Trovi Attached

Status
Not open for further replies.
B

Beadbud5000

New member
Trovi.com indicated a "brand" has attached itself to your browser. Firefox was affected here.
I ran the diagnostic tool DLD?
I can not zip
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/30/2014 1:33:52 PM
System Uptime: 4/28/2014 8:38:21 AM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | A8V-XE
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket 939 | 2200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 197.139 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID:
Description:
Device ID: ACPI\PNPB006\3&2411E6FE&0
Manufacturer:
Name:
PNP Device ID: ACPI\PNPB006\3&2411E6FE&0
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 13 Plugin
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Linux_Mint_Main
Microsoft .NET Framework 3.5 SP1
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
NVIDIA Display Control Panel
NVIDIA Drivers
PVSonyDll
Spybot - Search & Destroy
Ubuntu
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VIA Rhine Family Fast Ethernet Adapter
.
==== End Of File ===========================
Please help!

Also
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16386
Run by budzone at 9:33:19 on 2014-04-28
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.932 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyOverride = <-loopback>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{97A0C729-663E-455B-B1FD-4EA2B468DA2F} : DHCPNameServer = 65.32.5.111 65.32.5.112
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll c:\progra~1\optimi~1\optpro~2.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.131\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\budzone\appdata\roaming\mozilla\firefox\profiles\dn0p235l.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_182.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SDHookDriver;Hook Test Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2014-3-30 46248]
R1 tStLibG;tStLibG;c:\windows\system32\drivers\tStLibG.sys [2014-3-30 55224]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2014-3-30 1153368]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-3-30 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-3-30 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-3-30 171416]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\drivers\fetnd6v.sys [2009-5-15 43520]
S2 ca82e1a5;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2006-11-2 44544]
S2 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\searchprotect\main\bin\cltmngsvc.exe --> c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [?]
S2 Level Quality Watcher;Level Quality Watcher;c:\program files\level quality watcher\v1.01\levelqualitywatcher32.exe run options=01110010010000000000000000000000 sourceguid=bba5481a-926b-4561-bd79-249f618495e6 --> c:\program files\level quality watcher\v1.01\levelqualitywatcher32.exe run options=01110010010000000000000000000000 sourceguid=BBA5481A-926B-4561-BD79-249F618495E6 [?]
S2 Update PlurPush;Update PlurPush;"c:\program files\plurpush\updateplurpush.exe" --> c:\program files\plurpush\updatePlurPush.exe [?]
.
=============== Created Last 30 ================
.
2014-04-26 10:53:29 -------- dc----w- c:\program files\SearchProtect
2014-04-25 11:06:52 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{52e41676-e821-4cc7-a7b1-c7595233dd5b}\mpengine.dll
2014-04-24 12:42:47 -------- d-----w- c:\users\budzone\appdata\local\Google
2014-04-13 17:56:25 -------- d-----w- C:\ubuntu
2014-04-12 12:14:25 -------- d-----w- C:\mint
2014-04-10 02:15:47 -------- dc----w- C:\bud
2014-04-08 16:08:13 -------- dc----w- C:\787a51d3de09fd4ab9
2014-04-08 00:36:23 -------- dc----w- c:\program files\NVIDIA Corporation
2014-04-08 00:32:44 -------- dc----w- C:\3a0cf218a18bad4512376e
2014-04-08 00:29:38 229888 ----a-w- c:\windows\system32\msshsq.dll
2014-04-05 10:26:34 378368 ----a-w- c:\windows\system32\winhttp.dll
2014-04-05 10:25:27 268800 ----a-w- c:\windows\system32\es.dll
2014-04-05 10:25:06 549888 ----a-w- c:\windows\system32\rpcss.dll
2014-04-05 10:25:05 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2014-04-05 10:25:05 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2014-04-05 10:25:05 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2014-04-05 10:25:05 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2014-04-05 10:25:05 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2014-04-05 10:25:05 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2014-04-05 10:25:04 97280 ----a-w- c:\windows\system32\iasrecst.dll
2014-04-05 10:25:04 53248 ----a-w- c:\windows\system32\iasads.dll
2014-04-05 10:25:04 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2014-04-05 10:25:04 158720 ----a-w- c:\windows\system32\sdohlp.dll
2014-04-05 10:24:05 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2014-04-05 10:24:05 223232 ----a-w- c:\windows\system32\WMASF.DLL
2014-04-05 10:24:05 2048 ----a-w- c:\windows\system32\asferror.dll
2014-04-05 10:23:52 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-04-05 10:23:52 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2014-04-05 10:23:51 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-04-05 10:23:15 61440 ----a-w- c:\windows\system32\ntprint.exe
2014-04-05 10:23:15 220160 ----a-w- c:\windows\system32\ntprint.dll
2014-04-05 10:23:14 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-04-05 10:23:14 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2014-04-05 10:23:13 1984512 ----a-w- c:\windows\system32\authui.dll
2014-04-05 10:23:11 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2014-04-05 10:23:11 69632 ----a-w- c:\windows\system32\sendmail.dll
2014-04-05 10:22:32 441856 ----a-w- c:\windows\system32\win32spl.dll
2014-04-05 10:22:32 37376 ----a-w- c:\windows\system32\printcom.dll
2014-04-05 10:22:13 2031104 ----a-w- c:\windows\system32\win32k.sys
2014-04-05 10:21:53 14848 ----a-w- c:\windows\system32\wshrm.dll
2014-04-05 10:21:53 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2014-04-05 10:21:24 43520 ----a-w- c:\windows\system32\msdxm.tlb
2014-04-05 10:21:24 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2014-04-05 10:21:24 18432 ----a-w- c:\windows\system32\amcompat.tlb
2014-04-05 10:20:32 312320 ----a-w- c:\windows\system32\msdrm.dll
2014-04-05 10:20:31 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-04-05 10:20:31 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-04-05 10:20:30 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-04-05 10:20:30 515584 ----a-w- c:\windows\system32\RMActivate.exe
2014-04-05 10:20:30 472576 ----a-w- c:\windows\system32\secproc.dll
2014-04-05 10:20:30 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-04-05 10:20:30 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-04-05 10:20:29 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2014-04-05 10:18:42 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2014-04-04 23:19:07 97800 ----a-w- c:\windows\system32\infocardapi.dll
2014-04-04 23:19:07 622080 ----a-w- c:\windows\system32\icardagt.exe
2014-04-04 23:19:07 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2014-04-04 23:19:07 11264 ----a-w- c:\windows\system32\icardres.dll
2014-04-04 23:19:02 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2014-04-04 23:19:02 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2014-04-04 23:19:02 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2014-04-04 23:19:02 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-03 14:02:51 -------- d-----w- c:\users\budzone\appdata\local\Adobe
2014-03-31 23:02:33 72704 ----a-w- c:\windows\system32\fontsub.dll
2014-03-31 23:02:33 34304 ----a-w- c:\windows\system32\atmlib.dll
2014-03-31 23:02:33 289792 ----a-w- c:\windows\system32\atmfd.dll
2014-03-31 23:02:33 24064 ----a-w- c:\windows\system32\lpk.dll
2014-03-31 23:02:33 156672 ----a-w- c:\windows\system32\t2embed.dll
2014-03-31 23:02:33 10240 ----a-w- c:\windows\system32\dciman32.dll
