Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

conduit search

Started by sandymush , Apr 15 2014 06:51 PM

  • This topic is locked This topic is locked

#1
sandymush
Posted 15 April 2014 - 06:51 PM

sandymush

    New Member

  • Member
  • Pip
  • 4 posts

I have conduit search on my machine. I have researched and already downloaded the following programs:

 

AdwCleaner

 

JRT

 

I have ran them in that order. Here are the logs.........................

 

 # AdwCleaner v3.023 - Report created 15/04/2014 at 20:25:51

# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sandy Mush - SANDYMUSH-PC
# Running from : C:\Users\Sandy Mush\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : 70e6ca8c
Service Deleted : CltMngSvc
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\PCFixSpeed
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\Program Files (x86)\Mysearchdial
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\PCFixSpeed
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Users\Sandy Mush\AppData\Local\emaze
Folder Deleted : C:\Users\Sandy Mush\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Sandy Mush\AppData\Local\VisualBeeClient
Folder Deleted : C:\Users\Sandy Mush\AppData\Local\visualbeeexe
Folder Deleted : C:\Users\Sandy Mush\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\Sandy Mush\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\Sandy Mush\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\Sandy Mush\AppData\Roaming\PCFixSpeed
Folder Deleted : C:\Users\Sandy Mush\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Sandy Mush\Documents\Optimizer Pro
File Deleted : C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\MySearchDial.job
File Deleted : C:\Windows\System32\Tasks\MySearchDial
File Deleted : C:\Windows\Tasks\UpdaterEX.job
File Deleted : C:\Windows\System32\Tasks\UpdaterEX
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [PCFixSpeed]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
 
*************************
 
AdwCleaner[R0].txt - [9233 octets] - [15/04/2014 20:07:02]
AdwCleaner[S0].txt - [7864 octets] - [15/04/2014 20:25:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7924 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sandy Mush on Tue 04/15/2014 at 20:32:35.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Failed to stop: [Service] qknfd 
Successfully stopped: [Service] qksvc 
Successfully deleted: [Service] qksvc 
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files (x86)\quiknowledge"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc fix speed"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/15/2014 at 20:37:05.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 

  • 0

Advertisements

#2
zep516
Posted 15 April 2014 - 07:00 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

First

Please download OTL to your Desktop

  • Double click on the OTLicon.jpg to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox
    and
  • Check the option for All under the Extra Registry section
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic


  • OTL.txt <-- Will be opened, maximized
  • Extras.txt <-- Will be minimized on task bar.

Please post the contents of both OTL.txt and Extras.txt files in your next reply.

 

Thanks

Joe :)


  • 0

#3
sandymush
Posted 17 April 2014 - 02:03 PM

sandymush

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL logfile created on: 4/17/2014 3:58:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sandy Mush\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.99 Gb Total Physical Memory | 6.54 Gb Available Physical Memory | 81.88% Memory free
15.98 Gb Paging File | 13.50 Gb Available in Paging File | 84.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 883.83 Gb Free Space | 94.89% Space Free | Partition Type: NTFS
 
