Definite malware issue, but can't post the logs

**Bonesy** · 2013-07-21, 19:30

I want to submit the correct logs, but when I run DDS, it says that two logs will be created but I only see an attach.txt when the process is finished. Is it saving it somewhere else? The attach.txt is saved to my desktop.

Thanks

**ken545** · 2013-07-21, 21:16

Try this one and post the logs

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

And this

aswMBR Log

Important! Please do not perform any fix options offered in aswMBR

Please download aswMBR to your desktop.

Double click the aswMBR icon to run it.
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your next reply.

**Bonesy** · 2013-07-22, 03:36

Ahh, thanks for replying on a Sunday.

Ok, the latest wrinkle.

I downloaded OTL, ran the scan and everything was going fine and then I saw at the bottom (Scanning Firefox Settings....) and that was it. Just hung there. I scanned 3 or 4 times and it always stops there. Then says OTL not responding on title bar.

Any more ideas?

Yikes

**ken545** · 2013-07-22, 03:46

Try running it in Safemode

Safemode with Network Support

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode

**Bonesy** · 2013-07-23, 01:51

OTL logfile created on: 7/22/2013 7:20:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrew\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.54% Memory free
4.00 Gb Paging File | 3.04 Gb Available in Paging File | 76.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 101.29 Gb Free Space | 68.00% Space Free | Partition Type: NTFS
Drive D: | 12.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Andrew\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Users\Andrew\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\Andrew\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater By SweetPacks) -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (NEOFLTR_7114_23943) -- C:\Windows\SysNative\drivers\NEOFLTR_7114_23943.SYS (Juniper Networks)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={17C82747-EF18-11E2-9CA5-E0CB4E1AF10A}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1157415131-227346820-2980529687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nbcnews.com/
IE - HKU\S-1-5-21-1157415131-227346820-2980529687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1157415131-227346820-2980529687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1157415131-227346820-2980529687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 2F 36 49 4F 43 CE 01 [binary data]
IE - HKU\S-1-5-21-1157415131-227346820-2980529687-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1157415131-227346820-2980529687-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1157415131-227346820-2980529687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1157415131-227346820-2980529687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..extensions.enabledAddons: 67314b39-24e6-4f05-99f3-3f88c7cddd17%406c5fa560-13a3-4d42-8e90-53d9930111f9.com:0.91.27
FF - prefs.js..extensions.enabledAddons: electroLyrics%40Electrosoft.co:1.122
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10042&barid={17C82747-EF18-11E2-9CA5-E0CB4E1AF10A}&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "www.msnbc.com"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/07/17 15:36:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox [2013/07/17 15:36:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\electroLyrics@Electrosoft.co: C:\Program Files (x86)\electroLyrics\122.xpi [2013/07/17 15:38:06 | 000,006,918 | ---- | M] ()

[2013/06/04 17:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
[2013/07/17 15:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\8d2wvgaw.default\extensions
[2013/07/17 15:39:19 | 000,000,000 | ---D | M] ("VisualBee") -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\8d2wvgaw.default\extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com
[2013/07/17 15:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\8d2wvgaw.default\extensions\67314b39-24e6-4f05-99f3-3f88c7cddd17@6c5fa560-13a3-4d42-8e90-53d9930111f9.com\chrome\content\extensionCode
[2013/07/17 15:36:41 | 000,196,269 | ---- | M] () (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\8d2wvgaw.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/07/20 06:24:27 | 000,001,793 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\8d2wvgaw.default\searchplugins\Bing.xml
[2013/07/07 20:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/07 20:29:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/17 15:38:06 | 000,006,918 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\ELECTROLYRICS\122.XPI