2014-03-31 23:00:43 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-03-31 23:00:43 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2014-03-31 23:00:06 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2014-03-31 23:00:05 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2014-03-31 23:00:05 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2014-03-31 22:58:53 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2014-03-31 22:58:53 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2014-03-31 22:58:53 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2014-03-31 22:58:53 19968 ----a-w- c:\windows\system32\ARP.EXE
2014-03-31 22:58:53 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2014-03-31 22:58:53 15360 ----a-w- c:\windows\system32\netevent.dll
2014-03-31 22:58:53 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2014-03-31 22:58:53 103936 ----a-w- c:\windows\system32\netiohlp.dll
2014-03-31 22:58:53 10240 ----a-w- c:\windows\system32\finger.exe
2014-03-31 22:57:52 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2014-03-31 22:57:51 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2014-03-31 22:57:50 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2014-03-31 22:57:50 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2014-03-31 22:57:48 542720 ----a-w- c:\windows\system32\sysmain.dll
2014-03-31 22:57:47 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2014-03-31 22:57:47 502784 ----a-w- c:\windows\system32\wlansvc.dll
2014-03-31 22:57:47 47104 ----a-w- c:\windows\system32\wlanapi.dll
2014-03-31 22:57:47 297984 ----a-w- c:\windows\system32\wlansec.dll
2014-03-31 22:57:47 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2014-03-31 22:57:17 194560 ----a-w- c:\windows\system32\WebClnt.dll
2014-03-31 22:57:17 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-03-31 22:56:44 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-03-31 22:56:44 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-03-31 22:56:44 1406464 ----a-w- c:\windows\system32\msxml6.dll
2014-03-31 22:56:44 1260032 ----a-w- c:\windows\system32\msxml3.dll
2014-03-31 22:55:58 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2014-03-31 22:55:58 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2014-03-31 22:55:58 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2014-03-31 22:55:26 49664 ----a-w- c:\windows\system32\csrsrv.dll
2014-03-31 22:55:26 376320 ----a-w- c:\windows\system32\winsrv.dll
2014-03-31 22:54:53 98816 ----a-w- c:\windows\system32\mfps.dll
2014-03-31 22:54:53 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2014-03-31 22:54:53 2855424 ----a-w- c:\windows\system32\mf.dll
2014-03-31 22:54:53 24576 ----a-w- c:\windows\system32\mfpmp.exe
2014-03-31 22:54:53 2048 ----a-w- c:\windows\system32\mferror.dll
2014-03-31 22:54:07 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-03-31 22:54:06 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-03-31 22:51:51 434176 ----a-w- c:\windows\system32\vbscript.dll
2014-03-31 22:51:10 71680 ----a-w- c:\windows\system32\atl.dll
2014-03-31 22:50:06 297472 ----a-w- c:\windows\system32\gdi32.dll
2014-03-31 22:49:35 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2014-03-31 22:49:35 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-03-31 22:49:05 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2014-03-31 22:49:05 30208 ----a-w- c:\windows\system32\xolehlp.dll
2014-03-31 22:48:27 156160 ----a-w- c:\windows\system32\wkssvc.dll
2014-03-31 22:47:43 36352 ----a-w- c:\windows\system32\tsgqec.dll
2014-03-31 22:47:43 1871872 ----a-w- c:\windows\system32\mstscax.dll
2014-03-31 22:47:43 116736 ----a-w- c:\windows\system32\aaclient.dll
2014-03-31 22:46:53 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2014-03-31 22:45:58 414208 ----a-w- c:\windows\system32\msscp.dll
2014-03-31 22:45:33 713728 ----a-w- c:\windows\system32\timedate.cpl
2014-03-31 22:45:03 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2014-03-31 22:44:37 86016 ----a-w- c:\windows\system32\icfupgd.dll
2014-03-31 22:44:37 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2014-03-31 22:44:37 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2014-03-31 22:44:37 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2014-03-31 22:44:37 16896 ----a-w- c:\windows\system32\wfapigp.dll
2014-03-31 22:44:36 61952 ----a-w- c:\windows\system32\cmifw.dll
2014-03-31 22:44:09 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2014-03-31 22:44:08 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2014-03-31 22:44:08 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2014-03-31 22:44:08 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2014-03-31 22:42:51 1244672 ----a-w- c:\windows\system32\mcmde.dll
2014-03-31 22:42:50 80896 ----a-w- c:\windows\system32\MSNP.ax
2014-03-31 22:42:50 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2014-03-31 22:42:50 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2014-03-31 22:42:50 428032 ----a-w- c:\windows\system32\EncDec.dll
2014-03-31 22:42:50 292352 ----a-w- c:\windows\system32\psisdecd.dll
2014-03-31 22:42:50 217088 ----a-w- c:\windows\system32\psisrndr.ax
2014-03-31 22:42:50 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2014-03-31 22:40:44 2048 ----a-w- c:\windows\system32\tzres.dll
2014-03-31 22:40:05 696832 ----a-w- c:\windows\system32\localspl.dll
2014-03-31 22:38:55 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2014-03-31 22:38:55 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2014-03-31 22:38:55 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2014-03-31 22:38:55 20024 ----a-w- c:\windows\system32\drivers\viaide.sys
2014-03-31 22:38:55 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2014-03-31 22:38:55 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2014-03-31 22:38:43 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2014-03-31 22:38:28 2923520 ----a-w- c:\windows\explorer.exe
2014-03-31 22:37:55 8704 ----a-w- c:\windows\system32\hcrstco.dll
2014-03-31 22:37:55 8704 ----a-w- c:\windows\system32\hccoin.dll
2014-03-31 22:37:55 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-03-31 22:37:55 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-03-31 22:37:54 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-03-31 22:37:54 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-03-31 22:37:54 23040 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-03-31 22:37:54 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-03-31 22:37:37 97792 ----a-w- c:\windows\system32\cabview.dll
2014-03-31 22:37:09 171520 ----a-w- c:\windows\system32\wintrust.dll
2014-03-31 22:36:34 494592 ----a-w- c:\windows\system32\kerberos.dll
2014-03-31 22:36:33 272384 ----a-w- c:\windows\system32\schannel.dll
2014-03-31 22:36:03 24064 ----a-w- c:\windows\system32\netcfg.exe
2014-03-31 22:32:03 1585664 ----a-w- c:\windows\system32\setupapi.dll
2014-03-31 22:30:49 62464 ----a-w- c:\windows\system32\l3codeca.acm
2014-03-31 22:30:49 220672 ----a-w- c:\windows\system32\l3codecp.acm
2014-03-31 22:30:26 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2014-03-31 22:30:26 22016 ----a-w- c:\windows\system32\netiougc.exe
2014-03-31 22:30:26 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2014-03-31 22:30:26 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2014-03-31 22:30:26 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2014-03-31 22:30:26 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2014-03-31 22:30:25 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-03-31 22:29:55 25600 ----a-w- c:\windows\system32\amxread.dll
2014-03-31 22:29:55 14848 ----a-w- c:\windows\system32\apilogen.dll
2014-03-31 22:28:42 33280 ----a-w- c:\windows\system32\slwmi.dll
2014-03-31 22:28:42 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2014-03-31 22:28:42 223232 ----a-w- c:\windows\system32\SLC.dll
2014-03-31 22:28:41 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2014-03-31 22:28:41 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2014-03-31 22:28:41 351232 ----a-w- c:\windows\system32\SLUI.exe
