# search.conduit.com problem



## touk123 (Apr 24, 2009)

A program on your computer has corrupted your default search provider setting for Internet Explorer.
Internet Explorer has reset this setting to your original search provider Zynga Customized Web Search ( search.conduit.com )
When I click ok another box pops up and tells me that Zynga Customized Web Search is disabled.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:31:09 PM, on 1/9/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Users\Pat\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: FCTBPos00Pos - {028E5C1E-E93A-FBA4-F949-AFB8EC7A5B86} - C:\Program Files\Shop to Win 36\Shop to Win 36.dll (file missing)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120912021256.dll (file missing)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
--
End of file - 7172 bytes

I get these messages every time I log on to the internet. Can someone please help me get rid of this mess? Thanks in advance, touk

HJT log


----------



## touk123 (Apr 24, 2009)

I've posted this twice and no one responds to me! Is this too difficult to remove? I'm unsure as to what to do!


----------



## Mark1956 (May 7, 2011)

It is not difficult to fix, but as we are all volunteers here and there are never enough helpers to cope with the demand some people unfortunately get missed.

Please run this program below and post the log:

Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop: 

You will then see the screen below, click on the *Scan* button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the *Clean* button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.


----------



## touk123 (Apr 24, 2009)

Mark, I'm getting a message telling me "This program is not commonly downloaded and can cause harm to your computer." Should I ignore this or what? I'm confused even more now. BTW thanks for replying to me.


----------



## Mark1956 (May 7, 2011)

You're welcome. That warning is quite common, please ignore it and carry on, the software is perfectly safe.


----------



## touk123 (Apr 24, 2009)

Mark, here's the log.

# AdwCleaner v3.017 - Report created 12/01/2014 at 17:36:51
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Pat - PAT-PC
# Running from : C:\Users\Pat\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\SpeedyPC Software
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SpeedyPC Software
Folder Deleted : C:\Program Files\Common Files\SpeedyPC Software
Folder Deleted : C:\Users\Pat\AppData\Local\Conduit
Folder Deleted : C:\Users\Pat\AppData\Local\Wajam
Folder Deleted : C:\Users\Pat\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Pat\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Pat\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Pat\AppData\Roaming\SpeedyPC Software
Folder Deleted : C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
Folder Deleted : C:\Users\Pat\Documents\ShopToWin
File Deleted : C:\END
File Deleted : C:\Users\Pat\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\user.js
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKCU\Software\8578fdcbd6dec12
Key Deleted : HKLM\SOFTWARE\8578fdcbd6dec12
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.FCTB000100683Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.FCTB000100683Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedyPC Software
Key Deleted : HKCU\Software\wscontb
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SpeedyPC Software
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Mozilla Firefox v
*************************
AdwCleaner[R0].txt - [6165 octets] - [12/01/2014 17:28:42]
AdwCleaner[R1].txt - [5937 octets] - [12/01/2014 17:34:45]
AdwCleaner[S0].txt - [5948 octets] - [12/01/2014 17:36:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6008 octets] ##########


----------



## Mark1956 (May 7, 2011)

That found a bit more than just Conduit. It also took out SpeedyPC and DriverCure, plus a few other items of Adware. SpeedyPC is an optimizer which is not recommended, these kind of programs are prone to cause more problems than they fix. And DriverCure should never be used, you should always go to the PC's manufacturer's site or the hardware manufacturer's site for driver updates, not rely on third party software which can make mistakes.

We always ask for Adwcleaner to be run until it comes up with a clean log, as on occasion some items need further work to completely remove them. Please run the tool again and post the new log.


----------



## touk123 (Apr 24, 2009)

Mark, here's the second log.

# AdwCleaner v3.017 - Report created 13/01/2014 at 13:40:42
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Pat - PAT-PC
# Running from : C:\Users\Pat\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Pat\AppData\LocalLow\iac
***** [ Shortcuts ] *****

***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [HowToSimplified Search Scope Monitor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [HowToSimplified_8e Browser Plugin Loader]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v
*************************
AdwCleaner[R0].txt - [6165 octets] - [12/01/2014 17:28:42]
AdwCleaner[R1].txt - [5937 octets] - [12/01/2014 17:34:45]
AdwCleaner[R2].txt - [1098 octets] - [13/01/2014 13:39:20]
AdwCleaner[S0].txt - [6088 octets] - [12/01/2014 17:36:51]
AdwCleaner[S1].txt - [1028 octets] - [13/01/2014 13:40:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1088 octets] ##########


----------



## touk123 (Apr 24, 2009)

This is the last log I ran.# AdwCleaner v3.017 - Report created 13/01/2014 at 13:48:14
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Pat - PAT-PC
# Running from : C:\Users\Pat\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v
*************************
AdwCleaner[R0].txt - [6165 octets] - [12/01/2014 17:28:42]
AdwCleaner[R1].txt - [5937 octets] - [12/01/2014 17:34:45]
AdwCleaner[R2].txt - [1098 octets] - [13/01/2014 13:39:20]
AdwCleaner[R3].txt - [955 octets] - [13/01/2014 13:47:10]
AdwCleaner[S0].txt - [6088 octets] - [12/01/2014 17:36:51]
AdwCleaner[S1].txt - [1168 octets] - [13/01/2014 13:40:42]
AdwCleaner[S2].txt - [877 octets] - [13/01/2014 13:48:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [936 octets] ##########


----------



## Mark1956 (May 7, 2011)

Looking good, we now have a clean log, how well is the system running now?

We can do another scan just to check your systems security is up to date.

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.


----------



## touk123 (Apr 24, 2009)

SECURITY CHECK
I'm still getting the pop up when I log in!

Results of screen317's Security Check version 0.99.78 
Windows 7 Service Pack 1 x86 (UAC is enabled) 
Internet Explorer 11 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
WMI entry may not exist for antivirus; attempting automatic update. 
*`````````Anti-malware/Other Utilities Check:`````````* 
Malwarebytes Anti-Malware version 1.75.0.1300 
AVG PC Tuneup 
Adobe Flash Player 11.9.900.170 
Adobe Reader 10.1.8 *Adobe Reader out of Date!* 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Microsoft Security Essentials msseces.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 0% 
*````````````````````End of Log``````````````````````*


----------



## Mark1956 (May 7, 2011)

Ok, as you are still seeing the problem it must be a fairly new item of Adware/Add-on which Adwcleaner is not detecting. We will do a search of the system to try and find anything related to Zynga.

Please download *SystemLook* from the following link below and save it to your Desktop.


*SystemLook (32-bit)*


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:

```
:filefind
*zynga*
:folderfind
*zynga*
:regfind
zynga
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## touk123 (Apr 24, 2009)

SystemLook 30.07.11 by jpshortstuff
Log created at 13:16 on 14/01/2014 by Pat
Administrator - Elevation successful
========== filefind ==========
Searching for "*zynga*"
C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C8PTPC3T\zyngajs[1].js --a---- 6221 bytes [13:35 10/01/2014] [13:35 10/01/2014] 733FBAFA966F63D8FFA4AD74C77B5096
C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\COMRUCN0\zynga_slots_logo_2_1364326753[1].jpg --a---- 14594 bytes [13:38 10/01/2014] [13:38 10/01/2014] B0C01A779EF9BADEAB26C7C87FF0C626
C:\Users\Pat\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\0SCN54EG\zmc_header_zyngapoker_en[1].png --a---- 26711 bytes [05:47 06/12/2011] [05:47 06/12/2011] C79C586F0B72D81362FDBD27B4F21A4D
C:\Users\Pat\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\V9MQV68K\zyngajs[1].js --a---- 6221 bytes [05:47 06/12/2011] [05:47 06/12/2011] 733FBAFA966F63D8FFA4AD74C77B5096
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3DPOSDJ8\fb-fb-0.castle.zynga[1].xml --a---- 154 bytes [03:38 08/12/2011] [03:38 08/12/2011] F6A2F3D9B49F40AC94F9D161EBD6D57E
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3DPOSDJ8\secure1.zynga[1].xml --a---- 125 bytes [03:03 01/12/2011] [03:03 01/12/2011] 6AB9F11EAD21851F243E4CE568B9ED49
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3DPOSDJ8\zynga2-a.akamaihd[1].xml --a---- 13 bytes [05:27 21/08/2013] [05:27 21/08/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3DPOSDJ8\zynga[1].xml --a---- 18503 bytes [03:49 12/05/2012] [02:33 16/11/2012] F92E1131417CAF0EDBCD3212B6A08DF5
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\facebook2.poker.zynga[1].xml --a---- 62809 bytes [06:11 23/02/2012] [03:36 12/10/2013] 72227480440D4F8AFD7E7A732F1E5565
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\facebook2.poker.zynga[2].xml --a---- 46892 bytes [06:57 15/11/2011] [05:05 13/08/2012] 2762EA78C6409D1C4679E5BB4EEBC28C
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\fb-0.hidden.zynga[1].xml --a---- 529 bytes [04:14 15/06/2012] [04:14 15/06/2012] B2F12D48A6A81D264874A6968250850D
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\fb.bubble.zynga[1].xml --a---- 2664 bytes [04:52 10/06/2012] [05:02 10/06/2012] B55CAF86E8E1589930E2443DC05F91A8
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\fb.family.zynga[1].xml --a---- 81023 bytes [05:45 21/07/2012] [04:17 27/07/2012] 0A10E3A2B5E18BDFD2020BE6B8D46043
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\6M76S3PD\web.hititrich.zynga[1].xml --a---- 1334 bytes [23:10 06/11/2013] [07:13 27/11/2013] D29313B120676960865A04E37932BEDE
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAY109SF\fb.bubble.zynga[1].xml --a---- 76190 bytes [06:40 12/06/2012] [06:40 12/06/2012] 71E63F0D4F7FA8F3353C6E0358877266
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAY109SF\fb.slingo.zynga[1].xml --a---- 690804 bytes [14:35 28/03/2012] [03:17 01/06/2012] 11DDC3BE1E94726032D1FE0743C7B9D0
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAY109SF\zlsn.poker.zynga[1].xml --a---- 68741 bytes [03:49 12/05/2012] [04:19 14/08/2012] A91554850DF86F09FC775892E08D4B8A
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAY109SF\zlsn3.poker.zynga[1].xml --a---- 119011 bytes [02:54 24/08/2012] [02:33 16/11/2012] 562F22B98B5B55C90E78DD2D24DF3C11
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ISYDKCYI\zynga2-a.akamaihd[1].xml --a---- 13 bytes [06:53 20/11/2013] [06:53 20/11/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\OCHS6N9O\facebook2.poker.zynga[1].xml --a---- 22778 bytes [02:12 15/10/2013] [14:54 13/01/2014] 198C51DD8AA10CDE11D97BA7BC942BB0
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\OCHS6N9O\fb.hot.zynga[1].xml --a---- 7607 bytes [07:19 15/10/2013] [22:42 09/12/2013] 152534B3B659239CA87389BAF203DDA5
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\T36QHEPD\fb.webslots.zynga[1].xml --a---- 27865 bytes [06:23 15/10/2013] [13:50 10/01/2014] 3DF393A10B21BFE7A43F8445EF3FF599
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZXC3VFV2\fb.slingo.zynga[1].xml --a---- 12921 bytes [23:54 19/03/2012] [04:30 08/05/2012] F064F362065C16DACCA2F9EFE610C4CD
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZXC3VFV2\fb.webslots.zynga[1].xml --a---- 47897 bytes [02:41 09/04/2013] [03:15 09/10/2013] B86BFE91595182466F13D9E117F7CE91
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZXC3VFV2\support.zynga[1].xml --a---- 13 bytes [02:57 08/09/2012] [02:57 08/09/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZXC3VFV2\zc-prod-pt-fb.frontier.zynga[1].xml --a---- 154 bytes [02:33 18/01/2012] [02:33 18/01/2012] E6C2D5DD0A339A84DC4852FB48821D16
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\zynga_poker.sol --a---- 137 bytes [06:57 15/11/2011] [05:57 23/04/2012] 4963FA02C0111B13CA511CA2087E3FE6
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\zyngaEliteSlots.sol --a---- 79 bytes [02:41 09/04/2013] [02:41 09/04/2013] D89481042E1F1ACCD13FA27C2AF026A0
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\zynga_poker.sol --a---- 194 bytes [06:11 23/02/2012] [14:54 13/01/2014] 14A00A2D19A7C8CD7446F761192366E0
========== folderfind ==========
Searching for "*zynga*"
C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net d------ [03:16 09/10/2013]
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com d------ [06:57 15/11/2011]
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net d------ [06:11 23/02/2012]
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga2-a.akamaihd.net d------ [02:22 10/09/2013]
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#statics.poker.static.zynga.com d------ [06:57 15/11/2011]
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#zynga1-a.akamaihd.net d------ [06:11 23/02/2012]
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#zynga2-a.akamaihd.net d------ [02:22 10/09/2013]
========== regfind ==========
Searching for "zynga"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\facebook2.poker.zynga.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fb.hot.zynga.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fb.webslots.zynga.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\zynga.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0BBAC56A-AA0D-4479-A187-2C374BE32569}]
"DisplayName"="Zynga Customized Web Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZyngaAutoUpdateHelper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZyngaAutoUpdateHelper_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZyngaToolbarHelper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZyngaToolbarHelper_RASMANCS]
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\facebook2.poker.zynga.com]
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fb.hot.zynga.com]
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fb.webslots.zynga.com]
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\zynga.com]
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0BBAC56A-AA0D-4479-A187-2C374BE32569}]
"DisplayName"="Zynga Customized Web Search"
-= EOF =-


----------



## Mark1956 (May 7, 2011)

Take a look in Programs and Features via the Control Panel and tell me if you have any Zynga related products installed and if you need them. Are you using the Zynga Poker site? I do fear that if we remove all the entries above, it should fix the problem, but if you continue to use Zynga it will soon return.


----------



## touk123 (Apr 24, 2009)

Mark, I checked the programs and feature as you suggested but I didn't see anything with Zynga on it. The only Zynga games I play are installed on Facebook which is where I play them. Any ideas for me?


----------



## Mark1956 (May 7, 2011)

Ok, we can take out everything found above, most of the entries are in Internet Explorer. When done, post the log and check to see if the problem has been fixed.

Please download *OTM by OldTimer*. Save it to your desktop.

Double click *OTM.exe* to start the tool.


*Copy* the text in the code box below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Processes
explorer.exe

:Files
C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C8PTPC3T\zyngajs[1].js
C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\COMRUCN0\zynga_slots_logo_2_1364326753[1].jpg
C:\Users\Pat\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\0SCN54EG\zmc_header_zyngapoker_en[1].png
C:\Users\Pat\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\V9MQV68K\zyngajs[1].js
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3DPOSDJ8\fb-fb-0.castle.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3DPOSDJ8\secure1.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3DPOSDJ8\zynga2-a.akamaihd[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3DPOSDJ8\zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\facebook2.poker.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\facebook2.poker.zynga[2].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\fb-0.hidden.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\fb.bubble.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\fb.family.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\6M76S3PD\web.hititrich.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAY109SF\fb.bubble.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAY109SF\fb.slingo.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAY109SF\zlsn.poker.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAY109SF\zlsn3.poker.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ISYDKCYI\zynga2-a.akamaihd[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\OCHS6N9O\facebook2.poker.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\OCHS6N9O\fb.hot.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\T36QHEPD\fb.webslots.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZXC3VFV2\fb.slingo.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZXC3VFV2\fb.webslots.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZXC3VFV2\support.zynga[1].xml
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZXC3VFV2\zc-prod-pt-fb.frontier.zynga[1].xml
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\zynga_poker.sol
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\zyngaEliteSlots.sol
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\zynga_poker.sol
C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga2-a.akamaihd.net]
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#statics.poker.static.zynga.com
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#zynga1-a.akamaihd.net
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#zynga2-a.akamaihd.net

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\facebook2.poker.zynga.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fb.hot.zynga.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fb.webslots.zynga.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\zynga.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0BBAC56A-AA0D-4479-A187-2C374BE32569}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZyngaAutoUpdateHelper_RASAPI3 2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZyngaAutoUpdateHelper_RASMANC S]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZyngaToolbarHelper_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZyngaToolbarHelper_RASMANCS]
[-HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\facebook2.poker.zynga.com]
[-HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fb.hot.zynga.com]
[-HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fb.webslots.zynga.com]
[-HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\zynga.com]
[-HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0BBAC56A-AA0D-4479-A187-2C374BE32569}]
"DisplayName"=-

:Commands
[createrestorepoint]
[emptyflash]
[emptytemp]
[resethosts]
[reboot]
```

 Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red *Moveit!* button.
All your desktop icons will disappear as the scan begins. It should complete within a few minutes.
Once complete you may see a box appear asking you to Restart the system to complete the file removal, accept it and it will reboot.
Even if that box does not appear the system should reboot as the command is included in the script.
When the system has come back to the desktop a Notepad document will open, please copy and paste that into your next post.

-- Note: The logs are saved here: C:\_OTM\MovedFiles


----------



## touk123 (Apr 24, 2009)

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C8PTPC3T\zyngajs[1].js moved successfully.
C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\COMRUCN0\zynga_slots_logo_2_1364326753[1].jpg moved successfully.
C:\Users\Pat\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\0SCN54EG\zmc_header_zyngapoker_en[1].png moved successfully.
C:\Users\Pat\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\V9MQV68K\zyngajs[1].js moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3DPOSDJ8\fb-fb-0.castle.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3DPOSDJ8\secure1.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3DPOSDJ8\zynga2-a.akamaihd[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3DPOSDJ8\zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\facebook2.poker.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\facebook2.poker.zynga[2].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\fb-0.hidden.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\fb.bubble.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\fb.family.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\6M76S3PD\web.hititrich.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAY109SF\fb.bubble.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAY109SF\fb.slingo.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAY109SF\zlsn.poker.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAY109SF\zlsn3.poker.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ISYDKCYI\zynga2-a.akamaihd[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\OCHS6N9O\facebook2.poker.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\OCHS6N9O\fb.hot.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\T36QHEPD\fb.webslots.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZXC3VFV2\fb.slingo.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZXC3VFV2\fb.webslots.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZXC3VFV2\support.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZXC3VFV2\zc-prod-pt-fb.frontier.zynga[1].xml moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\zynga_poker.sol moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\zyngaEliteSlots.sol moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\zynga_poker.sol moved successfully.
C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma73ot.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma72ot.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma213t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma212t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma180t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma179t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma177t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma174t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma173t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma171t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma167t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma157t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma155t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma129t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma124t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma123t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma117t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma116t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma114t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma107t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma101t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma100t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma098t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma088t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma082t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma081t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma079t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma078t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma077t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma076t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma059t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma058t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma056t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma055t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma054t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma037s.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma036s.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma031s.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma026t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma024t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma022t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma013s.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainAppLzma001s.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainApp246t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainApp240t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainApp238t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client\PokerMainApp231t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker\client folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\poker folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma223t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma222t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma221t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma217t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma213t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma212t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma211t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma210t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma209t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma207t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma206t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma205t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20140107-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20131126-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20131121-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20131119-05t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20131119-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20131114-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20131113-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20131112-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20131108-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20131107-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20131105-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20131104-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20131101-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20131028-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20131007-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20131001-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130924-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130923-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130919-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130912-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130910-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130909-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130905-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130904-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130830-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130827-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130826-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130820-03t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130820-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130816-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130815-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130807-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130805-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130719-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130716-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130715-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130711-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130627-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130610-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130528-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130522-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130516-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130508-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130506-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130506-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130502-03t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130502-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130501-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130425-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130422-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130418-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130416-04t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130416-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130411-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130409-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130404-03t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130404-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130403-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130401-03t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130329-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130326-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130325-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130320-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130315-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130312-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130312-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130307-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20130307-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20121119-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20121114-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20121012-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20121004-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20120927-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20120926-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20120924-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20120920-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20120918-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20120913-07t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20120912-04t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20120911-04t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20120910-03t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20120906-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20120905-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20120904-03t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20120830-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma20120824-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma200t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma198t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma196t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma192t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma189t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma186t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma185t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma184t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma183t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma182t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma180t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma177t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma175t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma174t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma173t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma167t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma166t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma165t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma164t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma163t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma160t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma158t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma157t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma155t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma147t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma146t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma144t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma143t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma141t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma138t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma137t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma135t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma134t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma133t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma131t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma130t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma123t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma122t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma121t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma120t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma117t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma116t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma114t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma112t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma110t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma107t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma104t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma103t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma102t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma101t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma100t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma099t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma098t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma096t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma094t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma090t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma088t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma087t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma078t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma077t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma076t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma072t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma068t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma060t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainAppLzma056t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainApp472t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainApp461t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainApp448t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainApp431t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainApp422t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainApp392t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainApp386t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainApp385t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainApp384t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainApp378t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainApp377t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainApp20121114-02t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainApp20120925-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainApp20120913-07t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client\PokerMainApp20120906-01t.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker\client folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker\poker folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\poker folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\hititrich\game\game_1109\BackgroundShell.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\hititrich\game\game_1109 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\hititrich\game\game_1039\BackgroundShell.swf folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\hititrich\game\game_1039 folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\hititrich\game folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\hititrich folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net folder moved successfully.
File/Folder C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga2-a.akamaihd.net] not found.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#statics.poker.static.zynga.com folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#zynga1-a.akamaihd.net folder moved successfully.
C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#zynga2-a.akamaihd.net folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\facebook2.poker.zynga.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fb.hot.zynga.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fb.webslots.zynga.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\zynga.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0BBAC56A-AA0D-4479-A187-2C374BE32569}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BBAC56A-AA0D-4479-A187-2C374BE32569}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0BBAC56A-AA0D-4479-A187-2C374BE32569} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZyngaAutoUpdateHelper_RASAPI3 2\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZyngaAutoUpdateHelper_RASMANC S\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZyngaToolbarHelper_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZyngaToolbarHelper_RASMANCS\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\facebook2.poker.zynga.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fb.hot.zynga.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fb.webslots.zynga.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\zynga.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0BBAC56A-AA0D-4479-A187-2C374BE32569}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BBAC56A-AA0D-4479-A187-2C374BE32569}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0BBAC56A-AA0D-4479-A187-2C374BE32569} not found.
========== COMMANDS ==========
Error creating restore point.

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Pat
->Flash cache emptied: 773719336 bytes

User: Public

Total Flash Files Cleaned = 738.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pat
->Temp folder emptied: 942410230 bytes
->Temporary Internet Files folder emptied: 1038127796 bytes
->Apple Safari cache emptied: 7729152 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 710504508 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 4885702 bytes
RecycleBin emptied: 9518764992 bytes

Total Files Cleaned = 11,656.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.21.0 log created on 01152014_153029
Files moved on Reboot...
File C:\Windows\temp\mcafee_KGJKgkfZjkk2cA2 not found!
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
Registry entries deleted on Reboot...


----------



## touk123 (Apr 24, 2009)

After I ran this program, I got a pop up with a (manage add-ons) and nothing in the box!


----------



## Mark1956 (May 7, 2011)

Close and restart the browser a few times and see if anything else comes up.


----------



## touk123 (Apr 24, 2009)

I've restarted the browser several times and I still get the pop-up box. I just can't seem to get rid of the box.


----------



## Mark1956 (May 7, 2011)

When IE is open, click on Tools > Manage Add-ons, then click on Search Providers in the left pane.

Send a screenshot of the window.

How to take a screen shot in Vista/Windows 7

*How to attach a screenshot.*
Below the *Message Box* click on *Go Advanced*. Then scroll down until you see a button, *Manage Attachments*. Click on it and a new window opens.
• Click on the *Browse* button, find the screenshot/folder you made earlier and doubleclick on it.
• Now click on the *Upload* button. When done, click on the *Close this window* button at the top of the page.
• Enter your message-text in the message box, then click on *Submit Message/Reply.*


----------



## touk123 (Apr 24, 2009)

Mark, I'm so sorry but I've tried to take a screen shot by going by the directions but for some reason it just doesn't work! When I click on the tools bar the manage box pops up and it has several things and they are all disabled. I click on search providers and the box is empty. I'm just unable to take a screen shot to send to you.


----------



## Mark1956 (May 7, 2011)

Ok, not to worry, please run this scan below and post the logs.

Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click on FRST to run it. When the tool opens click *Yes* to disclaimer.
Press the*Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run from. Please copy and paste it into your next reply.
The first time the tool is run, it makes another log (*Addition.txt*). Please also copy and paste that into your reply.


----------



## touk123 (Apr 24, 2009)

==================== One Month Created Files and Folders ========
2014-01-16 21:28 - 2014-01-16 21:28 - 00000000 ____D C:\FRST
2014-01-15 15:30 - 2014-01-15 15:30 - 00000000 ____D C:\_OTM
2014-01-15 15:26 - 2014-01-15 15:26 - 00522240 _____ (OldTimer Tools) C:\Users\Pat\Desktop\OTM.exe
2014-01-15 08:31 - 2013-11-26 05:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 08:31 - 2013-11-26 04:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 08:29 - 2013-11-26 19:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 13:16 - 2014-01-14 13:21 - 00017266 _____ C:\Users\Pat\Desktop\SystemLook.txt
2014-01-14 08:23 - 2014-01-14 08:52 - 141015434 _____ C:\Users\Pat\Downloads\AdbeRdr11000_mui_Std.zip
2014-01-12 17:33 - 2014-01-12 17:34 - 01236282 _____ C:\Users\Pat\Desktop\AdwCleaner.exe
2014-01-12 17:28 - 2014-01-13 13:48 - 00000000 ____D C:\AdwCleaner
2014-01-12 17:25 - 2014-01-12 17:26 - 01236282 _____ C:\Users\Pat\Downloads\AdwCleaner.exe
2014-01-12 15:22 - 2014-01-12 15:22 - 00000000 ____D C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-01-12 15:22 - 2014-01-12 15:22 - 00000000 ____D C:\Program Files\7-Zip
2014-01-10 09:36 - 2014-01-10 09:36 - 00009673 _____ C:\Users\Pat\Desktop\dds.txt
2014-01-10 09:36 - 2014-01-10 09:36 - 00002980 _____ C:\Users\Pat\Desktop\attach.txt
2014-01-10 09:22 - 2014-01-10 09:22 - 00000000 ____D C:\Program Files\Coupons
2014-01-10 09:21 - 2014-01-10 09:21 - 01859296 _____ (Coupons.com Incorporated) C:\Users\Pat\Downloads\couponprinter.exe
2014-01-09 20:10 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-09 20:10 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-09 20:10 - 2013-11-26 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-09 20:10 - 2013-11-26 02:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-09 20:10 - 2013-11-26 02:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-09 20:10 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-09 20:10 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-09 20:10 - 2013-11-26 02:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-09 20:10 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-09 20:10 - 2013-11-26 02:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-09 20:10 - 2013-11-26 02:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-09 20:10 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-09 20:10 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-09 20:10 - 2013-11-26 02:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-09 20:10 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-09 20:10 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-09 20:10 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-09 20:10 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-09 20:10 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-09 20:06 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-09 20:06 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-09 19:31 - 2014-01-09 19:31 - 00007173 _____ C:\Users\Pat\Downloads\hijackthis.log
2014-01-09 19:29 - 2014-01-09 19:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pat\Downloads\HijackThis.exe
2014-01-09 15:08 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-01-09 15:08 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-09 15:08 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-09 15:08 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-09 15:08 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-09 15:07 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-09 15:07 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-09 15:07 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-09 15:06 - 2013-10-03 19:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-01-09 15:06 - 2013-10-03 19:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
==================== One Month Modified Files and Folders =======
2014-01-16 21:29 - 2012-03-05 08:52 - 00000000 ____D C:\Users\Pat\AppData\Roaming\BitComet
2014-01-16 21:28 - 2014-01-16 21:28 - 00000000 ____D C:\FRST
2014-01-16 21:27 - 2009-07-13 22:34 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-16 21:27 - 2009-07-13 22:34 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-16 21:22 - 2011-10-27 19:51 - 01165032 _____ C:\Windows\WindowsUpdate.log
2014-01-16 21:18 - 2011-10-27 19:48 - 00058392 _____ C:\Windows\setupact.log
2014-01-16 21:18 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-16 13:44 - 2012-04-04 06:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-16 03:10 - 2009-07-13 22:33 - 00408296 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:09 - 2011-10-27 20:14 - 00088916 _____ C:\Windows\PFRO.log
2014-01-16 03:05 - 2009-07-13 20:04 - 00000499 _____ C:\Windows\win.ini
2014-01-16 03:04 - 2013-08-07 21:35 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 03:01 - 2011-08-11 00:47 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 15:30 - 2014-01-15 15:30 - 00000000 ____D C:\_OTM
2014-01-15 15:26 - 2014-01-15 15:26 - 00522240 _____ (OldTimer Tools) C:\Users\Pat\Desktop\OTM.exe
2014-01-14 13:21 - 2014-01-14 13:16 - 00017266 _____ C:\Users\Pat\Desktop\SystemLook.txt
2014-01-14 08:52 - 2014-01-14 08:23 - 141015434 _____ C:\Users\Pat\Downloads\AdbeRdr11000_mui_Std.zip
2014-01-14 07:29 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\NDF
2014-01-13 13:48 - 2014-01-12 17:28 - 00000000 ____D C:\AdwCleaner
2014-01-12 17:36 - 2011-08-05 14:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-12 17:34 - 2014-01-12 17:33 - 01236282 _____ C:\Users\Pat\Desktop\AdwCleaner.exe
2014-01-12 17:26 - 2014-01-12 17:25 - 01236282 _____ C:\Users\Pat\Downloads\AdwCleaner.exe
2014-01-12 15:22 - 2014-01-12 15:22 - 00000000 ____D C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-01-12 15:22 - 2014-01-12 15:22 - 00000000 ____D C:\Program Files\7-Zip
2014-01-10 09:36 - 2014-01-10 09:36 - 00009673 _____ C:\Users\Pat\Desktop\dds.txt
2014-01-10 09:36 - 2014-01-10 09:36 - 00002980 _____ C:\Users\Pat\Desktop\attach.txt
2014-01-10 09:22 - 2014-01-10 09:22 - 00000000 ____D C:\Program Files\Coupons
2014-01-10 09:21 - 2014-01-10 09:21 - 01859296 _____ (Coupons.com Incorporated) C:\Users\Pat\Downloads\couponprinter.exe
2014-01-10 09:02 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2014-01-09 20:26 - 2011-08-05 12:58 - 00735794 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 19:31 - 2014-01-09 19:31 - 00007173 _____ C:\Users\Pat\Downloads\hijackthis.log
2014-01-09 19:29 - 2014-01-09 19:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pat\Downloads\HijackThis.exe
2014-01-09 19:23 - 2011-08-09 11:36 - 00000000 ____D C:\Program Files\Elaborate Bytes
2014-01-09 15:44 - 2012-04-04 06:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-09 15:44 - 2011-08-05 14:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-10 08:56
==================== End Of Log ============================