Computer Name: SANDYMUSH-PC | User Name: Sandy Mush | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/17 15:56:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sandy Mush\Desktop\OTL.exe
PRC - [2014/04/13 13:40:43 | 001,865,576 | ---- | M] (HQvidPv1.1) -- C:\Program Files (x86)\HQvidPv1.1\90ea0056-47b8-4705-bc6a-783c6f594e02-3.exe
PRC - [2014/04/11 22:17:10 | 000,078,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
PRC - [2014/04/11 22:16:59 | 000,449,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
PRC - [2014/04/03 20:07:44 | 000,257,224 | ---- | M] (Microsoft Corporation) -- C:\Users\Sandy Mush\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2014/04/01 21:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
PRC - [2014/02/13 02:25:46 | 000,701,800 | ---- | M] (Crawler, LLC) -- C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe
PRC - [2014/02/13 02:25:38 | 000,064,360 | ---- | M] (Crawler, LLC) -- C:\Program Files (x86)\PCTechHotline\PCTHHook.exe
PRC - [2014/02/13 02:25:30 | 001,905,000 | ---- | M] (Crawler, LLC) -- C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/11 22:17:03 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
MOD - [2014/04/11 22:15:18 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2014/04/01 21:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014/04/01 21:58:02 | 013,691,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
MOD - [2014/04/01 21:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014/04/01 21:57:54 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
MOD - [2014/04/01 21:57:53 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
MOD - [2014/04/01 21:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014/04/01 21:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SupraSavings\SecureAssist.exe -- (SecureAssist)
SRV:64bit: - [2014/04/13 13:39:17 | 000,706,560 | ---- | M] () [Auto | Running] -- C:\Program Files\003\vxlsnyaiet64.exe -- (vxlsnyaiet64)
SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/01 02:58:10 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/03/13 18:45:46 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2014/03/07 11:46:04 | 000,309,080 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist Corporate\1019\g2aservice.exe -- (GoToAssist)
SRV - [2014/02/13 02:25:46 | 000,701,800 | ---- | M] (Crawler, LLC) [Auto | Running] -- C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe -- (PCTechHotlineSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/02/05 19:13:12 | 000,058,256 | ---- | M] (Quiknowledge) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\qknfd.sys -- (qknfd)
DRV:64bit: - [2012/06/20 10:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/08 19:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/01 05:12:38 | 009,320,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/06/01 05:12:38 | 009,320,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/01 02:19:14 | 000,306,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/29 12:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 22:32:26 | 000,231,224 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...r=329231690&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3398611636-3642970246-1444138271-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3398611636-3642970246-1444138271-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3398611636-3642970246-1444138271-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3398611636-3642970246-1444138271-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 23 FB 0B 1B 3A CF 01  [binary data]
IE - HKU\S-1-5-21-3398611636-3642970246-1444138271-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3398611636-3642970246-1444138271-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-3398611636-3642970246-1444138271-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Sandy Mush\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.searc...={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Error reading preferences file
CHR - Extension: SupraSavings = C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjegdojkkoghnbiollpogeeimocanmk\5.0_0\
CHR - Extension: Google Docs = C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: HQvidPv1.1 = C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.55_0\crossrider
CHR - Extension: HQvidPv1.1 = C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.55_0\
CHR - Extension: Google Wallet = C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Quiknowledge) - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCTechHotline] C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe (Crawler, LLC)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3398611636-3642970246-1444138271-1000..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-21-3398611636-3642970246-1444138271-1000..\Run: [GoogleChromeAutoLaunch_3A1B6269FDC8784763F825635F5275C4] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3398611636-3642970246-1444138271-1000..\Run: [SkyDrive] C:\Users\Sandy Mush\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3398611636-3642970246-1444138271-1000..\Run: [WeatherBug] C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3398611636-3642970246-1444138271-1000..\RunOnce: [Uninstall C:\Users\Sandy Mush\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sandy Mush\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64" File not found
O4 - HKU\S-1-5-21-3398611636-3642970246-1444138271-1000..\RunOnce: [Uninstall C:\Users\Sandy Mush\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sandy Mush\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWow64\SecureAssist.dll (SecureAssist)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.10.74 172.16.10.59 172.17.10.59
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A247038-EF60-43B3-98FA-DB6687D7C5A9}: DhcpNameServer = 172.16.10.74 172.16.10.59 172.17.10.59
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist Corporate\1019\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist Corporate\1019\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/17 15:56:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sandy Mush\Desktop\OTL.exe
[2014/04/15 20:31:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/15 20:02:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/13 13:40:57 | 000,295,080 | ---- | C] (SecureAssist) -- C:\Windows\SysWow64\SecureAssist.dll
[2014/04/13 13:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HQvidPv1.1
[2014/04/13 13:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupraSavings
[2014/04/13 13:39:19 | 000,000,000 | ---D | C] -- C:\temp
[2014/04/13 13:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\suprasavings
[2014/04/13 13:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\003