2014-03-31 22:28:41 186368 ----a-w- c:\windows\system32\SLLUA.exe
2014-03-31 22:28:38 39936 ----a-w- c:\windows\system32\slcinst.dll
2014-03-31 22:28:38 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2014-03-31 21:20:49 96760 ----a-w- c:\windows\system32\dfshim.dll
2014-03-31 21:20:49 41984 ----a-w- c:\windows\system32\netfxperf.dll
2014-03-31 21:20:47 83968 ----a-w- c:\windows\system32\mscories.dll
2014-03-31 21:20:47 282112 ----a-w- c:\windows\system32\mscoree.dll
2014-03-31 21:20:47 158720 ----a-w- c:\windows\system32\mscorier.dll
2014-03-31 21:04:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2014-03-31 21:04:15 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2014-03-31 21:04:15 1686528 ----a-w- c:\windows\system32\gameux.dll
2014-03-31 21:03:31 1645568 ----a-w- c:\windows\system32\connect.dll
2014-03-31 20:59:36 -------- d-----w- c:\windows\system32\MRT
2014-03-31 20:58:35 974336 ----a-w- c:\windows\system32\crypt32.dll
2014-03-31 20:57:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2014-03-31 20:57:29 7680 ----a-w- c:\windows\system32\spwmp.dll
2014-03-31 20:57:28 4096 ----a-w- c:\windows\system32\msdxm.ocx
2014-03-31 20:57:28 4096 ----a-w- c:\windows\system32\dxmasf.dll
2014-03-31 20:57:28 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-03-31 20:57:28 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2014-03-31 20:57:28 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2014-03-31 20:57:26 311296 ----a-w- c:\windows\system32\unregmp2.exe
2014-03-31 20:57:26 1418240 ----a-w- c:\program files\windows media player\setup_wm.exe
2014-03-31 18:19:16 -------- d-----w- c:\program files\Microsoft ActiveSync
2014-03-31 18:17:49 -------- dc----w- c:\program files\common files\L&H
2014-03-31 15:15:30 -------- d-----w- c:\users\budzone\appdata\roaming\DriverFinder
2014-03-31 13:20:08 -------- d-----w- c:\users\budzone\appdata\local\WindowsUpdate
2014-03-31 12:43:14 707072 ----a-w- c:\program files\common files\system\wab32.dll
2014-03-31 12:43:14 41984 ----a-w- c:\program files\windows mail\wabimp.dll
2014-03-31 12:43:14 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2014-03-31 12:43:14 1098752 ----a-w- c:\program files\common files\system\wab32res.dll
2014-03-31 12:43:13 87040 ----a-w- c:\windows\system32\msoert2.dll
2014-03-31 12:43:13 2836992 ----a-w- c:\program files\windows mail\MSOERES.dll
2014-03-31 12:43:13 205824 ----a-w- c:\windows\system32\msoeacct.dll
2014-03-31 12:43:13 1614848 ----a-w- c:\program files\windows mail\msoe.dll
2014-03-31 12:43:11 397312 ----a-w- c:\program files\windows mail\WinMail.exe
2014-03-31 12:43:10 81408 ----a-w- c:\program files\windows mail\oeimport.dll
2014-03-31 12:43:10 24064 ----a-w- c:\program files\common files\system\DirectDB.dll
2014-03-31 12:42:42 175104 ----a-w- c:\windows\system32\wdigest.dll
2014-03-31 12:42:41 7680 ----a-w- c:\windows\system32\lsass.exe
2014-03-31 12:42:41 72704 ----a-w- c:\windows\system32\secur32.dll
2014-03-31 12:42:41 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-03-31 12:42:41 216576 ----a-w- c:\windows\system32\msv1_0.dll
2014-03-31 12:42:41 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2014-03-31 11:26:48 -------- d-----w- c:\users\budzone\appdata\local\Macromedia
2014-03-31 00:04:50 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 00:04:50 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-30 21:50:47 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-03-30 21:47:52 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-03-30 21:25:19 -------- d-----w- c:\windows\Panther
2014-03-30 19:26:43 55224 ----a-w- c:\windows\system32\drivers\tStLibG.sys
2014-03-30 18:46:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-03-30 18:46:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2014-03-30 18:30:32 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2014-03-30 18:30:10 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll
2014-03-30 18:30:10 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe
2014-03-30 18:30:10 11776 ----a-w- c:\windows\system32\sbunattend.exe
2014-03-30 18:29:57 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2014-03-30 18:29:57 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2014-03-30 18:29:42 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2014-03-30 18:29:42 94720 ----a-w- c:\windows\system32\logagent.exe
2014-03-30 18:29:13 84480 ----a-w- c:\windows\system32\INETRES.dll
2014-03-30 18:29:13 737792 ----a-w- c:\windows\system32\inetcomm.dll
2014-03-30 18:28:55 60928 ----a-w- c:\windows\system32\msasn1.dll
2014-03-30 18:28:41 5120 ----a-w- c:\windows\system32\wmi.dll
2014-03-30 18:28:41 152576 ----a-w- c:\windows\system32\imagehlp.dll
2014-03-30 18:28:41 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-03-30 18:28:27 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2014-03-30 18:27:55 148480 ----a-w- c:\windows\system32\iisRtl.dll
2014-03-30 18:27:54 8192 ----a-w- c:\windows\system32\iisrstap.dll
2014-03-30 18:27:54 51200 ----a-w- c:\windows\system32\admwprox.dll
2014-03-30 18:27:54 14848 ----a-w- c:\windows\system32\iisreset.exe
2014-03-30 18:27:54 10752 ----a-w- c:\windows\system32\wamregps.dll
2014-03-30 18:27:51 396800 ----a-w- c:\windows\system32\drivers\http.sys
2014-03-30 18:27:51 31232 ----a-w- c:\windows\system32\httpapi.dll
2014-03-30 18:27:51 24064 ----a-w- c:\windows\system32\nshhttp.dll
2014-03-30 18:26:22 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-03-30 18:26:07 274432 ----a-w- c:\windows\system32\raschap.dll
2014-03-30 18:26:07 232960 ----a-w- c:\windows\system32\rastls.dll
2014-03-30 18:25:50 321536 ----a-w- c:\windows\system32\WSDApi.dll
2014-03-30 18:25:35 633856 ----a-w- c:\windows\system32\user32.dll
2014-03-30 18:25:04 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2014-03-30 18:25:04 22528 ----a-w- c:\windows\system32\msyuv.dll
2014-03-30 18:25:04 1327616 ----a-w- c:\windows\system32\quartz.dll
2014-03-30 18:25:04 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2014-03-30 18:25:03 88576 ----a-w- c:\windows\system32\avifil32.dll
2014-03-30 18:25:03 82944 ----a-w- c:\windows\system32\mciavi32.dll
2014-03-30 18:25:03 65024 ----a-w- c:\windows\system32\avicap32.dll
2014-03-30 18:25:03 31232 ----a-w- c:\windows\system32\msvidc32.dll
2014-03-30 18:25:03 13312 ----a-w- c:\windows\system32\msrle32.dll
2014-03-30 18:25:03 123904 ----a-w- c:\windows\system32\msvfw32.dll
2014-03-30 18:24:43 750080 ----a-w- c:\windows\system32\qmgr.dll
2014-03-30 18:24:18 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2014-03-30 18:23:57 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-03-30 18:23:28 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-30 17:58:45 -------- d-----w- c:\users\budzone\appdata\local\Mozilla
2014-03-30 17:58:18 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-03-30 17:56:26 -------- d-sh--w- c:\windows\Installer
2014-03-30 17:56:21 -------- d-----w- C:\temp
2014-03-30 17:56:17 -------- d-----w- c:\program files\Level Quality Watcher
2014-03-30 17:55:40 -------- d-----w- c:\program files\PlurPush
2014-03-30 17:08:18 -------- dcsh--w- C:\Boot
.
==================== Find3M ====================
.
2014-04-05 10:24:31 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2014-03-31 22:35:41 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2014-03-31 22:31:51 5632 ----a-w- c:\windows\system32\drivers\en-us\sermouse.sys.mui
2014-03-31 22:29:55 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2014-03-31 21:04:16 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2014-03-31 21:04:16 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2014-03-31 21:04:16 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2014-03-31 21:04:15 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2014-03-31 21:04:15 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
.
============= FINISH: 9:37:21.78 ===============
 