----------



## touk123 (Apr 24, 2009)

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2014 03
Ran by Pat at 2014-01-16 21:30:28
Running from C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03C6NIRR
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
7-Zip 9.20 (Version: - )
AC3Filter (remove only) (Version: - )
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (Version: 10.0.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633 - Adobe Systems, Inc.)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
AVG PC Tuneup (Version: 10.0.0.27 - AVG)
Big Fish Games: Game Manager (Version: 3.0.1.60 - )
BitComet 1.35 (Version: 1.35 - CometNetwork)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (Version: 5.0.0.4 - Coupons.com Incorporated) <==== ATTENTION
Defraggler (Version: 2.03 - Piriform)
DVD Shrink version 1.0 (Version: 1.0 - DVDShrink)
EPSON NX430 Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
Gold Miner SE Free Trial (Version: - Grab Games)
Gold Miner Vegas (Version: - )
iCloud (Version: 3.1.0.40 - Apple Inc.)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee SecurityCenter (Version: 11.6.511 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
MpcStar 5.4 (Version: 5.4 - www.mpcstar.com)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30118 - Realtek Semiconductor Corp.)
Safari (Version: 5.34.57.2 - Apple Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (Version: 4.4.24.0 - Husdawg, LLC)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
==================== Restore Points =========================
14-01-2014 19:16:52 Windows Update
16-01-2014 09:00:39 Windows Update
==================== Hosts content: ==========================
2009-07-13 20:04 - 2014-01-15 15:40 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {29A7B3D7-1E8F-41DB-B06D-301EB1A7BE99} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Pat Logon => C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)
Task: {358A4DB7-5EEF-4FCA-A01F-B6D24DBFCC6F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-09] (Adobe Systems Incorporated)
Task: {41CBD042-9482-449D-B3B3-EFDD83280B39} - \AVG\PC Tuneup 2011\Integrator\Start On Pat Logon No Task File
Task: {B66B7582-4BD7-406E-A21C-C0A546C12C50} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:4FD750D6
AlternateDataStreams: C:\ProgramData\TEMP:CDE1C268
AlternateDataStreams: C:\ProgramData\TEMP:E73B14E2
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (01/16/2014 09:18:47 PM) (Source: Bonjour Service) (User: )
Description: Local Hostname Pat-PC.local already in use; will try Pat-PC-2.local instead
Error: (01/16/2014 09:18:47 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 Pat-PC.local. Addr 192.168.1.198
Error: (01/16/2014 09:18:47 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.91:5353 4 Pat-PC.local. Addr 192.168.1.91
Error: (01/09/2014 08:03:44 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary AnyDVD.
System Error:
The system cannot find the file specified.
.
Error: (01/09/2014 04:01:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: mfevtps.exe, version: 15.1.0.595, time stamp: 0x50f59ddc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x584
Faulting application start time: 0xmfevtps.exe0
Faulting application path: mfevtps.exe1
Faulting module path: mfevtps.exe2
Report Id: mfevtps.exe3
Error: (01/09/2014 02:50:35 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 11.0.9600.16428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1f10
Start Time: 01cf0d7c5531c437
Termination Time: 420
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:
Error: (12/09/2013 08:24:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25288
Error: (12/09/2013 08:24:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25288
Error: (12/09/2013 08:24:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/09/2013 08:24:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15288

System errors:
=============
Error: (01/16/2014 09:19:45 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (01/16/2014 09:18:54 PM) (Source: NetBT) (User: )
Description: The name "PAT-PC :20" could not be registered on the interface with IP address 192.168.1.198.
The computer with the IP address 192.168.1.91 did not allow the name to be claimed by
this computer.
Error: (01/16/2014 09:18:54 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{AFA81A42-990F-45A6-8A73-3D7589EEE03C} because another computer on the network has the same name. The server could not start.
Error: (01/16/2014 09:18:43 PM) (Source: NetBT) (User: )
Description: The name "PAT-PC :0" could not be registered on the interface with IP address 192.168.1.198.
The computer with the IP address 192.168.1.91 did not allow the name to be claimed by
this computer.
Error: (01/15/2014 03:43:10 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (01/15/2014 03:40:49 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (01/15/2014 02:00:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (01/15/2014 09:20:40 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (01/15/2014 09:01:30 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.
Error: (01/15/2014 09:01:28 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Microsoft Office Sessions:
=========================
Error: (01/16/2014 09:18:47 PM) (Source: Bonjour Service)(User: )
Description: Local Hostname Pat-PC.local already in use; will try Pat-PC-2.local instead
Error: (01/16/2014 09:18:47 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 Pat-PC.local. Addr 192.168.1.198
Error: (01/16/2014 09:18:47 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.91:5353 4 Pat-PC.local. Addr 192.168.1.91
Error: (01/09/2014 08:03:44 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AnyDVD.
System Error:
The system cannot find the file specified.
Error: (01/09/2014 04:01:52 PM) (Source: Application Error)(User: )
Description: mfevtps.exe15.1.0.59550f59ddcunknown0.0.0.000000000c00000050000000058401cf080d4b5213cfC:\Windows\system32\mfevtps.exeunknowna495d2f6-7979-11e3-a0ee-001e33b90967
Error: (01/09/2014 02:50:35 PM) (Source: Application Hang)(User: )
Description: iexplore.exe11.0.9600.164281f1001cf0d7c5531c437420C:\Program Files\Internet Explorer\iexplore.exe
Error: (12/09/2013 08:24:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25288
Error: (12/09/2013 08:24:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25288
Error: (12/09/2013 08:24:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/09/2013 08:24:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15288

CodeIntegrity Errors:
===================================
Date: 2013-10-13 23:15:57.812
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-10-13 23:15:57.797
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-10-13 23:15:57.797
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-10-06 23:07:46.050
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-10-06 23:07:46.050
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-10-06 23:07:46.034
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 
Percentage of memory in use: 48%
Total physical RAM: 2940.01 MB
Available physical RAM: 1524.07 MB
Total Pagefile: 5878.3 MB
Available Pagefile: 4138.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.95 GB) (Free:85.31 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 0EE287B1)
Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================


----------



## Mark1956 (May 7, 2011)

Please open the FRST.txt log and re-post it, you have only posted the bottom section of the log. The missing section contains entries for IE which I need to see.

This is the easiest way to copy and post a log:

*How to post a log*.
With the log open, hold down the *Control(Ctrl)* and* A* keys on your keyboard at the same time, the log text should turn blue, release the keys. If the text does not change color, left click on the log so the cursor appears on it and try again.
Right click on the blue area and select *Copy* from the pop up menu.
Come back here and right click on the Message box and select *Paste* from the pop up menu, the log should appear.
Type in any comments you wish to add and respond to any questions asked, then submit the post.

=========================================================

One very obvious problem that can be seen in the log is that you have two Anti Virus programs running. This is certain to cause poor performance and will actually reduce your systems security. It is up to you which AV you remove but I would recommend you take out McAfee. When you have uninstalled it run this clean up tool: McAfee Removal Tool

I would also recommend you uninstall AVG PC Tuenup, this is an optimizer program which is totally unnecessary and can cause more problems than it fixes. Also uninstall 'Coupon Printer for Windows' as this is known Adware.


----------



## touk123 (Apr 24, 2009)

I've tried to uninstall AVG PC Tune up but an error message tells me that files are missing and the program needs to be fixed or re-installed! I have uninstalled McAfee and I will go to the program to clean it up.


----------



## touk123 (Apr 24, 2009)

Here is the 1st log that I messed up.