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (VisualBee) - {11111111-1111-1111-1111-110311391106} - C:\Program Files (x86)\VisualBee\VisualBee-bho.dll (VisualBee)
O2 - BHO: (electroLyrics) - {4E01CBE9-1225-4FEC-B8D9-E96D2E65685F} - C:\Program Files (x86)\electroLyrics\122.dll (Electrosoft)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (electroLyrics) - {B75611CF-D3CE-4F0E-843D-6085704DB2CE} - C:\Program Files (x86)\electroLyrics\120.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1157415131-227346820-2980529687-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1157415131-227346820-2980529687-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1157415131-227346820-2980529687-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1157415131-227346820-2980529687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1157415131-227346820-2980529687-1000\..Trusted Domains: trueformsonline.com ([*] https in Trusted sites)
O15 - HKU\S-1-5-21-1157415131-227346820-2980529687-1000\..Trusted Domains: trueformsonline.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1157415131-227346820-2980529687-1000\..Trusted Domains: trueformsonline.com ([www] https in Trusted sites)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://southfloridamls.com/5.7.07.31...l/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl2.schonfeld.com/dana-cach...etupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDDBE01F-D63E-4961-9354-7AEEE2355ED2}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/21 21:11:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2013/07/20 20:13:08 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Andrew\Desktop\aswMBR.exe
[2013/07/20 20:08:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Andrew\Desktop\dds.scr
[2013/07/20 11:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/07/20 11:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/07/20 11:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/07/20 11:25:35 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Andrew\Desktop\spybotsd162.exe
[2013/07/17 15:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VisualBee
[2013/07/17 15:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\electroLyrics
[2013/07/17 15:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks
[2013/07/17 15:36:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp
[2013/07/17 15:35:57 | 000,829,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2013/07/17 15:35:57 | 000,608,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll
[2013/07/17 15:35:57 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013/07/17 15:35:34 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\emaze
[2013/07/11 03:03:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/07/11 03:03:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/07/11 03:03:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/11 03:03:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/11 03:03:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/07/11 03:03:55 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/11 03:03:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/07/11 03:03:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/07/11 03:03:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/07/11 03:03:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/07/11 03:03:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/07/11 03:03:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/11 03:03:54 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/11 03:03:54 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/07/11 03:03:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/10 20:19:01 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\OneNote Notebooks
[2013/07/10 04:26:32 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/10 04:26:32 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/10 04:26:32 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/10 04:26:31 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/10 04:26:14 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/07 20:29:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/07 16:12:04 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\ebay
[2013/07/05 10:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueForms Online
[2013/07/05 10:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reveal
[2013/07/05 10:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/07/05 10:35:51 | 010,212,528 | ---- | C] (InstallShield Software Corporation) -- C:\Users\Andrew\Desktop\TFOL4630_2012.exe
[2013/06/30 09:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Torchlight 2 Rapid Respec

========== Files - Modified Within 30 Days ==========

[2013/07/22 19:13:53 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 19:13:53 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 19:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/22 19:12:50 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/22 19:12:50 | 000,614,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/22 19:12:50 | 000,103,258 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/22 19:09:19 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\electroLyrics Update.job
[2013/07/22 19:09:05 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/07/22 19:09:04 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2013/07/22 19:08:58 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2013/07/22 19:08:46 | 000,001,226 | ---- | M] () -- C:\Windows\tasks\VisualBee-updater.job
[2013/07/22 19:08:43 | 000,001,860 | ---- | M] () -- C:\Windows\tasks\VisualBee-firefoxinstaller.job
[2013/07/22 19:08:40 | 000,001,232 | ---- | M] () -- C:\Windows\tasks\VisualBee-codedownloader.job
[2013/07/22 19:08:40 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\VisualBee-enabler.job
[2013/07/22 19:08:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/22 19:08:04 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/21 21:11:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe
[2013/07/20 20:20:16 | 000,000,512 | ---- | M] () -- C:\Users\Andrew\Desktop\MBR.dat
[2013/07/20 20:19:57 | 000,000,512 | ---- | M] () -- C:\Users\Andrew\MBR.dat
[2013/07/20 20:13:09 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Andrew\Desktop\aswMBR.exe
[2013/07/20 20:08:01 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Andrew\Desktop\dds.scr
[2013/07/20 11:42:05 | 000,004,720 | ---- | M] () -- C:\Windows\wininit.ini
[2013/07/20 11:26:49 | 000,001,258 | ---- | M] () -- C:\Users\Andrew\Desktop\Spybot - Search & Destroy.lnk
[2013/07/20 11:25:36 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Andrew\Desktop\spybotsd162.exe
[2013/07/17 06:53:52 | 000,001,292 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/07/12 22:36:21 | 000,099,197 | ---- | M] () -- C:\Users\Andrew\Desktop\35796_1509901157383_2068936_n.jpg
[2013/07/11 03:29:16 | 000,416,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/07 10:10:40 | 003,011,286 | ---- | M] () -- C:\Users\Andrew\Desktop\IMG_0659.JPG
[2013/07/05 10:41:18 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\TrueForms Online.lnk
[2013/07/05 10:35:51 | 010,212,528 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Andrew\Desktop\TFOL4630_2012.exe
[2013/06/30 12:10:30 | 001,645,360 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2013/06/30 12:07:42 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013/06/30 09:18:56 | 000,001,569 | ---- | M] () -- C:\Users\Andrew\Desktop\TL2RapidRespec - Shortcut.lnk
[2013/06/25 12:18:28 | 000,605,372 | ---- | M] () -- C:\Users\Andrew\Desktop\welcome package.pdf
[2013/06/25 12:16:44 | 000,414,700 | ---- | M] () -- C:\Users\Andrew\Desktop\clubhouse rules.pdf

========== Files Created - No Company Name ==========

[2013/07/20 20:20:16 | 000,000,512 | ---- | C] () -- C:\Users\Andrew\Desktop\MBR.dat
[2013/07/20 20:19:57 | 000,000,512 | ---- | C] () -- C:\Users\Andrew\MBR.dat
[2013/07/20 11:41:56 | 000,004,720 | ---- | C] () -- C:\Windows\wininit.ini
[2013/07/20 11:26:49 | 000,001,258 | ---- | C] () -- C:\Users\Andrew\Desktop\Spybot - Search & Destroy.lnk
[2013/07/17 15:39:29 | 000,001,226 | ---- | C] () -- C:\Windows\tasks\VisualBee-updater.job
[2013/07/17 15:39:26 | 000,001,132 | ---- | C] () -- C:\Windows\tasks\VisualBee-enabler.job
[2013/07/17 15:39:23 | 000,001,232 | ---- | C] () -- C:\Windows\tasks\VisualBee-codedownloader.job
[2013/07/17 15:39:16 | 000,001,860 | ---- | C] () -- C:\Windows\tasks\VisualBee-firefoxinstaller.job
[2013/07/17 15:37:57 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\electroLyrics Update.job
[2013/07/17 15:35:57 | 001,645,360 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
[2013/07/17 15:35:34 | 000,001,228 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2013/07/12 22:37:25 | 000,099,197 | ---- | C] () -- C:\Users\Andrew\Desktop\35796_1509901157383_2068936_n.jpg
[2013/07/10 20:19:04 | 000,001,292 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/07/07 10:46:08 | 003,011,286 | ---- | C] () -- C:\Users\Andrew\Desktop\IMG_0659.JPG
[2013/07/05 10:41:18 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\TrueForms Online.lnk
[2013/06/30 09:18:56 | 000,001,569 | ---- | C] () -- C:\Users\Andrew\Desktop\TL2RapidRespec - Shortcut.lnk
[2013/06/25 12:18:28 | 000,605,372 | ---- | C] () -- C:\Users\Andrew\Desktop\welcome package.pdf
[2013/06/25 12:16:43 | 000,414,700 | ---- | C] () -- C:\Users\Andrew\Desktop\clubhouse rules.pdf
[2013/06/10 10:57:40 | 000,061,304 | ---- | C] () -- C:\Users\Andrew\g2mdlhlpx.exe
[2013/05/24 23:39:01 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/15 12:05:28 | 000,254,464 | ---- | C] () -- C:\Windows\SysWow64\missouri.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/14 23:53:36 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Canon
[2013/07/22 19:20:37 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Dropbox
[2013/05/03 11:40:43 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\ICAClient
[2013/05/03 11:39:13 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Juniper Networks

========== Purity Check ==========

< End of report >

Extras.TXT file

OTL Extras logfile created on: 7/22/2013 7:20:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrew\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.54% Memory free
4.00 Gb Paging File | 3.04 Gb Available in Paging File | 76.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 101.29 Gb Free Space | 68.00% Space Free | Partition Type: NTFS
Drive D: | 12.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ANDREW-PC | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9F09F0FA-67CF-41C0-A2F3-632CCD80CECD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A11E5D2-C50D-4F5A-80F4-2FD3154BC75E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{0B72446F-ED5D-4FFD-8684-1CE1FB7DE5A1}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{0BFAFB3E-C959-4072-864A-B319AE434005}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0CBEB0A3-A06B-48D9-B5EE-992971E0D5D4}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe |
"{2035C031-A1CB-4D9F-B534-13EBCF25F31D}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{26D3502B-8FE3-4B00-BEED-06DA01E6E29F}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{28D1D3D8-A4E2-4529-937C-164B748A3434}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2CDF0F76-1941-4B78-AF96-EE537DDE5B1C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2CF1F793-36B0-4587-ADA7-651B7A9AFCFC}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{3327D7D4-83B6-48E4-80F2-A1E6AD358AC6}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{3CF05304-60F2-4419-A9CF-3F7A269BF7B9}" = protocol=6 | dir=in | app=c:\users\andrew\appdata\roaming\dropbox\bin\dropbox.exe |
"{501A44A2-F86A-43EB-BCC0-71AA98C72A8E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{57839D37-2E90-4D47-AA2F-986D3657B9CD}" = protocol=17 | dir=in | app=c:\users\andrew\appdata\roaming\dropbox\bin\dropbox.exe |
"{5983BC9D-F07B-45D0-B14E-074F0B41BC57}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{5BBCA3D8-C0D5-4ACA-A7ED-798E59B9E011}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe |
"{5D3A13F3-5853-4620-8DC2-F501192F823D}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{73350608-1D8E-4F3E-8DEF-56AF35D82C5C}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{7A760FED-BF98-4C21-BB3D-D551F3C0629D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{7BE13644-8385-4F08-A167-783E7FF776C0}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{7CAAA5C6-9FF6-4D06-9EAC-D65F12EAF156}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7E0DE1D2-EBCF-4976-B47E-862A44E0DD76}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84FAAC39-7110-42AF-915E-7DB79EDC88C4}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{99877F77-63BA-49D5-9DD9-2FA5306C16DE}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{9DA066B0-96EE-487B-9A69-627F05681D94}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CF7C87D8-06DB-460F-B3EA-CF872014FF59}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D6DEB5C4-98BA-4C26-B867-05BC017267CC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E8E2FC5C-CF6D-496D-8413-62C44169EE8A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{ECB7E2D0-250F-4965-A824-7B9773EDD3D8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{F2EFFE95-6E80-4F37-B154-2619BA4C8056}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{FADE5DE2-6CE8-49AD-8CB2-597E0BB56DBC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{CAE11A70-B5FD-45A6-8277-98C52EEE6448}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{4292181A-9D4B-4160-B875-9FBA2C03D6C3}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830 MP Drivers
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1" = Updater By SweetPacks 2.0.0.586
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B74F57C-4636-4D70-A7A9-95074DF21802}" = Citrix Receiver(Aero)
"{164B26C5-9BC9-48E8-8FB5-C3C0AC0FE1C8}" = Citrix Receiver Inside
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E83538E-C11F-4C69-B764-B5162686047C}" = TrueForms Online 4.6.0.30
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90B45DFA-5DD9-47F0-BCC7-F25B9562A738}" = Citrix Receiver(USB)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AD6E2415-407E-40D3-A550-126E67509D84}" = Citrix Receiver(DV)
"{AE2E0F4A-E08F-4A15-B4DC-D8FC9CEFF9C7}" = Online Plug-in
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{D1D603C4-8C68-40F3-85AE-6DBEF3B712B5}" = Citrix Receiver (HDX Flash Redirection)
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}" = Internet Explorer Toolbar 4.9 by SweetPacks
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"electroLyrics@Electrosoft.co" = electroLyrics
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.2" = Canon MP Navigator 2.2
"MP Navigator EX 5.1" = Canon MP Navigator EX 5.1
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Steam App 200710" = Torchlight II
"Torchlight 2 Rapid Respec" = Torchlight 2 Rapid Respec
"VisualBee" = VisualBee
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1157415131-227346820-2980529687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.5.0.1132
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2013 7:02:54 AM | Computer Name = Andrew-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : GetNextFileMapContent() failed.

System
Error: The parameter is incorrect. .

Error - 7/19/2013 10:35:42 PM | Computer Name = Andrew-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16496 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 7284 Start
Time: 01ce84f0557cc91c Termination Time: 28 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 7/20/2013 8:03:07 AM | Computer Name = Andrew-PC | Source = Application Hang | ID = 1002
Description = The program Torchlight2.exe version 1.25.5.2 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1d1c Start
Time: 01ce853c26c939fe Termination Time: 220 Application Path: C:\Program Files (x86)\Steam\steamapps\common\Torchlight
II\Torchlight2.exe Report Id:

Error - 7/20/2013 6:11:17 PM | Computer Name = Andrew-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16496,
time stamp: 0x51a55c6d Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015,
time stamp: 0x50b83c8a Exception code: 0xe06d7363 Fault offset: 0x0000c41f Faulting
process id: 0x6e4 Faulting application start time: 0x01ce85750af3c88e Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\syswow64\KERNELBASE.dll Report Id: 4b9bc421-f189-11e2-94b0-e0cb4e1af10a

Error - 7/21/2013 12:31:56 AM | Computer Name = Andrew-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 7/21/2013 9:22:10 PM | Computer Name = Andrew-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1584 Start Time:
01ce867886538e86 Termination Time: 21 Application Path: C:\Users\Andrew\Desktop\OTL.exe

Report
Id: 1fb4aadb-f26d-11e2-94b0-e0cb4e1af10a

Error - 7/21/2013 9:25:04 PM | Computer Name = Andrew-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1008 Start Time:
01ce8679f1636911 Termination Time: 2 Application Path: C:\Users\Andrew\Desktop\OTL.exe

Report
Id: 87a788b0-f26d-11e2-94b0-e0cb4e1af10a

Error - 7/21/2013 9:26:23 PM | Computer Name = Andrew-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 4ae4 Start Time:
01ce867a4d0f65a2 Termination Time: 2 Application Path: C:\Users\Andrew\Desktop\OTL.exe

Report
Id: b6a703ac-f26d-11e2-94b0-e0cb4e1af10a

Error - 7/21/2013 9:34:23 PM | Computer Name = Andrew-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 4078 Start Time:
01ce867b0530f346 Termination Time: 6 Application Path: C:\Users\Andrew\Desktop\OTL.exe

Report
Id: d4d34710-f26e-11e2-94b0-e0cb4e1af10a

Error - 7/21/2013 9:58:27 PM | Computer Name = Andrew-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16496,
time stamp: 0x51a55c6d Faulting module name: MSHTML.dll, version: 9.0.8112.16496,
time stamp: 0x51a55ff0 Exception code: 0xc0000005 Fault offset: 0x002baaa1 Faulting
process id: 0x3ef8 Faulting application start time: 0x01ce867a7abfed85 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: 32bb461e-f272-11e2-94b0-e0cb4e1af10a

Error - 7/21/2013 11:20:09 PM | Computer Name = Andrew-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16496 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 8eb0 Start
Time: 01ce8689eb342034 Termination Time: 610 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 7/22/2013 12:00:51 AM | Computer Name = Andrew-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16496 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 5718 Start
Time: 01ce867b42e8a6cf Termination Time: 2206 Application Path: C:\Program Files
(x86)\Internet Explorer\iexplore.exe Report Id:

Error - 7/22/2013 12:05:49 AM | Computer Name = Andrew-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16496 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2d74 Start
Time: 01ce86900eb7608e Termination Time: 813 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 7/22/2013 12:08:47 AM | Computer Name = Andrew-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16496 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1120 Start
Time: 01ce867a7ab788f6 Termination Time: 3499 Application Path: C:\Program Files
(x86)\Internet Explorer\iexplore.exe Report Id:

[ System Events ]
Error - 7/17/2013 3:52:27 PM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7034
Description = The Computer Backup (MyPC Backup) service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/20/2013 6:23:33 AM | Computer Name = Andrew-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:21:31 AM on ?7/?20/?2013 was unexpected.

Error - 7/20/2013 6:24:20 AM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Apple
Mobile Device service to connect.

Error - 7/20/2013 6:24:20 AM | Computer Name = Andrew-PC | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053

**Bonesy** · 2013-07-23, 01:52

Alright Ken, thanks for taking this on.

I have 3 files in here. OTL, extras, and aswMBR respectively. If I've missed something, please let me know. Also, I believe I ran Spybot yesterday and came up with something like 150 infections. I DID clean them up although I believe I found out later that I was not supposed to do so. 15 of the infections were not corrected. One of the obvious malware that I'm getting, which prompted me to seek you out, is this annoying Bizcoaching popup.

Here is the 3rd file which didn't fit in the post above:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-20 20:13:21
-----------------------------
20:13:21.433 OS Version: Windows x64 6.1.7601 Service Pack 1
20:13:21.433 Number of processors: 2 586 0x170A
20:13:21.434 ComputerName: ANDREW-PC UserName: Andrew
20:13:30.929 Initialize success
20:14:42.458 AVAST engine defs: 13072001
20:14:56.721 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:14:56.722 Disk 0 Vendor: ST3160023AS 3.18 Size: 152627MB BusType: 3
20:14:57.243 Disk 0 MBR read successfully
20:14:57.245 Disk 0 MBR scan
20:14:57.410 Disk 0 Windows 7 default MBR code
20:14:57.422 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:14:57.431 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
20:14:57.573 Disk 0 scanning C:\Windows\system32\drivers
20:15:06.103 Service scanning
20:15:31.583 Modules scanning
20:15:31.583 Disk 0 trace - called modules:
20:15:31.594 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
20:15:31.594 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027c8400]
20:15:31.594 3 CLASSPNP.SYS[fffff8800180f43f] -> nt!IofCallDriver -> [0xfffffa80022f7670]
20:15:31.594 5 ACPI.sys[fffff88000f1f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8002355060]
20:15:34.625 AVAST engine scan C:\Windows
20:15:38.002 AVAST engine scan C:\Windows\system32
20:19:22.201 AVAST engine scan C:\Windows\system32\drivers
20:19:33.754 AVAST engine scan C:\Users\Andrew
20:19:57.099 Disk 0 MBR has been saved successfully to "C:\Users\Andrew\MBR.dat"
20:19:57.104 The log file has been saved successfully to "C:\Users\Andrew\aswMBR.txt"
20:20:16.380 Disk 0 MBR has been saved successfully to "C:\Users\Andrew\Desktop\MBR.dat"
20:20:16.382 The log file has been saved successfully to "C:\Users\Andrew\Desktop\aswMBR.txt"

**ken545** · 2013-07-23, 02:48

Hi,

You have some garbage toolbars that are clogging up your system , they can cause other issues as well.

Try running these in normal windows and if problems than try safemode

Go here and download AdwCleaner to your desktop

Double click on AdwCleaner.exe to run the tool.
Click on Delete
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Download Junkware Removal Tool to your desktop

shut down your protection software now to avoid potential conflicts.
run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
on completion, a log (JRT.txt) is saved to your desktop and will automatically open
post the contents of JRT.txt into your next message.

**Bonesy** · 2013-07-23, 15:47

Awesome, Ken, thanks! I will do this when I get home from work and post the appropriate logs.

Andrew

**Bonesy** · 2013-07-24, 04:14

Ken, I was unable to get the JRT.exe file to work. I ran the program but the black box just flashed for a second and then left the screen with no scanning being done. Do you have another junkware removal tool that you use?

Below is the AdwCleaner log

# AdwCleaner v2.306 - Logfile created 07/23/2013 at 21:15:15
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Andrew - ANDREW-PC
# Boot Mode : Normal
# Running from : C:\Users\Andrew\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Updater By SweetPacks

***** [Files / Folders] *****

File Deleted : C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\8d2wvgaw.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Folder Deleted : C:\Program Files (x86)\visualbee
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\Windows\SysWOW64\jmdp

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311391106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311391106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033906.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033906.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033906.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033906.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344394406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311391106}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311391106}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322392206}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355395506}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366396606}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311391106}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355395506}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366396606}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={17C82747-EF18-11E2-9CA5-E0CB4E1AF10A} --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\8d2wvgaw.default\prefs.js

C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\8d2wvgaw.default\user.js ... Deleted !

Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.3390[...]
Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.3390[...]
Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.3390[...]
Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.3390[...]
Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.3390[...]
Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.3390[...]
Deleted : user_pref("keyword.URL", "hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10042&barid={17C827[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "www.msnbc.com");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]

*************************

AdwCleaner[S1].txt - [5736 octets] - [23/07/2013 21:15:16]

########## EOF - C:\AdwCleaner[S1].txt - [5796 octets] ##########

**ken545** · 2013-07-24, 08:55

Hi,

This tool may find stuff that AdwCleaner missed
You may have to right click on the program and select RUN AS ADMINISTRATOR , still wont run than try it in Safemode

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode

Still wont run that lets not worry about it, whether it ran or not I would like you to run the free version of Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop.

Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

Thread: Definite malware issue, but can't post the logs

Thread Tools

Display

Definite malware issue, but can't post the logs

Posting Permissions