# BLUE SCREEN 0x0000008E



## akairi97 (Sep 14, 2010)

This just happened recently and its the 3rd time that the message has pulled up. I have attached a picture of the blue screen message. Can someone please help me?


----------



## zigzag3143 (May 31, 2009)

akairi97 said:


> This just happened recently and its the 3rd time that the message has pulled up. I have attached a picture of the blue screen message. Can someone please help me?


*We do need the actual log file (called a DMP file) as they contain the only record of the sequence of events leading up to the crash, what drivers were loaded, and what was responsible. *
*We prefer at least 2 DMP files to spot trends and confirm the cause.*
*
*
Please follow our instructions for finding and uploading the files we need to help you fix your computer. They can be found *here*_If you have any questions about the procedure please ask_

_
_
*If you are using Blue screen view, who crashed, or a similar application, don't. They are wrong at least as often as they are correct*


----------



## akairi97 (Sep 14, 2010)

https://www.dropbox.com/s/y8bepba64hel63b/Minidump.zip

I wasnt sure how to get another dump file. I was only able to see just one when i searched

Do you have instructions on how to locate another DMP ?


----------



## akairi97 (Sep 14, 2010)

https://www.dropbox.com/s/fi4ooejb0pugdm9/MSinfo32.nfo


----------



## Mark1956 (May 7, 2011)

Your attached minidump file is empty. Please follow these instructions to zip up and attach the minidump file to your next post.

First locate your minidump files, open *Windows Explorer* and click on the *C:* drive in the left pane, in the right pane look down the list of folders and double click on *Windows* to view its contents._ *NOTE:* If your operating system is installed under a different drive letter then look there._ Scroll down the contents of the *Windows* folder and look for a folder called *minidump* and double click on it. You should now see the *minidump* files which will have a *.dmp* extension.

Zip up at least 6 of the most recent files into *one* zip folder (if there are less then just zip up what you have).

*NOTE:* To zip up the files in Windows (all versions). Right click the file, click on* Send To*, and then click
*Compressed (zipped) Folder*. That will create a zip folder containing a copy of the file, you should see it appear.

If you get an access denied warning when trying to zip the files, right click on each one and select Copy, go to the desktop and right click in open space and select Paste, repeat this for each file one at a time. When they are all on your desktop you should then be able to zip them up into the same file.

If there is more than one *.dmp* file click on the first one, hold down the shift key and then click on the last one. That should highlight all the files. Then right click in the highlighted area, click on *Send To*, and then click *Compressed (zipped) Folder*.




Below the *Message Box* click on *Go Advanced*. Then scroll down until you see a button, *Manage Attachments*. Click on that and a new window opens.
Click on the *Browse* button, find the zip folder you made earlier and click on it so it becomes highlighted and click on *Open.*
Now click on the *Upload* button. Wait for the Upload to complete, it will appear just below the *Browse* box.
When done, click on the *Close this window* button at the top of the page.
Enter your message-text in the message box, then click on *Submit Message/Reply.*


----------



## akairi97 (Sep 14, 2010)

https://www.dropbox.com/s/n6x9xkllu7l9vpx/071514-21699-01.zip

Good morning,
The mini dump file that I was able to retrieve, It only had one file in it. Did I do this correctly this time?


----------



## Mark1956 (May 7, 2011)

So we don't repeat any diagnostics, please tell me what tests, if any, you have carried out.

The Crash Dump is not conclusive which leaves us with quite a few possible causes. If you get another BSOD please post the Minidump. As you are only seeing one saved Minidump file your system may well be set to delete any previous file.

It may be a while before another crash occurs so lets have a good look at what is on your system as this may give us some clues. This scan below will also show us the Event Error logs which may help.

Please do not attach the logs, Copy & Paste them into your next reply, you should use separate posts for the logs to avoid going over the character limit.

Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download and use any other software that may be advertised on the page.

*Note:* If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click on FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the* Scan* button. *DO NOT* check any of the Optional Scan options unless requested.
It will make a log (*FRST.txt*) in the same directory the tool is run from. Please copy and paste it into your next reply.
The first time the tool is run, it makes another log (*Addition.txt*). Please also copy and paste that into your reply.


----------



## zigzag3143 (May 31, 2009)

akairi97 said:


> https://www.dropbox.com/s/y8bepba64hel63b/Minidump.zip
> 
> I wasnt sure how to get another dump file. I was only able to see just one when i searched
> 
> Do you have instructions on how to locate another DMP ?


One will be ok but your link says "nothing there" try it again


----------



## Mark1956 (May 7, 2011)

Zigzag, you should have checked my post where I have already told the OP there was no file in the first link, but there is in the second one in post 6.


----------



## DaveBurnett (Nov 11, 2002)

Have you added or changed any hardware on that machine recently?


----------



## zigzag3143 (May 31, 2009)

@Mark1956 Thanks and ooops

@akairi97

*These crashes were related to memory corruption (probably caused by a driver).

Please run these tests to verify your memory and find which driver is causing the problem. *
*
*
_If you are *overclocking* (pushing the components beyond their design) you should revert to default at least until the crashing is solved. If you don't know what it is you probably are not overclocking._

_Since it is more likely to be a driver please run verifier first._

*1-Driver verifier (for complete directions see our wiki here)*

*If verifier does not find the issue we can move on to this.*
*2-Memtest. (**You can read more about running memtest* *here)*


*If you cannot boot after enabling verifier reboot into safe mode*
*In Vista & win & (F8)*
*In win 8 **http://www.howtogeek.com/107511/how-to-boot-into-safe-mode-on-windows-8-the-easy-way/*

*Co-Authored by JMH3143*
.


----------



## akairi97 (Sep 14, 2010)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-07-2014
Ran by user (ATTENTION: The logged in user is not administrator) on USER-PC on 19-07-2014 23:50:23
Running from C:\Users\user\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2012-03-14] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H 
HKU\.DEFAULT\...\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H 
HKU\.DEFAULT\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H 
HKU\S-1-5-21-753190379-2561579638-684410764-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-11] (Google Inc.)
HKU\S-1-5-21-753190379-2561579638-684410764-1000\...\Run: [DellSystemDetect] => C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-m (the data entry has 2 more characters).
HKU\S-1-5-21-753190379-2561579638-684410764-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-753190379-2561579638-684410764-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-753190379-2561579638-684410764-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-753190379-2561579638-684410764-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {4F7A547C-42DE-4E5E-AB66-130C5C8A44E8} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US679&p={SearchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {4F7A547C-42DE-4E5E-AB66-130C5C8A44E8} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US679&p={SearchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={373B4106-37D9-40FA-BA6E-5A0498E1F39E}&mid=546a77795d1447d1922155626d69a650-b28ae433c51cad02b9b7d58d447040698c35f879&lang=en&ds=AVG&pr=pr&d=2013-03-30 14:40:59&v=15.0.0.2&pid=avg&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Shopop Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\amfk3ml5.default-1392470059994
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\user\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Extension: OutfoxTV - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\amfk3ml5.default-1392470059994\Extensions\[email protected] [2014-04-25]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\amfk3ml5.default-1392470059994\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-15]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\[email protected] [2014-06-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-01-24]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SiteAdvisor) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-17]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-17]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-07-03]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx [2014-07-03]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx [2014-07-03]
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Andrea\AppData\Local\Temp\ccex.crx [2014-07-03]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2014-07-03]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2014-07-03]

========================== Services (Whitelisted) =================

S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [670792 2011-10-11] (Juniper Networks)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-04-03] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61400 2014-04-03] (McAfee, Inc.)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2011-10-11] (Juniper Networks)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134600 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236672 2014-04-03] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [367776 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [574576 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [345584 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81264 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [215624 2014-04-03] (McAfee, Inc.)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Andrea\AppData\Local\Temp\catchme.sys [X]
S3 CFcatchme; \??\C:\Users\Andrea\AppData\Local\Temp\CFcatchme.sys [X]
S1 MpKsl21e4c5d0; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEB89E3A-1A6C-4CE1-93CC-C0DD3E137062}\MpKsl21e4c5d0.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-19 23:50 - 2014-07-19 23:51 - 00020144 _____ () C:\Users\user\Desktop\FRST.txt
2014-07-19 23:50 - 2014-07-19 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-19 23:50 - 2014-07-19 23:50 - 00000000 ____D () C:\FRST
2014-07-19 23:49 - 2014-07-19 23:49 - 01079808 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-07-19 07:39 - 2014-07-19 07:39 - 00025011 _____ () C:\Users\user\Desktop\071514-21699-01.zip
2014-07-19 07:39 - 2014-07-15 03:31 - 00145680 _____ () C:\Users\user\Desktop\071514-21699-01.dmp
2014-07-19 00:33 - 2014-07-19 00:33 - 02214696 _____ () C:\Users\user\Desktop\MSinfo32.nfo
2014-07-19 00:09 - 2014-07-19 00:09 - 00000000 ____D () C:\Users\user\Documents\Outlook Files
2014-07-15 03:30 - 2014-07-15 03:30 - 376163481 _____ () C:\Windows\MEMORY.DMP
2014-07-14 18:23 - 2014-07-18 23:59 - 00116736 ___SH () C:\Users\user\Desktop\Thumbs.db
2014-07-13 12:39 - 2014-07-13 12:39 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-13 12:39 - 2014-07-13 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-13 12:39 - 2014-07-13 12:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-13 12:39 - 2014-07-13 12:39 - 00000000 ____D () C:\Program Files\iTunes
2014-07-13 12:39 - 2014-07-13 12:39 - 00000000 ____D () C:\Program Files\iPod
2014-07-13 09:30 - 2014-07-13 14:09 - 00016058 _____ () C:\Users\user\Desktop\Income Sheet.xlsx
2014-07-09 07:25 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 07:25 - 2014-06-17 20:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 07:25 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 07:25 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 07:25 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 07:25 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 07:25 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 07:25 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 07:25 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 07:25 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 07:25 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 07:25 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 07:25 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 07:25 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 07:25 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 07:25 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 07:25 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 07:25 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 07:25 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 07:25 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 07:25 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 07:25 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-09 07:25 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 07:25 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 07:24 - 2014-06-05 10:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 07:24 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 07:24 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 07:24 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 07:24 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 07:24 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 07:24 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 07:24 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 07:24 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