----------



## touk123 (Apr 24, 2009)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 03
Ran by Pat (administrator) on PAT-PC on 17-01-2014 21:10:09
Running from C:\Users\Pat\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(www.BitComet.com) C:\Program Files\BitComet\BitComet.exe
(www.BitComet.com) C:\Program Files\BitComet\tools\BitCometService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [BitComet] - C:\Program Files\BitComet\BitComet.exe [12805888 2013-02-19] (www.BitComet.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1409F01B3855CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {bbbf3d02-0068-423f-8c68-0fd1c6e50b38} URL = http://search.tb.ask.com/search/GGm...&n=780b5fae&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {bbbf3d02-0068-423f-8c68-0fd1c6e50b38} URL = 
BHO: Shop to Win - {028E5C1E-E93A-FBA4-F949-AFB8EC7A5B86} - C:\Program Files\Shop to Win 36\Shop to Win 36.dll No File
BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll No File
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: No Name - \Extensions\{6921B3CC-9935-4D28-9A83-B3D824210580} [2012-09-12]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-01-01]
========================== Services (Whitelisted) =================
S2 0129521390013778mcinstcleanup; C:\Users\Pat\AppData\Local\Temp\012952~1.EXE [834664 2013-07-30] (McAfee, Inc.)
R3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [101552 2013-05-22] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S4 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [x]
S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [x]
S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [x]
==================== Drivers (Whitelisted) ====================
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsl7d0e2aa4; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1719AD12-2F95-48DE-A596-E0D25C2DEF67}\MpKsl7d0e2aa4.sys [40392 2014-01-17] (Microsoft Corporation)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2011-11-18] (Acronis)
S0 cfwids; system32\drivers\cfwids.sys [x]
S0 mfeapfk; system32\drivers\mfeapfk.sys [x]
R0 mfeavfk; system32\drivers\mfeavfk.sys [x]
U3 mfeavfk01; No ImagePath
S0 mfebopk; system32\drivers\mfebopk.sys [x]
S0 mfefirek; system32\drivers\mfefirek.sys [x]
R0 mfehidk; system32\drivers\mfehidk.sys [x]
S0 mferkdet; system32\drivers\mferkdet.sys [x]
R0 mfewfpk; system32\drivers\mfewfpk.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-01-17 21:10 - 2014-01-17 21:10 - 00009404 _____ C:\Users\Pat\Downloads\FRST.txt
2014-01-17 21:09 - 2014-01-17 21:10 - 01220608 _____ (Farbar) C:\Users\Pat\Downloads\FRST.exe
2014-01-16 21:28 - 2014-01-16 21:28 - 00000000 ____D C:\FRST
2014-01-15 15:30 - 2014-01-15 15:30 - 00000000 ____D C:\_OTM
2014-01-15 15:26 - 2014-01-15 15:26 - 00522240 _____ (OldTimer Tools) C:\Users\Pat\Desktop\OTM.exe
2014-01-15 08:31 - 2013-11-26 05:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 08:31 - 2013-11-26 04:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 08:29 - 2013-11-26 19:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 13:16 - 2014-01-14 13:21 - 00017266 _____ C:\Users\Pat\Desktop\SystemLook.txt
2014-01-14 08:23 - 2014-01-14 08:52 - 141015434 _____ C:\Users\Pat\Downloads\AdbeRdr11000_mui_Std.zip
2014-01-12 17:33 - 2014-01-12 17:34 - 01236282 _____ C:\Users\Pat\Desktop\AdwCleaner.exe
2014-01-12 17:28 - 2014-01-13 13:48 - 00000000 ____D C:\AdwCleaner
2014-01-12 17:25 - 2014-01-12 17:26 - 01236282 _____ C:\Users\Pat\Downloads\AdwCleaner.exe
2014-01-12 15:22 - 2014-01-12 15:22 - 00000000 ____D C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-01-12 15:22 - 2014-01-12 15:22 - 00000000 ____D C:\Program Files\7-Zip
2014-01-10 09:36 - 2014-01-10 09:36 - 00009673 _____ C:\Users\Pat\Desktop\dds.txt
2014-01-10 09:36 - 2014-01-10 09:36 - 00002980 _____ C:\Users\Pat\Desktop\attach.txt
2014-01-10 09:21 - 2014-01-10 09:21 - 01859296 _____ (Coupons.com Incorporated) C:\Users\Pat\Downloads\couponprinter.exe
2014-01-09 20:10 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-09 20:10 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-09 20:10 - 2013-11-26 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-09 20:10 - 2013-11-26 02:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-09 20:10 - 2013-11-26 02:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-09 20:10 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-09 20:10 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-09 20:10 - 2013-11-26 02:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-09 20:10 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-09 20:10 - 2013-11-26 02:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-09 20:10 - 2013-11-26 02:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-09 20:10 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-09 20:10 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-09 20:10 - 2013-11-26 02:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-09 20:10 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-09 20:10 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-09 20:10 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-09 20:10 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-09 20:10 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-09 20:06 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-09 20:06 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-09 19:31 - 2014-01-09 19:31 - 00007173 _____ C:\Users\Pat\Downloads\hijackthis.log
2014-01-09 19:29 - 2014-01-09 19:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pat\Downloads\HijackThis.exe
2014-01-09 15:08 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-01-09 15:08 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-09 15:08 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-09 15:08 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-09 15:08 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-09 15:07 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-09 15:07 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-09 15:07 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-09 15:06 - 2013-10-03 19:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-01-09 15:06 - 2013-10-03 19:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
==================== One Month Modified Files and Folders =======
2014-01-17 21:10 - 2014-01-17 21:10 - 00009404 _____ C:\Users\Pat\Downloads\FRST.txt
2014-01-17 21:10 - 2014-01-17 21:09 - 01220608 _____ (Farbar) C:\Users\Pat\Downloads\FRST.exe
2014-01-17 21:08 - 2012-03-05 08:52 - 00000000 ____D C:\Users\Pat\AppData\Roaming\BitComet
2014-01-17 20:44 - 2012-04-04 06:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-17 17:39 - 2011-10-27 19:51 - 01224627 _____ C:\Windows\WindowsUpdate.log
2014-01-17 13:20 - 2009-07-13 22:34 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-17 13:20 - 2009-07-13 22:34 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-17 13:12 - 2011-10-27 19:48 - 00058504 _____ C:\Windows\setupact.log
2014-01-17 13:12 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-16 21:28 - 2014-01-16 21:28 - 00000000 ____D C:\FRST
2014-01-16 03:10 - 2009-07-13 22:33 - 00408296 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:09 - 2011-10-27 20:14 - 00088916 _____ C:\Windows\PFRO.log
2014-01-16 03:05 - 2009-07-13 20:04 - 00000499 _____ C:\Windows\win.ini
2014-01-16 03:04 - 2013-08-07 21:35 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 03:01 - 2011-08-11 00:47 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 15:30 - 2014-01-15 15:30 - 00000000 ____D C:\_OTM
2014-01-15 15:26 - 2014-01-15 15:26 - 00522240 _____ (OldTimer Tools) C:\Users\Pat\Desktop\OTM.exe
2014-01-14 13:21 - 2014-01-14 13:16 - 00017266 _____ C:\Users\Pat\Desktop\SystemLook.txt
2014-01-14 08:52 - 2014-01-14 08:23 - 141015434 _____ C:\Users\Pat\Downloads\AdbeRdr11000_mui_Std.zip
2014-01-14 07:29 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\NDF
2014-01-13 13:48 - 2014-01-12 17:28 - 00000000 ____D C:\AdwCleaner
2014-01-12 17:36 - 2011-08-05 14:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-12 17:34 - 2014-01-12 17:33 - 01236282 _____ C:\Users\Pat\Desktop\AdwCleaner.exe
2014-01-12 17:26 - 2014-01-12 17:25 - 01236282 _____ C:\Users\Pat\Downloads\AdwCleaner.exe
2014-01-12 15:22 - 2014-01-12 15:22 - 00000000 ____D C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-01-12 15:22 - 2014-01-12 15:22 - 00000000 ____D C:\Program Files\7-Zip
2014-01-10 09:36 - 2014-01-10 09:36 - 00009673 _____ C:\Users\Pat\Desktop\dds.txt
2014-01-10 09:36 - 2014-01-10 09:36 - 00002980 _____ C:\Users\Pat\Desktop\attach.txt
2014-01-10 09:21 - 2014-01-10 09:21 - 01859296 _____ (Coupons.com Incorporated) C:\Users\Pat\Downloads\couponprinter.exe
2014-01-10 09:02 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2014-01-09 20:26 - 2011-08-05 12:58 - 00735794 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 19:31 - 2014-01-09 19:31 - 00007173 _____ C:\Users\Pat\Downloads\hijackthis.log
2014-01-09 19:29 - 2014-01-09 19:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pat\Downloads\HijackThis.exe
2014-01-09 19:23 - 2011-08-09 11:36 - 00000000 ____D C:\Program Files\Elaborate Bytes
2014-01-09 15:44 - 2012-04-04 06:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-09 15:44 - 2011-08-05 14:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Pat\AppData\Local\Temp\0129521390013778mcinst.exe

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-10 08:56
==================== End Of Log ============================


----------



## Mark1956 (May 7, 2011)

As you have removed McAfee since that log was created, it would be best to run it again as most of the McAfee remnants will have gone. I can then take out anything that may be left behind.

Open FRST and put a check mark next to Addition.txt and run it. Post both the new logs produced.


----------



## touk123 (Apr 24, 2009)

1st. logScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 03
Ran by Pat (administrator) on PAT-PC on 18-01-2014 21:13:51
Running from C:\Users\Pat\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(www.BitComet.com) C:\Program Files\BitComet\BitComet.exe
(www.BitComet.com) C:\Program Files\BitComet\tools\BitCometService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Pat\Downloads\FRST (2).exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [BitComet] - C:\Program Files\BitComet\BitComet.exe [12805888 2013-02-19] (www.BitComet.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1409F01B3855CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {bbbf3d02-0068-423f-8c68-0fd1c6e50b38} URL = http://search.tb.ask.com/search/GGm...&n=780b5fae&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {bbbf3d02-0068-423f-8c68-0fd1c6e50b38} URL = 
BHO: Shop to Win - {028E5C1E-E93A-FBA4-F949-AFB8EC7A5B86} - C:\Program Files\Shop to Win 36\Shop to Win 36.dll No File
BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll No File
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: No Name - \Extensions\{6921B3CC-9935-4D28-9A83-B3D824210580} [2012-09-12]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
========================== Services (Whitelisted) =================
R3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2011-11-18] (Acronis)
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-01-18 21:10 - 2014-01-18 21:10 - 01220608 _____ (Farbar) C:\Users\Pat\Downloads\FRST (2).exe
2014-01-17 21:23 - 2014-01-17 21:23 - 01220608 _____ (Farbar) C:\Users\Pat\Downloads\FRST (1).exe
2014-01-17 21:10 - 2014-01-18 21:13 - 00008004 _____ C:\Users\Pat\Downloads\FRST.txt
2014-01-17 21:09 - 2014-01-17 21:10 - 01220608 _____ (Farbar) C:\Users\Pat\Downloads\FRST.exe
2014-01-16 21:28 - 2014-01-16 21:28 - 00000000 ____D C:\FRST
2014-01-15 15:30 - 2014-01-15 15:30 - 00000000 ____D C:\_OTM
2014-01-15 15:26 - 2014-01-15 15:26 - 00522240 _____ (OldTimer Tools) C:\Users\Pat\Desktop\OTM.exe
2014-01-15 08:31 - 2013-11-26 05:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 08:31 - 2013-11-26 04:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 08:29 - 2013-11-26 19:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 08:29 - 2013-11-26 19:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 13:16 - 2014-01-14 13:21 - 00017266 _____ C:\Users\Pat\Desktop\SystemLook.txt
2014-01-14 08:23 - 2014-01-14 08:52 - 141015434 _____ C:\Users\Pat\Downloads\AdbeRdr11000_mui_Std.zip
2014-01-12 17:33 - 2014-01-12 17:34 - 01236282 _____ C:\Users\Pat\Desktop\AdwCleaner.exe
2014-01-12 17:28 - 2014-01-13 13:48 - 00000000 ____D C:\AdwCleaner
2014-01-12 17:25 - 2014-01-12 17:26 - 01236282 _____ C:\Users\Pat\Downloads\AdwCleaner.exe
2014-01-12 15:22 - 2014-01-12 15:22 - 00000000 ____D C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-01-12 15:22 - 2014-01-12 15:22 - 00000000 ____D C:\Program Files\7-Zip
2014-01-10 09:36 - 2014-01-10 09:36 - 00009673 _____ C:\Users\Pat\Desktop\dds.txt
2014-01-10 09:36 - 2014-01-10 09:36 - 00002980 _____ C:\Users\Pat\Desktop\attach.txt
2014-01-10 09:21 - 2014-01-10 09:21 - 01859296 _____ (Coupons.com Incorporated) C:\Users\Pat\Downloads\couponprinter.exe
2014-01-09 20:10 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-09 20:10 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-09 20:10 - 2013-11-26 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-09 20:10 - 2013-11-26 02:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-09 20:10 - 2013-11-26 02:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-09 20:10 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-09 20:10 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-09 20:10 - 2013-11-26 02:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-09 20:10 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-09 20:10 - 2013-11-26 02:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-09 20:10 - 2013-11-26 02:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-09 20:10 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-09 20:10 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-09 20:10 - 2013-11-26 02:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-09 20:10 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-09 20:10 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-09 20:10 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-09 20:10 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-09 20:10 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-09 20:06 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-01-09 20:06 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-01-09 19:31 - 2014-01-09 19:31 - 00007173 _____ C:\Users\Pat\Downloads\hijackthis.log
2014-01-09 19:29 - 2014-01-09 19:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pat\Downloads\HijackThis.exe
2014-01-09 15:08 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-01-09 15:08 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-01-09 15:08 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-01-09 15:08 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-01-09 15:08 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-01-09 15:07 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-01-09 15:07 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-01-09 15:07 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-01-09 15:06 - 2013-10-03 19:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-01-09 15:06 - 2013-10-03 19:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
==================== One Month Modified Files and Folders =======
2014-01-18 21:13 - 2014-01-17 21:10 - 00008004 _____ C:\Users\Pat\Downloads\FRST.txt
2014-01-18 21:10 - 2014-01-18 21:10 - 01220608 _____ (Farbar) C:\Users\Pat\Downloads\FRST (2).exe
2014-01-18 21:10 - 2012-03-05 08:52 - 00000000 ____D C:\Users\Pat\AppData\Roaming\BitComet
2014-01-18 20:44 - 2012-04-04 06:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-18 20:40 - 2011-10-27 19:51 - 01295057 _____ C:\Windows\WindowsUpdate.log
2014-01-17 21:44 - 2009-07-13 22:34 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-17 21:44 - 2009-07-13 22:34 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-17 21:37 - 2011-10-27 20:14 - 00095654 _____ C:\Windows\PFRO.log
2014-01-17 21:37 - 2011-10-27 19:48 - 00058616 _____ C:\Windows\setupact.log
2014-01-17 21:37 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 21:35 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\config\Journal
2014-01-17 21:33 - 2011-08-05 14:43 - 00000000 ____D C:\ProgramData\MFAData
2014-01-17 21:23 - 2014-01-17 21:23 - 01220608 _____ (Farbar) C:\Users\Pat\Downloads\FRST (1).exe
2014-01-17 21:10 - 2014-01-17 21:09 - 01220608 _____ (Farbar) C:\Users\Pat\Downloads\FRST.exe
2014-01-16 21:28 - 2014-01-16 21:28 - 00000000 ____D C:\FRST
2014-01-16 03:10 - 2009-07-13 22:33 - 00408296 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:05 - 2009-07-13 20:04 - 00000499 _____ C:\Windows\win.ini
2014-01-16 03:04 - 2013-08-07 21:35 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 03:01 - 2011-08-11 00:47 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 15:30 - 2014-01-15 15:30 - 00000000 ____D C:\_OTM
2014-01-15 15:26 - 2014-01-15 15:26 - 00522240 _____ (OldTimer Tools) C:\Users\Pat\Desktop\OTM.exe
2014-01-14 13:21 - 2014-01-14 13:16 - 00017266 _____ C:\Users\Pat\Desktop\SystemLook.txt
2014-01-14 08:52 - 2014-01-14 08:23 - 141015434 _____ C:\Users\Pat\Downloads\AdbeRdr11000_mui_Std.zip
2014-01-14 07:29 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\NDF
2014-01-13 13:48 - 2014-01-12 17:28 - 00000000 ____D C:\AdwCleaner
2014-01-12 17:36 - 2011-08-05 14:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-12 17:34 - 2014-01-12 17:33 - 01236282 _____ C:\Users\Pat\Desktop\AdwCleaner.exe
2014-01-12 17:26 - 2014-01-12 17:25 - 01236282 _____ C:\Users\Pat\Downloads\AdwCleaner.exe
2014-01-12 15:22 - 2014-01-12 15:22 - 00000000 ____D C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-01-12 15:22 - 2014-01-12 15:22 - 00000000 ____D C:\Program Files\7-Zip
2014-01-10 09:36 - 2014-01-10 09:36 - 00009673 _____ C:\Users\Pat\Desktop\dds.txt
2014-01-10 09:36 - 2014-01-10 09:36 - 00002980 _____ C:\Users\Pat\Desktop\attach.txt
2014-01-10 09:21 - 2014-01-10 09:21 - 01859296 _____ (Coupons.com Incorporated) C:\Users\Pat\Downloads\couponprinter.exe
2014-01-10 09:02 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2014-01-09 20:26 - 2011-08-05 12:58 - 00735794 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 19:31 - 2014-01-09 19:31 - 00007173 _____ C:\Users\Pat\Downloads\hijackthis.log
2014-01-09 19:29 - 2014-01-09 19:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pat\Downloads\HijackThis.exe
2014-01-09 19:23 - 2011-08-09 11:36 - 00000000 ____D C:\Program Files\Elaborate Bytes
2014-01-09 15:44 - 2012-04-04 06:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-09 15:44 - 2011-08-05 14:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-10 08:56
==================== End Of Log ==