[2014/04/13 13:38:17 | 000,000,000 | ---D | C] -- C:\Users\Sandy Mush\AppData\Roaming\PC Tech Hotline
[2014/04/13 13:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline
[2014/04/13 13:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCTechHotline
[2014/04/13 13:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Sandy Mush\AppData\Local\EmieUserList
[2014/04/13 13:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Sandy Mush\AppData\Local\EmieSiteList
[2014/04/13 03:01:06 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/13 03:01:06 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/13 03:01:05 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/13 03:00:53 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/13 03:00:53 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/13 03:00:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/13 03:00:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/13 03:00:51 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/13 03:00:51 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/13 03:00:51 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/13 03:00:51 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/13 03:00:51 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/13 03:00:50 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/13 03:00:50 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/13 03:00:50 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/13 03:00:50 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/13 03:00:49 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/13 03:00:49 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/13 03:00:49 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/13 03:00:47 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/13 03:00:47 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/13 03:00:47 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/13 03:00:46 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/13 03:00:46 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/13 03:00:46 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/13 03:00:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/13 03:00:42 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/13 03:00:41 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/13 03:00:38 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/12 14:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/04/12 14:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2014/04/12 14:31:26 | 000,000,000 | ---D | C] -- C:\Users\Sandy Mush\AppData\Local\PC_Drivers_Headquarters
[2014/04/12 14:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Support
[2014/04/12 14:30:06 | 000,000,000 | ---D | C] -- C:\Users\Sandy Mush\AppData\Local\IsolatedStorage
[2014/04/12 14:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Earth Networks
[2014/04/12 14:29:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0D840360-FAC8-45E3-8244-E235EB1E30AA}
[2014/04/12 14:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Support
[2014/04/12 14:29:12 | 000,000,000 | ---D | C] -- C:\Users\Sandy Mush\AppData\Local\Programs
[2014/04/12 14:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Quiknowledge
[2014/04/12 14:22:05 | 000,000,000 | ---D | C] -- C:\Users\Sandy Mush\AppData\Local\Diagnostics
[2014/04/11 17:33:41 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/04/11 17:33:41 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/04/11 17:33:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/04/11 17:33:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/04/11 17:33:39 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/11 17:33:39 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/11 17:33:39 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/11 17:33:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/11 17:33:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/11 17:33:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/11 17:33:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/11 17:33:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/11 17:33:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/11 17:33:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/08 18:59:23 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/04/01 07:58:04 | 000,000,000 | ---D | C] -- C:\Users\Sandy Mush\Documents\Custom Office Templates
[2014/03/25 21:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/03/25 21:08:53 | 000,000,000 | R--D | C] -- C:\Users\Sandy Mush\OneDrive
[2014/03/25 21:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft OneDrive
[2014/03/25 21:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2014/03/25 21:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/03/25 21:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2014/03/25 21:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/03/25 20:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/17 15:59:47 | 000,002,782 | ---- | M] () -- C:\Windows\tasks\90ea0056-47b8-4705-bc6a-783c6f594e02-3.job
[2014/04/17 15:56:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sandy Mush\Desktop\OTL.exe
[2014/04/17 15:55:44 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/17 15:54:46 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/17 15:54:41 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/17 15:54:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/15 20:34:04 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/15 20:34:04 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/15 20:31:55 | 000,818,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/15 20:31:55 | 000,689,252 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/15 20:31:55 | 000,130,718 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/15 20:27:00 | 000,002,064 | ---- | M] () -- C:\Windows\tasks\90ea0056-47b8-4705-bc6a-783c6f594e02-4.job
[2014/04/15 20:26:54 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/15 10:29:04 | 000,000,094 | ---- | M] () -- C:\Users\Sandy Mush\AppData\Roaming\WB.CFG
[2014/04/13 13:40:08 | 000,001,264 | ---- | M] () -- C:\Users\Sandy Mush\Desktop\Create Amazing Presentations.lnk
[2014/04/13 13:38:11 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\PC Tech Hotline.lnk
[2014/04/13 13:38:03 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2014/04/11 17:37:31 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/04 03:01:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/02 07:38:39 | 000,332,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/25 21:15:24 | 000,002,401 | ---- | M] () -- C:\Users\Sandy Mush\Desktop\Word 2013.lnk
[2014/03/25 21:15:23 | 000,002,400 | ---- | M] () -- C:\Users\Sandy Mush\Desktop\PowerPoint 2013.lnk
[2014/03/25 21:15:23 | 000,002,363 | ---- | M] () -- C:\Users\Sandy Mush\Desktop\Excel 2013.lnk
 