Last edited by a moderator:
:snwelcome:

You have a lot of bogus toolbars and garbage installed, lets do this

Do this first...Important

Disable the TeaTimer, leave it disabled, do not turn it back on until we're done or it will prevent fixes from taking
  • Run Spybot-S&D in Advanced Mode.
  • If it is not already set to do this Go to the Mode menu select "Advanced Mode"
  • On the left hand side, Click on Tools
  • Then click on the Resident Icon in the List
  • Uncheck "Resident TeaTimer" and OK any prompts.
  • Restart your computer.<--You need to do this for it to take effect
Please do not proceed until the TeaTimer is disabled






-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.



  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.






thisisujrt.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Re:trovi

Hi

I have the web version of Spybot. TeaTimer does not exist here.
I ran spybot scan several times. I tried the Deep Root scan too and it found nothing.
I just today loaded the Firefox update that was just released.
I will only know for sure if that fixed the problem when I reboot my computer so you will get a second note today.

Trovi.com zapped Firefox with hereto sexual ads that are annoy as I am A GAY Male!
I will know after I reboot.
Please do not close this ticket!

Thanks! Bud
 
After Reboot

Hi
The new Firefox did NOT work! I got trovi.com start page with a distorted image of Oprah Windfery on it!
So the problem is not fixed and trovi is still attached.

Please advise.
Thanks!
Bud



Beadbud5000 said:
Hi

I have the web version of Spybot. TeaTimer does not exist here.
I ran spybot scan several times. I tried the Deep Root scan too and it found nothing.
I just today loaded the Firefox update that was just released.
I will only know for sure if that fixed the problem when I reboot my computer so you will get a second note today.

Trovi.com zapped Firefox with hereto sexual ads that are annoy as I am A GAY Male!
I will know after I reboot.
Please do not close this ticket!

Thanks! Bud
Click to expand...
 
Follow the instructions I posted and run AdwCleaner, Junkware removal tool and post the logs
 
It worked! Thank you!
# AdwCleaner v3.205 - Report created 29/04/2014 at 16:57:29
# Updated 28/04/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium (32 bits)
# Username : budzone - HOMEPC
# Running from : C:\Users\budzone\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : ca82e1a5
[#] Service Deleted : CltMngSvc
[#] Service Deleted : Level Quality Watcher
[#] Service Deleted : tStLibG
[#] Service Deleted : Update PlurPush

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\PlurPush
Folder Deleted : C:\Program Files\SearchProtect
File Deleted : C:\Windows\system32\drivers\tStLibG.sys
File Deleted : C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\user.js

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Savings Bull
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\LevelQualityWatcher
Key Deleted : HKLM\Software\Savings Bull
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlurPush
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\optimi~1\optpro~2.dll

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16386


-\\ Mozilla Firefox v29.0 (en-US)

[ File : C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPD04EF258-F5D[...]
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B[...]

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=58&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&q={searchTerms}&SSPV=
Deleted [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=
Deleted [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh

*************************

AdwCleaner[R0].txt - [4079 octets] - [29/04/2014 16:56:08]
AdwCleaner[S0].txt - [3864 octets] - [29/04/2014 16:57:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3924 octets] ##########

Thanks again!
Bud
 
We have a saying around these forums that is really true... THE ABSENCE OF SYMPTOMS DOES NOT GUARANTEE A CLEAN COMPUTER. Still more to do, run the Junkware removal tool and then when you post the log I have a couple of more scans for you to run to make sure we got it all
 
Junkware Removal Tool

Hi

I ran a : Junkware Removal Tool by Thisisu – Version 6.1.4. I found it on Major Geeks. I used the author download.
It ran for hours today and it tested just about everything but disappeared when it was through. I fell asleep.



Still more further problems with my PC now.

Thanks!
Bud
 
Last edited by a moderator:
I'm sure the version you ran is ok, but you need to use the download links that we post for the tools we want you to run, this way we can be sure its the right one and not bogus

Still more further problems with my PC now.
Click to expand...
This is not telling me much ?????


GUZVCQN.jpg
Please download Malwarebytes Anti-Malware to your desktop.


mbam2.0.1.jpg

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • Once installed, Malwarebytes will ask if you want to Launch Now. Please select to do so and then Malwarebytes will open and update on its own. Please allow this to complete.
  • If an update is found, it will download and install the latest version.
  • Let's be sure to run a Hyper Scan. Press the Scan tab and then select Hyper Scan.
  • Press Scan Now then Skip Update (since we just updated it).
  • When the scan is complete, click View Detailed Log, then Export to save the log to your Desktop (name the log MBAM Scan).
  • Copy and Paste all of the information in that file to your next reply.
 
MalwareBytes scan

I ran this twice this morning. I exported after the second scan. The first scan found 5 items I chose to quarantine. The second for one item which I also quarantined; Here is the result:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/1/2014
Scan Time: 7:19:35 AM
Logfile: malwareBrun5-1.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.01.07
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 217567
Time Elapsed: 4 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[5cdf004c6d0e6acc6581b2b0a163be42]

Physical Sectors: 0
(No malicious items detected)


(end)


Beadbud5000 said:
Hi

I ran a : Junkware Removal Tool by Thisisu – Version 6.1.4. I found it on Major Geeks. I used the author download.
It ran for hours today and it tested just about everything but disappeared when it was through. I fell asleep.



Still more further problems with my PC now.

Thanks!
Bud
Click to expand...
 
I would like to see the results of the first scan you ran with Malwarebytes that removed the 5 items so I can see what was removed

Open Malwarebytes and click on the History tab, then Application Logs, select the log that had the 5 entries removed, then click on View > Copy to Clipboard and paste it in this thread please
 
1st Scan results

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/1/2014
Scan Time: 7:19:35 AM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.01.07
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 217567
Time Elapsed: 4 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[5cdf004c6d0e6acc6581b2b0a163be42]

Physical Sectors: 0
(No malicious items detected)


(end)

ken545 said:
I would like to see the results of the first scan you ran with Malwarebytes that removed the 5 items so I can see what was removed

Open Malwarebytes and click on the History tab, then Application Logs, select the log that had the 5 entries removed, then click on View > Copy to Clipboard and paste it in this thread please
Click to expand...
 
FYI
It has quarantined 6 items now. I could not get the scan log from 6:54 to copy on to text.
I will keep trying asw time allows
 
Thats the same report you posted originally that showed only one entry found, I really wanted to see the one that you said found 5 items

How are things running now ?
 
7 now!

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/1/2014
Scan Time: 4:39:14 PM
Logfile: 5-1-14.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.01.12
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 217855
Time Elapsed: 9 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[f64ac785ea9170c678fbef748e76d42c]

Physical Sectors: 0
(No malicious items detected)


(end)


Beadbud5000 said:
FYI
It has quarantined 6 items now. I could not get the scan log from 6:54 to copy on to text.
I will keep trying as time allows
Click to expand...
 
Still same report

Scan Date: 5/1/2014
Scan Time: 4:39:14 PM
Logfile: 5-1-14.txt
Administrator: Yes
 
I tried to go in manually.
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

But I have no folder called ProgramData - so I looked in Program Files\MalwareBytes\Anti-Malware and there were no log files.
Are you sure MalwareBytes is not a trick site? Every time I have my PC running, even when I am not directly online, MalwareBytes keeps finding a malicious thread without being run once, then it found another during a scan run, and then it found nothing...

Spybot is fine. My pc is quirky since I changed to Vista after 7 or 8 years of XP. I hate Vista!! I have installed some Unix systems but I really do not know how to use those yet.
Any ideas?




ken545 said:
Thats the same report you posted originally that showed only one entry found, I really wanted to see the one that you said found 5 items

How are things running now ?
Click to expand...
 
I have seen reports of a bogus Malwarebytes download, but the links I provided are safe, did you use one of them or go out on your own to find Malwarebytes

You wont find the logs in program data, just the way I posted previously

Vista was not one of the best OS to ever come down the pike, have you tried upgrading to Windows 7, its a very nice OS, here is a link to the Win 7 Upgrade Advisor to see if your system can be upgraded

http://www.microsoft.com/en-us/download/details.aspx?id=20



Run this scanner and lets see if anything else shows up

OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
MalwareBytes issue OTL scan results

Hi
I think I have a ghost screen in my pc. I got your malwarebytes from the reply you sent yesterday Yesterday when downloading, i noticed flash screens or "flutter". I have been slaped with many malware issue on various computers since 2004. I have been through 5 or 6 donated computers after the buiness computer I bought in 2003 fried in 2005. I'd say I have a bogus Malware Bytes.

Also, I technically am legally blind (MS related)
Here is the results for the OTL data scans and thanks for your help!

OTL by OldTimer
• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

5-2-14 result
OTL Notepad
OTL logfile created on: 5/2/2014 7:34:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\budzone\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 45.94% Memory free
4.20 Gb Paging File | 3.02 Gb Available in Paging File | 71.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.73 Gb Total Space | 197.07 Gb Free Space | 66.19% Space Free | Partition Type: NTFS

Computer Name: HOMEPC | User Name: budzone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\budzone\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()


========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBSTOR) -- C:\Windows\system32\drivers\usbstor.sys File not found
DRV - (SDHookDriver) -- C:\Program Files\Spybot File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc. )
DRV - (es1371) -- C:\Windows\System32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: s3google%40translator:2.14
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2014/03/30 14:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Extensions
[2014/04/24 16:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions
[2014/04/24 16:51:09 | 000,178,612 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
[2014/04/03 10:02:01 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\newtabgoogle@graememcc.co.uk.xpi
[2014/04/03 09:58:26 | 000,081,138 | ---- | M] () (No name found) -- C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\extensions\s3google@translator.xpi
[2014/04/29 11:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/04/29 11:19:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/04/27 12:33:44 | 000,450,628 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15471 more lines...
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2353803717-2395767213-293474553-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A0C729-663E-455B-B1FD-4EA2B468DA2F}: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\budzone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\budzone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/01 07:22:00 | 000,000,000 | ---D | C] -- C:\MalWtext
[2014/05/01 06:54:34 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/05/01 06:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/01 06:53:55 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/05/01 06:53:55 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/05/01 06:53:55 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/05/01 06:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/05/01 06:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/30 11:18:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/29 16:56:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/04/29 16:55:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/29 06:26:57 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2014/04/29 06:26:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2014/04/29 06:26:56 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2014/04/29 06:26:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2014/04/29 06:26:56 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2014/04/28 16:16:35 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
[2014/04/28 11:30:23 | 000,000,000 | ---D | C] -- C:\Users\budzone\Documents\Album Covers
[2014/04/26 06:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
[2014/04/26 06:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2014/04/26 06:54:26 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Roaming\Real
[2014/04/26 06:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/04/26 06:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2014/04/24 08:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/04/24 08:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/04/24 08:42:47 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Local\Google
[2014/04/13 13:56:25 | 000,000,000 | ---D | C] -- C:\ubuntu
[2014/04/12 08:14:25 | 000,000,000 | ---D | C] -- C:\mint
[2014/04/09 22:15:47 | 000,000,000 | ---D | C] -- C:\bud
[2014/04/09 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/04/08 12:08:13 | 000,000,000 | ---D | C] -- C:\787a51d3de09fd4ab9
[2014/04/07 20:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/04/07 20:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/04/07 20:32:44 | 000,000,000 | ---D | C] -- C:\3a0cf218a18bad4512376e
[2014/04/07 20:29:38 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2014/04/05 06:25:05 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014/04/05 06:25:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014/04/05 06:25:04 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014/04/05 06:25:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014/04/05 06:25:04 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014/04/05 06:25:04 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014/04/05 06:24:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2014/04/05 06:24:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2014/04/05 06:24:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2014/04/05 06:23:52 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2014/04/05 06:23:51 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/04/05 06:23:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2014/04/05 06:23:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2014/04/05 06:23:14 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2014/04/05 06:23:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2014/04/05 06:23:13 | 001,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/04/05 06:23:11 | 008,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2014/04/05 06:22:32 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014/04/05 06:22:13 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/04/05 06:21:53 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014/04/05 06:21:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2014/04/05 06:21:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2014/04/05 06:21:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2014/04/05 06:20:32 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/04/05 06:20:31 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/04/05 06:20:31 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/04/05 06:20:30 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/04/05 06:20:30 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/04/05 06:20:30 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/04/05 06:20:30 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/04/05 06:20:30 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/04/05 06:20:29 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/04/04 19:19:07 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/04/04 19:19:07 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/04/04 19:19:07 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2014/04/04 19:19:07 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/04/04 19:19:02 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2014/04/04 19:19:02 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2014/04/04 19:19:02 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/04/04 19:19:02 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2014/04/03 10:02:51 | 000,000,000 | ---D | C] -- C:\Users\budzone\AppData\Local\Adobe
[1 C:\Users\budzone\Documents\*.tmp files -> C:\Users\budzone\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/02 07:18:01 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/05/02 06:48:48 | 000,620,920 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/02 06:48:48 | 000,105,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/02 06:48:10 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/02 06:45:06 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/05/02 06:45:05 | 000,035,085 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/05/02 06:44:51 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/05/02 06:44:44 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/02 06:42:01 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/02 06:42:01 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/02 06:41:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/01 22:37:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/01 11:51:35 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60275C0-30FF-447D-BD78-2B0F74F7F890}.job
[2014/05/01 06:53:59 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/30 17:26:35 | 000,002,595 | ---- | M] () -- C:\Users\budzone\Desktop\Microsoft Word.lnk
[2014/04/30 15:37:30 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/04/30 15:37:30 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/04/29 11:19:29 | 000,000,870 | ---- | M] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/04/29 11:19:21 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/28 06:57:49 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/27 12:33:44 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/04/27 11:31:53 | 000,003,584 | ---- | M] () -- C:\Users\budzone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/26 15:48:24 | 201,952,749 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/26 07:35:12 | 000,034,612 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/24 08:47:58 | 000,001,995 | ---- | M] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/22 21:56:45 | 023,936,943 | ---- | M] () -- C:\Users\budzone\Desktop\stereo - The BEATLES 'White Album' - The Beatles (Analog).3gp
[2014/04/21 14:29:05 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140427-123344.backup
[2014/04/16 22:04:46 | 000,029,755 | ---- | M] () -- C:\Users\budzone\1401208_312493.jpg
[2014/04/15 08:49:10 | 000,002,593 | ---- | M] () -- C:\Users\budzone\Desktop\Microsoft Excel.lnk
[2014/04/13 13:59:24 | 000,197,915 | ---- | M] () -- C:\wubildr
[2014/04/13 13:59:24 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2014/04/09 14:30:23 | 000,000,618 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/04/09 14:30:23 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/04/09 00:30:23 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140421-142905.backup
[2014/04/08 11:06:00 | 000,042,187 | ---- | M] () -- C:\Users\budzone\5 inner planets.jpg
[2014/04/07 06:51:00 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140409-003023.backup
[2014/04/05 06:30:47 | 000,368,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/05 06:25:05 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2014/04/05 06:25:05 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2014/04/05 06:25:04 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2014/04/05 06:25:04 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2014/04/05 06:25:04 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2014/04/05 06:25:04 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2014/04/05 06:24:31 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\http.sys.mui
[2014/04/05 06:24:05 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2014/04/05 06:24:05 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2014/04/05 06:24:05 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2014/04/05 06:23:52 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2014/04/05 06:23:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2014/04/05 06:23:15 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2014/04/05 06:23:15 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2014/04/05 06:23:14 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2014/04/05 06:23:14 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2014/04/05 06:23:13 | 001,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/04/05 06:23:11 | 008,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2014/04/05 06:22:32 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2014/04/05 06:22:13 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/04/05 06:21:53 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2014/04/05 06:21:53 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2014/04/05 06:21:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2014/04/05 06:21:24 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2014/04/05 06:20:32 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/04/05 06:20:31 | 000,435,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/04/05 06:20:31 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/04/05 06:20:30 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/04/05 06:20:30 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/04/05 06:20:30 | 000,473,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/04/05 06:20:30 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/04/05 06:20:30 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/04/05 06:20:30 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/04/04 19:19:07 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/04/04 19:19:07 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/04/04 19:19:07 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2014/04/04 19:19:07 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/04/04 19:19:02 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2014/04/04 19:19:02 | 000,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2014/04/04 19:19:02 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2014/04/04 19:19:02 | 000,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2014/04/04 19:10:12 | 031,195,136 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2014/04/04 19:10:12 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2014/04/04 19:10:12 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2014/04/03 09:51:10 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/04/03 09:51:00 | 000,073,432 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/04/02 10:29:43 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140407-065100.backup
[2014/04/02 10:20:36 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140402-102943.backup
[1 C:\Users\budzone\Documents\*.tmp files -> C:\Users\budzone\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/01 06:53:59 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/29 08:59:28 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{F60275C0-30FF-447D-BD78-2B0F74F7F890}.job
[2014/04/29 06:26:56 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2014/04/27 11:31:51 | 000,003,584 | ---- | C] () -- C:\Users\budzone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/26 15:48:05 | 201,952,749 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/04/24 08:44:13 | 000,001,995 | ---- | C] () -- C:\Users\budzone\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/24 08:44:13 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/24 08:43:00 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/24 08:42:58 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/22 21:53:03 | 023,936,943 | ---- | C] () -- C:\Users\budzone\Desktop\stereo - The BEATLES 'White Album' - The Beatles (Analog).3gp
[2014/04/16 22:04:46 | 000,029,755 | ---- | C] () -- C:\Users\budzone\1401208_312493.jpg
[2014/04/12 08:19:45 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2014/04/12 08:19:43 | 000,197,915 | ---- | C] () -- C:\wubildr
[2014/04/10 10:14:21 | 000,001,273 | ---- | C] () -- C:\Users\budzone\Authorization.xml
[2014/04/08 11:06:00 | 000,042,187 | ---- | C] () -- C:\Users\budzone\5 inner planets.jpg
[2014/04/08 09:25:34 | 000,024,459 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Straprevised.rtf
[2014/04/08 09:25:34 | 000,024,056 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Strap.rtf
[2014/04/08 09:25:34 | 000,019,927 | ---- | C] () -- C:\Users\budzone\Documents\The Minister wrath.rtf
[2014/04/08 09:25:34 | 000,017,840 | ---- | C] () -- C:\Users\budzone\Documents\The Rawlins Strap-.rtf
[2014/04/08 09:25:34 | 000,013,711 | ---- | C] () -- C:\Users\budzone\Documents\Triangular Foundations.rtf
[2014/04/08 09:25:34 | 000,010,245 | ---- | C] () -- C:\Users\budzone\Documents\TheJoeKirksonP3.rtf
[2014/04/08 09:25:34 | 000,008,827 | ---- | C] () -- C:\Users\budzone\Documents\Trevor is waiting.rtf
[2014/04/08 09:25:34 | 000,004,989 | ---- | C] () -- C:\Users\budzone\Documents\troubledlines.rtf
[2014/04/08 09:25:33 | 000,096,776 | ---- | C] () -- C:\Users\budzone\Documents\teachers.rtf
[2014/04/08 09:25:33 | 000,045,431 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop2.rtf
[2014/04/08 09:25:33 | 000,039,551 | ---- | C] () -- C:\Users\budzone\Documents\the joe kirkson meetings.rtf
[2014/04/08 09:25:33 | 000,037,466 | ---- | C] () -- C:\Users\budzone\Documents\The Boss--.rtf
[2014/04/08 09:25:33 | 000,031,779 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop.rtf
[2014/04/08 09:25:33 | 000,031,317 | ---- | C] () -- C:\Users\budzone\Documents\The Bar-.rtf
[2014/04/08 09:25:33 | 000,018,892 | ---- | C] () -- C:\Users\budzone\Documents\teachers-.rtf
[2014/04/08 09:25:33 | 000,009,388 | ---- | C] () -- C:\Users\budzone\Documents\The Leather Shop 2final.rtf
[2014/04/08 09:25:33 | 000,007,066 | ---- | C] () -- C:\Users\budzone\Documents\The Bar.rtf
[2014/04/08 09:25:33 | 000,006,820 | ---- | C] () -- C:\Users\budzone\Documents\The Blond Man with the Gold Band Wristwatch.rtf
[2014/04/08 09:25:32 | 000,037,948 | ---- | C] () -- C:\Users\budzone\Documents\Summer Adjustments P1.rtf
[2014/04/08 09:25:32 | 000,018,889 | ---- | C] () -- C:\Users\budzone\Documents\Summer revisedfinal2-10.rtf
[2014/04/08 09:25:32 | 000,012,982 | ---- | C] () -- C:\Users\budzone\Documents\spatula.rtf
[2014/04/08 09:25:32 | 000,009,453 | ---- | C] () -- C:\Users\budzone\Documents\SD Belt Fantasy.rtf
[2014/04/08 09:25:32 | 000,008,344 | ---- | C] () -- C:\Users\budzone\Documents\SouthernCharm.rtf
[2014/04/08 09:25:32 | 000,005,939 | ---- | C] () -- C:\Users\budzone\Documents\Summer Adjustments Part 2.rtf
[2014/04/08 09:25:32 | 000,004,298 | ---- | C] () -- C:\Users\budzone\Documents\Small Ornamental Mask.rtf
[2014/04/08 09:25:32 | 000,000,393 | ---- | C] () -- C:\Users\budzone\Documents\spankingad.rtf
[2014/04/08 09:25:31 | 000,026,001 | ---- | C] () -- C:\Users\budzone\Documents\nedP2.rtf
[2014/04/08 09:25:31 | 000,011,847 | ---- | C] () -- C:\Users\budzone\Documents\mohammed.rtf
[2014/04/08 09:25:30 | 000,035,182 | ---- | C] () -- C:\Users\budzone\Documents\joekirksonp3.rtf
[2014/04/08 09:25:30 | 000,017,527 | ---- | C] () -- C:\Users\budzone\Documents\Lew.rtf
[2014/04/08 09:25:30 | 000,004,256 | ---- | C] () -- C:\Users\budzone\Documents\Jk alt.rtf
[2014/04/08 09:25:29 | 000,033,139 | ---- | C] () -- C:\Users\budzone\Documents\James Kirkson2012.rtf
[2014/04/08 09:25:29 | 000,032,544 | ---- | C] () -- C:\Users\budzone\Documents\Into Old Cars revised.rtf
[2014/04/08 09:25:29 | 000,025,487 | ---- | C] () -- C:\Users\budzone\Documents\James Kirkson Meetings.rtf
[2014/04/08 09:25:29 | 000,005,213 | ---- | C] () -- C:\Users\budzone\Documents\Fertility Mask.rtf
[2014/04/08 09:25:29 | 000,004,146 | ---- | C] () -- C:\Users\budzone\Documents\It happened slowly over a relatively brief amount of time.rtf
[2014/04/08 09:25:28 | 000,031,014 | ---- | C] () -- C:\Users\budzone\Documents\Father.rtf
[2014/04/08 09:25:28 | 000,030,895 | ---- | C] () -- C:\Users\budzone\Documents\DadSexLesf.rtf
[2014/04/08 09:25:28 | 000,023,257 | ---- | C] () -- C:\Users\budzone\Documents\Father2.rtf
[2014/04/08 09:25:28 | 000,022,699 | ---- | C] () -- C:\Users\budzone\Documents\Father-.rtf
[2014/04/08 09:25:28 | 000,021,271 | ---- | C] () -- C:\Users\budzone\Documents\Curt2.rtf
[2014/04/08 09:25:28 | 000,019,967 | ---- | C] () -- C:\Users\budzone\Documents\dad sex lesson 3-22-13.rtf
[2014/04/08 09:25:28 | 000,019,131 | ---- | C] () -- C:\Users\budzone\Documents\dadsexlessonrevised.rtf
[2014/04/08 09:25:28 | 000,019,061 | ---- | C] () -- C:\Users\budzone\Documents\Father Part II1.rtf
[2014/04/08 09:25:28 | 000,016,899 | ---- | C] () -- C:\Users\budzone\Documents\Curt.rtf
[2014/04/08 09:25:28 | 000,010,478 | ---- | C] () -- C:\Users\budzone\Documents\ebaytemp.rtf
[2014/04/08 09:25:28 | 000,008,874 | ---- | C] () -- C:\Users\budzone\Documents\delZip179.rtf
[2014/04/08 09:25:25 | 000,016,385 | ---- | C] () -- C:\Users\budzone\Documents\Camping-.rtf
[2014/04/08 09:25:25 | 000,015,593 | ---- | C] () -- C:\Users\budzone\Documents\Campingrev.rtf
[2014/04/08 09:25:25 | 000,014,752 | ---- | C] () -- C:\Users\budzone\Documents\Camping.rtf
[2014/04/08 09:25:25 | 000,004,028 | ---- | C] () -- C:\Users\budzone\Documents\Compote Frosted Pink Fostoria.rtf
[2014/04/08 09:25:24 | 000,049,664 | ---- | C] () -- C:\Users\budzone\Documents\Business cards.pub
[2014/04/08 09:25:24 | 000,044,491 | ---- | C] () -- C:\Users\budzone\Documents\Bondingrevised.rtf
[2014/04/08 09:25:24 | 000,026,164 | ---- | C] () -- C:\Users\budzone\Documents\CalbertandMe.rtf
[2014/04/08 09:25:24 | 000,024,765 | ---- | C] () -- C:\Users\budzone\Documents\calbertandmepart2.rtf
[2014/04/08 09:25:24 | 000,022,485 | ---- | C] () -- C:\Users\budzone\Documents\CalbertandMeP2.rtf
[2014/04/08 09:25:24 | 000,021,159 | ---- | C] () -- C:\Users\budzone\Documents\Bill's Surprise2-4-13.rtf
[2014/04/08 09:25:24 | 000,019,427 | ---- | C] () -- C:\Users\budzone\Documents\Bill's Surprise.rtf
[2014/04/08 09:25:24 | 000,018,111 | ---- | C] () -- C:\Users\budzone\Documents\CalAlan.rtf
[2014/04/08 09:25:24 | 000,013,015 | ---- | C] () -- C:\Users\budzone\Documents\Blond Boys in the Theatrefinal.rtf
[2014/04/08 09:25:24 | 000,010,919 | ---- | C] () -- C:\Users\budzone\Documents\Backup of The Bar-.wbk
[2014/04/08 09:25:23 | 000,055,959 | ---- | C] () -- C:\Users\budzone\Documents\A Fake.rtf
[2014/04/08 09:25:23 | 000,037,433 | ---- | C] () -- C:\Users\budzone\Documents\A Salacious Affair.rtf
[2014/04/08 09:25:23 | 000,022,124 | ---- | C] () -- C:\Users\budzone\Documents\Agreements (Part 2).rtf
[2014/04/08 09:25:23 | 000,019,745 | ---- | C] () -- C:\Users\budzone\Documents\A Time For Passion.rtf
[2014/04/08 09:25:23 | 000,018,166 | ---- | C] () -- C:\Users\budzone\Documents\AlanRobert.rtf
[2014/04/08 09:25:23 | 000,015,959 | ---- | C] () -- C:\Users\budzone\Documents\AdiffMattdaly.rtf
[2014/04/08 09:25:23 | 000,014,448 | ---- | C] () -- C:\Users\budzone\Documents\Agreementsp1.rtf
[2014/04/08 09:25:23 | 000,006,409 | ---- | C] () -- C:\Users\budzone\Documents\21st century Poem.rtf
[2014/04/08 09:25:23 | 000,005,561 | ---- | C] () -- C:\Users\budzone\Documents\21st Century Salutations.rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$Time For Passion.rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$reements (Part 2).rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$mes Kirkson2012.rtf
[2014/04/08 09:25:23 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$e Leather Shop2.rtf
[2014/04/08 09:25:22 | 000,000,162 | ---- | C] () -- C:\Users\budzone\Documents\~$A Fake.rtf
[2014/04/07 20:37:54 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.001
[2014/04/07 20:37:51 | 000,035,085 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2014/03/31 14:21:11 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/03/30 18:26:49 | 000,034,612 | ---- | C] () -- C:\Windows\wininit.ini