2014-07-19 23:51 - 2014-07-19 23:50 - 00020144 _____ () C:\Users\user\Desktop\FRST.txt
2014-07-19 23:50 - 2014-07-19 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-19 23:50 - 2014-07-19 23:50 - 00000000 ____D () C:\FRST
2014-07-19 23:49 - 2014-07-19 23:49 - 01079808 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-07-19 23:49 - 2012-03-10 19:56 - 01503494 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 23:47 - 2014-05-26 07:37 - 00000000 ___RD () C:\Users\user\Dropbox
2014-07-19 23:46 - 2014-05-26 07:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\DropboxMaster
2014-07-19 23:46 - 2014-05-21 23:01 - 00011807 _____ () C:\Windows\setupact.log
2014-07-19 23:46 - 2014-03-23 10:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2014-07-19 23:46 - 2013-09-12 17:15 - 00065100 _____ () C:\Windows\error.log
2014-07-19 23:46 - 2013-09-12 17:15 - 00015478 _____ () C:\Windows\errord.log
2014-07-19 23:46 - 2012-03-11 21:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 23:46 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-19 23:36 - 2013-06-28 00:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-19 23:27 - 2014-02-26 18:59 - 00000514 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-753190379-2561579638-684410764-1004.job
2014-07-19 22:52 - 2012-03-11 21:20 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 15:19 - 2012-03-10 19:57 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-19 14:29 - 2009-07-14 00:34 - 00014240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 14:29 - 2009-07-14 00:34 - 00014240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 07:39 - 2014-07-19 07:39 - 00025011 _____ () C:\Users\user\Desktop\071514-21699-01.zip
2014-07-19 07:38 - 2012-07-24 09:13 - 00000000 ____D () C:\Users\user\Desktop\Minidump
2014-07-19 00:33 - 2014-07-19 00:33 - 02214696 _____ () C:\Users\user\Desktop\MSinfo32.nfo
2014-07-19 00:09 - 2014-07-19 00:09 - 00000000 ____D () C:\Users\user\Documents\Outlook Files
2014-07-18 23:59 - 2014-07-14 18:23 - 00116736 ___SH () C:\Users\user\Desktop\Thumbs.db
2014-07-18 22:15 - 2014-01-24 02:16 - 00000000 ____D () C:\Program Files\McAfee
2014-07-18 22:14 - 2013-08-25 23:02 - 00197852 _____ () C:\Windows\PFRO.log
2014-07-15 16:41 - 2013-05-05 21:54 - 00000051 _____ () C:\Users\user\Desktop\WINDOWS SECRET.txt
2014-07-15 03:31 - 2014-07-19 07:39 - 00145680 _____ () C:\Users\user\Desktop\071514-21699-01.dmp
2014-07-15 03:30 - 2014-07-15 03:30 - 376163481 _____ () C:\Windows\MEMORY.DMP
2014-07-13 14:09 - 2014-07-13 09:30 - 00016058 _____ () C:\Users\user\Desktop\Income Sheet.xlsx
2014-07-13 12:39 - 2014-07-13 12:39 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-13 12:39 - 2014-07-13 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-13 12:39 - 2014-07-13 12:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-13 12:39 - 2014-07-13 12:39 - 00000000 ____D () C:\Program Files\iTunes
2014-07-13 12:39 - 2014-07-13 12:39 - 00000000 ____D () C:\Program Files\iPod
2014-07-13 12:39 - 2012-03-15 00:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-11 22:31 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-07-09 18:36 - 2013-06-28 00:39 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 18:36 - 2013-06-28 00:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 07:37 - 2009-07-14 00:33 - 00419680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 07:35 - 2009-07-14 03:49 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 07:33 - 2012-03-10 20:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 07:31 - 2013-08-15 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 07:29 - 2012-03-11 12:05 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-03 07:31 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-07-03 07:30 - 2014-01-24 02:11 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-07-03 07:30 - 2013-05-22 20:20 - 00000000 ____D () C:\Users\five9\AppData\Roaming\ICAClient
2014-07-03 07:30 - 2013-05-22 20:20 - 00000000 ____D () C:\Users\five9
2014-07-03 07:30 - 2012-04-07 08:38 - 00000000 ____D () C:\Users\Guest
2014-07-03 07:30 - 2012-03-11 21:20 - 00000000 ____D () C:\Users\Andrea
2014-07-03 07:30 - 2012-03-10 20:50 - 00000000 __RHD () C:\MSOCache
2014-07-03 07:30 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration
2014-06-25 23:38 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\AppCompat
2014-06-21 23:10 - 2012-03-15 03:21 - 00000000 ____D () C:\Users\user\AppData\Roaming\BitComet
2014-06-19 16:42 - 2014-02-18 00:58 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Files to move or delete:
====================
C:\ProgramData\uninstaller.exe

Some content of TEMP:
====================
C:\Users\Andrea\AppData\Local\temp\0087201390544303mcinst.exe
C:\Users\Andrea\AppData\Local\temp\1_Offer_10.exe
C:\Users\user\AppData\Local\temp\Bit1FFE.tmp.exe
C:\Users\user\AppData\Local\temp\Bit310E.tmp.exe
C:\Users\user\AppData\Local\temp\Bit4F3B.tmp.exe
C:\Users\user\AppData\Local\temp\Bit5022.tmp.exe
C:\Users\user\AppData\Local\temp\Bit5CEF.tmp.exe
C:\Users\user\AppData\Local\temp\Bit8CA5.tmp.exe
C:\Users\user\AppData\Local\temp\BitA084.tmp.exe
C:\Users\user\AppData\Local\temp\BitABD8.tmp.exe
C:\Users\user\AppData\Local\temp\BitB639.tmp.exe
C:\Users\user\AppData\Local\temp\BitD49F.tmp.exe
C:\Users\user\AppData\Local\temp\BitD632.tmp.exe
C:\Users\user\AppData\Local\temp\BitD9EA.tmp.exe
C:\Users\user\AppData\Local\temp\BitDFE2.tmp.exe
C:\Users\user\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9sd7ap.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-18 20:57

==================== End Of Log ============================


----------



## akairi97 (Sep 14, 2010)

Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-07-2014
Ran by user at 2014-07-19 23:51:36
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
BitComet 1.34 (HKLM\...\BitComet) (Version: 1.34 - CometNetwork)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.02 - Broadcom Corporation)
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Juniper Networks Network Connect 7.1.0 (HKLM\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.19525 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.4.13103 - Juniper Networks, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.6.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 8.6.0 - )
McAfee SecurityCenter (HKLM\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MpcStar 5.4 (HKLM\...\MpcStar) (Version: 5.4 - www.mpcstar.com)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Shopop (HKLM\...\{3DF474D5-1D41-43B5-BEA7-7E320542FD61}) (Version: 10.203.68.14274 - My Pop Shop Ltd.) <==== ATTENTION
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

2009-07-13 22:04 - 2013-04-24 23:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {01EE1981-D1C0-48EB-9635-40E9F7913F2D} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline
Task: {2205F1AB-A268-4DF1-8A8D-3FDB9B3AEF76} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-11] (Google Inc.)
Task: {29C25347-E997-48BA-89CA-407ADE54BF67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-11] (Google Inc.)
Task: {96D1E417-C23C-464B-87A1-EA5A6973E1E8} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask
Task: {B907373B-B174-4D80-B277-869EFCB76DE1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {DF325981-790E-41C8-BEA4-6C14E642A024} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-753190379-2561579638-684410764-1004.job => C:\Program Files\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2014-07-19 23:46 - 2014-07-19 23:46 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9sd7ap.dll
2013-10-18 19:55 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-18 17:54 - 2014-06-18 17:54 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\user\Downloads\QuickTimeInstaller(1).exe:BDU
AlternateDataStreams: C:\Users\user\Downloads\Shockwave_Installer_Slim(2).exe:BDU

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"

==================== Faulty Device Manager Devices =============

Name: MpKsl21e4c5d0
Description: MpKsl21e4c5d0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl21e4c5d0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2014 04:38:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7de31
Faulting module name: saupkeep.dll_unloaded, version: 0.0.0.0, time stamp: 0x53ac36f7
Exception code: 0xc0000005
Fault offset: 0x6ee0b7a0
Faulting process id: 0x74c
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (07/18/2014 08:14:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: dfc

Start Time: 01cfa2c7f59e1af4

Termination Time: 135

Application Path: C:\Windows\Explorer.EXE

Report Id: a5d0fc02-0ed9-11e4-9190-842b2b8d4fa3

Error: (07/17/2014 10:47:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984

Error: (07/17/2014 10:47:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984

Error: (07/17/2014 10:47:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/16/2014 10:06:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.2.183.21, time stamp: 0x4b95e661
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00034d60
Faulting process id: 0x19bc
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (07/16/2014 06:16:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WFICA32.EXE version 12.1.44.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b3c

Start Time: 01cfa1391888ac3d

Termination Time: 13

Application Path: C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE

Report Id:

Error: (07/16/2014 04:54:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8066

Error: (07/16/2014 04:54:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8066

Error: (07/16/2014 04:54:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (07/19/2014 11:44:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (07/19/2014 02:09:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (07/18/2014 06:47:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (07/18/2014 06:46:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%1053

Error: (07/18/2014 06:46:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (07/18/2014 06:46:42 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053mcpltsvc{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (07/18/2014 06:46:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%1053

Error: (07/18/2014 06:46:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (07/17/2014 10:09:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (07/17/2014 03:36:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Microsoft Office Sessions:
=========================
Error: (07/19/2014 04:38:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7de31saupkeep.dll_unloaded0.0.0.053ac36f7c00000056ee0b7a074c01cfa37ebb1e189dC:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exesaupkeep.dlla8c25b30-0f84-11e4-b440-842b2b8d4fa3

Error: (07/18/2014 08:14:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567dfc01cfa2c7f59e1af4135C:\Windows\Explorer.EXEa5d0fc02-0ed9-11e4-9190-842b2b8d4fa3

Error: (07/17/2014 10:47:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9984

Error: (07/17/2014 10:47:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9984

Error: (07/17/2014 10:47:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/16/2014 10:06:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.2.183.214b95e661ntdll.dll6.1.7601.18247521ea91cc000000500034d6019bc01cfa161b30ad37cC:\Program Files\Google\Update\GoogleUpdate.exeC:\Windows\SYSTEM32\ntdll.dllf5d25eac-0d56-11e4-b034-842b2b8d4fa3

Error: (07/16/2014 06:16:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WFICA32.EXE12.1.44.1b3c01cfa1391888ac3d13C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE

Error: (07/16/2014 04:54:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8066

Error: (07/16/2014 04:54:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8066

Error: (07/16/2014 04:54:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 2012.8 MB
Available physical RAM: 895.71 MB
Total Pagefile: 4025.61 MB
Available Pagefile: 2640.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:216.37 GB) NTFS
Drive e: () (Removable) (Total:0.12 GB) (Free:0.05 GB) FAT

==================== MBR & Partition Table ==================

==================== End Of Log ============================


----------



## akairi97 (Sep 14, 2010)

[email protected]

No, I have never changed out any hardware on my PC


----------



## akairi97 (Sep 14, 2010)

@zigzag3143,

Im afraid I might mess something up with the verifier, because I dont have another PC to use to back up or if an issue happens. I have no idea what I am looking for as far as the driver is concern if I do run the verifier. Should I wait for another response after I copy and paste the FRST and Addition?


----------



## akairi97 (Sep 14, 2010)

I have no idea what is going on with my PC but just now I tried to restart my PC, the screen went black and wouldn't come back on. I had to shut down my PC and a message pulled up saying that it doing a startup repair


----------



## Mark1956 (May 7, 2011)

The FRST scan result shows you have a ZeroAccess rootkit infection, please do not do anything to the system unless I have posted the instructions for you to follow. I will have this moved to the Malware forum where only qualified members can post advice.

Are you still able to boot the PC to the desktop?

If not please please try it in Safe Mode and let me know if that works.


----------



## akairi97 (Sep 14, 2010)

Ok. Im able to get back into my system. So just go the the Malware forum?


----------



## Mark1956 (May 7, 2011)

The thread has been moved to the Malware forum so no need for you to do anything.

Please follow these instructions, this will kill the infection and then we will have some further checks to do and a bit of cleaning up.

We are now going to run FRST in a different way.


*IMPORTANT---> *First download the attachment at the bottom of this post by clicking on it and save it in the same location as FRST.
Launch *FRST* by double clicking on it. *DO NOT* click on the *Scan* button or check any of the boxes.
You may see a message that an update is installing, if so the program will close when the update completes, you will then need to double click on *FRST* to open it again.
When the *FRST* window opens click on the *Fix* button *just once* and wait.
You will see a message confirming the fix has been run and the log saved, click on *OK* and the Fixlog will open. *Copy & Paste* the full log it into your next reply.