========== Files Created - No Company Name ==========
 
[2014/04/13 13:40:56 | 000,002,064 | ---- | C] () -- C:\Windows\tasks\90ea0056-47b8-4705-bc6a-783c6f594e02-4.job
[2014/04/13 13:40:44 | 000,002,782 | ---- | C] () -- C:\Windows\tasks\90ea0056-47b8-4705-bc6a-783c6f594e02-3.job
[2014/04/13 13:40:08 | 000,001,264 | ---- | C] () -- C:\Users\Sandy Mush\Desktop\Create Amazing Presentations.lnk
[2014/04/13 13:40:08 | 000,001,264 | ---- | C] () -- C:\Users\Sandy Mush\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2014/04/13 13:38:11 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\PC Tech Hotline.lnk
[2014/04/13 13:38:03 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2014/04/12 15:29:00 | 000,000,094 | ---- | C] () -- C:\Users\Sandy Mush\AppData\Roaming\WB.CFG
[2014/03/25 21:13:12 | 000,002,401 | ---- | C] () -- C:\Users\Sandy Mush\Desktop\Word 2013.lnk
[2014/03/25 21:13:12 | 000,002,400 | ---- | C] () -- C:\Users\Sandy Mush\Desktop\PowerPoint 2013.lnk
[2014/03/25 21:13:12 | 000,002,363 | ---- | C] () -- C:\Users\Sandy Mush\Desktop\Excel 2013.lnk
[2014/03/25 21:08:53 | 000,002,155 | ---- | C] () -- C:\Users\Sandy Mush\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
[2014/03/05 21:59:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
 

OTL Extras logfile created on: 4/17/2014 3:58:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sandy Mush\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.99 Gb Total Physical Memory | 6.54 Gb Available Physical Memory | 81.88% Memory free
15.98 Gb Paging File | 13.50 Gb Available in Paging File | 84.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 883.83 Gb Free Space | 94.89% Space Free | Partition Type: NTFS
 
Computer Name: SANDYMUSH-PC | User Name: Sandy Mush | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3398611636-3642970246-1444138271-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9CD5B3CB-6A90-437C-9ECA-A09246C06BBB}" = dir=in | app=c:\users\sandy mush\appdata\local\microsoft\skydrive\skydrive.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{59D3F691-179D-4E52-832C-D22B81541AC5}" = Microsoft SQL Server 2008 Setup Support Files 
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D9473D19-26F1-4B91-BBAC-4089CB41BC48}" = Microsoft SQL Server 2008 Management Objects
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{F4264106-F90E-4076-98CF-1B878DB14513}" = SQL Server System CLR Types
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"HomeStudentRetail - en-us" = Microsoft Office Home and Student 2013 - en-us
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"suprasavings" = suprasavings
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3365E735-48A6-4194-9988-CE59AC5AE503}" = Bing Bar
"{597FB4A5-DD86-4316-A410-7E8074CC2CCE}" = Driver Support
"{760781F2-4243-4A6C-81DF-0AFECA68D984}" = FirePrograms
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1" = PC Tech Hotline
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC7E7905-8C59-4806-A96D-30936A2B1FC5}" = Citrix Online Launcher
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{E6B105B8-1F65-4428-9397-1DFD8A03B94D}" = SupraSavings
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1" = PC Fix Speed 1.2.0.42
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"FirePrograms" = FirePrograms
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"HQvidPv1.1" = HQvidPv1.1
"Quiknowledge" = Quiknowledge
"WeatherBug®" = WeatherBug®
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3398611636-3642970246-1444138271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
"VisualBee for Microsoft PowerPoint" = VisualBee for Microsoft PowerPoint
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/17/2014 3:57:36 PM | Computer Name = SandyMush-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 14b0    Start Time:
 01cf5a7717c39b8d    Termination Time: 6    Application Path: C:\Users\Sandy Mush\Downloads\OTL.exe
 
