\21st century Poem.rtf
[2014/04/08 09:25:23 | 000,005,561 | ---- | C] () -- C:\Users\budzone\Documents\21st Century Salutations.rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$Time For Passion.rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$reements (Part 2).rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$mes Kirkson2012.rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$e Leather Shop2.rtf
[2014/04/08 09:25:22 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$A Fake.rtf
[2014/04/07 20:37:54 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.001
[2014/04/07 20:37:51 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2014/03/31 14:21:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/03/30 18:26:49 | 000,034,612 | ---- | C] () -- C:\Windows\wininit.ini
========== ZeroAccess Check ==========
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/31 18:41:32 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/04/05 06:25:05 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 05:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/03/31 11:15:30 | 000,000,000 | ---D | M] -- C:\Users\budzone\AppData\Roaming\DriverFinder
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
< End of report >
Extras Notepad
OTL Extras logfile created on: 5/2/2014 7:34:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\budzone\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 45.94% Memory free
4.20 Gb Paging File | 3.02 Gb Available in Paging File | 71.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.73 Gb Total Space | 197.07 Gb Free Space | 66.19% Space Free | Partition Type: NTFS
Computer Name: HOMEPC | User Name: budzone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{398CC83A-9771-44AB-B689-656418DCE800}C:\program files\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdupdate.exe |
"UDP Query User{D270D848-44E9-4FE5-AD5D-C9BA3A47DF88}C:\program files\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdupdate.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Google Chrome" = Google Chrome
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mint4win" = Linux_Mint_Main
"Mozilla Firefox 29.0 (x86 en-US)" = Mozilla Firefox 29.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"Wubi" = Ubuntu
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/30/2014 3:56:15 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
Description = Faulting application wevtutil.exe, version 6.0.6000.16386, time stamp
0x4549af1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000142, fault offset 0x00008fc7, process id 0x10d20, application
start time 0x01cf64ae3bd3c7a4.
Error - 4/30/2014 3:56:52 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
Description = Faulting application wevtutil.exe, version 6.0.6000.16386, time stamp
0x4549af1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000142, fault offset 0x00008fc7, process id 0x11bb0, application
start time 0x01cf64ae411b4e4e.
Error - 4/30/2014 4:08:57 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
Description = Faulting application wevtutil.exe, version 6.0.6000.16386, time stamp
0x4549af1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000142, fault offset 0x00008fc7, process id 0x12a08, application
start time 0x01cf64ae57d92e26.
Error - 4/30/2014 4:20:52 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
Description = Faulting application wevtutil.exe, version 6.0.6000.16386, time stamp
0x4549af1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000142, fault offset 0x00008fc7, process id 0x12ec4, application
start time 0x01cf64b00812ef7e.
Error - 4/30/2014 5:19:58 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
Description = Faulting application SDWelcome.exe, version 2.2.21.129, time stamp
0x51dd1105, faulting module kernel32.dll, version 6.0.6000.16820, time stamp 0x49952034,
exception code 0xc0000005, fault offset 0x0004fcac, process id 0x25bc, application
start time 0x01cf64b9f0288f0e.
Error - 4/30/2014 5:23:20 PM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Error - 5/1/2014 6:26:40 AM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Error - 5/1/2014 6:50:56 PM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Error - 5/1/2014 8:44:30 PM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Error - 5/2/2014 6:42:59 AM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
[ System Events ]
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
< End of report >
Bud
Bud, sorry for your health issues, myself I lost my hearing about 20 years ago and have Cochlear Implants
The problem your having is because your hosts file is infected, after you run this fix post the log from the fix, then go open Internet Explorer and change your start page to anyone you like, then run a new scan with OTL and post the new log, you wont get an extras log on the second run so dont knock yourself out looking for it. Your copy of Malwarebytes is legit by the way
Open OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code::OTL IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320 [2014/04/21 14:29:05 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140427-123344.backup [2014/04/09 00:30:23 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140421-142905.backup [2014/04/07 06:51:00 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140409-003023.backup [2014/04/02 10:29:43 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140407-065100.backup [2014/04/02 10:20:36 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140402-102943.backup :Services :Reg :Files ipconfig /flushdns /c :Commands [purity] [resethosts] [EMPTYJAVA] [emptytemp] [start explorer] [Reboot]- Then click the Run Fix button at the top. <--Not run Scan
- Let the program run unhindered, reboot when it is done
- Then post the results of the log it produces
Then run a new scan with OTL and post the new log please
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
It was very fast! It gave me the OTL txt file below
All processes killed
========== OTL ==========
HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Windows\System32\drivers\etc\hosts.20140427-123344.backup moved successfully.
C:\Windows\System32\drivers\etc\hosts.20140421-142905.backup moved successfully.
C:\Windows\System32\drivers\etc\hosts.20140409-003023.backup moved successfully.
C:\Windows\System32\drivers\etc\hosts.20140407-065100.backup moved successfully.
C:\Windows\System32\drivers\etc\hosts.20140402-102943.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\budzone\Downloads\cmd.bat deleted successfully.
C:\Users\budzone\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: budzone
User: Default
User: Default User
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: budzone
->Temp folder emptied: 2296684 bytes
->Temporary Internet Files folder emptied: 188857 bytes
->FireFox cache emptied: 371653716 bytes
->Google Chrome cache emptied: 381710367 bytes
->Flash cache emptied: 7621 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 169769 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 721.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05022014_094049
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Bud
Bud, no need to quote what I post, its just taking up valuable room on the forum.
Change your homepage with IE and then run a new scan with OTL and lets see where we stand
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.