*NOTE:* This fix has been written specifically for the PC being dealt with in this thread, if you run it on another system it may have undesirable consequences. If you have a similar problem, ask for help by opening a new thread in the appropriate forum.


----------



## akairi97 (Sep 14, 2010)

Hi. The FRST that I downloaded the first time is not on my desktop anymore and it was there earlier today. What could hae caused that?


----------



## akairi97 (Sep 14, 2010)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:20-07-2014
Ran by user at 2014-07-21 00:25:32 Run:1
Running from C:\Users\user\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-753190379-2561579638-684410764-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
HKU\S-1-5-21-753190379-2561579638-684410764-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
C:\ProgramData\uninstaller.exe
*****************

'HKU\S-1-5-21-753190379-2561579638-684410764-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}'=> Key not found.
'HKU\S-1-5-21-753190379-2561579638-684410764-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}' => Key deleted successfully.
C:\ProgramData\uninstaller.exe => Moved successfully.

==== End of Fixlog ====


----------



## Mark1956 (May 7, 2011)

Not sure why FRST would disappear, but as you managed to run the fix you either found it or downloaded a fresh copy.

Please now run FRST again and just do a scan with it and post the log produced, it will only produce one log on this occasion.

Then run this tool and post the log.

Please download RKill 
There are three buttons to choose from with different names on, select the first one and save it to your desktop.


Double-click on the *Rkill* desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and select *Run As Administrator*.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at *C:\rkill.log*. *Please Copy & Paste the entire log in your next reply.*
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.


----------



## akairi97 (Sep 14, 2010)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014
Ran by user (ATTENTION: The logged in user is not administrator) on USER-PC on 21-07-2014 18:44:22
Running from C:\Users\user\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2012-03-14] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H 
HKU\.DEFAULT\...\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H 
HKU\.DEFAULT\...\RunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H 
HKU\S-1-5-21-753190379-2561579638-684410764-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-11] (Google Inc.)
HKU\S-1-5-21-753190379-2561579638-684410764-1000\...\Run: [DellSystemDetect] => C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-m (the data entry has 2 more characters).
HKU\S-1-5-21-753190379-2561579638-684410764-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-753190379-2561579638-684410764-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {4F7A547C-42DE-4E5E-AB66-130C5C8A44E8} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US679&p={SearchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {4F7A547C-42DE-4E5E-AB66-130C5C8A44E8} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US679&p={SearchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={373B4106-37D9-40FA-BA6E-5A0498E1F39E}&mid=546a77795d1447d1922155626d69a650-b28ae433c51cad02b9b7d58d447040698c35f879&lang=en&ds=AVG&pr=pr&d=2013-03-30 14:40:59&v=15.0.0.2&pid=avg&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Shopop Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\amfk3ml5.default-1392470059994
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\user\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Extension: OutfoxTV - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\amfk3ml5.default-1392470059994\Extensions\[email protected] [2014-04-25]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\amfk3ml5.default-1392470059994\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-15]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\[email protected] [2014-06-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-01-24]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (SiteAdvisor) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-17]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-17]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-07-03]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx [2014-07-03]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx [2014-07-03]
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Andrea\AppData\Local\Temp\ccex.crx [2014-07-03]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2014-07-03]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2014-07-03]

========================== Services (Whitelisted) =================

S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [670792 2011-10-11] (Juniper Networks)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-04-03] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61400 2014-04-03] (McAfee, Inc.)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2011-10-11] (Juniper Networks)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134600 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236672 2014-04-03] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [367776 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [574576 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [345584 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81264 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [215624 2014-04-03] (McAfee, Inc.)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Andrea\AppData\Local\Temp\catchme.sys [X]
S3 CFcatchme; \??\C:\Users\Andrea\AppData\Local\Temp\CFcatchme.sys [X]
S1 MpKsl21e4c5d0; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEB89E3A-1A6C-4CE1-93CC-C0DD3E137062}\MpKsl21e4c5d0.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-21 01:08 - 2014-07-21 01:08 - 00000214 _____ () C:\Users\user\Desktop\BB&T Bank Personal Banking, Small Business Banking, Mortgages, Invest.URL
2014-07-21 00:25 - 2014-07-21 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-21 00:24 - 2014-07-21 00:24 - 01080320 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-07-20 11:43 - 2014-07-20 11:43 - 214862665 _____ () C:\Windows\MEMORY.DMP
2014-07-20 11:43 - 2014-07-20 11:43 - 00000000 ____D () C:\Windows\Minidump
2014-07-19 23:51 - 2014-07-19 23:51 - 00029493 _____ () C:\Users\user\Desktop\Addition.txt
2014-07-19 23:50 - 2014-07-21 18:44 - 00019951 _____ () C:\Users\user\Desktop\FRST.txt
2014-07-19 23:50 - 2014-07-21 18:44 - 00000000 ____D () C:\FRST
2014-07-19 07:39 - 2014-07-19 07:39 - 00025011 _____ () C:\Users\user\Desktop\071514-21699-01.zip
2014-07-19 07:39 - 2014-07-15 03:31 - 00145680 _____ () C:\Users\user\Desktop\071514-21699-01.dmp
2014-07-19 00:11 - 2014-07-19 00:11 - 00000141 _____ () C:\Users\user\Desktop\Minidump.7z
2014-07-19 00:10 - 2014-07-19 00:10 - 00000152 _____ () C:\Users\user\Desktop\Minidump.zip
2014-07-19 00:09 - 2014-07-19 00:09 - 00000000 ____D () C:\Users\user\Documents\Outlook Files
2014-07-14 18:23 - 2014-07-18 23:59 - 00116736 ___SH () C:\Users\user\Desktop\Thumbs.db
2014-07-13 12:39 - 2014-07-20 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-13 12:39 - 2014-07-13 12:39 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-13 12:39 - 2014-07-13 12:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-13 12:39 - 2014-07-13 12:39 - 00000000 ____D () C:\Program Files\iTunes
2014-07-13 12:39 - 2014-07-13 12:39 - 00000000 ____D () C:\Program Files\iPod
2014-07-13 09:30 - 2014-07-13 14:09 - 00016058 _____ () C:\Users\user\Desktop\Income Sheet.xlsx
2014-07-09 07:25 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 07:25 - 2014-06-17 20:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 07:25 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 07:25 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 07:25 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 07:25 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 07:25 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 07:25 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 07:25 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 07:25 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 07:25 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 07:25 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 07:25 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 07:25 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 07:25 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 07:25 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 07:25 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 07:25 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 07:25 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 07:25 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 07:25 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 07:25 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-09 07:25 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 07:25 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 07:24 - 2014-06-05 10:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 07:24 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 07:24 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 07:24 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 07:24 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 07:24 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 07:24 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 07:24 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 07:24 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

2014-07-21 18:44 - 2014-07-19 23:50 - 00019951 _____ () C:\Users\user\Desktop\FRST.txt
2014-07-21 18:44 - 2014-07-19 23:50 - 00000000 ____D () C:\FRST
2014-07-21 18:41 - 2014-02-26 18:59 - 00000514 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-753190379-2561579638-684410764-1004.job
2014-07-21 18:41 - 2013-06-28 00:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 18:41 - 2012-03-11 21:20 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 01:08 - 2014-07-21 01:08 - 00000214 _____ () C:\Users\user\Desktop\BB&T Bank Personal Banking, Small Business Banking, Mortgages, Invest.URL
2014-07-21 00:26 - 2009-07-14 00:34 - 00014240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 00:26 - 2009-07-14 00:34 - 00014240 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 00:25 - 2014-07-21 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-21 00:25 - 2012-03-10 19:57 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-21 00:24 - 2014-07-21 00:24 - 01080320 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-07-21 00:24 - 2012-03-10 19:56 - 01408764 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 00:22 - 2012-07-24 09:13 - 00000000 ____D () C:\Users\user\Desktop\Minidump
2014-07-21 00:21 - 2014-05-26 07:37 - 00000000 ___RD () C:\Users\user\Dropbox
2014-07-21 00:21 - 2014-05-26 07:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\DropboxMaster
2014-07-21 00:21 - 2014-03-23 10:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2014-07-21 00:21 - 2012-03-11 21:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 00:20 - 2014-05-21 23:01 - 00010911 _____ () C:\Windows\setupact.log
2014-07-21 00:20 - 2013-09-12 17:15 - 00063984 _____ () C:\Windows\error.log
2014-07-21 00:20 - 2013-09-12 17:15 - 00015235 _____ () C:\Windows\errord.log
2014-07-21 00:20 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 19:06 - 2014-01-24 02:16 - 00000000 ____D () C:\Program Files\McAfee
2014-07-20 19:05 - 2013-08-25 23:02 - 00197848 _____ () C:\Windows\PFRO.log
2014-07-20 15:42 - 2012-04-07 08:38 - 00000000 ____D () C:\Users\Guest
2014-07-20 15:42 - 2012-03-11 21:20 - 00000000 ____D () C:\Users\Andrea
2014-07-20 15:41 - 2014-07-13 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 15:41 - 2014-01-24 02:11 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-07-20 15:41 - 2013-05-22 20:20 - 00000000 ____D () C:\Users\five9\AppData\Roaming\ICAClient
2014-07-20 15:41 - 2012-03-10 20:50 - 00000000 __RHD () C:\MSOCache
2014-07-20 15:41 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-07-20 15:41 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration
2014-07-20 15:41 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\AppCompat
2014-07-20 15:39 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-07-20 14:21 - 2013-05-22 20:20 - 00000000 ____D () C:\Users\five9
2014-07-20 11:43 - 2014-07-20 11:43 - 214862665 _____ () C:\Windows\MEMORY.DMP
2014-07-20 11:43 - 2014-07-20 11:43 - 00000000 ____D () C:\Windows\Minidump
2014-07-19 23:51 - 2014-07-19 23:51 - 00029493 _____ () C:\Users\user\Desktop\Addition.txt
2014-07-19 07:39 - 2014-07-19 07:39 - 00025011 _____ () C:\Users\user\Desktop\071514-21699-01.zip
2014-07-19 00:11 - 2014-07-19 00:11 - 00000141 _____ () C:\Users\user\Desktop\Minidump.7z
2014-07-19 00:10 - 2014-07-19 00:10 - 00000152 _____ () C:\Users\user\Desktop\Minidump.zip
2014-07-19 00:09 - 2014-07-19 00:09 - 00000000 ____D () C:\Users\user\Documents\Outlook Files
2014-07-18 23:59 - 2014-07-14 18:23 - 00116736 ___SH () C:\Users\user\Desktop\Thumbs.db
2014-07-15 16:41 - 2013-05-05 21:54 - 00000051 _____ () C:\Users\user\Desktop\WINDOWS SECRET.txt
2014-07-15 03:31 - 2014-07-19 07:39 - 00145680 _____ () C:\Users\user\Desktop\071514-21699-01.dmp
2014-07-13 14:09 - 2014-07-13 09:30 - 00016058 _____ () C:\Users\user\Desktop\Income Sheet.xlsx
2014-07-13 12:39 - 2014-07-13 12:39 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-13 12:39 - 2014-07-13 12:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-13 12:39 - 2014-07-13 12:39 - 00000000 ____D () C:\Program Files\iTunes
2014-07-13 12:39 - 2014-07-13 12:39 - 00000000 ____D () C:\Program Files\iPod
2014-07-13 12:39 - 2012-03-15 00:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-11 22:31 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-07-09 18:36 - 2013-06-28 00:39 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 18:36 - 2013-06-28 00:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 07:37 - 2009-07-14 00:33 - 00419680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 07:35 - 2009-07-14 03:49 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 07:33 - 2012-03-10 20:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 07:31 - 2013-08-15 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 07:29 - 2012-03-11 12:05 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-21 23:10 - 2012-03-15 03:21 - 00000000 ____D () C:\Users\user\AppData\Roaming\BitComet

Some content of TEMP:
====================
C:\Users\Andrea\AppData\Local\temp\0087201390544303mcinst.exe
C:\Users\Andrea\AppData\Local\temp\1_Offer_10.exe
C:\Users\user\AppData\Local\temp\Bit1FFE.tmp.exe
C:\Users\user\AppData\Local\temp\Bit310E.tmp.exe
C:\Users\user\AppData\Local\temp\Bit4F3B.tmp.exe
C:\Users\user\AppData\Local\temp\Bit5022.tmp.exe
C:\Users\user\AppData\Local\temp\Bit5CEF.tmp.exe
C:\Users\user\AppData\Local\temp\Bit8CA5.tmp.exe
C:\Users\user\AppData\Local\temp\BitA084.tmp.exe
C:\Users\user\AppData\Local\temp\BitABD8.tmp.exe
C:\Users\user\AppData\Local\temp\BitB639.tmp.exe
C:\Users\user\AppData\Local\temp\BitD49F.tmp.exe
C:\Users\user\AppData\Local\temp\BitD632.tmp.exe
C:\Users\user\AppData\Local\temp\BitD9EA.tmp.exe
C:\Users\user\AppData\Local\temp\BitDFE2.tmp.exe
C:\Users\user\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcagbda.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-18 20:57

==================== End Of Log ============================


----------



## akairi97 (Sep 14, 2010)

Rkill 2.6.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/21/2014 06:52:35 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 07/21/2014 06:52:55 PM
Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)


----------



## akairi97 (Sep 14, 2010)

I tired to restart my PC and it keeps pulling up the blue screen. I had to use my ipad to send you the message and picture. I had 2 options startup repair or start normally. If I startup normally. Then it will keep pulling up the blue screen. I had no choice but to do the startup repair


----------



## akairi97 (Sep 14, 2010)

My computer won't start back up. I don't know what to do


----------



## Mark1956 (May 7, 2011)

Can you get it to start in Safe Mode?

Do you have the Windows 7 installation disc?


----------



## akairi97 (Sep 14, 2010)

Not even in safe mode. but it miraculously came back up. I left the computer alone for about 3 hours and did another windows start up and it worked. I Have no idea how that happened. But I am able to restart and my PC is back now. What could have happened? I was so scared because I work from home. My computer is 5 years old. Does that mean its time for another one? Yes I do have windows installation operating system


----------



## akairi97 (Sep 14, 2010)

Wow, I noticed that your in Spain and the time difference is huge


----------



## DaveBurnett (Nov 11, 2002)

We threatened it with action?? !!!! .....................

That's why we ask people to put their location on their profile so we're not trying to talk to someone that is in bed or at work


----------



## Mark1956 (May 7, 2011)

The symptoms you are describing would suggest a possible hardware error, I would suggest running a check on the hard drive. We will try this scan first and then see the results.

*Disk Check*


Click on *Start* then type *cmd* in the search box. A menu will pop up with *cmd* at the top, *right click* on it and select *Run as Administrator*. Another box will open, at the prompt type *chkdsk /r* and hit *Enter*._ *Note:* you must include a space between the *k* and the */*_
You will then see the following message:
*chkdsk* cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts?* (Y/N)*
Type *Y* for yes, and hit *Enter*. Then reboot the computer. 
*chkdsk* will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (_The *chkdsk* process may take an hour or more to finish, if it appears to freeze this is normal so *do not* interrupt it. On drives above 500GB it can take several hours._)
When the Disk Check is done, it will finish loading Windows.

When back at the desktop, follow this to find the log:


On your keyboard, hold down the key with the Windows symbol on it and the *A* key at the same time, a *Run* box will open, release the keys. Type *powershell.exe* into the box and hit the *Enter* key.
Then hold down the *left* mouse button with the cursor at the beginning of this line below and drag it to the end of the line, so the entire command turns blue, make sure you have not missed anything at the start or the end of the line and nothing else on the screen has turned blue. Then *right* click on the blue area and select *Copy*. Go to the *Powershell* window and *right* click on it and select *Paste*. If you make a mistake when highlighting the command, just click the mouse anywhere on the page and try again.

*get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername -match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt*


The command line you copied should now appear in the box, next hit the *Enter* key on your keyboard.
You should now find a text document on your Desktop called *CHKDSKResults*.
*Double* click on the *CHKDSKResults* file and it will open showing the results. *Copy & Paste* the results into your next reply.


----------



## akairi97 (Sep 14, 2010)

My issue is that when you give me assignments to do, after I respond, I have to wait for a while until you tell me what to do next and during that time my computer will act up because its incomplete of what we are doing and if something might go wrong again and I wont be able to get back on my PC by tomorrow to work. The step that your asking me to do, will it cause an issue to where I wont be able to get back on it again? Im afraid something bad might happened like last time


----------



## Mark1956 (May 7, 2011)

Your PC appears to be in an unstable state so it is impossible to predict when it may go wrong again. The test I have suggested you run with Seatools is done from outside of windows and will not make any changes to the system, it is purely a test on the health of the hard drive. If the system does fail to boot again after the test it will be a coincidence.

One thing I would highly recommend is that you back up all your important files to an external source, just in case it does fail to boot again and then not recover. I think it is extremely likely this problem is a hardware issue so we need to run some tests to try and determine what it is, without running the tests we are not going to be able to find the cause. It may be something as simple as a loose connection.


----------



## akairi97 (Sep 14, 2010)

Hello. The disk check is done but when I press the windows and the A key nothing is pulling up. I don't know what to do next


----------



## Mark1956 (May 7, 2011)

Try clicking on the Start button then type *run* into the search box, a list should pop up with *Run* at the top, click on it and the Run box should open, then continue with the rest of the instructions.


----------



## akairi97 (Sep 14, 2010)

TimeCreated : 7/27/2014 02:32:56
Message : 

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk. 

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0xd6b0.
Cleaning up instance tags for file 0x12c55.
239872 file records processed. 

File verification completed.
618 large file records processed. 

0 bad file records processed. 

0 EA records processed. 

107 reparse records processed. 

CHKDSK is verifying indexes (stage 2 of 5)...
310650 index entries processed. 

Index verification completed.
0 unindexed files scanned. 

0 unindexed files recovered. 

CHKDSK is verifying security descriptors (stage 3 of 5)...
239872 file SDs/SIDs processed. 

Cleaning up 5087 unused index entries from index $SII of file 0x9
.
Cleaning up 5087 unused index entries from index $SDH of file 0x9
.
Cleaning up 5087 unused security descriptors.
CHKDSK is compacting the security descriptor stream
35390 data files processed. 

CHKDSK is verifying Usn Journal...
36537952 USN bytes processed. 

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
239856 files processed. 

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
56278552 free clusters processed. 

Free space verification is complete.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

312466431 KB total disk space.
86904108 KB in 136482 files.
95924 KB in 35393 indexes.
0 KB in bad sectors.
352187 KB in use by the system.
65536 KB occupied by the log file.
225114212 KB available on disk.

4096 bytes in each allocation unit.
78116607 total allocation units on disk.
56278553 allocation units available on disk.

Internal Info:
00 a9 03 00 6d 9f 02 00 94 c0 04 00 00 00 00 00 ....m...........
c1 3e 00 00 6b 00 00 00 00 00 00 00 00 00 00 00 .>..k...........
78 8e 1c 00 50 01 1b 00 a0 1b 1b 00 00 00 1b 00 x...P...........

Windows has finished checking your disk.
Please wait while your computer restarts.


----------



## Mark1956 (May 7, 2011)

The disc check did correct some minor errors, but nothing found that could explain the boot problem you had. If you have not already done so you should create a back up of all your important files to an external hard drive or CD/DVD's simply as a precaution should it go wrong again and does not recover, you will need to reboot the system during the following operations.

Before you start, please create a Restore Point so you have something to go back to after the infection had been removed. Follow the instruction in Option 2 in this link: Create a System Restore Point in Windows 7

Please now do the following:

Please uninstall *Shopop* as it is Adware.

Please run this Temp file cleaner:
NOTE: This will empty your recycle bin, if you have anything you need in there please save it before you run this scan.
Download Temporary file cleaner and save it to the desktop. Make sure you do not use the Download button in the advert at the top of the page, use the big blue button right next to *Author: Old Timer* which says Download Now @ Author's Site
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select *Run as Administrator*.
When the window opens click on* Start*. It will close all running programs and clear the desktop icons (they will return after the scan).
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.

NOTE: There is no need to post the log, just confirm in your next post that it ran without a problem. At times it may appear to freeze, which is perfectly normal, it may take a while to complete the clean up depending on the amount of temporary files there are on the system.

========================================

Run this program to check for and remove any Adware:

Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop: 

You will then see the screen below, click on the *Scan* button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the *Clean* button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.

*NOTE:* If for any reason the report does not appear, open Windows Explorer and click on the C: drive in the left pane, in the right pane you should find a new folder called *Adwcleaner*, double click on it and you will see the saved logs. Find the log that has a number in brackets starting with an *S* NOT *R*, similar to this: *Adwcleaner[S1]*, double click on the one with the highest number and the log will open, Copy & Paste it into your reply.



========================================

Then run this to clean up some orphan files and remnants of MSE and Combofix.

We are now going to run FRST in a different way.


*IMPORTANT---> *First download the attachment at the bottom of this post by clicking on it and save it in the same location as FRST.
Launch *FRST* by double clicking on it. *DO NOT* click on the *Scan* button or check any of the boxes.
You may see a message that an update is installing, if so the program will close when the update completes, you will then need to double click on *FRST* to open it again.
When the *FRST* window opens click on the *Fix* button *just once* and wait.
You will see a message confirming the fix has been run and the log saved, click on *OK* and the Fixlog will open. *Copy & Paste* the full log it into your next reply.

*NOTE:* This fix has been written specifically for the PC being dealt with in this thread, if you run it on another system it may have undesirable consequences. If you have a similar problem, ask for help by opening a new thread in the appropriate forum.


----------



## akairi97 (Sep 14, 2010)

i have no idea where shopop is. Its not in my prgrams to uninstall


----------



## akairi97 (Sep 14, 2010)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-07-2014
Ran by user at 2014-07-27 09:47:30 Run:2
Running from C:\Users\user\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S3 catchme; \??\C:\Users\Andrea\AppData\Local\Temp\catchme.sys [X]
S3 CFcatchme; \??\C:\Users\Andrea\AppData\Local\Temp\CFcatchme.sys [X]
S1 MpKsl21e4c5d0; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEB89E3A-1A6C-4CE1-93CC-C0DD3E137062}\MpKsl21e4c5d0.sys [X]
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {4F7A547C-42DE-4E5E-AB66-130C5C8A44E8} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US679&p={SearchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {4F7A547C-42DE-4E5E-AB66-130C5C8A44E8} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US679&p={SearchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={373B4106-37D9-40FA-BA6E-5A0498E1F39E}&mid=546a77795d1447d1922155626d69a650-b28ae433c51cad02b9b7d58d447040698c35f879&lang=en&ds=AVG&pr=pr&d=2013-03-30 14:40:59&v=15.0.0.2&pid=avg&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - No File
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
*****************

catchme => Service deleted successfully.
CFcatchme => Service deleted successfully.
MpKsl21e4c5d0 => Service deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key not found.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key not found.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key not found.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key not found.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"

Listing permissions failed. Access Denied.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4F7A547C-42DE-4E5E-AB66-130C5C8A44E8}" => Key not found.
"HKCR\CLSID\{4F7A547C-42DE-4E5E-AB66-130C5C8A44E8}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
"HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value deleted successfully.
"HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}" => Key not found.
"HKCR\PROTOCOLS\Handler\wot" => Key deleted successfully.
"HKCR\CLSID\{C2A44D6B-CB9F-4663-88A6-DF2F26E4D952}" => Key not found.
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION => Error: No automatic fix found for this entry.