Report
 Id: 79f495d9-c66a-11e3-b22c-18a905b42148  
 
[ System Events ]
Error - 4/17/2014 3:54:40 PM | Computer Name = SandyMush-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
 

  • 0

#4
zep516
Posted 17 April 2014 - 02:54 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello sandymush,

First

Programs to remove
  • suprasavings
  • HQvidPv1.1
  • Quiknowledge
  • PC Fix Speed 1.2.0.42
  • PC Tech Hotline
Lets remove all of those programs listed above. Some of them may be gone already, please check for them and remove if found.
==> Click > Start > Control Panel > Programs & Features.

Next

We need to do a "fix" to delete some files using OTL.
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
[CREATERESTOREPOINT]

:OTL
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SupraSavings\SecureAssist.exe -- (SecureAssist)
DRV:64bit: - [2014/02/05 19:13:12 | 000,058,256 | ---- | M] (Quiknowledge) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\qknfd.sys -- (qknfd)
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...r=329231690&ir=
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not found 
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
[2014/04/13 13:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HQvidPv1.1
[2014/04/13 13:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupraSavings
[2014/04/13 13:39:19 | 000,000,000 | ---D | C] -- C:\temp
[2014/04/13 13:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\suprasavings
[2014/04/13 13:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\003
[2014/04/13 13:38:17 | 000,000,000 | ---D | C] -- C:\Users\Sandy Mush\AppData\Roaming\PC Tech Hotline
[2014/04/13 13:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline
[2014/04/13 13:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCTechHotline
[2014/04/12 14:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Quiknowledge
[2014/04/13 13:38:11 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\PC Tech Hotline.lnk
[2014/04/13 13:38:03 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2014/04/13 13:38:11 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\PC Tech Hotline.lnk
[2014/04/13 13:38:03 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Optimize Your PC.lnk
[2014/04/13 13:40:56 | 000,002,064 | ---- | C] () -- C:\Windows\tasks\90ea0056-47b8-4705-bc6a-783c6f594e02-4.job
[2014/04/13 13:40:44 | 000,002,782 | ---- | C] () -- C:\Windows\tasks\90ea0056-47b8-4705-bc6a-783c6f594e02-3.job

:Files

ipconfig /flushdns /c
C:\Program Files (x86)\HQvidPv1.1\90ea0056-47b8-4705-bc6a-783c6f594e02-3.exe
C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe
C:\Program Files (x86)\PCTechHotline\PCTHHook.exe
C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe

:Commands

[emptytemp]
[resethosts]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
Next

Please download Malwarebytes' Anti-Malware to your desktop from Here
Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

In your next reply post:
  • The OTL Fix log, located here - > C:\_OTL\Moved Files
  • New OTL After quick scan.
  • Malwarebytes log.
Thanks
Joe :)
  • 0