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/31 18:41:32 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/04/05 06:25:05 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 05:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/03/31 11:15:30 | 000,000,000 | ---D | M] -- C:\Users\budzone\AppData\Roaming\DriverFinder

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
Extras Notepad

OTL Extras logfile created on: 5/2/2014 7:34:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\budzone\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 45.94% Memory free
4.20 Gb Paging File | 3.02 Gb Available in Paging File | 71.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.73 Gb Total Space | 197.07 Gb Free Space | 66.19% Space Free | Partition Type: NTFS

Computer Name: HOMEPC | User Name: budzone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{398CC83A-9771-44AB-B689-656418DCE800}C:\program files\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdupdate.exe |
"UDP Query User{D270D848-44E9-4FE5-AD5D-C9BA3A47DF88}C:\program files\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdupdate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Google Chrome" = Google Chrome
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mint4win" = Linux_Mint_Main
"Mozilla Firefox 29.0 (x86 en-US)" = Mozilla Firefox 29.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"Wubi" = Ubuntu

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2014 3:56:15 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
Description = Faulting application wevtutil.exe, version 6.0.6000.16386, time stamp
0x4549af1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000142, fault offset 0x00008fc7, process id 0x10d20, application
start time 0x01cf64ae3bd3c7a4.

Error - 4/30/2014 3:56:52 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
Description = Faulting application wevtutil.exe, version 6.0.6000.16386, time stamp
0x4549af1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000142, fault offset 0x00008fc7, process id 0x11bb0, application
start time 0x01cf64ae411b4e4e.

Error - 4/30/2014 4:08:57 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
Description = Faulting application wevtutil.exe, version 6.0.6000.16386, time stamp
0x4549af1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000142, fault offset 0x00008fc7, process id 0x12a08, application
start time 0x01cf64ae57d92e26.

Error - 4/30/2014 4:20:52 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
Description = Faulting application wevtutil.exe, version 6.0.6000.16386, time stamp
0x4549af1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000142, fault offset 0x00008fc7, process id 0x12ec4, application
start time 0x01cf64b00812ef7e.

Error - 4/30/2014 5:19:58 PM | Computer Name = Homepc | Source = Application Error | ID = 1000
Description = Faulting application SDWelcome.exe, version 2.2.21.129, time stamp
0x51dd1105, faulting module kernel32.dll, version 6.0.6000.16820, time stamp 0x49952034,
exception code 0xc0000005, fault offset 0x0004fcac, process id 0x25bc, application
start time 0x01cf64b9f0288f0e.

Error - 4/30/2014 5:23:20 PM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error - 5/1/2014 6:26:40 AM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error - 5/1/2014 6:50:56 PM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error - 5/1/2014 8:44:30 PM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error - 5/2/2014 6:42:59 AM | Computer Name = Homepc | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

[ System Events ]
Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/4/2014 6:54:28 PM | Computer Name = Homepc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =


< End of report >
 
Bud, sorry for your health issues, myself I lost my hearing about 20 years ago and have Cochlear Implants

The problem your having is because your hosts file is infected, after you run this fix post the log from the fix, then go open Internet Explorer and change your start page to anyone you like, then run a new scan with OTL and post the new log, you wont get an extras log on the second run so dont knock yourself out looking for it. Your copy of Malwarebytes is legit by the way



Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-2353803717-2395767213-293474553-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
[2014/04/21 14:29:05 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140427-123344.backup
[2014/04/09 00:30:23 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140421-142905.backup
[2014/04/07 06:51:00 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140409-003023.backup
[2014/04/02 10:29:43 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140407-065100.backup
[2014/04/02 10:20:36 | 000,450,628 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140402-102943.backup


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA] 
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces

Then run a new scan with OTL and post the new log please
 
Status
Not open for further replies.
Back
Top