==== End of Fixlog ====


----------



## Mark1956 (May 7, 2011)

Did you run Adwcleaner before looking for Shopop? It may have removed it. I still need you to post the log from Adwcleaner.


----------



## akairi97 (Sep 14, 2010)

I dont understand the notes about locating the adwcleaner log. I cant find it


----------



## akairi97 (Sep 14, 2010)

I my IE wouldn't open up so I restarted my PC and the blue screen of death came back up


----------



## akairi97 (Sep 14, 2010)

# AdwCleaner v3.014 - Report created 08/12/2013 at 15:11:07
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : five9 - USER-PC
# Running from : C:\Users\five9\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\five9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Users\five9\AppData\Roaming\Mozilla\Firefox\Profiles\jv1y38gv.default-1383948970022\searchplugins\Conduit.xml
File Found : C:\Users\five9\AppData\Roaming\Mozilla\Firefox\Profiles\jv1y38gv.default-1383948970022\user.js
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\ProgramData\Conduit
Folder Found C:\Users\five9\AppData\Local\Conduit
Folder Found C:\Users\five9\AppData\LocalLow\boost_interprocess
Folder Found C:\Users\five9\AppData\LocalLow\Conduit
Folder Found C:\Users\five9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found C:\Users\five9\AppData\Roaming\Searchprotect
Folder Found C:\Users\user\AppData\LocalLow\boost_interprocess
Folder Found C:\Users\user\AppData\Roaming\Searchprotect

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\incredibar.com
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\wecarereminder
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\85q6uavj.default-1353117864777\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9e4srnpu.default-1359319419513\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ducxk4lc.default-1365943290347\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qig3ngf0.default-1372311431398\prefs.js ]

[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\prefs.js ]

[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\prefs.js ]

[ File : C:\Users\five9\AppData\Roaming\Mozilla\Firefox\Profiles\jv1y38gv.default-1383948970022\prefs.js ]

Line Found : user_pref("CT3306061.FF19Solved", "true");
Line Found : user_pref("CT3306061.UserID", "UN11357949522951286");
Line Found : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3306061.fullUserID", "UN11357949522951286.IN.20131207230142");
Line Found : user_pref("CT3306061.installDate", "07/12/2013 23:01:52");
Line Found : user_pref("CT3306061.installSessionId", "{8716C375-12B4-419E-8831-FBE70261A8EE}");
Line Found : user_pref("CT3306061.installSp", "true");
Line Found : user_pref("CT3306061.installerVersion", "1.8.1.4");
Line Found : user_pref("CT3306061.keyword", "true");
Line Found : user_pref("CT3306061.originalHomepage", "google.com");
Line Found : user_pref("CT3306061.originalSearchAddressUrl", "");
Line Found : user_pref("CT3306061.originalSearchEngine", "");
Line Found : user_pref("CT3306061.originalSearchEngineName", "");
Line Found : user_pref("CT3306061.searchRevert", "true");
Line Found : user_pref("CT3306061.searchUninstallUserMode", "2");
Line Found : user_pref("CT3306061.searchUserMode", "2");
Line Found : user_pref("CT3306061.smartbar.homepage", "true");
Line Found : user_pref("CT3306061.toolbarInstallDate", "07-12-2013 23:01:42");
Line Found : user_pref("CT3306061.versionFromInstaller", "10.22.5.10");
Line Found : user_pref("CT3306061.xpeMode", "0");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource=61&CUI=UN11357949522951286&UM=2&UP=SP1B536333-572E-48E4-9480-6353F861FEF2");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN11357949522951286&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("searchreset.backup.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN11357949522951286&UM=2&q=");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN11357949522951286&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN11357949522951286&UM=2&q=");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Found : user_pref("smartbar.machineId", "V+GRNQIRRSJNOKOBCJ2HIEI+HZCJBTX+JTWNBXVFQLD/S2FL5XWI7EWVDYL9NXB3/U5+W266/ORERQMV5L9T0G");
Line Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN11357949522951286&UM=2&SearchSource=13");

-\\ Google Chrome v

[ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\five9\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [8152 octets] - [08/12/2013 15:11:07]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8212 octets] ##########
# AdwCleaner v3.216 - Report created 27/07/2014 at 09:36:46
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Andrea - USER-PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\ProgramData\uninstaller.exe
File Found : C:\Users\Andrea\Desktop\Configure VO Package.lnk
File Found : C:\Users\user\daemonprocess.txt
Folder Found : C:\Program Files\Mobogenie
Folder Found : C:\Users\Andrea\AppData\Local\genienext
Folder Found : C:\Users\Andrea\AppData\Local\Mobogenie
Folder Found : C:\Users\Andrea\AppData\LocalLow\Smartbar
Folder Found : C:\Users\Andrea\AppData\Roaming\Nico Mak Computing
Folder Found : C:\Users\Andrea\Documents\Mobogenie
Folder Found : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\5we5j610.default\adawaretb

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\SearchProtectINT
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\smartbarbackup
Key Found : HKCU\Software\smartbarlog
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\dmwu_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\dmwu_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\prefs.js ]

[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\prefs.js ]

[ File : C:\Users\five9\AppData\Roaming\Mozilla\Firefox\Profiles\hly0fp1x.default-1400726222203\prefs.js ]

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\5we5j610.default\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\85q6uavj.default-1353117864777\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9e4srnpu.default-1359319419513\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\amfk3ml5.default-1392470059994\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ducxk4lc.default-1365943290347\prefs.js ]

*************************

AdwCleaner[R0].txt - [15068 octets] - [08/12/2013 16:11:07]
AdwCleaner[S0].txt - [8180 octets] - [08/12/2013 16:15:15]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [15189 octets] ##########


----------



## akairi97 (Sep 14, 2010)

# AdwCleaner v3.014 - Report created 08/12/2013 at 15:15:15
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : five9 - USER-PC
# Running from : C:\Users\five9\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Users\user\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\user\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\five9\AppData\Local\Conduit
Folder Deleted : C:\Users\five9\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\five9\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\five9\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\five9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
File Deleted : C:\END
File Deleted : C:\Users\five9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\five9\AppData\Roaming\Mozilla\Firefox\Profiles\jv1y38gv.default-1383948970022\searchplugins\Conduit.xml
File Deleted : C:\Users\five9\AppData\Roaming\Mozilla\Firefox\Profiles\jv1y38gv.default-1383948970022\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\incredibar.com
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\85q6uavj.default-1353117864777\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9e4srnpu.default-1359319419513\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ducxk4lc.default-1365943290347\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qig3ngf0.default-1372311431398\prefs.js ]

[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\prefs.js ]

[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\prefs.js ]

[ File : C:\Users\five9\AppData\Roaming\Mozilla\Firefox\Profiles\jv1y38gv.default-1383948970022\prefs.js ]

Line Deleted : user_pref("CT3306061.FF19Solved", "true");
Line Deleted : user_pref("CT3306061.UserID", "UN11357949522951286");
Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3306061.fullUserID", "UN11357949522951286.IN.20131207230142");
Line Deleted : user_pref("CT3306061.installDate", "07/12/2013 23:01:52");
Line Deleted : user_pref("CT3306061.installSessionId", "{8716C375-12B4-419E-8831-FBE70261A8EE}");
Line Deleted : user_pref("CT3306061.installSp", "true");
Line Deleted : user_pref("CT3306061.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3306061.keyword", "true");
Line Deleted : user_pref("CT3306061.originalHomepage", "google.com");
Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3306061.originalSearchEngine", "");
Line Deleted : user_pref("CT3306061.originalSearchEngineName", "");
Line Deleted : user_pref("CT3306061.searchRevert", "true");
Line Deleted : user_pref("CT3306061.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3306061.searchUserMode", "2");
Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");
Line Deleted : user_pref("CT3306061.toolbarInstallDate", "07-12-2013 23:01:42");
Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.22.5.10");
Line Deleted : user_pref("CT3306061.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource=61&CUI=UN11357949522951286&UM=2&UP=SP1B536333-572E-48E4-9480-6353F861FEF2");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN11357949522951286&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("searchreset.backup.keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN11357949522951286&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN11357949522951286&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN11357949522951286&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.machineId", "V+GRNQIRRSJNOKOBCJ2HIEI+HZCJBTX+JTWNBXVFQLD/S2FL5XWI7EWVDYL9NXB3/U5+W266/ORERQMV5L9T0G");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN11357949522951286&UM=2&SearchSource=13");

-\\ Google Chrome v

[ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\five9\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [8292 octets] - [08/12/2013 15:11:07]
AdwCleaner[S0].txt - [8040 octets] - [08/12/2013 15:15:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8100 octets] ##########
# AdwCleaner v3.216 - Report created 27/07/2014 at 09:39:50
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Andrea - USER-PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Users\Andrea\AppData\Local\genienext
Folder Deleted : C:\Users\Andrea\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Andrea\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Andrea\AppData\Roaming\Nico Mak Computing
Folder Deleted : C:\Users\Andrea\Documents\Mobogenie
Folder Deleted : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\5we5j610.default\adawaretb
File Deleted : C:\ProgramData\uninstaller.exe
File Deleted : C:\Users\Andrea\Desktop\Configure VO Package.lnk
File Deleted : C:\Users\user\daemonprocess.txt

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\dmwu_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\dmwu_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\prefs.js ]

[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\prefs.js ]

[ File : C:\Users\five9\AppData\Roaming\Mozilla\Firefox\Profiles\hly0fp1x.default-1400726222203\prefs.js ]

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\5we5j610.default\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\85q6uavj.default-1353117864777\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9e4srnpu.default-1359319419513\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\amfk3ml5.default-1392470059994\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ducxk4lc.default-1365943290347\prefs.js ]

*************************

AdwCleaner[R0].txt - [15268 octets] - [08/12/2013 16:11:07]
AdwCleaner[S0].txt - [15154 octets] - [08/12/2013 16:15:15]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [15215 octets] ##########


----------



## Mark1956 (May 7, 2011)

You seem to have got into a bit of a muddle with the Adwcleaner logs as you have posted a couple from December, it tells you in my instructions to post the log produced after the reboot, didn't the log appear?

I'd like you to run it again now to make sure there are no persistent items that may have come back. Copy the log that appears after the reboot.

Then run this and post the log.

*System File Checker*


Click on *Start* and type *cmd* in the search box. Right click on *cmd* in the popup menu and select *Run as Administrator*.
Another box will open, at the Command Prompt, type *sfc /scannow* and press Enter. (Note the gap between the c and the /) 
Let the check run to completion. *DO NOT* reboot the PC or close the *cmd* window.
Copy & Paste the following command at the Command Prompt and press Enter:

* findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt*


This will place a file on your desktop called *sfcdetails.txt* which contains the results of the scan.
Copy and Paste the contents of the file into your next post.


----------



## akairi97 (Sep 14, 2010)

The logs didnt appear after the reboot so I had to go and search for them. Also I cant tell if the Scan is complete or not because all it shows is "pending, please uncheck any elements that you want to remove". Its just stuck there. It was like that earlier too and I just hit the clean button, and when I reboot the system it didnt pull up the logs, I had to go into my C: to retrieve them


----------



## akairi97 (Sep 14, 2010)

# AdwCleaner v3.300 - Report created 27/07/2014 at 23:12:05
# Updated 27/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Andrea - USER-PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\ProgramData\uninstaller.exe
File Found : C:\Users\Andrea\Desktop\Configure VO Package.lnk
Folder Found : C:\Program Files\Mobogenie
Folder Found : C:\Users\Andrea\AppData\Local\Temp\Smartbar

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\SearchProtectINT
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\smartbarbackup
Key Found : HKCU\Software\smartbarlog
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\dmwu_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\dmwu_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\prefs.js ]

[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\prefs.js ]

[ File : C:\Users\five9\AppData\Roaming\Mozilla\Firefox\Profiles\hly0fp1x.default-1400726222203\prefs.js ]

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\5we5j610.default\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\85q6uavj.default-1353117864777\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9e4srnpu.default-1359319419513\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\amfk3ml5.default-1392470059994\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ducxk4lc.default-1365943290347\prefs.js ]

*************************

AdwCleaner[R0].txt - [6312 octets] - [27/07/2014 23:12:05]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [6372 octets] ##########


----------



## akairi97 (Sep 14, 2010)

# AdwCleaner v3.300 - Report created 27/07/2014 at 23:37:05
# Updated 27/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Andrea - USER-PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Users\Andrea\AppData\Local\Temp\Smartbar
File Deleted : C:\ProgramData\uninstaller.exe
File Deleted : C:\Users\Andrea\Desktop\Configure VO Package.lnk

***** [ Tâches planifiées ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\dmwu_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\dmwu_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\prefs.js ]

[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\prefs.js ]

[ File : C:\Users\five9\AppData\Roaming\Mozilla\Firefox\Profiles\hly0fp1x.default-1400726222203\prefs.js ]

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\5we5j610.default\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\85q6uavj.default-1353117864777\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9e4srnpu.default-1359319419513\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\amfk3ml5.default-1392470059994\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ducxk4lc.default-1365943290347\prefs.js ]

*************************

AdwCleaner[R0].txt - [6450 octets] - [27/07/2014 23:12:05]
AdwCleaner[S0].txt - [6497 octets] - [27/07/2014 23:37:05]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [6557 octets] ##########


----------



## Mark1956 (May 7, 2011)

> The logs didnt appear after the reboot so I had to go and search for them. Also I cant tell if the Scan is complete or not because all it shows is "pending, please uncheck any elements that you want to remove". Its just stuck there. It was like that earlier too and I just hit the clean button, and when I reboot the system it didnt pull up the logs, I had to go into my C: to retrieve them


When it shows* "pending, please uncheck any elements that you want to remove" *that means the Scan has completed. I'm not sure why the log isn't appearing after the reboot.

There is also another hitch as the last couple of scans show almost all the same items being deleted. You also do not need to post the Scan log, just the Clean log, the one that starts with an *S* in the enclosed brackets.

Please run the Scan and Clean again and just post the new log.


----------



## akairi97 (Sep 14, 2010)

Hello, I apologize for my late response. 

I have ran the Adwcleaner multiple times and It not generating any report logs at all. Before I had to search for them, but this time its not there at all. I had deleted the old logs and reran it but no reports pull up after reboot.


----------



## Mark1956 (May 7, 2011)

Ok, lets see if there is anything still being found. Run Adwcleaner and click on the Scan button, then click on Report and copy the log into your next reply.


----------



## akairi97 (Sep 14, 2010)

# AdwCleaner v3.302 - Report created 04/08/2014 at 17:52:35
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Andrea - USER-PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\prefs.js ]

[ File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\prefs.js ]

[ File : C:\Users\five9\AppData\Roaming\Mozilla\Firefox\Profiles\hly0fp1x.default-1400726222203\prefs.js ]

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\5we5j610.default\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\85q6uavj.default-1353117864777\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9e4srnpu.default-1359319419513\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\amfk3ml5.default-1392470059994\prefs.js ]

[ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ducxk4lc.default-1365943290347\prefs.js ]

*************************

AdwCleaner[R1].txt - [1914 octets] - [03/08/2014 23:08:47]
AdwCleaner[R2].txt - [1684 octets] - [03/08/2014 23:27:20]
AdwCleaner[R3].txt - [1744 octets] - [03/08/2014 23:29:20]
AdwCleaner[R4].txt - [1606 octets] - [04/08/2014 17:52:35]
AdwCleaner[S1].txt - [1927 octets] - [03/08/2014 23:22:53]
AdwCleaner[S2].txt - [1805 octets] - [03/08/2014 23:30:37]

########## EOF - \AdwCleaner\AdwCleaner[R4].txt - [1786 octets] ##########


----------



## Mark1956 (May 7, 2011)

We now have a clean log from Adwcleaner, so that is the Adware taken care of.

Please now continue with my instructions in post 45 to run the System File Checker.


----------



## akairi97 (Sep 14, 2010)

2014-08-05 18:06:19, Info CSI 00000009 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:06:19, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2014-08-05 18:06:23, Info CSI 0000000c [SR] Verify complete
2014-08-05 18:06:23, Info CSI 0000000d [SR] Verifying 100 (0x00000064) components
2014-08-05 18:06:23, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2014-08-05 18:06:26, Info CSI 00000010 [SR] Verify complete
2014-08-05 18:06:26, Info CSI 00000011 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:06:26, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2014-08-05 18:06:31, Info CSI 00000014 [SR] Verify complete
2014-08-05 18:06:32, Info CSI 00000015 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:06:32, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2014-08-05 18:06:33, Info CSI 00000018 [SR] Verify complete
2014-08-05 18:06:34, Info CSI 00000019 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:06:34, Info CSI  0000001a [SR] Beginning Verify and Repair transaction
2014-08-05 18:06:35, Info CSI 0000001c [SR] Verify complete
2014-08-05 18:06:36, Info CSI 0000001d [SR] Verifying 100 (0x00000064) components
2014-08-05 18:06:36, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2014-08-05 18:06:37, Info CSI 00000020 [SR] Verify complete
2014-08-05 18:06:37, Info CSI 00000021 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:06:37, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2014-08-05 18:06:40, Info CSI 00000024 [SR] Verify complete
2014-08-05 18:06:40, Info CSI 00000025 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:06:40, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2014-08-05 18:06:43, Info CSI 00000028 [SR] Verify complete
2014-08-05 18:06:43, Info CSI 00000029 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:06:43, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2014-08-05 18:06:45, Info CSI 0000002c [SR] Verify complete
2014-08-05 18:06:46, Info CSI 0000002d [SR] Verifying 100 (0x00000064) components
2014-08-05 18:06:46, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2014-08-05 18:06:48, Info CSI 00000030 [SR] Verify complete
2014-08-05 18:06:48, Info CSI 00000031 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:06:48, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2014-08-05 18:06:51, Info CSI 00000034 [SR] Verify complete
2014-08-05 18:06:51, Info CSI 00000035 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:06:51, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2014-08-05 18:06:54, Info CSI 00000038 [SR] Verify complete
2014-08-05 18:06:54, Info CSI 00000039 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:06:54, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2014-08-05 18:06:56, Info CSI 0000003c [SR] Verify complete
2014-08-05 18:06:56, Info CSI 0000003d [SR] Verifying 100 (0x00000064) components
2014-08-05 18:06:56, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2014-08-05 18:07:00, Info CSI 00000040 [SR] Verify complete
2014-08-05 18:07:01, Info CSI 00000041 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:07:01, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2014-08-05 18:07:06, Info CSI 00000044 [SR] Verify complete
2014-08-05 18:07:06, Info CSI 00000045 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:07:06, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2014-08-05 18:07:09, Info CSI 0000004b [SR] Verify complete
2014-08-05 18:07:10, Info CSI 0000004c [SR] Verifying 100 (0x00000064) components
2014-08-05 18:07:10, Info CSI 0000004d [SR] Beginning Verify and Repair transaction
2014-08-05 18:07:13, Info CSI 00000050 [SR] Verify complete
2014-08-05 18:07:14, Info CSI 00000051 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:07:14, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2014-08-05 18:07:18, Info CSI 00000056 [SR] Verify complete
2014-08-05 18:07:18, Info CSI 00000057 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:07:18, Info CSI 00000058 [SR] Beginning Verify and Repair transaction
2014-08-05 18:07:24, Info CSI 00000060 [SR] Verify complete
2014-08-05 18:07:25, Info CSI 00000061 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:07:25, Info CSI 00000062 [SR] Beginning Verify and Repair transaction
2014-08-05 18:07:29, Info CSI 00000066 [SR] Verify complete
2014-08-05 18:07:30, Info CSI 00000067 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:07:30, Info CSI 00000068 [SR] Beginning Verify and Repair transaction
2014-08-05 18:07:36, Info CSI 0000006a [SR] Verify complete
2014-08-05 18:07:36, Info CSI 0000006b [SR] Verifying 100 (0x00000064) components
2014-08-05 18:07:36, Info CSI 0000006c [SR] Beginning Verify and Repair transaction
2014-08-05 18:07:40, Info CSI 0000006e [SR] Verify complete
2014-08-05 18:07:40, Info CSI 0000006f [SR] Verifying 100 (0x00000064) components
2014-08-05 18:07:40, Info CSI 00000070 [SR] Beginning Verify and Repair transaction
2014-08-05 18:07:45, Info CSI 00000072 [SR] Verify complete
2014-08-05 18:07:45, Info CSI 00000073 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:07:45, Info CSI 00000074 [SR] Beginning Verify and Repair transaction
2014-08-05 18:07:49, Info CSI 00000076 [SR] Verify complete
2014-08-05 18:07:49, Info CSI 00000077 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:07:49, Info CSI 00000078 [SR] Beginning Verify and Repair transaction
2014-08-05 18:07:54, Info CSI 0000007a [SR] Verify complete
2014-08-05 18:07:55, Info CSI 0000007b [SR] Verifying 100 (0x00000064) components
2014-08-05 18:07:55, Info CSI 0000007c [SR] Beginning Verify and Repair transaction
2014-08-05 18:08:04, Info CSI 00000080 [SR] Verify complete
2014-08-05 18:08:04, Info CSI 00000081 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:08:04, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2014-08-05 18:08:11, Info CSI 00000084 [SR] Verify complete
2014-08-05 18:08:12, Info CSI 00000085 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:08:12, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2014-08-05 18:08:24, Info CSI 00000088 [SR] Verify complete
2014-08-05 18:08:24, Info CSI 00000089 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:08:24, Info CSI 0000008a [SR] Beginning Verify and Repair transaction
2014-08-05 18:08:31, Info CSI 0000008c [SR] Verify complete
2014-08-05 18:08:32, Info CSI 0000008d [SR] Verifying 100 (0x00000064) components
2014-08-05 18:08:32, Info CSI 0000008e [SR] Beginning Verify and Repair transaction
2014-08-05 18:08:34, Info CSI 00000090 [SR] Verify complete
2014-08-05 18:08:34, Info CSI 00000091 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:08:34, Info CSI 00000092 [SR] Beginning Verify and Repair transaction
2014-08-05 18:08:35, Info CSI 00000094 [SR] Verify complete
2014-08-05 18:08:35, Info CSI 00000095 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:08:35, Info CSI 00000096 [SR] Beginning Verify and Repair transaction
2014-08-05 18:08:40, Info CSI 00000098 [SR] Verify complete
2014-08-05 18:08:40, Info CSI 00000099 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:08:40, Info CSI 0000009a [SR] Beginning Verify and Repair transaction
2014-08-05 18:08:46, Info CSI 000000b8 [SR] Verify complete
2014-08-05 18:08:46, Info CSI 000000b9 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:08:46, Info CSI 000000ba [SR] Beginning Verify and Repair transaction
2014-08-05 18:08:47, Info CSI 000000bc [SR] Verify complete
2014-08-05 18:08:48, Info CSI 000000bd [SR] Verifying 100 (0x00000064) components
2014-08-05 18:08:48, Info CSI 000000be [SR] Beginning Verify and Repair transaction
2014-08-05 18:08:51, Info CSI 000000c0 [SR] Verify complete
2014-08-05 18:08:51, Info CSI 000000c1 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:08:51, Info CSI 000000c2 [SR] Beginning Verify and Repair transaction
2014-08-05 18:08:54, Info CSI 000000c4 [SR] Verify complete
2014-08-05 18:08:54, Info CSI 000000c5 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:08:54, Info CSI 000000c6 [SR] Beginning Verify and Repair transaction
2014-08-05 18:09:00, Info CSI 000000c8 [SR] Verify complete
2014-08-05 18:09:00, Info CSI 000000c9 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:09:00, Info CSI 000000ca [SR] Beginning Verify and Repair transaction
2014-08-05 18:09:07, Info CSI 000000cd [SR] Verify complete
2014-08-05 18:09:07, Info CSI 000000ce [SR] Verifying 100 (0x00000064) components
2014-08-05 18:09:07, Info CSI 000000cf [SR] Beginning Verify and Repair transaction
2014-08-05 18:09:10, Info CSI 000000d1 [SR] Verify complete
2014-08-05 18:09:10, Info CSI 000000d2 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:09:10, Info CSI 000000d3 [SR] Beginning Verify and Repair transaction
2014-08-05 18:09:13, Info CSI 000000d5 [SR] Verify complete
2014-08-05 18:09:13, Info CSI 000000d6 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:09:13, Info CSI 000000d7 [SR] Beginning Verify and Repair transaction
2014-08-05 18:09:18, Info CSI 000000d9 [SR] Verify complete
2014-08-05 18:09:19, Info CSI 000000da [SR] Verifying 100 (0x00000064) components
2014-08-05 18:09:19, Info CSI 000000db [SR] Beginning Verify and Repair transaction
2014-08-05 18:09:24, Info CSI 000000dd [SR] Verify complete
2014-08-05 18:09:24, Info CSI 000000de [SR] Verifying 100 (0x00000064) components
2014-08-05 18:09:24, Info CSI 000000df [SR] Beginning Verify and Repair transaction
2014-08-05 18:09:30, Info CSI 000000e1 [SR] Verify complete
2014-08-05 18:09:30, Info CSI 000000e2 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:09:30, Info CSI 000000e3 [SR] Beginning Verify and Repair transaction
2014-08-05 18:09:39, Info CSI 000000f1 [SR] Verify complete
2014-08-05 18:09:40, Info CSI 000000f2 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:09:40, Info CSI 000000f3 [SR] Beginning Verify and Repair transaction
2014-08-05 18:09:45, Info CSI 0000010d [SR] Verify complete
2014-08-05 18:09:46, Info  CSI 0000010e [SR] Verifying 100 (0x00000064) components
2014-08-05 18:09:46, Info CSI 0000010f [SR] Beginning Verify and Repair transaction
2014-08-05 18:09:52, Info CSI 00000111 [SR] Verify complete
2014-08-05 18:09:52, Info CSI 00000112 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:09:52, Info CSI 00000113 [SR] Beginning Verify and Repair transaction
2014-08-05 18:10:07, Info CSI 00000115 [SR] Verify complete
2014-08-05 18:10:07, Info CSI 00000116 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:10:07, Info CSI 00000117 [SR] Beginning Verify and Repair transaction
2014-08-05 18:10:17, Info CSI 0000011a [SR] Verify complete
2014-08-05 18:10:18, Info CSI 0000011b [SR] Verifying 100 (0x00000064) components
2014-08-05 18:10:18, Info CSI 0000011c [SR] Beginning Verify and Repair transaction
2014-08-05 18:10:23, Info CSI 0000011e [SR] Verify complete
2014-08-05 18:10:23, Info CSI 0000011f [SR] Verifying 100 (0x00000064) components
2014-08-05 18:10:23, Info CSI 00000120 [SR] Beginning Verify and Repair transaction
2014-08-05 18:10:29, Info CSI 00000122 [SR] Verify complete
2014-08-05 18:10:29, Info CSI 00000123 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:10:29, Info CSI 00000124 [SR] Beginning Verify and Repair transaction
2014-08-05 18:10:34, Info CSI 00000126 [SR] Verify complete
2014-08-05 18:10:34, Info CSI 00000127 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:10:34, Info CSI 00000128 [SR] Beginning Verify and Repair transaction
2014-08-05 18:10:38, Info CSI 0000012b [SR] Verify complete
2014-08-05 18:10:39, Info CSI 0000012c [SR] Verifying 100 (0x00000064) components
2014-08-05 18:10:39, Info CSI 0000012d [SR] Beginning Verify and Repair transaction
2014-08-05 18:10:44, Info CSI 0000012f [SR] Verify complete
2014-08-05 18:10:44, Info CSI 00000130 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:10:44, Info CSI 00000131 [SR] Beginning Verify and Repair transaction
2014-08-05 18:10:57, Info CSI 00000133 [SR] Verify complete
2014-08-05 18:10:57, Info CSI 00000134 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:10:57, Info CSI 00000135 [SR] Beginning Verify and Repair transaction
2014-08-05 18:11:03, Info CSI 00000138 [SR] Verify complete
2014-08-05 18:11:03, Info CSI 00000139 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:11:03, Info CSI 0000013a [SR] Beginning Verify and Repair transaction
2014-08-05 18:11:08, Info CSI 0000013c [SR] Verify complete
2014-08-05 18:11:08, Info CSI 0000013d [SR] Verifying 100 (0x00000064) components
2014-08-05 18:11:08, Info CSI 0000013e [SR] Beginning Verify and Repair transaction
2014-08-05 18:11:14, Info CSI 00000140 [SR] Verify complete
2014-08-05 18:11:14, Info CSI 00000141 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:11:14, Info CSI 00000142 [SR] Beginning Verify and Repair transaction
2014-08-05 18:11:22, Info CSI 00000145 [SR] Verify complete
2014-08-05 18:11:23, Info CSI 00000146 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:11:23, Info CSI 00000147 [SR] Beginning Verify and Repair transaction
2014-08-05 18:11:29, Info CSI 00000149 [SR] Verify complete
2014-08-05 18:11:29, Info CSI 0000014a [SR] Verifying 100 (0x00000064) components
2014-08-05 18:11:29, Info CSI 0000014b [SR] Beginning Verify and Repair transaction
2014-08-05 18:11:37, Info CSI 0000014d [SR] Verify complete
2014-08-05 18:11:39, Info CSI 0000014e [SR] Verifying 100 (0x00000064) components
2014-08-05 18:11:39, Info CSI 0000014f [SR] Beginning Verify and Repair transaction
2014-08-05 18:11:47, Info CSI 00000152 [SR] Verify complete
2014-08-05 18:11:48, Info CSI 00000153 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:11:48, Info CSI 00000154 [SR] Beginning Verify and Repair transaction
2014-08-05 18:12:00, Info CSI 00000156 [SR] Verify complete
2014-08-05 18:12:01, Info CSI 00000157 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:12:01, Info CSI 00000158 [SR] Beginning Verify and Repair transaction
2014-08-05 18:12:07, Info CSI 0000015a [SR] Verify complete
2014-08-05 18:12:07, Info CSI 0000015b [SR] Verifying 100 (0x00000064) components
2014-08-05 18:12:07, Info CSI 0000015c [SR] Beginning Verify and Repair transaction
2014-08-05 18:12:15, Info CSI 0000015e [SR] Verify complete
2014-08-05 18:12:15, Info CSI 0000015f [SR] Verifying 100 (0x00000064) components
2014-08-05 18:12:15, Info CSI 00000160 [SR] Beginning Verify and Repair transaction
2014-08-05 18:12:22, Info CSI 00000163 [SR] Verify complete
2014-08-05 18:12:23, Info CSI 00000164 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:12:23, Info CSI 00000165 [SR] Beginning Verify and Repair transaction
2014-08-05 18:12:28, Info CSI 00000167 [SR] Verify complete
2014-08-05 18:12:29, Info CSI 00000168 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:12:29, Info CSI 00000169 [SR] Beginning Verify and Repair transaction
2014-08-05 18:12:35, Info CSI 0000016b [SR] Verify complete
2014-08-05 18:12:35, Info CSI 0000016c [SR] Verifying 100 (0x00000064) components
2014-08-05 18:12:35, Info CSI 0000016d [SR] Beginning Verify and Repair transaction
2014-08-05 18:12:40, Info CSI 0000016f [SR] Verify complete
2014-08-05 18:12:41, Info CSI 00000170 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:12:41, Info CSI 00000171 [SR] Beginning Verify and Repair transaction
2014-08-05 18:12:43, Info CSI 00000173 [SR] Verify complete
2014-08-05 18:12:43, Info CSI 00000174 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:12:43, Info CSI 00000175 [SR] Beginning Verify and Repair transaction
2014-08-05 18:12:45, Info CSI 00000177 [SR] Verify complete
2014-08-05 18:12:46, Info CSI 00000178 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:12:46, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2014-08-05 18:12:50, Info CSI 0000017b [SR] Verify complete
2014-08-05 18:12:50, Info CSI 0000017c [SR] Verifying 100 (0x00000064) components
2014-08-05 18:12:50, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2014-08-05 18:12:54, Info CSI 0000017f [SR] Verify complete
2014-08-05 18:12:55, Info  CSI 00000180 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:12:55, Info CSI 00000181 [SR] Beginning Verify and Repair transaction
2014-08-05 18:12:58, Info CSI 00000183 [SR] Verify complete
2014-08-05 18:12:58, Info CSI 00000184 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:12:58, Info CSI 00000185 [SR] Beginning Verify and Repair transaction
2014-08-05 18:13:01, Info CSI 00000187 [SR] Verify complete
2014-08-05 18:13:01, Info CSI 00000188 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:13:01, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2014-08-05 18:13:07, Info CSI 0000018b [SR] Verify complete
2014-08-05 18:13:07, Info CSI 0000018c [SR] Verifying 100 (0x00000064) components
2014-08-05 18:13:07, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2014-08-05 18:13:23, Info CSI 0000018f [SR] Verify complete
2014-08-05 18:13:24, Info CSI 00000190 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:13:24, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2014-08-05 18:13:29, Info CSI 00000193 [SR] Verify complete
2014-08-05 18:13:29, Info CSI 00000194 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:13:29, Info CSI 00000195 [SR] Beginning Verify and Repair transaction
2014-08-05 18:13:33, Info CSI 00000197 [SR] Verify complete
2014-08-05 18:13:34, Info CSI 00000198 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:13:34, Info CSI 00000199 [SR] Beginning Verify and Repair transaction
2014-08-05 18:13:35, Info CSI 0000019b [SR] Verify complete
2014-08-05 18:13:36, Info CSI 0000019c [SR] Verifying 100 (0x00000064) components
2014-08-05 18:13:36, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2014-08-05 18:13:39, Info CSI 0000019f [SR] Verify complete
2014-08-05 18:13:39, Info CSI 000001a0 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:13:39, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2014-08-05 18:13:42, Info CSI 000001a3 [SR] Verify complete
2014-08-05 18:13:42, Info CSI 000001a4 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:13:42, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2014-08-05 18:13:45, Info CSI 000001a7 [SR] Verify complete
2014-08-05 18:13:45, Info CSI 000001a8 [SR] Verifying 100 (0x00000064) components
2014-08-05 18:13:45, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2014-08-05 18:13:46, Info CSI 000001ab [SR] Verify complete
2014-08-05 18:13:46, Info CSI 000001ac [SR] Verifying 100 (0x00000064) components
2014-08-05 18:13:46, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2014-08-05 18:13:48, Info CSI 000001af [SR] Verify complete
2014-08-05 18:13:48, Info CSI 000001b0 [SR] Verifying 84 (0x00000054) components
2014-08-05 18:13:48, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2014-08-05 18:13:52, Info CSI 000001b3 [SR] Verify complete
2014-08-05 18:13:52, Info CSI 000001b4 [SR] Repairing 0 components
2014-08-05 18:13:52, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2014-08-05 18:13:52, Info CSI 000001b7 [SR] Repair complete