#5
sandymush
Posted 17 April 2014 - 07:41 PM

sandymush

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

OTL FIX LOG:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service SecureAssist stopped successfully!
Service SecureAssist deleted successfully!
File C:\Program Files\SupraSavings\SecureAssist.exe not found.
Error: Unable to stop service qknfd!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qknfd deleted successfully.
C:\Windows\SysNative\drivers\qknfd.sys moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Folder C:\Program Files (x86)\HQvidPv1.1\ not found.
Folder C:\Program Files (x86)\SupraSavings\ not found.
C:\temp folder moved successfully.
Folder C:\Program Files\suprasavings\ not found.
C:\Program Files\003 folder moved successfully.
Folder C:\Users\Sandy Mush\AppData\Roaming\PC Tech Hotline\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline\ not found.
Folder C:\Program Files (x86)\PCTechHotline\ not found.
C:\Program Files\Quiknowledge\IE folder moved successfully.
C:\Program Files\Quiknowledge folder moved successfully.
File C:\Users\Public\Desktop\PC Tech Hotline.lnk not found.
C:\Users\Public\Desktop\Optimize Your PC.lnk moved successfully.
File C:\Users\Public\Desktop\PC Tech Hotline.lnk not found.
File C:\Users\Public\Desktop\Optimize Your PC.lnk not found.
C:\Windows\Tasks\90ea0056-47b8-4705-bc6a-783c6f594e02-4.job moved successfully.
File C:\Windows\tasks\90ea0056-47b8-4705-bc6a-783c6f594e02-3.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Sandy Mush\Desktop\cmd.bat deleted successfully.
C:\Users\Sandy Mush\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files (x86)\HQvidPv1.1\90ea0056-47b8-4705-bc6a-783c6f594e02-3.exe not found.
File\Folder C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe not found.
File\Folder C:\Program Files (x86)\PCTechHotline\PCTHHook.exe not found.
File\Folder C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: DaneTest1
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Sandy Mush
->Temp folder emptied: 59500283 bytes
->Temporary Internet Files folder emptied: 115184082 bytes
->Google Chrome cache emptied: 356192140 bytes
->Flash cache emptied: 1025 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 246275078 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43282603 bytes
RecycleBin emptied: 36416 bytes
 
Total Files Cleaned = 782.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 04172014_211917
 
Files\Folders moved on Reboot...
C:\Users\Sandy Mush\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Sandy Mush\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Sandy Mush\AppData\Local\Microsoft\Windows\Temporary Internet Files\images.jpg moved successfully.
File\Folder C:\Windows\temp\officeclicktorun.exe_c2ruidll(20140417211447670).log not found!
File\Folder C:\Windows\temp\officeclicktorun.exe_streamserver(20140417211447670).log not found!
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
C:\Windows\temp\SANDYMUSH-PC-20140417-2114.log moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
NEW OTL AFTER QUICK SCAN:
 

OTL logfile created on: 4/17/2014 9:25:00 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sandy Mush\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.99 Gb Total Physical Memory | 6.63 Gb Available Physical Memory | 83.01% Memory free
15.98 Gb Paging File | 14.45 Gb Available in Paging File | 90.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 886.72 Gb Free Space | 95.20% Space Free | Partition Type: NTFS
 