----------



## touk123 (Apr 24, 2009)

2nd.log
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-01-2014 03
Ran by Pat at 2014-01-18 21:14:17
Running from C:\Users\Pat\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
7-Zip 9.20 (Version: - )
AC3Filter (remove only) (Version: - )
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (Version: 10.0.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633 - Adobe Systems, Inc.)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
AVG PC Tuneup (Version: 10.0.0.27 - AVG)
Big Fish Games: Game Manager (Version: 3.0.1.60 - )
BitComet 1.35 (Version: 1.35 - CometNetwork)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
Defraggler (Version: 2.03 - Piriform)
DVD Shrink version 1.0 (Version: 1.0 - DVDShrink)
EPSON NX430 Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
Gold Miner SE Free Trial (Version: - Grab Games)
Gold Miner Vegas (Version: - )
iCloud (Version: 3.1.0.40 - Apple Inc.)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
MpcStar 5.4 (Version: 5.4 - www.mpcstar.com)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30118 - Realtek Semiconductor Corp.)
Safari (Version: 5.34.57.2 - Apple Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (Version: 4.4.24.0 - Husdawg, LLC)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
==================== Restore Points =========================
14-01-2014 19:16:52 Windows Update
16-01-2014 09:00:39 Windows Update
==================== Hosts content: ==========================
2009-07-13 20:04 - 2014-01-15 15:40 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {29A7B3D7-1E8F-41DB-B06D-301EB1A7BE99} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Pat Logon => C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)
Task: {358A4DB7-5EEF-4FCA-A01F-B6D24DBFCC6F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-09] (Adobe Systems Incorporated)
Task: {41CBD042-9482-449D-B3B3-EFDD83280B39} - \AVG\PC Tuneup 2011\Integrator\Start On Pat Logon No Task File
Task: {B66B7582-4BD7-406E-A21C-C0A546C12C50} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:4FD750D6
AlternateDataStreams: C:\ProgramData\TEMP:CDE1C268
AlternateDataStreams: C:\ProgramData\TEMP:E73B14E2
==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (01/18/2014 06:05:28 PM) (Source: Bonjour Service) (User: )
Description: Local Hostname Pat-PC.local already in use; will try Pat-PC-2.local instead
Error: (01/18/2014 06:05:28 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 Pat-PC.local. Addr 192.168.1.198
Error: (01/18/2014 06:05:28 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.91:5353 4 Pat-PC.local. Addr 192.168.1.91
Error: (01/17/2014 01:12:37 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Pat-PC.local. AAAA FE80:0000:0000:0000:B8AF:BBCF:095D:F9D1
Error: (01/17/2014 01:12:37 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.91:5353 4 Pat-PC.local. Addr 192.168.1.91
Error: (01/17/2014 01:12:37 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Pat-PC.local. Addr 192.168.1.198
Error: (01/17/2014 01:12:37 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.91:5353 4 Pat-PC.local. Addr 192.168.1.91
Error: (01/17/2014 06:22:53 AM) (Source: Bonjour Service) (User: )
Description: Local Hostname Pat-PC.local already in use; will try Pat-PC-2.local instead
Error: (01/17/2014 06:22:53 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 Pat-PC.local. Addr 192.168.1.198
Error: (01/17/2014 06:22:53 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.91:5353 4 Pat-PC.local. Addr 192.168.1.91

System errors:
=============
Error: (01/17/2014 09:39:40 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (01/17/2014 09:18:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (01/17/2014 09:16:24 PM) (Source: NetBT) (User: )
Description: The name "PAT-PC :20" could not be registered on the interface with IP address 192.168.1.198.
The computer with the IP address 192.168.1.91 did not allow the name to be claimed by
this computer.
Error: (01/17/2014 09:16:24 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{AFA81A42-990F-45A6-8A73-3D7589EEE03C} because another computer on the network has the same name. The server could not start.
Error: (01/17/2014 09:16:15 PM) (Source: NetBT) (User: )
Description: The name "PAT-PC :0" could not be registered on the interface with IP address 192.168.1.198.
The computer with the IP address 192.168.1.91 did not allow the name to be claimed by
this computer.
Error: (01/17/2014 08:50:01 PM) (Source: DCOM) (User: )
Description: C:\Windows\system32\igfxsrvc.exe -Embedding2{078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
Error: (01/17/2014 01:13:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (01/17/2014 01:12:38 PM) (Source: NetBT) (User: )
Description: The name "PAT-PC :20" could not be registered on the interface with IP address 192.168.1.198.
The computer with the IP address 192.168.1.91 did not allow the name to be claimed by
this computer.
Error: (01/17/2014 01:12:38 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{AFA81A42-990F-45A6-8A73-3D7589EEE03C} because another computer on the network has the same name. The server could not start.
Error: (01/17/2014 06:24:56 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (01/18/2014 06:05:28 PM) (Source: Bonjour Service)(User: )
Description: Local Hostname Pat-PC.local already in use; will try Pat-PC-2.local instead
Error: (01/18/2014 06:05:28 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 Pat-PC.local. Addr 192.168.1.198
Error: (01/18/2014 06:05:28 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.91:5353 4 Pat-PC.local. Addr 192.168.1.91
Error: (01/17/2014 01:12:37 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Pat-PC.local. AAAA FE80:0000:0000:0000:B8AF:BBCF:095D:F9D1
Error: (01/17/2014 01:12:37 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.91:5353 4 Pat-PC.local. Addr 192.168.1.91
Error: (01/17/2014 01:12:37 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Pat-PC.local. Addr 192.168.1.198
Error: (01/17/2014 01:12:37 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.91:5353 4 Pat-PC.local. Addr 192.168.1.91
Error: (01/17/2014 06:22:53 AM) (Source: Bonjour Service)(User: )
Description: Local Hostname Pat-PC.local already in use; will try Pat-PC-2.local instead
Error: (01/17/2014 06:22:53 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 Pat-PC.local. Addr 192.168.1.198
Error: (01/17/2014 06:22:53 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.91:5353 4 Pat-PC.local. Addr 192.168.1.91

CodeIntegrity Errors:
===================================
Date: 2013-10-13 23:15:57.812
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-10-13 23:15:57.797
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-10-13 23:15:57.797
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-10-06 23:07:46.050
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-10-06 23:07:46.050
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-10-06 23:07:46.034
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 
Percentage of memory in use: 31%
Total physical RAM: 2940.01 MB
Available physical RAM: 2006.1 MB
Total Pagefile: 5878.3 MB
Available Pagefile: 4769.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.38 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:148.95 GB) (Free:85.3 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 0EE287B1)
Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================


----------



## Mark1956 (May 7, 2011)

Please run this, post the log and let me know if it fixed the problem.

Download the attachment and save it in the same location as FRST.


Launch FRST by double clicking on it.
When the *FRST* window opens click on the *Fix* button just once and wait.
The tool will make a log in the same location the program is run from (Fixlog.txt) please *Copy & Paste* it into your next reply.

Please then run this:

Download Temporary file cleaner and save it to the desktop. Make sure you do not use the Download button in the advert at the top of the page, use the button right next to the name *TFC - Temp File Cleaner by Old Timer*.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select *Run as Administrator*.
When the window opens click on* Start*. It will close all running programs and clear the desktop icons.
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.

NOTE: There is no need to post the log, just confirm in your next post that it ran without a problem. At times it may appear to freeze, which is perfectly normal, it may take a while to complete the clean up depending on the amount of temporary files there are on the system.


----------



## touk123 (Apr 24, 2009)

Mark, I'm so sorry that I'm so dumb but I have no idea where to find the log. I've got as far as clicking " fix " and I get the box that tells me to go where the program was run from. I'm at a standstill. Can you tell me where to look? I went to my c/programs but 1/18 was the last date I saw. I've got nothing that I've downloaded today.


----------



## Mark1956 (May 7, 2011)

You need to look in the Downloads folder.


----------



## touk123 (Apr 24, 2009)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 03
Ran by Pat (administrator) on PAT-PC on 18-01-2014 21:13:51
Running from C:\Users\Pat\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(www.BitComet.com) C:\Program Files\BitComet\BitComet.exe
(www.BitComet.com) C:\Program Files\BitComet\tools\BitCometService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Pat\Downloads\FRST (2).exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [BitComet] - C:\Program Files\BitComet\BitComet.exe [12805888 2013-02-19] (www.BitComet.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1409F01B3855CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {bbbf3d02-0068-423f-8c68-0fd1c6e50b38} URL = http://search.tb.ask.com/search/GGm...&n=780b5fae&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {bbbf3d02-0068-423f-8c68-0fd1c6e50b38} URL = 
BHO: Shop to Win - {028E5C1E-E93A-FBA4-F949-AFB8EC7A5B86} - C:\Program Files\Shop to Win 36\Shop to Win 36.dll No File
BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll No File
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: No Name - \Extensions\{6921B3CC-9935-4D28-9A83-B3D824210580} [2012-09-12]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
========================== Services (Whitelisted) =================
R3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)


----------



## Mark1956 (May 7, 2011)

You've slipped up a bit. The log above is not only incomplete it is a copy of the one you posted earlier.

What I need to see is the log named fixlog.txt.

From my instructions in post 33:


> The tool will make a log in the same location the program is run from (Fixlog.txt) please *Copy & Paste* it into your next reply.


----------



## touk123 (Apr 24, 2009)

Mark, please don't give up on me but I've got the log but I cannot find a txt.log. I ran a scan but I can't get the box that lets me click FIX. Can you walk me through it ? I'm hanging my head in shame!


----------



## Mark1956 (May 7, 2011)

Ok, one step at a time.

Did you downloaded the attached file from post 33?


----------



## touk123 (Apr 24, 2009)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-01-2014
Ran by Pat at 2014-01-21 07:38:26 Run:1
Running from C:\Users\Pat\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1409F01B3855CC01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {bbbf3d02-0068-423f-8c68-0fd1c6e50b38} URL = http://search.tb.ask.com/search/GGma...r={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {bbbf3d02-0068-423f-8c68-0fd1c6e50b38} URL = 
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll No File
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
Task: {29A7B3D7-1E8F-41DB-B06D-301EB1A7BE99} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Pat Logon => C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)
C:\Program Files\McAfee\SiteAdvisor
Task: {41CBD042-9482-449D-B3B3-EFDD83280B39} - \AVG\PC Tuneup 2011\Integrator\Start On Pat Logon No Task File
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:4FD750D6
AlternateDataStreams: C:\ProgramData\TEMP:CDE1C268
AlternateDataStreams: C:\ProgramData\TEMP:E73B14E2
C:\Program Files\Common Files\Mcafee
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Shop to Win - {028E5C1E-E93A-FBA4-F949-AFB8EC7A5B86} - C:\Program Files\Shop to Win 36\Shop to Win 36.dll No File
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{bbbf3d02-0068-423f-8c68-0fd1c6e50b38} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{bbbf3d02-0068-423f-8c68-0fd1c6e50b38} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{bbbf3d02-0068-423f-8c68-0fd1c6e50b38} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{bbbf3d02-0068-423f-8c68-0fd1c6e50b38} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => Key deleted successfully.
HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => Key not found.
HKCR\PROTOCOLS\Handler\dssrequest => Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found.
HKCR\PROTOCOLS\Handler\sacore => Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found.
HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0 => Key deleted successfully.
C:\Program Files\Google\Picasa3\npPicasa3.dll not found.
HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin => Key deleted successfully.
C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29A7B3D7-1E8F-41DB-B06D-301EB1A7BE99} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29A7B3D7-1E8F-41DB-B06D-301EB1A7BE99} => Key deleted successfully.
C:\Windows\System32\Tasks\AVG\PC Tuneup\Integrator\Start On Pat Logon => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG\PC Tuneup\Integrator\Start On Pat Logon => Key deleted successfully.
"C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)" => File/Directory not found.
"C:\Program Files\McAfee\SiteAdvisor" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{41CBD042-9482-449D-B3B3-EFDD83280B39} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41CBD042-9482-449D-B3B3-EFDD83280B39} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG\PC Tuneup 2011\Integrator\Start On Pat Logon => Key deleted successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\ProgramData\TEMP => ":4FD750D6" ADS removed successfully.
C:\ProgramData\TEMP => ":CDE1C268" ADS removed successfully.
C:\ProgramData\TEMP => ":E73B14E2" ADS removed successfully.
"C:\Program Files\Common Files\Mcafee" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => Key not found.
HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Value not found.
HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{028E5C1E-E93A-FBA4-F949-AFB8EC7A5B86} => Key deleted successfully.
HKCR\CLSID\{028E5C1E-E93A-FBA4-F949-AFB8EC7A5B86} => Key deleted successfully.
==== End of Fixlog ====


----------



## touk123 (Apr 24, 2009)

I hope I did it right this time. No, I didn't understand about the file attachment until you asked if I had downloaded it. I have downloaded it and this is the log that I sent. I ran the TFC and it ran without a problem. I still have the popup. I'll give myself a thump on my head for the attachment error!


----------



## Mark1956 (May 7, 2011)

Not to worry about the mistake, it pays to read the instructions with extreme care, but many people miss things, so you are not alone.

Please try to follow the instructions to take a screenshot again, if you can't get it to work then just post exactly what it says on the pop up and what options you are given so I get a clear picture of what you are seeing.


----------



## touk123 (Apr 24, 2009)

Mark, I still can't get a screen shot. I've gone by the link you sent but when I click the print screen button I get no response at all! The first pop up is still the same as my original post. The second pop up is the same one that when I click on the tool bar in IE and go to manage add-ons I get this window. I then click on Search Providers and there is nothing in the box! 
I hope I've given you enough information. If not let me know and I'll try again.


----------



## Mark1956 (May 7, 2011)

The print screen button dose not show any response on screen, that is normal.

I think we should next try to reset IE and see if that clears the problem.

Before you do this, as a precaution, save your favorites.
Open Internet Explorer and click on File > Import Export.
Select Export to file, then Next.
Select Favorites and then Next and Next again.
Select the location to save the file using the Browse button (I would suggest the Desktop).
Click on the Export button then Finish.


Exit all programs, including Internet Explorer (if it is running).
Click on the Start button







and type the following command in the Search box, *inetcpl.cpl* and then press* Enter*
The *Internet Options* dialog box appears.
Click the *Advanced* tab.
Under *Reset Internet Explorer settings*, click *Reset*. Then click *Reset* again.
Click to select the *Delete personal settings *check box to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data.
When Internet Explorer finishes resetting the settings, click *Close* in the *Reset Internet Explorer Settings* dialog box.
Start Internet Explorer again.


----------



## touk123 (Apr 24, 2009)

I did as you suggested but I'm still getting the pop-ups!


----------



## Mark1956 (May 7, 2011)

This one is proving to be a tough nut to crack. Lets run a scan with another tool, this will show even more detail than FRST and will produce a bigger log. If you get any warning when trying to post the log about it having too many characters, you will have to split it into separate posts.


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Under the *Standard Registry* box change it to *All*.
Check the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.