----------



## akairi97 (Sep 14, 2010)

Hello, again it did not create a log on my desktop. i had to search for it. Is there something I need to fix on my PC for my logs to be on the desktop?


----------



## Mark1956 (May 7, 2011)

Where did it save the log?


----------



## akairi97 (Sep 14, 2010)

I think it was in the user file in the C drive. I cant really remember because when i did the search I just quickly dragged it to the desktop


----------



## Mark1956 (May 7, 2011)

The only thing I can think of is that you didn't copy and paste the full command to get the SFC log which caused it to save the file in your User folder.

I'd now like you to run another scan. This will check a few more things on your system. You should make sure before you run this that you have a full back up of all your important files to an external drive, flash drive or CD/DVD's.

Please download *ComboFix*







from one of the locations below and *save it to your Desktop. <-Important!!!*


Download Mirror #1
Download Mirror #2

Be sure to print out and follow these instructions: *A guide and tutorial on using ComboFix*

*Vista*/*Windows 7* users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. *XP* users need to install the Recovery Console first, just follow the prompts when you run it.


Temporarily *disable* your *anti-virus*, script blocking and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_. Click this link to see a list of such programs and how to disable them.
If ComboFix detects an older version of itself, you will be asked to update the program.
ComboFix will begin by showing a Disclaimer. Read it and click *I Agree* if you want to continue.
Follow the prompts and click on *Yes* to continue scanning for malware.
If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the *Continue* button.
When finished, please copy and paste the contents of C:\*ComboFix.txt* (_which will open after reboot_) in your next reply.
Be sure to *re-enable* your anti-virus and other security programs.

_-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security._

If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "_How to Guide_" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

*NOTE:* if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.



> *Do NOT use ComboFix* unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *ComboFix's Disclaimer*.


----------



## akairi97 (Sep 14, 2010)

Hello. My PC seems to be working fine now. How do I clean up all of the content that I saved to my desktop? Like the Adwcleaner and the logs?


----------



## Mark1956 (May 7, 2011)

As long as you are happy that everything is working as it should you can simply delete all the tools used by right clicking on the item and selecting Delete, the same applies to the saved logs. I would recommend you keep Adwcleaner to run regular scans for Adware.

Did you download and run Combofix as this requires specific instructions to remove it correctly and we need to clear out your restore points to avoid the risk of re-infection.


----------



## akairi97 (Sep 14, 2010)

Okay. Thank you so much for helping me. If I have any more issues can I contact you again?


----------



## Mark1956 (May 7, 2011)

You're most welcome, but you have not answered my question:

Did you download and run Combofix as this requires specific instructions to remove it correctly and we need to clear out your restore points to avoid the risk of re-infection.


----------



## akairi97 (Sep 14, 2010)

ComboFix 14-08-21.01 - user 08/22/2014 2:00.8.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.802 [GMT -4:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1368240590.bdinstall.bin
c:\programdata\1368389355.bdinstall.bin
c:\programdata\1372475328.bdinstall.bin
c:\users\user\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-07-22 to 2014-08-22 )))))))))))))))))))))))))))))))
.
.
2014-08-22 06:07 . 2014-08-22 06:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-22 06:07 . 2014-08-22 06:07 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-08-22 06:07 . 2014-08-22 06:07 -------- d-----w- c:\users\five9\AppData\Local\temp
2014-08-20 20:57 . 2014-08-20 20:57 -------- d-sh--w- c:\users\five9\AppData\Local\EmieUserList
2014-08-20 20:57 . 2014-08-20 20:57 -------- d-sh--w- c:\users\five9\AppData\Local\EmieSiteList
2014-08-14 06:16 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 06:16 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 06:16 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 06:15 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 06:14 . 2014-06-16 01:44 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-14 06:14 . 2014-06-16 01:44 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-08-14 06:14 . 2014-06-16 01:40 107520 ----a-w- c:\windows\system32\cdd.dll
2014-08-14 06:14 . 2014-07-14 01:42 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 06:12 . 2014-07-24 18:11 757976 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2014-07-26 04:39 . 2014-07-26 04:39 -------- d-----w- c:\program files\iPod
2014-07-26 04:39 . 2014-07-26 04:40 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-26 04:39 . 2014-07-26 04:40 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 22:36 . 2013-06-28 04:39 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 22:36 . 2013-06-28 04:39 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-20 15:21 . 2013-12-05 22:29 62832 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-06-20 15:13 . 2013-12-05 22:22 217224 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-06-20 15:13 . 2014-01-24 06:11 179600 ----a-w- c:\windows\system32\mfevtps.exe
2014-06-20 15:07 . 2013-09-25 01:45 576048 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-06-20 15:05 . 2013-12-05 22:14 369248 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-06-20 15:04 . 2013-12-05 22:14 67816 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2014-06-20 15:03 . 2013-12-05 22:13 238176 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-06-20 15:02 . 2013-09-25 01:42 135968 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-06-18 07:11 . 2014-06-18 07:11 10600 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2014-06-18 07:10 . 2014-06-18 07:10 81296 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2014-06-18 07:10 . 2014-06-18 07:10 349192 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2014-06-18 01:51 . 2014-07-09 11:25 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-06 09:44 . 2014-07-09 11:25 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26 . 2014-07-09 11:24 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-30 07:52 . 2014-07-09 11:24 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52 . 2014-07-09 11:24 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 11:24 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52 . 2014-07-09 11:24 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 11:24 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 11:24 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52 . 2014-07-09 11:24 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36 . 2014-07-09 11:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-25 06:58 . 2014-07-22 23:27 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-04-25 07:48 . 2014-07-22 23:27 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2011-04-25 07:00 . 2014-07-22 23:27 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-04-25 06:59 . 2014-07-22 23:27 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2011-04-25 06:58 . 2014-07-22 23:27 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-04-25 06:57 . 2014-07-22 23:27 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-04-25 06:58 . 2014-07-22 23:27 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2011-04-25 06:58 . 2014-07-22 23:27 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-04-25 06:51 . 2014-07-22 23:27 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-04-25 07:00 . 2014-07-22 23:27 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-12 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-03 43816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 517392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-07-08 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{91140000-0011-0000-0000-0000000FF1CE}"="del" [X]
"{90140000-001A-0409-0000-0000000FF1CE}"="del" [X]
"{90140000-0018-0409-0000-0000000FF1CE}"="del" [X]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2012-03-14 280576]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-29 36414496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 19:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
R1 MpKsl21e4c5d0;MpKsl21e4c5d0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEB89E3A-1A6C-4CE1-93CC-C0DD3E137062}\MpKsl21e4c5d0.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 CFcatchme;CFcatchme;c:\users\Andrea\AppData\Local\Temp\CFcatchme.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-09-23 147912]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2014-06-18 81296]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2013-07-25 18944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-11 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2014-06-20 217224]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-04-25 65584]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [2014-04-25 145568]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-07-30 281560]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2014-06-18 655936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2014-06-20 169800]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2014-06-20 179600]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2014-06-20 62832]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-06 273960]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2014-06-20 369248]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2014-06-18 349192]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-28 22:36]
.
2014-08-22 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-753190379-2561579638-684410764-1004.job
- c:\program files\Citrix\GoToMeeting\1558\g2mupdate.exe [2014-08-15 22:27]
.
2014-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 01:19]
.
2014-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 01:19]
.
.
------- Supplementary Scan -------
.
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: convergysworkathome.com\www
Trusted Zone: csgweb.com\webapps
Trusted Zone: ctuonline.edu\campus
Trusted Zone: dell.com
Trusted Zone: google.com\www
Trusted Zone: hostedcc.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\amfk3ml5.default-1392470059994\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-DivXMediaServer - c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
.
.
.
Completion time: 2014-08-22 02:08:51
ComboFix-quarantined-files.txt 2014-08-22 06:08
.
Pre-Run: 229,039,816,704 bytes free
Post-Run: 238,391,820,288 bytes free
.
- - End Of File - - CF7931443BBBD45E9AA7CB3E9363CC00
A36C5E4F47E84449FF07ED3517B43A31


----------



## Mark1956 (May 7, 2011)

You didn't need to download and run Combofix, I was just asking if you had so I could issue the correct instructions to remove it. When Combofix is uninstalled it cleans out the saved Restore Points which will more than likely have a copy of the infection, if you hadn't downloaded and run Combofix I would have needed to post different instructions to clean out the System Restore points.

Ok, so now we need to uninstall Combofix.

To uninstall ComboFix, press the *WINKEY + R* keys on your keyboard or click on Start







and type *Run* into the search box and hit *Enter*.
In the *Run* box type: *ComboFix /Uninstall* (Be sure to leave a space before the forward slash).











Click on *OK*.
If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to *Uninstall*, then double-click on it to remove.
This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and *create a new Restore point.*
When it has finished you will see a dialog box stating that _"ComboFix has been uninstalled". _
After that, you can delete the ComboFix.exe program from your computer (Desktop).


----------



## akairi97 (Sep 14, 2010)

For some reason, it just disappeared from my PC. I cannot locate the combo fix. every time I type it in the run box, it pulls up a message saying they cannot find it


----------



## akairi97 (Sep 14, 2010)

Should I install it and unistall it again?


----------



## Mark1956 (May 7, 2011)

Yes, please download it again and make certain it gets saved to the desktop, run a scan with it (no need to post the log) then follow the uninstall instructions above.


----------



## akairi97 (Sep 14, 2010)

Okay. I installed and uninstalled Combo Fix


----------



## Mark1956 (May 7, 2011)

Ok, I will now mark the thread as Solved. If there are any other issues you can still post back here.

Please remove all the tools used and there associated logs by right clicking on the item and selecting Delete. I would recommend you keep Adwcleaner and run regular scans with it to keep the system free from Adware.


----------



## akairi97 (Sep 14, 2010)

Thank you so much


----------



## Mark1956 (May 7, 2011)

You're welcome.


----------