Computer Name: SANDYMUSH-PC | User Name: Sandy Mush | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/17 15:56:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sandy Mush\Desktop\OTL.exe
PRC - [2014/04/11 22:17:10 | 000,078,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
PRC - [2014/04/11 22:16:59 | 000,449,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
PRC - [2014/04/03 20:07:44 | 000,257,224 | ---- | M] (Microsoft Corporation) -- C:\Users\Sandy Mush\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/11 22:17:03 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
MOD - [2014/04/11 22:15:18 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\003\vxlsnyaiet64.exe run options=01100010030000000000000000000000 sourceguid=6E6B36EB-9156-411B-B951-C735F4747DCF -- (vxlsnyaiet64)
SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/01 02:58:10 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/03/13 18:45:46 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2014/03/07 11:46:04 | 000,309,080 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist Corporate\1019\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/06/20 10:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/08 19:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/01 05:12:38 | 009,320,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/06/01 05:12:38 | 009,320,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/01 02:19:14 | 000,306,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/29 12:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 22:32:26 | 000,231,224 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 23 FB 0B 1B 3A CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Sandy Mush\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.searc...={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/04/17 21:21:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Quiknowledge) - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll File not found
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_3A1B6269FDC8784763F825635F5275C4] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Sandy Mush\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WeatherBug] C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe ()
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Sandy Mush\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sandy Mush\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Sandy Mush\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sandy Mush\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWow64\SecureAssist.dll (SecureAssist)
O1364bit: - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.10.74 172.16.10.59 172.17.10.59
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A247038-EF60-43B3-98FA-DB6687D7C5A9}: DhcpNameServer = 172.16.10.74 172.16.10.59 172.17.10.59
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist Corporate\1019\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist Corporate\1019\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/17 21:19:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/17 15:56:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sandy Mush\Desktop\OTL.exe
[2014/04/15 20:31:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/15 20:02:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/13 13:40:57 | 000,295,080 | ---- | C] (SecureAssist) -- C:\Windows\SysWow64\SecureAssist.dll
[2014/04/13 13:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Sandy Mush\AppData\Local\EmieUserList
[2014/04/13 13:31:08 | 000,000,000 | -HSD | C] -- C:\Users\Sandy Mush\AppData\Local\EmieSiteList
[2014/04/12 14:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/04/12 14:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2014/04/12 14:31:26 | 000,000,000 | ---D | C] -- C:\Users\Sandy Mush\AppData\Local\PC_Drivers_Headquarters
[2014/04/12 14:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Support
[2014/04/12 14:30:06 | 000,000,000 | ---D | C] -- C:\Users\Sandy Mush\AppData\Local\IsolatedStorage
[2014/04/12 14:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Earth Networks
[2014/04/12 14:29:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0D840360-FAC8-45E3-8244-E235EB1E30AA}
[2014/04/12 14:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Support
[2014/04/12 14:29:12 | 000,000,000 | ---D | C] -- C:\Users\Sandy Mush\AppData\Local\Programs
[2014/04/12 14:22:05 | 000,000,000 | ---D | C] -- C:\Users\Sandy Mush\AppData\Local\Diagnostics
[2014/04/08 18:59:23 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/04/01 07:58:04 | 000,000,000 | ---D | C] -- C:\Users\Sandy Mush\Documents\Custom Office Templates
[2014/03/25 21:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/03/25 21:08:53 | 000,000,000 | R--D | C] -- C:\Users\Sandy Mush\OneDrive
[2014/03/25 21:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft OneDrive
[2014/03/25 21:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2014/03/25 21:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/03/25 21:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2014/03/25 21:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/03/25 20:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/17 21:22:35 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/17 21:22:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/17 21:22:20 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/17 21:21:40 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/17 21:21:40 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/17 21:21:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/17 21:18:56 | 000,818,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/17 21:18:56 | 000,689,252 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/17 21:18:56 | 000,130,718 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/17 21:08:27 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/17 21:08:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/17 15:56:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sandy Mush\Desktop\OTL.exe
[2014/04/15 10:29:04 | 000,000,094 | ---- | M] () -- C:\Users\Sandy Mush\AppData\Roaming\WB.CFG
[2014/04/13 13:40:08 | 000,001,264 | ---- | M] () -- C:\Users\Sandy Mush\Desktop\Create Amazing Presentations.lnk
[2014/04/11 17:37:31 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/04 03:01:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/02 07:38:39 | 000,332,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/25 21:15:24 | 000,002,401 | ---- | M] () -- C:\Users\Sandy Mush\Desktop\Word 2013.lnk
[2014/03/25 21:15:23 | 000,002,400 | ---- | M] () -- C:\Users\Sandy Mush\Desktop\PowerPoint 2013.lnk
[2014/03/25 21:15:23 | 000,002,363 | ---- | M] () -- C:\Users\Sandy Mush\Desktop\Excel 2013.lnk
 
========== Files Created - No Company Name ==========
 
[2014/04/13 13:40:08 | 000,001,264 | ---- | C] () -- C:\Users\Sandy Mush\Desktop\Create Amazing Presentations.lnk
[2014/04/13 13:40:08 | 000,001,264 | ---- | C] () -- C:\Users\Sandy Mush\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2014/04/12 15:29:00 | 000,000,094 | ---- | C] () -- C:\Users\Sandy Mush\AppData\Roaming\WB.CFG
[2014/03/25 21:13:12 | 000,002,401 | ---- | C] () -- C:\Users\Sandy Mush\Desktop\Word 2013.lnk
[2014/03/25 21:13:12 | 000,002,400 | ---- | C] () -- C:\Users\Sandy Mush\Desktop\PowerPoint 2013.lnk
[2014/03/25 21:13:12 | 000,002,363 | ---- | C] () -- C:\Users\Sandy Mush\Desktop\Excel 2013.lnk
[2014/03/25 21:08:53 | 000,002,155 | ---- | C] () -- C:\Users\Sandy Mush\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
[2014/03/05 21:59:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
< End of report >
 