----------



## touk123 (Apr 24, 2009)

OTL logfile created on: 1/23/2014 8:42:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pat\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 71.84% Memory free
5.74 Gb Paging File | 4.84 Gb Available in Paging File | 84.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 90.37 Gb Free Space | 60.67% Space Free | Partition Type: NTFS

Computer Name: PAT-PC | User Name: Pat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Pat\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\BitComet\tools\BitCometService.exe (www.BitComet.com)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (BITCOMET_HELPER_SERVICE) -- C:\Program Files\BitComet\tools\BitCometService.exe (www.BitComet.com)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=U153
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 4C 28 E0 6E 18 CF 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2014/01/13 13:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\dwb2uys9.default\extensions
[2012/01/12 02:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2012/04/03 23:53:56 | 000,182,160 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2012/05/15 21:22:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2012/05/15 21:22:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2012/05/15 21:22:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2012/05/15 21:22:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2012/05/15 21:22:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2012/05/15 21:22:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2012/05/15 21:22:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

O1 HOSTS File: ([2014/01/15 15:40:50 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFA81A42-990F-45A6-8A73-3D7589EEE03C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/23 20:39:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pat\Desktop\OTL.exe
[2014/01/16 21:28:12 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/15 15:30:29 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/01/15 15:26:10 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Pat\Desktop\OTM.exe
[2014/01/15 08:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/01/15 08:31:21 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/01/15 08:31:14 | 000,240,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2014/01/15 08:29:26 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2014/01/15 08:29:24 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2014/01/12 17:28:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/12 15:22:37 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/01/12 15:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/01/09 20:10:49 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/01/09 20:10:49 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/01/09 20:10:48 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/01/09 20:10:47 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/01/09 20:10:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/01/09 20:10:46 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/01/09 20:10:46 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/01/09 20:10:46 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/01/09 20:10:46 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/01/09 20:10:45 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/01/09 20:10:45 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/01/09 20:10:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/01/09 20:10:43 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/01/09 20:10:40 | 004,243,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/01/09 20:06:48 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2014/01/09 15:08:34 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2014/01/09 15:07:34 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2014/01/09 15:07:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/01/09 15:06:40 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2014/01/09 15:06:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys

========== Files - Modified Within 30 Days ==========

[2014/01/23 20:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/23 20:40:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pat\Desktop\OTL.exe
[2014/01/23 18:44:51 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/23 18:44:51 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/23 18:36:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/23 18:36:38 | 2312,114,176 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/19 01:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/01/16 03:10:38 | 000,408,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/15 15:40:50 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/01/15 15:26:12 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Pat\Desktop\OTM.exe
[2014/01/12 17:34:03 | 001,236,282 | ---- | M] () -- C:\Users\Pat\Desktop\AdwCleaner.exe
[2014/01/09 20:26:03 | 000,630,654 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/09 20:26:03 | 000,109,700 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/09 15:44:37 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/01/09 15:44:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2014/01/12 17:33:20 | 001,236,282 | ---- | C] () -- C:\Users\Pat\Desktop\AdwCleaner.exe
[2013/08/10 06:29:55 | 000,000,382 | ---- | C] () -- C:\Users\Pat\AppData\Roaming\burnaware.ini
[2011/08/09 11:33:23 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/11/18 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Acronis
[2012/08/01 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\AVG
[2012/07/02 02:18:49 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\AVG2012
[2013/08/07 21:26:12 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\AVG2013
[2014/01/23 20:42:49 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\BitComet
[2012/03/05 11:34:06 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\CometPlayer
[2012/03/03 23:52:00 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\FreeTorrentViewer
[2013/01/26 20:21:26 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\Playrix Entertainment
[2012/03/05 11:37:25 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\tigerplayer
[2013/08/07 21:24:14 | 000,000,000 | ---D | M] -- C:\Users\Pat\AppData\Roaming\TuneUp Software

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:E73B14E2
< End of report >


----------



## touk123 (Apr 24, 2009)

OTL Extras logfile created on: 1/23/2014 8:42:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pat\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 71.84% Memory free
5.74 Gb Paging File | 4.84 Gb Available in Paging File | 84.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 90.37 Gb Free Space | 60.67% Space Free | Partition Type: NTFS

Computer Name: PAT-PC | User Name: Pat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046BD349-F44F-4D4B-A6AE-F8198AD6C091}" = lport=13043 | protocol=17 | dir=in | name=bitcomet 13043 udp | 
"{0475ABC2-D042-4553-A929-F34082CE1C4D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1421137E-935E-4881-B141-77C7ECEFCFCE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{3F372643-2CEE-4DEA-BF4D-B07763A22285}" = rport=137 | protocol=17 | dir=out | app=system | 
"{45D80244-334F-4B01-87AF-C7914AA928FC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{46693746-86CD-4F6C-BEDF-42E3A223436B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{475D5DE8-3BED-4A8E-A3B9-0F61B823478A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{477C1347-D201-4C95-8776-D9149E24F99F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{73D9E891-B681-4F8B-B03C-23E628A3656B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8FDCF0E4-172E-468F-927C-3113011EB16A}" = lport=13043 | protocol=6 | dir=in | name=bitcomet 13043 tcp | 
"{9187E0F8-1D8E-4FB1-B7F8-CD5365934AF8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{930E3E2B-92D0-4770-80A5-4379DCB61011}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{962929F4-7916-4EA9-B7E4-97AFF59AB071}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9C70BFF1-E305-4322-900F-B0B43AE57934}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0BB78C5-7C1A-437B-8111-83A7806C8746}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A4D47008-A75C-4E00-9082-095B8500AD29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B049FAAC-243C-441D-A5D7-4DCAA6E074E5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B668354D-C5A4-4663-9BAE-1EE224BE624F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C1B86596-1EC0-48E6-BEF5-E8A0DFE2B1F0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C24D6EEE-FF51-4A2D-825A-952DC39DC5E7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D29BE4A7-BC4B-4B25-B2B0-81B3077C835A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D687ED84-74DB-4BB6-8A26-CD0D21AFFDB5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D7D19BF9-BD16-4777-BB36-DA09529B4C5B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ECFE943D-68BA-4714-8725-160A06FA4E3F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EF9914FC-1154-4829-928C-939FCE32A508}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AD43A0-AFCB-4D9E-8EF5-BF96D65AC52D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{05EE3A5C-517A-4E02-AD61-9AFC04EF8109}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{085ECC39-D779-4F0C-831C-9765F8ED7C15}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{091F1CFD-4C08-4388-8F40-5E281A300A1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1DF89E70-84BA-4B17-B682-F04BEFDD36D8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{24350E02-9257-4209-BB2A-A7A4F4B51BAD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{28375A54-96A0-44F9-9F52-D74F90603B8D}" = protocol=1 | dir=in | [email protected],-28543 | 
"{2ADC7766-E096-4085-A29C-65C1CBBAF0A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2E636058-FFEB-474D-821A-27000585299F}" = protocol=58 | dir=out | [email protected],-28546 | 
"{41620A27-D4FE-4BBF-A441-F1577A5D8859}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{4D4B6154-AD34-401B-92F0-9181F0BC173C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{50AD1D53-38FA-4BFA-B40E-DD2778D80010}" = protocol=1 | dir=out | [email protected],-28544 | 
"{523DD7F3-E38A-461E-B5D8-D0CCBBA912C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{540793FF-CCBC-4F2A-A9E9-954007D1B4D5}" = protocol=58 | dir=in | app=system | 
"{57BE9897-840A-47F9-B01A-1553B8305356}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{62265850-AD0E-4D72-A796-B4D9EFBED523}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{64BBD3AC-DF6C-4FB6-B60E-0A70DEFBFB35}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{66C71F9D-2182-4562-A3A0-5B06A3570F12}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{67BB7A07-C421-4BD1-90ED-97EE5F32FBEC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{71196CA6-5959-4B58-A251-BC71424879AE}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{7D90C334-1EF3-4390-87C1-18DF3AFB16AC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{88E1BA52-0F6A-48F2-AEF7-11F6890A01BF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8CFFF5B8-3CA6-4D96-BB02-A09DA4A3B510}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E729A41-6864-4109-8640-12C22A3DFEC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F85C16C-211E-4741-9B34-CA4B4BD247BE}" = protocol=58 | dir=in | [email protected],-28545 | 
"{91A3A674-7F81-48D6-BC9A-B8351EF74EBC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{93D783C6-BCD1-4FA0-A646-5389C60348AB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{93E5594B-6CE7-4CA9-91A0-636A6A93E2E2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{9F5FB7D0-F41C-4620-B08A-25FDB10727F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9FD92A23-BCDC-4DDB-BF34-1CC4526ED2D0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{A328D982-4F37-4836-82D7-72BDEB0DEEC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B280DB68-4A1A-4592-92CD-E7F109725AE7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{BBC58EE5-0EA2-4BBB-BCA1-080D5454E7B9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{BD93D6F0-710B-4976-B76F-112DB52A35AA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{C293C977-B99A-410C-BBDC-679EFCFBA95A}" = protocol=58 | dir=out | [email protected],-503 | 
"{C2A0554C-B2A3-4FC9-A06F-9261FC4EC614}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C56CDD14-4525-4BCE-A32E-E26D7E74AE78}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{C5C2998B-B2BC-4A2F-ACB0-1660507D942A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{DA81D9BF-3583-4763-B98A-974C894DACB0}" = protocol=6 | dir=out | app=system | 
"{DC59D0AE-0720-45BA-955A-55A23B43661F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{DFEBD766-8CE0-4F7D-8822-1553345A7B6B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E0969605-A1AE-43E2-89BF-E73F642B7AC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E1265FD8-B8E0-4EC9-AD97-6B3ADB2230CD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{E4AAC3CD-D8C8-4BFD-BDDD-566864690A03}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{E51D0037-3C44-4599-A370-28218D841CB2}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{F46C7670-7936-4B97-A01C-3F37A046D7C8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{F7796127-2E72-4C42-A037-49B1C43C665D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{F918DA08-EF9E-4992-8A35-1DD2677BB974}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{32F3FD09-0944-42C0-811E-38C9A26B3A5C}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"TCP Query User{EF8E1780-DFD5-430A-9865-D2A8FD9A87B5}C:\program files\freetorrentviewer\freetorrentviewer.exe" = protocol=6 | dir=in | app=c:\program files\freetorrentviewer\freetorrentviewer.exe | 
"UDP Query User{2BED03F9-A1FA-411A-9C4F-4B164FB53420}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"UDP Query User{A30ACB6A-81E5-40C3-B242-4472D9AEDD8F}C:\program files\freetorrentviewer\freetorrentviewer.exe" = protocol=17 | dir=in | app=c:\program files\freetorrentviewer\freetorrentviewer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A61104-74B5-4056-AD00-4397EF4FB141}" = iCloud
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE0C52A9-0C1C-4289-875A-8FB81BB9A367}_is1" = DVD Shrink version 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"7-Zip 9.20" = 7-Zip 9.20
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BFGC" = Big Fish Games: Game Manager
"BFG-Gold Miner Vegas" = Gold Miner Vegas
"BitComet" = BitComet 1.35
"Defraggler" = Defraggler
"EPSON NX430 Series" = EPSON NX430 Series Printer Uninstall
"Gold Miner SE Free Trial_is1" = Gold Miner SE Free Trial
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MpcStar" = MpcStar 5.4

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/9/2013 10:24:22 PM | Computer Name = Pat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8128

Error - 12/9/2013 10:24:29 PM | Computer Name = Pat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/9/2013 10:24:29 PM | Computer Name = Pat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15288

Error - 12/9/2013 10:24:29 PM | Computer Name = Pat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15288

Error - 12/9/2013 10:24:39 PM | Computer Name = Pat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/9/2013 10:24:39 PM | Computer Name = Pat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 25288

Error - 12/9/2013 10:24:39 PM | Computer Name = Pat-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 25288

Error - 1/9/2014 4:50:35 PM | Computer Name = Pat-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.16428 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1f10 Start
Time: 01cf0d7c5531c437 Termination Time: 420 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 1/9/2014 6:01:52 PM | Computer Name = Pat-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mfevtps.exe, version: 15.1.0.595, time 
stamp: 0x50f59ddc Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x584 Faulting application
start time: 0x01cf080d4b5213cf Faulting application path: C:\Windows\system32\mfevtps.exe
Faulting
module path: unknown Report Id: a495d2f6-7979-11e3-a0ee-001e33b90967

Error - 1/9/2014 10:03:44 PM | Computer Name = Pat-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary AnyDVD. System Error: The system cannot find the file specified. .

[ Media Center Events ]
Error - 5/9/2012 12:49:09 PM | Computer Name = Pat-PC | Source = MCUpdate | ID = 0
Description = 11:49:09 AM - Error connecting to the internet. 11:49:09 AM -  Unable
to contact server..

Error - 5/9/2012 12:49:15 PM | Computer Name = Pat-PC | Source = MCUpdate | ID = 0
Description = 11:49:14 AM - Error connecting to the internet. 11:49:14 AM - Unable
to contact server..

Error - 5/9/2012 10:59:22 PM | Computer Name = Pat-PC | Source = MCUpdate | ID = 0
Description = 9:59:22 PM - Error connecting to the internet. 9:59:22 PM - Unable
to contact server..

Error - 5/9/2012 10:59:33 PM | Computer Name = Pat-PC | Source = MCUpdate | ID = 0
Description = 9:59:27 PM - Error connecting to the internet. 9:59:27 PM - Unable
to contact server..

Error - 5/10/2012 11:22:21 PM | Computer Name = Pat-PC | Source = MCUpdate | ID = 0
Description = 10:22:20 PM - Failed to retrieve Logos-2.cab (Error: The server did
not return the file size. The URL might point to dynamic content. The Content-Length
header is not available in the server's HTTP reply. )

Error - 5/10/2012 11:22:25 PM | Computer Name = Pat-PC | Source = MCUpdate | ID = 0
Description = 10:22:25 PM - Failed to retrieve SMTiles-2.cab (Error: The server 
did not return the file size. The URL might point to dynamic content. The Content-Length
header is not available in the server's HTTP reply. )

Error - 5/10/2012 11:22:29 PM | Computer Name = Pat-PC | Source = MCUpdate | ID = 0
Description = 10:22:29 PM - Failed to retrieve UpdateableMarkup-2.cab (Error: The
server did not return the file size. The URL might point to dynamic content. The
Content-Length header is not available in the server's HTTP reply. )

Error - 5/10/2012 11:22:59 PM | Computer Name = Pat-PC | Source = MCUpdate | ID = 0
Description = 10:22:59 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 5/10/2012 11:24:12 PM | Computer Name = Pat-PC | Source = MCUpdate | ID = 0
Description = 10:23:37 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 5/10/2012 11:26:00 PM | Computer Name = Pat-PC | Source = MCUpdate | ID = 0
Description = 10:24:52 PM - Failed to retrieve Broadband (Error: The underlying 
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

[ System Events ]
Error - 1/21/2014 7:49:35 PM | Computer Name = Pat-PC | Source = NetBT | ID = 4321
Description = The name "PAT-PC :20" could not be registered on the interface
with IP address 192.168.1.198. The computer with the IP address 192.168.1.91 did
not allow the name to be claimed by this computer.

Error - 1/21/2014 7:49:35 PM | Computer Name = Pat-PC | Source = NetBT | ID = 4321
Description = The name "PAT-PC :0" could not be registered on the interface
with IP address 192.168.1.198. The computer with the IP address 192.168.1.91 did
not allow the name to be claimed by this computer.

Error - 1/21/2014 8:34:57 PM | Computer Name = Pat-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{AFA81A42-990F-45A6-8A73-3D7589EEE03C}
because another computer on the network has the same name. The server could not
start.

Error - 1/21/2014 8:34:57 PM | Computer Name = Pat-PC | Source = NetBT | ID = 4321
Description = The name "PAT-PC :20" could not be registered on the interface
with IP address 192.168.1.198. The computer with the IP address 192.168.1.91 did
not allow the name to be claimed by this computer.

Error - 1/21/2014 8:34:57 PM | Computer Name = Pat-PC | Source = NetBT | ID = 4321
Description = The name "PAT-PC :0" could not be registered on the interface
with IP address 192.168.1.198. The computer with the IP address 192.168.1.91 did
not allow the name to be claimed by this computer.

Error - 1/22/2014 12:04:48 PM | Computer Name = Pat-PC | Source = DCOM | ID = 10016
Description =

Error - 1/22/2014 7:48:20 PM | Computer Name = Pat-PC | Source = DCOM | ID = 10016
Description =

Error - 1/23/2014 2:46:03 PM | Computer Name = Pat-PC | Source = DCOM | ID = 10016
Description =

Error - 1/23/2014 3:11:43 PM | Computer Name = Pat-PC | Source = DCOM | ID = 10016
Description =

Error - 1/23/2014 8:39:27 PM | Computer Name = Pat-PC | Source = DCOM | ID = 10016
Description =

< End of report >


----------



## Mark1956 (May 7, 2011)

Still no sign of any problem with IE, all the entries in the log appear to be normal. The next step is to uninstall IE which will revert it back to version 10.

Please follow this guide: How to uninstall IE11http://www.sevenforums.com/tutorials/282216-internet-explorer-10-install-uninstall-windows-7-a.html


----------



## touk123 (Apr 24, 2009)

I uninstalled IE !! and it went back to 10. Yep, you guessed it! I still have the two pop-ups. Should I go back and reinstall IE 11?


----------



## Mark1956 (May 7, 2011)

Ok, open IE and click on Tools and select Manage Add-ons. Click on Search providers in the left pane and tell me what it shows in the right pane.


----------



## touk123 (Apr 24, 2009)

This is what's at the top and what's listed underneath.
Name: Bing
Status: Default
Listing Order:1
Search Suggestions: enabled
Top Result: Disabled


----------



## Mark1956 (May 7, 2011)

That is the correct default search engine for IE, try enabling it. Then reboot and see what happens.


----------



## touk123 (Apr 24, 2009)

Nothing! Still the same.


----------



## Mark1956 (May 7, 2011)

Are the error messages still exactly the same as in your first post including the mention of Zynga?


----------



## touk123 (Apr 24, 2009)

Actually, the first pop up is still the same but the next one, which is the manage add-ons box is different. There's no mention of Zynga. Would it be helpful to tell you what's in the box?


----------



## Mark1956 (May 7, 2011)

Yes please, tell me word for word exactly what is written in both of the pop ups and anything on the top border of the box. Plus any options that are offered.


----------



## touk123 (Apr 24, 2009)

1st. Box:
On top of the box:
Internet Explorer-Search Provider Default
Inside of box:
A program on your computer has corrupted your default search provider setting for Internet Explorer.
Internet Explorer has reset this setting to your original search provider, Bing (www.bing.com).
Internet Explorer will now open Search Settings, where you can change this setting or install more search providers.


----------



## touk123 (Apr 24, 2009)

After I click OK I go to a 2nd box. Manage Add-ons Box. On the left: Toolbars and Extensions
On the right side:
NAME: Publisher: Status : 

Adobe Flash Object Adobe Systems Incorporated Enabled

Microsoft Corporation
Research Microsoft Corporation Disabled

Not Available
Research Not Available Disabled
BitComet Not Available Disabled


----------



## touk123 (Apr 24, 2009)

THE REMAINDER


Name: Publisher: Status
PokerStars.net Not Available Disabled

shanghai Comet Network Technology
BitComet Helper Shangai Comet Network Disabled


----------



## touk123 (Apr 24, 2009)

I click on" Search Providers Under NAME: Bing
Status: Disabled
Listing order: 1
Search Suggestions: Enabled
Top Reset: Disabled




I hope I've gotten all this right and you were able to make sense of how I've written it. Thanks a lot, Mark!


----------



## Mark1956 (May 7, 2011)

One thought I have is that the Bing search provider is corrupted causing the system to not recognize it, try this to remove and reinstall it. We need to add the Google search provider first to allow it to be removed.

Click on Tools, Manage Add-ons and click on Search Providers. Click on Find more search providers, when the page opens select Google. When Google has been added to the list set it as Default, click on the Bing entry and then click on the Remove button. Close and re-open IE.

Open Manage Add-ons and select Find more search providers and select Bing, once it is shown back in the list set it as the default. Reboot the system and tell me if it has fixed the problem.


----------



## touk123 (Apr 24, 2009)

Mark, it won't let Google be the default browser and it won't let me remove Bing. On Bing the REMOVE button is greyed out.


----------



## Mark1956 (May 7, 2011)

It won't allow the removal of Bing until another search provider is set as the default, try adding another search provider and then see if you can change the default away from Bing to allow its removal.

If this still causes a problem then see if upgrading back to IE11 will fix it. You need to go into Windows Update and do a search for updates, it should give you IE11.


----------



## touk123 (Apr 24, 2009)

OK. I reinstalled IE11 and added yahoo to the search providers. I clicked on default and it says it's the default provider but the REMOVE box is still greyed out on Bing, I cannot remove the crazy thing! when I open IE it still uses Bing as the provider.


----------



## Mark1956 (May 7, 2011)

Please see the screenshot attached, just click on it to enlarge.

This shows something similar to what you have. Is this what you are seeing (ignoring that I have Google there) Default should be set so it appears next to another search provider leaving Bing without Default showing.


----------



## touk123 (Apr 24, 2009)

Yes, this is exactly how it looks with the exception that the default is by Bing and the remove button is greyed out.


----------



## Mark1956 (May 7, 2011)

You need to set the other search provider as Default, it should then allow you to remove Bing.


----------



## touk123 (Apr 24, 2009)

I have tried Google and Yahoo to set as the default but it won't let me! It keeps Bing as the default.


----------



## Mark1956 (May 7, 2011)

Ok, this isn't working and something is clearly wrong as you should be able to set any search provider as the default.

Try this, uninstall IE 11, then 10 then 9. This will take it back to the original version that came with Windows 7. Then go into Windows Update and do a search for available updates and let it reinstall everything available. This should put IE 11 back in place again, see if that then fixes the problem.


----------



## touk123 (Apr 24, 2009)

I uninstalled IE all the way back to 8 and then updated to 11. No luck. It still won't let me put Google or Yahoo as the default. The remove button on Bing is still greyed out.


----------



## Mark1956 (May 7, 2011)

Ok, time to try something different, I need you to do a search for Bing registry entries with the software below, we will then delete the related keys.

Please download *SystemLook* from the following link below and save it to your Desktop.


*SystemLook (32-bit)*


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:

```
:regfind
Bing
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## touk123 (Apr 24, 2009)

SystemLook 30.07.11 by jpshortstuff
Log created at 19:21 on 27/01/2014 by Pat
Administrator - Elevation successful
========== regfind ==========
Searching for "Bing"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IEDevTools\Options\UAString]
"BingBot"="Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"TopResultURLFallback"="http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURLFallback"="http://api.bing.com/qsml.aspx?query...e:sectionHeight}&FORM=IE11SS&market={language}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURLFallback"="http://www.bing.com/favicon.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName"="Bing"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\22B\52C64B7E]
"@%SystemRoot%\system32\wevtsvc.dll,-201"="This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system."
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\22B\52C64B7E]
"@comres.dll,-2451"="Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start."
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\22B\52C64B7E]
"@%SystemRoot%\system32\lltdres.dll,-2"="Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly."
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\22B\52C64B7E]
"@ieframe.dll,-12512"="Bing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{8DCB7100-DF86-4384-8842-8FA844297B3F}]
"DllName"="BingExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}]
"DllName"="BingExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@="Bing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\Chinese]
"PhoneMap"="- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 + 0008 * 0009 1 000A 2 000B 3 000C 4 000D 5 000E a 000F ai 0010 an 0011 ang 0012 ao 0013 ba 0014 bai 0015 ban 0016 bang 0017 bao 0018 bei 0019 ben 001A beng 001B bi 001C bian 001D biao 001E bie 001F bin 0020 bing 0021 bo 0022 bu 0023 ca 0024 cai 0025 can 0026 cang 0027 cao 0028 ce 0029 cen 002A ceng 002B cha 002C chai 002D chan 002E chang 002F chao 0030 che 0031 chen 0032 cheng 0033 chi 0034 chong 0035 chou 0036 chu 0037 chuai 0038 chuan 0039 chuang 003A chui 003B chun 003C chuo 003D ci 003E cong 003F cou 0040 cu 0041 cuan 0042 cui 0043 cun 0044 cuo 0045 da 0046 dai 0047 dan 0048 dang 0049 dao 004A de 004B dei 004C den 004D deng 004E di 004F dia 0050 dian 0051 diao 0052 die 0053 ding 0054 diu 0055 dong 0056 dou 0057 du 0058 duan 0059 dui 005A dun 005B duo 005C e 005D ei 005E en 005F er 0060 fa 0061 fan 0062 fang 0063 fei 0064 fen 0065 feng 0066 fo 0067 fou 0068 fu 0069 ga
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\IEDevTools\Options\UAString]
"BingBot"="Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"TopResultURLFallback"="http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR"
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURLFallback"="http://api.bing.com/qsml.aspx?query...e:sectionHeight}&FORM=IE11SS&market={language}"
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconURLFallback"="http://www.bing.com/favicon.ico"
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName"="Bing"
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Classes\Local Settings\MuiCache\22B\52C64B7E]
"@%SystemRoot%\system32\wevtsvc.dll,-201"="This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system."
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Classes\Local Settings\MuiCache\22B\52C64B7E]
"@comres.dll,-2451"="Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start."
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Classes\Local Settings\MuiCache\22B\52C64B7E]
"@%SystemRoot%\system32\lltdres.dll,-2"="Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly."
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Classes\Local Settings\MuiCache\22B\52C64B7E]
"@ieframe.dll,-12512"="Bing"
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000_Classes\Local Settings\MuiCache\22B\52C64B7E]
"@%SystemRoot%\system32\wevtsvc.dll,-201"="This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system."
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000_Classes\Local Settings\MuiCache\22B\52C64B7E]
"@comres.dll,-2451"="Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start."
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000_Classes\Local Settings\MuiCache\22B\52C64B7E]
"@%SystemRoot%\system32\lltdres.dll,-2"="Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly."
[HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000_Classes\Local Settings\MuiCache\22B\52C64B7E]
"@ieframe.dll,-12512"="Bing"
-= EOF =-


----------



## Mark1956 (May 7, 2011)

Give this a try and let me know if it helps. You should find after doing this that when you open Manage Add-ons that the Search providers list is empty. After a short delay the Manage Add-ons box may pop up when you launch IE, if it does, add the Google search provider, then close IE and start it again.

Please download *OTM by OldTimer*. Save it to your desktop.

Double click *OTM.exe* to start the tool.


*Copy* the text in the code box below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Processes
explorer.exe
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]

:Commands
[createrestorepoint]
[emptyflash]
[emptytemp]
[resethosts]
[reboot]
```

 Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red *Moveit!* button.
All your desktop icons will disappear as the scan begins. It should complete within a few minutes.
Once complete you may see a box appear asking you to Restart the system to complete the file removal, accept it and it will reboot.
Even if that box does not appear the system should reboot as the command is included in the script.
When the system has come back to the desktop a Notepad document will open, please copy and paste that into your next post.

-- Note: The logs are saved here: C:\_OTM\MovedFiles


----------



## touk123 (Apr 24, 2009)

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pat
->Temp folder emptied: 321061 bytes
->Temporary Internet Files folder emptied: 169829320 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1562075 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 60445 bytes
RecycleBin emptied: 115268390 bytes

Total Files Cleaned = 274.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.21.0 log created on 01282014_085942


----------



## touk123 (Apr 24, 2009)

BTW....In the manage add-ons box, the search provider shows that it's empty but I can't get Google or Yahoo to install in the box . It's just empty!


----------



## Mark1956 (May 7, 2011)

I presume the reg keys were removed but you didn't copy the complete log from OTM so I can't see the confirmation.

I found when I ran this on my system that after you have gone to the page to add another search provider it does not appear in the Manage Add-ons window until you have shut IE and re-opened it.

Are the error message pop ups still appearing or just the Manage Add-ons window?


----------



## Mark1956 (May 7, 2011)

Please post the OTM log again and make sure you copy all of it, I've just checked the log I have from running the same fix and the last line should show:* Registry entries deleted on Reboot...* That isn't showing in the log you posted, but should be in a line below what you copied, there is also a section missing from above what you posted.

An easier way to copy logs is when the log is displayed you press down the Ctrl and the A key at the same time, that will highlight the complete log, you then just right click in the blue area and select Copy, then right click on the message box and select Paste.


----------



## touk123 (Apr 24, 2009)

Sorry again, Mark! Yes, only the add-ons page pops up without anything on it. I'll redo the otm again.


----------



## touk123 (Apr 24, 2009)

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\ not found.
========== COMMANDS ==========
Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Pat
->Flash cache emptied: 1580 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pat
->Temp folder emptied: 1199 bytes
->Temporary Internet Files folder emptied: 81949113 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13636 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 1884979 bytes

Total Files Cleaned = 80.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.21.0 log created on 01282014_130710


----------



## Mark1956 (May 7, 2011)

Ok, at least we have stopped the original error from appearing.

Did you try what I suggested:



> I found when I ran this on my system that after you have gone to the page to add another search provider it does not appear in the Manage Add-ons window until you have shut IE and re-opened it.


----------



## touk123 (Apr 24, 2009)

Yes, I tried to add Google as well as Yahoo, but I'm still getting a blank box . Msn is my default provider but it doesn't show it in the box.


----------



## Mark1956 (May 7, 2011)

Looking at the OTM report, is that the original log, it shows one of the keys could not be found, although the System Look scan clearly shows it exists.


----------



## touk123 (Apr 24, 2009)

Hmmmm..what do you suggest?


----------



## Mark1956 (May 7, 2011)

I just need to know if that is the original log or did you run it twice?


----------



## Mark1956 (May 7, 2011)

Just had a look back at the two logs you posted and I can see from the temp files that were removed that the logs are different so you obviously ran it twice. The OTM instructions did contain details of where to find the logs.

One of the registry keys has replaced itself, but not the other one, so we now need to put the other key back. All the subkeys will have gone which contained the URL for Bing. Hopefully once this other key is put back you will be able to add a new search provider and the problem will be fixed.

Please download the attachment and save it to your desktop.
Extract the zip file.
Double click on the reg file and allow it to merge with the registry.
Then restart IE, when the Manage Add-ons box opens try again to add Google as a search provider. Let me know how it goes.


----------



## touk123 (Apr 24, 2009)

Well, I did as you asked and it said it had replaced the key but I'm still getting a blank box!


----------



## Mark1956 (May 7, 2011)

I'm not moaning, but you keep missing things I have said in my posts, please try a little harder to make sure you read 'everything' I have posted 

From my last post:


> Then restart IE, when the Manage Add-ons box opens try again to add Google as a search provider. Let me know how it goes.


----------



## touk123 (Apr 24, 2009)

Maybe I didn't explain myself very well, Mark. I'm so sorry. Yes you do have the right to pull your hair and say " Lady, please , read this correctly! " I know there's lots of people that need your help. I'll try to read and understand better!


----------



## touk123 (Apr 24, 2009)

I opened Internet explorer and the Manage add-ons box opened and it opened on the search providers page that was blank. I clicked on the search for other providers link and clicked on Google. I then closed the box and restarted I/E and the manage add-ons box popped up and it was blank. It just will not let me add another search provider!


----------



## Mark1956 (May 7, 2011)

No problem, as I can't see what you are doing it does help if you confirm everything that I have asked you to do so I know for sure you haven't missed anything. The more detail you give the clearer picture I get of what is going on 

Now that reg key has been put back I'm a bit baffled as to why this isn't working. When you tried to add the Google search provider did a box appear asking you to confirm that you wanted to add Google? If not try it again.

Try adding this reg key in the attachment, just in case it is missing, just do what you did with the previous one.

This is one of those occasions when I could really do with having the PC in front of me, fancy a trip to Spain


----------



## touk123 (Apr 24, 2009)

I got an error message saying the file was invalid. I re-downloaded it and got the same message. I then went back to the original attachment and downloaded it and then opened it and in the box it said that the key was installed successfully. I then opened the manage add-ons box, I clicked on the search for more providers link and tried to install google . I clicked on the " add to Internet Explorer page" but it still won't install in the add-ons box. The box is still blank.


----------



## touk123 (Apr 24, 2009)

There is a strip on the left side of the page now that says " Research" at the top! I wish I could just get rid of MSN, I think that's where all these problems are coming from!


----------



## Mark1956 (May 7, 2011)

I doubt changing the home page will make any difference.

I have one more registry key you can try adding, if you get an error message when trying to add a new key it most probably means it is already there.

Download the attachment and try to add it to the registry just as before.


----------



## touk123 (Apr 24, 2009)

I downloaded the attachment but when I tried to open it I got a message saying windows cannot open the folder. The compressed file is invalid.


I tried 3 times by downloading and trying to open it to no avail!


----------



## Mark1956 (May 7, 2011)

Very strange, my first thought was that I had done something wrong, but it downloaded back to my PC, the file extracted and produced the .reg file, just like the others.

It's late here now so I'm turning in. I'll have another look at this tomorrow, but must admit I don't have much more to suggest to fix this problem, nothing seems to be having the desired effect and now you don't seem to be able to open a zip file without an error so something is going wrong somewhere.

One thing you could try is to create a new user account and see if IE runs ok in that, it could just be that your user profile has some corruption in it. If that is the case there is a fairly straightforward way of fixing it. Speak to you again tomorrow.


----------



## Mark1956 (May 7, 2011)

Having slept on it, unless you have made any progress since yesterday, creating a new user account may be the way to go. Click on Start, Control Panel, User Accounts and create a new account. Reboot the system and log in to the new account and see how IE is when you open it, look in the Manage Add-ons folder and see if anything is different from your normal account. Report back with what you find.


----------



## touk123 (Apr 24, 2009)

I did as you suggested and opened another account and rebooted. When I opened IE and tried the manage add-ons page it was the same old story...A blank page. I again tried to add Google as my default search provider but the box still remained blank! It looks as if MSN will always be my homepage and search provider! I know you're very tired of this puzzle so feel free to stop anytime. I'll understand and I'll click close when you suggest it! Thank you for your kind patience!


----------



## touk123 (Apr 24, 2009)

It looks as if you're keeping late hours in Spain! I have a friend that's from Spain and she tells me how beautiful it is.


----------



## Mark1956 (May 7, 2011)

Yup it is a great place, cold in the winter though as we live up high in the mountains, but your guaranteed a long hot and dry summer.

I'm quite happy to carry on with this, but only if you wish to continue. We need to change tack and start looking into the registry so I can see what you have in there, how would you feel about that.

One thing I will need is for you to get to grips with sending screenshots rather than trying to list all the registry keys we need to look at.

Try this: Click on Start, click on All Programs and scroll down the list and click on a folder called Accessories. In the list that opens you will find Snipping Tool (I have attached a screenshot of what to look for). Right click on Snipping Tool and select Pin to Taskbar, its icon should then appear in the task bar.

Click on the Snipping Tool in the Task Bar, the screen will go shaded, position the cursor on the corner of what you want to save, hold the left mouse button down and drag it out to frame the image you want and let go of the button. A window will open, click on File, then Save As, another window will open, click on Desktop in the left pane and enter a name and save it. You will then be able to attach the screenshot, have a play with it and see how you get on.


----------



## Mark1956 (May 7, 2011)

Once you have got the hang of it try attaching a screenshot of anything you like, as follows:

*How to post a screenshot.*


Below the *Message Box* click on *Go Advanced*. 
Then scroll down until you see a button, *Manage Attachments*. Click on that and a new window opens.
Click on the *Browse* button, find the screenshot you made earlier and doubleclick on it.
Now click on the *Upload* button. When done, click on the *Close this window* button at the top of the window.
Enter your message-text in the message box, then click on *Submit Message/Reply.*


----------



## touk123 (Apr 24, 2009)

I'll see if you get this attachment. If not I'll try again!


----------



## Mark1956 (May 7, 2011)

You can always see if your attachment has attached by looking at your post after you have submitted it. As long as you can see it then so will I.

Just going back a bit, please clear any downloaded reg files from your desktop to avoid confusion. Then download the zip file from post 94. Right click on it and select Open, send a screenshot of what you are seeing. 

Had a long day today and now going off line, be back to see your reply in the morning.


----------



## touk123 (Apr 24, 2009)

I hope this is what you're looking for.


----------



## touk123 (Apr 24, 2009)

I hope I've got it right this time!


----------



## Mark1956 (May 7, 2011)

That is good, the key has been added, this implies it was missing. Try again to add a search provider, when you have clicked on the button to add the search provider a box should appear asking for confirmation that you want to add it, send a screenshot of it.


----------



## touk123 (Apr 24, 2009)

Is this the one you want?


----------



## Mark1956 (May 7, 2011)

Correct, now click on the Add button, close IE and re-open it and see if Google now appears in the Search providers section of Manage Add-ons.


----------



## touk123 (Apr 24, 2009)

Sorry, it's still blank.


----------



## Mark1956 (May 7, 2011)

Ok, time to go into the registry. First you should create a System Restore point just in case you make a mistake. Follow the instruction in Option 2 in this link: Create a System Restore Point in Windows 7

Then we need to open the registry editor. You can navigate through it in just the same way as Windows Explorer. Click on Start, type *regedit* in the the search box and then right click on *regedit* at the top of the pop up window and select Pin to Taskbar, it will appear in the Taskbar for quick access. Click on the icon in the Taskbar and accept any prompt that may appear.

Navigate to these two keys in turn (see below) and post a screenshot from each one, you should open the registry editor to full screen and drag the column boundaries in so the Data section is visible, take the screenshot of the entire window. If any line under the Data column is not fully visible don't worry about it, just get as much in the screen as you can.

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

At the top in the left pane you will see the five registry hives, click on the small triangle (I'll refer to that as a tab from now on) next to the hive name HKEY_LOCAL_MACHINE, scroll down the list and click on the tab next to Software, then Microsoft, then Internet Explorer and look for Searchscopes. If there is a tab next to Searchscopes click on it, then click on whatever shows below it which will be a line of numbers in brackets. Take the screenshot and post it. If there is no tab next to Searchscopes just click on the word and take a screenshot of that and post it.

You then need to do the same thing with the other key above.

Sounds complicated, but after a couple of goes you should get the hang of it.


----------



## touk123 (Apr 24, 2009)

I think this is the first key you wanted.


----------



## touk123 (Apr 24, 2009)

Here's the second one.


----------



## Mark1956 (May 7, 2011)

You are on the right track, but I need to see a screenshot of the entire window as asked for in my last post. This will allow me to make quite sure you are in the correct location of the registry and be able to see the left pane as well, it isn't a good place to make mistakes .



> Navigate to these two keys in turn (see below) and post a screenshot from each one, you should open the registry editor to full screen and drag the column boundaries in so the Data section is visible,* take the screenshot of the entire window.* If any line under the Data column is not fully visible don't worry about it, just get as much in the screen as you can.


----------



## touk123 (Apr 24, 2009)

I don't know why my poor brain isn't reading the posts the way it's written! Sorry, again.


----------



## touk123 (Apr 24, 2009)

I got about half of the window. Do you want the other half?


----------



## touk123 (Apr 24, 2009)

More of the first screenshot.


----------



## touk123 (Apr 24, 2009)

More of the 1st.key.


----------



## touk123 (Apr 24, 2009)

This is HKEY_CURRENT_USER


----------



## touk123 (Apr 24, 2009)

2nd. part of HKEY_CURRANT_USER


----------



## touk123 (Apr 24, 2009)

I hope this is what you wanted. If not I'll try again!


----------



## Mark1956 (May 7, 2011)

Nearly there, I need you to capture the entire window so I can see all of it including the part at the bottom that shows the full reg key. I've attached an example. Once you have found the key don't move the scroll bar in the left pane so I can still see the key that was last clicked on.


----------



## touk123 (Apr 24, 2009)

I'm trying to understand how to do this. Thank you for being so patient with me. Here is HIKEY_LOCAL_MACHINE.


----------



## touk123 (Apr 24, 2009)

This is HIKEY_CURRENT_USER


----------



## touk123 (Apr 24, 2009)

How am I doing?


----------



## Mark1956 (May 7, 2011)

Perfect 

I can see a key missing in one of your screenshots, I have attached the file for you, just treat it the same way you did the others and then try again to add another search provider in IE.


----------



## touk123 (Apr 24, 2009)

The key was added successfully but I'm still getting a blank screen on the search providers.


----------



## Mark1956 (May 7, 2011)

Did you try to add a new search provider?


----------



## touk123 (Apr 24, 2009)

Yes, I've tried Google as well as Yahoo.


----------



## Mark1956 (May 7, 2011)

Ok, we shall battle on.

I need another screenshot showing the contents of this registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

Once you have clicked on User Shell Folders in the left pane all its contents will show. Make sure all the information in the right window is visible before you capture the screen with the snipping tool.


----------



## touk123 (Apr 24, 2009)

Is this what you wanted me to do?


----------



## Mark1956 (May 7, 2011)

Yes and that key looks fine. We are now going to replace a couple of keys with new copies.

Open Regedit and navigate to these keys one at a time. When you reach the SearchScopes key in the left pane, right click on it and select Export, save it to the Desktop with the name HKLM SearchScope. Then repeat the operation for the second key and save that as HKCU SearchScope. This will save a copy of both keys just in case we need to put them back.

Next, go to each key again, then right click on SearchScope, this time select Delete. Repeat the same procedure for the other key.

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

These are the same keys you took a screenshot of earlier in post 122 and 123.

Now we need to replace the keys. First I would suggest you create a new folder on the Desktop to put your saved keys into, then they won't get confused with the new keys in the attachment. Right click in open space on the Desktop and select New, then Folder, give it the name Saved reg keys. When the folder is on the desktop drag and drop the two keys you saved into it. 

Next download the attachment to the desktop and unzip it. Double click on each of the reg files and allow them to merge with the registry.

Reboot the system, open IE and see if the Search providers list is now showing anything. Try to add another search provider and see if you can change the one set as Default.


----------



## touk123 (Apr 24, 2009)

Yeh! The box is gone ...BUT...I have deleted Bing from the box and added Google and Yahoo with Google as the default provider and I'm still getting MSN as my homepage. I even went to the Google site and clicked on the box that said "Make Google my Homepage". I included a screenshot for you to examine.


----------



## Mark1956 (May 7, 2011)

That is great news The home page is a different issue which should be a lot easier to change.

If you want to make Google your home page open IE and go here: https://www.google.co.uk/webhp?sourceid=navclient&ie=UTF-8

Then click on Tools, Internet Options, under the general tab click on Use Current. Accept any prompts or warnings you see about changing your home page and that should fix it. Close and re-open IE and it should show the Google page.


----------



## touk123 (Apr 24, 2009)

Mark1956, you're GREAT! You have patiently walked me through this ordeal and you never gave up on me. This 67 year old Grandmother is HAPPY, HAPPY, HAPPY!!!! Thank you. I will mark this one solved. God Bless!


----------



## Mark1956 (May 7, 2011)

You're most welcome, it has been a pleasure helping you.


----------