MBAM LOG:
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/17/2014
Scan Time: 9:35:53 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.18.01
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sandy Mush
 
Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 201260
Time Elapsed: 1 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 16
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\suprasavings, Quarantined, [17b27cafa3d857df5b11432c12f04ab6], 
PUP.Optional.PCFixSpeed, HKLM\SOFTWARE\WOW6432NODE\PCFixSpeed, Quarantined, [418831fa2556191d80709df955ae42be], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\QUIKNOWLEDGE, Quarantined, [2f9ad6554e2d76c05c8af28256ac06fa], 
PUP.Optional.PCFixSpeed, HKU\S-1-5-21-3398611636-3642970246-1444138271-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PCFixSpeed, Quarantined, [f6d307242655092d8b62d7bf996ad030], 
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-3398611636-3642970246-1444138271-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, Quarantined, [b613de4d0c6fae88c4918fdf7a885ca4], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [03c625064e2d37ff9adba9829470a759], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\CLASSES\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [03c625064e2d37ff9adba9829470a759], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F213853A-D221-4C97-8A4B-7E0AC63F31A1}, Quarantined, [03c625064e2d37ff9adba9829470a759], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CE4B58AF-E4FD-4C27-8627-AE9324C11F3F}, Quarantined, [03c625064e2d37ff9adba9829470a759], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CE4B58AF-E4FD-4C27-8627-AE9324C11F3F}, Quarantined, [03c625064e2d37ff9adba9829470a759], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F213853A-D221-4C97-8A4B-7E0AC63F31A1}, Quarantined, [03c625064e2d37ff9adba9829470a759], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [03c625064e2d37ff9adba9829470a759], 
PUP.Optional.Quiknowledge.A, HKU\S-1-5-21-3398611636-3642970246-1444138271-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [03c625064e2d37ff9adba9829470a759], 
PUP.Optional.Quiknowledge.A, HKU\S-1-5-21-3398611636-3642970246-1444138271-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [03c625064e2d37ff9adba9829470a759], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [03c625064e2d37ff9adba9829470a759], 
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [03c625064e2d37ff9adba9829470a759], 
 
Registry Values: 1
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\QUIKNOWLEDGE|ie-ver, 11.0.9600.16659, Quarantined, [2f9ad6554e2d76c05c8af28256ac06fa]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.Conduit.A, C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://search.condui...F91974DCF&SSPV=" ],), Replaced,[0fba53d85d1e6bcb2641470ccd37a15f]
PUP.Optional.Conduit.A, C:\Users\Sandy Mush\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "search_url": "http://search.condui...752F91974DCF&q={searchTerms}&SSPV=",), Replaced,[c50445e6700b8aaca3f069ea64a0738d]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
NOTE: MBAM has changed a little. Quick Scan is now called "Hyper Scan" and can only be used if you set up a "premium trial".  The whole dashboard is now completely different. 

  • 0

#6
zep516
Posted 18 April 2014 - 04:20 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello Sandymush,

NOTE: MBAM has changed a little. Quick Scan is now called "Hyper Scan" and can only be used if you set up a "premium trial". The whole dashboard is now completely different.


I didn't relize that, I'v been kept in the dark. Thank you :)

What issues remain?

Thanks
Joe :)
  • 0

#7
sandymush
Posted 20 April 2014 - 01:59 PM

sandymush

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

No issues that I can tell. I imagine that you make that statement because the logs are clean now? 

 

If so I guess "case closed"? 


  • 0

#8
zep516
Posted 22 April 2014 - 05:19 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts

Hello,

Sorry for some delay. There are a few things to do in order to complete our work, first we will run an on line scanner to double check everthing. This scanner may take some time.

 

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

 

Post the ESET Log in your next reply.

 

Thanks

Joe.


  • 0

#9
zep516
Posted 04 May 2014 - 11:13 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP