1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

[Solved] How does this look?

Discussion in 'Malware Removal Help' started by Tony D, Feb 11, 2015.

  1. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    I'm finishing up on a Vista Home Premium machine and it still hangs once in a while. It may be due to having only 2.5 GB RAM. FRST and Hitman noted some items of interest. Posting here aksing for the expert help. Also curious about all those Alternate Stream entries.

    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 2/10/2015
    Scan Time: 1:04:40 PM
    Logfile: MBAM.txt
    Administrator: Yes
    Version: 2.00.4.1028
    Malware Database: v2015.02.10.10
    Rootkit Database: v2015.02.03.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: cheryl
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 295746
    Time Elapsed: 22 min, 46 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 0
    (No malicious items detected)
    Physical Sectors: 0
    (No malicious items detected)

    (end)


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-02-2015
    Ran by cheryl (administrator) on CHERYL-PC on 11-02-2015 09:33:31
    Running from C:\Users\cheryl\Desktop
    Loaded Profiles: cheryl (Available profiles: cheryl)
    Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-4039849622-1508179741-2467914619-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-4039849622-1508179741-2467914619-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-4039849622-1508179741-2467914619-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-4039849622-1508179741-2467914619-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    URLSearchHook: HKLM - (No Name) - {23256f20-0d9b-4323-b005-6e5de569c4b7} - No File
    SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
    BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
    BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
    Toolbar: HKLM - &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
    Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
    Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    Toolbar: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000 -> &Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Curious%20Case%20of%20Counterfeit%20Cove/Images/stg_drm.ocx
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Masters%20of%20Mystery%20-%20Crime%20of%20Fashion/Images/armhelper.ocx
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin HKU\S-1-5-21-4039849622-1508179741-2467914619-1000: @tools.google.com/Google Update;version=3 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-4039849622-1508179741-2467914619-1000: @tools.google.com/Google Update;version=9 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    FF Extension: Real Networks Settings - C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com [2008-06-15]
    FF Extension: Talkback - C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org [2008-06-15]
    FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-06-15]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-13]
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-02]
    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Users\cheryl\AppData\Local\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\cheryl\AppData\Local\Google\Chrome\Application\39.0.2171.65\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\cheryl\AppData\Local\Google\Chrome\Application\39.0.2171.65\pdf.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
    CHR Plugin: (Google Update) - C:\Users\cheryl\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Profile: C:\Users\cheryl\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (RealDownloader) - C:\Users\cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-05]
    CHR Extension: (Google Wallet) - C:\Users\cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    ========================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
    S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-11] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 catchme; \??\C:\Users\cheryl\AppData\Local\Temp\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-02-11 09:33 - 2015-02-11 09:33 - 00012211 _____ () C:\Users\cheryl\Desktop\FRST.txt
    2015-02-11 09:33 - 2015-02-11 09:33 - 00000000 ____D () C:\FRST
    2015-02-11 09:19 - 2015-02-11 08:51 - 01124352 _____ (Farbar) C:\Users\cheryl\Desktop\FRST.exe
    2015-02-11 09:08 - 2015-02-11 09:08 - 00000000 ____D () C:\Users\cheryl\AppData\Roaming\Help
    2015-02-11 09:08 - 2015-02-11 09:08 - 00000000 ____D () C:\Users\cheryl\AppData\Local\Help
    2015-02-11 09:05 - 2007-02-18 16:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\winhlp32.exe
    2015-02-11 09:05 - 2007-02-18 16:11 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\ftsrch.dll
    2015-02-11 09:05 - 2007-02-18 16:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\ftlx041e.dll
    2015-02-11 09:05 - 2007-02-18 16:11 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\ftlx0411.dll
    2015-02-11 09:02 - 2015-02-11 09:02 - 00614819 _____ () C:\Users\cheryl\Downloads\Windows6.0-KB917607-x86.msu
    2015-02-11 08:34 - 2015-01-22 22:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-11 08:34 - 2015-01-22 21:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-02-10 16:24 - 2015-01-12 20:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-10 16:24 - 2015-01-08 19:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-10 16:24 - 2014-11-25 21:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-10 16:23 - 2015-01-14 23:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-10 16:21 - 2014-12-07 20:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-10 16:19 - 2015-01-13 20:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-10 16:19 - 2015-01-13 20:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-02-10 16:19 - 2015-01-13 20:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-10 16:19 - 2015-01-13 20:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-10 16:19 - 2015-01-13 20:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-10 16:19 - 2015-01-13 20:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-10 16:19 - 2015-01-13 20:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-10 16:19 - 2015-01-13 20:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-10 16:19 - 2015-01-13 20:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-10 16:19 - 2015-01-13 20:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-02-10 16:19 - 2015-01-13 20:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-10 16:19 - 2015-01-13 20:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-10 16:19 - 2015-01-13 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-10 16:19 - 2015-01-13 20:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-10 16:19 - 2015-01-13 20:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-10 16:19 - 2015-01-13 20:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-10 16:19 - 2015-01-13 20:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-10 16:19 - 2015-01-13 20:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-02-10 16:19 - 2015-01-13 20:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-02-10 16:19 - 2015-01-13 20:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-02-10 15:43 - 2015-02-10 15:53 - 00000000 ____D () C:\Windows\erdnt
    2015-02-10 13:48 - 2015-02-10 13:48 - 00000000 ____D () C:\Program Files\WOT
    2015-02-09 19:45 - 2015-02-11 09:17 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-09 19:42 - 2015-02-09 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-02-09 19:42 - 2015-02-09 19:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-02-09 19:42 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-02-09 19:42 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-02-09 18:05 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-02-09 17:23 - 2015-02-09 17:29 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-02-09 17:23 - 2015-02-09 17:23 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-02-09 16:44 - 2015-02-09 16:49 - 00000000 ____D () C:\AdwCleaner
    2015-02-09 13:47 - 2015-02-10 18:50 - 00000000 ____D () C:\GVTS
    2015-01-14 10:44 - 2014-12-18 19:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 10:32 - 2014-12-05 22:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 10:32 - 2014-12-05 22:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-01-14 10:32 - 2014-12-05 22:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-01-14 10:31 - 2014-12-05 22:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-02-11 09:33 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
    2015-02-11 09:31 - 2006-11-02 07:52 - 01573210 _____ () C:\Windows\WindowsUpdate.log
    2015-02-11 09:23 - 2007-11-07 20:09 - 00000000 ____D () C:\Users\cheryl
    2015-02-11 09:22 - 2006-11-02 05:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-11 09:21 - 2011-10-16 19:20 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4039849622-1508179741-2467914619-1000UA.job
    2015-02-11 09:17 - 2006-11-02 07:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-11 09:17 - 2006-11-02 07:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-11 09:16 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-11 09:14 - 2006-11-02 08:01 - 00032570 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-02-10 18:00 - 2006-11-02 07:47 - 00229608 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-10 16:31 - 2013-08-18 16:23 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-10 16:25 - 2006-11-02 05:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2015-02-10 16:23 - 2014-05-04 02:03 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-02-10 16:23 - 2014-05-02 22:04 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-02-10 16:23 - 2014-05-02 22:03 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-02-10 16:02 - 2014-05-03 07:07 - 00087892 _____ () C:\Windows\PFRO.log
    2015-02-10 16:01 - 2011-12-03 12:59 - 00000000 ____D () C:\ProgramData\Norton
    2015-02-10 15:54 - 2006-11-02 06:18 - 00000000 __RHD () C:\Users\Default
    2015-02-10 15:54 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
    2015-02-10 15:52 - 2006-11-02 05:23 - 00000215 _____ () C:\Windows\system.ini
    2015-02-10 13:07 - 2014-07-06 21:46 - 00000829 _____ () C:\Windows\setupact.log
    2015-02-09 19:42 - 2013-09-09 23:50 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2015-02-09 19:42 - 2011-12-01 12:17 - 00000000 ____D () C:\Users\cheryl\AppData\Roaming\Malwarebytes
    2015-02-09 19:42 - 2011-12-01 12:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-02-09 18:28 - 2006-11-02 06:18 - 00000000 ___RD () C:\Windows\Offline Web Pages
    2015-02-09 17:20 - 2009-06-10 19:14 - 00000000 ____D () C:\ProgramData\Adobe
    2015-02-09 17:19 - 2009-06-10 19:15 - 00000000 ____D () C:\Users\cheryl\AppData\Local\Adobe
    2015-02-09 17:08 - 2012-12-17 14:50 - 00000000 ____D () C:\Users\cheryl\AppData\Local\CrashDumps
    2015-02-08 23:23 - 2011-10-16 19:20 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4039849622-1508179741-2467914619-1000Core.job
    ==================== Files in the root of some directories =======
    2014-11-23 20:33 - 2014-11-23 20:33 - 0026340 _____ () C:\Users\cheryl\AppData\Roaming\UserTile.png
    2007-11-21 15:39 - 2007-11-21 15:41 - 0000680 _____ () C:\Users\cheryl\AppData\Local\d3d9caps.dat
    2008-06-04 15:20 - 2011-08-06 15:06 - 0004608 _____ () C:\Users\cheryl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2009-07-16 23:28 - 2009-07-17 00:16 - 0012790 _____ () C:\Users\cheryl\AppData\Local\slot1.mm1
    2014-02-09 15:43 - 2014-02-09 18:16 - 0002763 _____ () C:\ProgramData\connector.swf
    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-02-11 09:22
    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-02-2015
    Ran by cheryl at 2015-02-11 09:34:17
    Running from C:\Users\cheryl\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
    AOL Toolbar (HKU\S-1-5-21-4039849622-1508179741-2467914619-1000\...\AOL Toolbar) (Version: - )
    Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.2 - Auslogics Software Pty Ltd)
    Brother HL-2140 (HKLM\...\{6E707E43-7206-4831-ABF8-EC785312A514}) (Version: 1.00 - Brother)
    CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
    Google Chrome (HKU\S-1-5-21-4039849622-1508179741-2467914619-1000\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
    Hoyle Card Games 2007 (HKLM\...\{D361C406-ED11-4A88-AD42-4A749BBAE6F9}) (Version: 1.02.0000 - Encore)
    Hoyle Casino 2007 (HKLM\...\{AEF8A6C5-2355-4295-ABAD-DD86BCF0FB95}) (Version: 1.00.0000 - Encore)
    Hoyle Puzzle Games 2007 (HKLM\...\{059689BF-89A3-4FE5-B459-6EAB2903124F}) (Version: 1.0.0.0 - Encore, Inc.)
    Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
    Learn to Play Bridge (HKLM\...\Learn_to_Play_Bridge) (Version: - )
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    OpenAL (HKLM\...\OpenAL) (Version: - )
    RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Recipe Hub Internet Explorer Toolbar (HKLM\...\RecipeHub_2jbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
    Scrabble3D (HKLM\...\{E11BBF69-C686-45B3-9267-CE44603B47AE}) (Version: 3.1.0.29 - Heiko Tietze)
    WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
    Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\cheryl\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\cheryl\AppData\Local\Google\Chrome\Application\40.0.2214.111\delegate_execute.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
    ==================== Restore Points =========================
    10-02-2015 13:28:14 Installed WOT for Internet Explorer
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2006-11-02 05:23 - 2015-02-10 15:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {0D73A534-9A5F-4E19-9789-C13EE4989295} - \LaunchApp No Task File <==== ATTENTION
    Task: {1B73E71F-6986-4AE6-843B-9B808419CF79} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4039849622-1508179741-2467914619-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {22743D65-8643-4AC3-B24A-248A7B9A2213} - \PC Optimizer Pro Idle No Task File <==== ATTENTION
    Task: {2E6ED05F-E119-4EA6-AF49-4C66157D4AC7} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\SymErr.exe
    Task: {2EB21625-D763-4481-80F2-AF0BFC2AFF88} - System32\Tasks\{8CE164D2-7F85-4971-92FA-41255D67D9E1} => pcalua.exe -a "C:\Users\cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGV074LG\1912TitanicMysterySetup.exe" -d C:\Users\cheryl\Desktop
    Task: {3BB3A4C7-F3E6-46C6-9249-227BDFF91350} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4039849622-1508179741-2467914619-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {4436B743-B1FF-4DE7-9D25-1DF923E47CEF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
    Task: {6454CBD1-E9DB-4F8F-A337-A6E0C6D28BEA} - System32\Tasks\{73485632-D110-4441-A958-B162DD7F3E16} => pcalua.exe -a "C:\Users\cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9QYNJDQY\MysteryPINewYorkSetup[1].exe" -d C:\Users\cheryl\Desktop
    Task: {7FA6488E-5D49-41B0-BF1E-CAEB85EF909D} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\WSCStub.exe
    Task: {8442C2D0-A5F5-4388-A1D8-5FBB9CF5EDCF} - System32\Tasks\{CFA1D023-CE7E-4639-9BA7-6B699D5E3571} => pcalua.exe -a C:\Users\cheryl\Desktop\ltpb1setup.exe -d C:\Users\cheryl\Desktop
    Task: {E8512FFF-F6B2-4167-B763-7BBE0E7D9F4C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4039849622-1508179741-2467914619-1000Core => C:\Users\cheryl\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {EA475B3C-85A7-4F56-B20B-D2613C86DE99} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\SymErr.exe
    Task: {FFFAA18B-6C52-425D-B263-36BFAC5CCD0B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4039849622-1508179741-2467914619-1000UA => C:\Users\cheryl\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4039849622-1508179741-2467914619-1000Core.job => C:\Users\cheryl\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4039849622-1508179741-2467914619-1000UA.job => C:\Users\cheryl\AppData\Local\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (whitelisted) ==============
    2006-11-02 05:25 - 2008-06-03 06:35 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    AlternateDataStreams: C:\ProgramData\TEMP:00479775
    AlternateDataStreams: C:\ProgramData\TEMP:0441DB7A
    AlternateDataStreams: C:\ProgramData\TEMP:05D71A7E
    AlternateDataStreams: C:\ProgramData\TEMP:0F2BA284
    AlternateDataStreams: C:\ProgramData\TEMP:178D4338
    AlternateDataStreams: C:\ProgramData\TEMP:179D1352
    AlternateDataStreams: C:\ProgramData\TEMP:188C91D2
    AlternateDataStreams: C:\ProgramData\TEMP:1DCEDB1E
    AlternateDataStreams: C:\ProgramData\TEMP:1E5E0A4D
    AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B
    AlternateDataStreams: C:\ProgramData\TEMP:2032CC2B
    AlternateDataStreams: C:\ProgramData\TEMP:2A0793CA
    AlternateDataStreams: C:\ProgramData\TEMP:2D7D575C
    AlternateDataStreams: C:\ProgramData\TEMP:2FCCEABB
    AlternateDataStreams: C:\ProgramData\TEMP:37A3BA29
    AlternateDataStreams: C:\ProgramData\TEMP:3A6F413D
    AlternateDataStreams: C:\ProgramData\TEMP:3B5038B1
    AlternateDataStreams: C:\ProgramData\TEMP:3C77A608
    AlternateDataStreams: C:\ProgramData\TEMP:3E69E337
    AlternateDataStreams: C:\ProgramData\TEMP:491EFB75
    AlternateDataStreams: C:\ProgramData\TEMP:4AC9B4B7
    AlternateDataStreams: C:\ProgramData\TEMP:4C255337
    AlternateDataStreams: C:\ProgramData\TEMP:52A6151E
    AlternateDataStreams: C:\ProgramData\TEMP:5A99DEB7
    AlternateDataStreams: C:\ProgramData\TEMP:5A9F1AE5
    AlternateDataStreams: C:\ProgramData\TEMP:5B6F7F60
    AlternateDataStreams: C:\ProgramData\TEMP:60505779
    AlternateDataStreams: C:\ProgramData\TEMP:621BEE66
    AlternateDataStreams: C:\ProgramData\TEMP:62E437EB
    AlternateDataStreams: C:\ProgramData\TEMP:63C7DF25
    AlternateDataStreams: C:\ProgramData\TEMP:68AFE32C
    AlternateDataStreams: C:\ProgramData\TEMP:6B709AD7
    AlternateDataStreams: C:\ProgramData\TEMP:7592CE27
    AlternateDataStreams: C:\ProgramData\TEMP:77A023CE
    AlternateDataStreams: C:\ProgramData\TEMP:7B626525
    AlternateDataStreams: C:\ProgramData\TEMP:7C60A173
    AlternateDataStreams: C:\ProgramData\TEMP:7E6454EB
    AlternateDataStreams: C:\ProgramData\TEMP:7F24D3D8
    AlternateDataStreams: C:\ProgramData\TEMP:810DD53F
    AlternateDataStreams: C:\ProgramData\TEMP:81AFC66E
    AlternateDataStreams: C:\ProgramData\TEMP:864881BF
    AlternateDataStreams: C:\ProgramData\TEMP:8B4B9596
    AlternateDataStreams: C:\ProgramData\TEMP:8BB2EC84
    AlternateDataStreams: C:\ProgramData\TEMP:8BD8CD95
    AlternateDataStreams: C:\ProgramData\TEMP:8F09BC2E
    AlternateDataStreams: C:\ProgramData\TEMP:94B46CA2
    AlternateDataStreams: C:\ProgramData\TEMP:9530B6DE
    AlternateDataStreams: C:\ProgramData\TEMP:9E9BA8D0
    AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
    AlternateDataStreams: C:\ProgramData\TEMP:A37A44E3
    AlternateDataStreams: C:\ProgramData\TEMP:A51C9924
    AlternateDataStreams: C:\ProgramData\TEMP:A53FFC56
    AlternateDataStreams: C:\ProgramData\TEMP:A6D6E537
    AlternateDataStreams: C:\ProgramData\TEMP:AA243C48
    AlternateDataStreams: C:\ProgramData\TEMP:AA354EC0
    AlternateDataStreams: C:\ProgramData\TEMP:B1873334
    AlternateDataStreams: C:\ProgramData\TEMP:B47F9D81
    AlternateDataStreams: C:\ProgramData\TEMP:B6C77675
    AlternateDataStreams: C:\ProgramData\TEMP:BEC3E79A
    AlternateDataStreams: C:\ProgramData\TEMP:C0A1A8AA
    AlternateDataStreams: C:\ProgramData\TEMP:C22C13A5
    AlternateDataStreams: C:\ProgramData\TEMP:C76CFF82
    AlternateDataStreams: C:\ProgramData\TEMP:CAB5D296
    AlternateDataStreams: C:\ProgramData\TEMP:D51A5707
    AlternateDataStreams: C:\ProgramData\TEMP:D8C96088
    AlternateDataStreams: C:\ProgramData\TEMP:DC732357
    AlternateDataStreams: C:\ProgramData\TEMP:F216755A
    AlternateDataStreams: C:\ProgramData\TEMP:FE9F7F81
    AlternateDataStreams: C:\ProgramData\TEMP:FFC893E1
    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (whitelisted) ===============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== Other Registry Areas =====================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-4039849622-1508179741-2467914619-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\cheryl\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (Currently there is no automatic fix for this section.)
    MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
    MSCONFIG\startupfolder: C:^Users^cheryl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
    MSCONFIG\startupreg: BrStsWnd => C:\Program Files\Brownie\BrstsWnd.exe Autorun
    MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
    MSCONFIG\startupreg: Google Update => "C:\Users\cheryl\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
    MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
    ==================== Accounts: =============================
    Administrator (S-1-5-21-4039849622-1508179741-2467914619-500 - Administrator - Disabled)
    cheryl (S-1-5-21-4039849622-1508179741-2467914619-1000 - Administrator - Enabled) => C:\Users\cheryl
    Guest (S-1-5-21-4039849622-1508179741-2467914619-501 - Limited - Disabled)
    ==================== Faulty Device Manager Devices =============
    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (02/10/2015 07:18:41 PM) (Source: EventSystem) (EventID: 4621) (User: )
    Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
    Error: (02/10/2015 06:49:10 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (02/10/2015 06:49:10 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (02/10/2015 06:11:21 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (02/10/2015 04:04:58 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (02/10/2015 02:02:24 PM) (Source: EventSystem) (EventID: 4621) (User: )
    Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
    Error: (02/09/2015 08:39:05 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (02/09/2015 08:17:04 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
    Error: (02/09/2015 08:17:02 PM) (Source: Perflib) (EventID: 1010) (User: )
    Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
    Error: (02/09/2015 08:09:44 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    System errors:
    =============
    Error: (02/11/2015 09:34:32 AM) (Source: volsnap) (EventID: 20) (User: )
    Description: The shadow copies of volume C: were aborted because of a failed free space computation.
    Error: (02/10/2015 04:01:45 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
    Error: (02/10/2015 03:59:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Norton AntiVirus11200001Restart the service
    Error: (02/10/2015 03:52:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: PEVSystemStart
    Error: (02/10/2015 03:49:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: PEVSystemStart
    Error: (02/10/2015 03:46:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: PEVSystemStart
    Error: (02/10/2015 03:23:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: BHDrvx86
    ccSet_NAV
    SymIRON
    Error: (02/10/2015 02:35:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: BHDrvx86
    ccSet_NAV
    SymIRON
    Error: (02/10/2015 02:31:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: BHDrvx86
    ccSet_NAV
    SymIRON
    Error: (02/10/2015 02:17:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: BHDrvx86
    ccSet_NAV
    SymIRON

    Microsoft Office Sessions:
    =========================
    Error: (02/10/2015 07:18:41 PM) (Source: EventSystem) (EventID: 4621) (User: )
    Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
    Error: (02/10/2015 06:49:10 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
    Error: (02/10/2015 06:49:10 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
    Error: (02/10/2015 06:11:21 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"F:\_on site fixes\Hitman\HitmanPro_x64.exe
    Error: (02/10/2015 04:04:58 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
    Error: (02/10/2015 02:02:24 PM) (Source: EventSystem) (EventID: 4621) (User: )
    Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
    Error: (02/09/2015 08:39:05 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
    Error: (02/09/2015 08:17:04 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
    Error: (02/09/2015 08:17:02 PM) (Source: Perflib) (EventID: 1010) (User: )
    Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
    Error: (02/09/2015 08:09:44 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

    CodeIntegrity Errors:
    ===================================
    Date: 2015-02-11 09:34:11.684
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-11 09:34:10.840
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-11 09:34:09.996
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-11 09:34:09.153
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-11 09:17:24.098
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-11 09:17:22.629
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-11 09:17:21.754
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-11 09:17:20.707
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-11 08:35:23.056
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
    Date: 2015-02-11 08:35:22.056
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================
    Processor: Mobile AMD Sempron(tm) Processor 3600+
    Percentage of memory in use: 38%
    Total physical RAM: 2429.32 MB
    Available physical RAM: 1493.25 MB
    Total Pagefile: 6023.15 MB
    Available Pagefile: 4965.56 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1928.79 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:101.71 GB) (Free:72.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.02 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 111.8 GB) (Disk ID: 20000000)
    Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=101.7 GB) - (Type=07 NTFS)
    ==================== End Of Log ============================

    # AdwCleaner v4.110 - Logfile created 11/02/2015 at 09:45:21
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-09.1 [Server]
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
    # Username : cheryl - CHERYL-PC
    # Running from : C:\Users\cheryl\Desktop\AdwCleaner.exe
    # Option : Cleaning
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    ***** [ Scheduled tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    ***** [ Web browsers ] *****
    -\\ Internet Explorer v9.0.8112.16609

    -\\ Mozilla Firefox v

    -\\ Google Chrome v

    *************************
    AdwCleaner[R0].txt - [16826 bytes] - [09/02/2015 16:44:37]
    AdwCleaner[R1].txt - [949 bytes] - [11/02/2015 09:42:15]
    AdwCleaner[S0].txt - [16865 bytes] - [09/02/2015 16:48:55]
    AdwCleaner[S1].txt - [817 bytes] - [11/02/2015 09:45:21]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [875 bytes] ##########

    Code:
    HitmanPro 3.7.9.236
    [URL='http://www.hitmanpro.com/']www.hitmanpro.com[/URL]
      Computer name . . . . : CHERYL-PC
      Windows . . . . . . . : 6.0.2.6002.X86/1
      User name . . . . . . : cheryl-PC\cheryl
      UAC . . . . . . . . . : Enabled
      License . . . . . . . : Trial (Expired)
      Scan date . . . . . . : 2015-02-10 18:17:07
      Scan mode . . . . . . : Normal
      Scan duration . . . . : 7m 30s
      Disk access mode  . . : Direct disk access (SRB)
      Cloud . . . . . . . . : Internet
      Reboot  . . . . . . . : No
      Threats . . . . . . . : 1
      Traces  . . . . . . . : 43
      Objects scanned . . . : 1,421,508
      Files scanned . . . . : 13,241
      Remnants scanned  . . : 255,519 files / 1,152,748 keys
    Malware _____________________________________________________________________
      C:\Users\cheryl\AppData\LocalLow\TranslatorBar_5.2\tbTra1.dll
      Size . . . . . . . : 1,984,808 bytes
      Age  . . . . . . . : 1100.8 days (2012-02-05 23:05:53)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 414587F3EBF05938684197142015E0388D220117B2232ACCD626D362C64BE4C5
      Product  . . . . . : Conduit Toolbar Automatic Update
      Publisher  . . . . : Conduit Ltd.
      Description  . . . : Conduit Toolbar
      Version  . . . . . : 6.8.5.1
      Copyright  . . . . : Copyright � Conduit Ltd. 2008.
      RSA Key Size . . . : 1024
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      > Kaspersky  . . . . : not-a-virus:WebToolbar.Win32.Agent.awb
      Fuzzy  . . . . . . : 101.0
    
    Potential Unwanted Programs _________________________________________________
      C:\Users\cheryl\Documents\APNSetup.exe (AskBar)
      Size . . . . . . . : 509,872 bytes
      Age  . . . . . . . : 283.4 days (2014-05-03 08:10:24)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 01D0C3E9722ED6979335F50C8791B46529CAA1AD62A2774A7261AF3618E7291A
      Product  . . . . . : Stub Installer
      Publisher  . . . . : Ask Partner Network
      Description  . . . : Stub Installer
      Version  . . . . . : 7.5.0.5
      Copyright  . . . . : Copyright © 2013 Ask Partner Network.  All rights reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -7.0
      HKLM\SOFTWARE\Classes\Interface\{34AD1EA7-8B9E-4D8B-B3ED-365D12C8EE73}\ (MindSpark)
      HKLM\SOFTWARE\Classes\Interface\{35BBB95B-2CE4-4A9E-BDED-50EFD632AC00}\ (MindSpark)
      HKLM\SOFTWARE\Classes\Interface\{3BA6794F-1E38-4460-949A-0DE97D8EF5C2}\ (MindSpark)
      HKLM\SOFTWARE\Classes\Interface\{3CBA93EA-AEC3-4EC3-9EFD-D96A661B639D}\ (MindSpark)
      HKLM\SOFTWARE\Classes\Interface\{5684EAE9-72EB-4CA6-83B8-82434B7E955C}\ (MindSpark)
      HKLM\SOFTWARE\Classes\Interface\{6605E3BD-7BC3-479C-BF0A-E5D5E954EA52}\ (MindSpark)
      HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}\ (MindSpark)
      HKLM\SOFTWARE\Classes\Interface\{7FCD22A8-B70A-4AC7-AAF1-EBCCD2F6612D}\ (MindSpark)
      HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}\ (MindSpark)
      HKLM\SOFTWARE\Classes\Interface\{93F0AC70-20D8-4AE8-A02F-6812EFFB6B58}\ (MindSpark)
      HKLM\SOFTWARE\Classes\Interface\{94E98D20-156E-4C53-BD7F-972C96E680B2}\ (MindSpark)
      HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}\ (MyPC Backup)
      HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player)
      HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}\ (MyPC Backup)
      HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player)
      HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}\ (MyPC Backup)
      HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}\ (MyPC Backup)
      HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}\ (MyPC Backup)
      HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}\ (MyPC Backup)
      HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}\ (MyPC Backup)
      HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player)
      HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}\ (MyPC Backup)
      HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}\ (MyPC Backup)
      HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}\ (MyPC Backup)
      HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}\ (MyPC Backup)
      HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}\ (MyPC Backup)
      HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}\ (MyPC Backup)
      HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player)
      HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}\ (MyPC Backup)
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66d59105-fe06-43a4-b292-eb0097e9eb74}\ (MindSpark)
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8aadc8b2-562b-407b-88b3-916140226cbc}\ (MindSpark)
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9103c314-c4e2-4463-8934-b19bcb46236d}\ (MindSpark)
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97cef41c-5055-474a-855a-892d4fe3e596}\ (MindSpark)
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d375ee64-f893-498a-a0e9-0e9829c88c3d}\ (MindSpark)
      HKU\S-1-5-21-4039849622-1508179741-2467914619-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113} (FLV Player)
      HKU\S-1-5-21-4039849622-1508179741-2467914619-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ (FLV Player)
      HKU\S-1-5-21-4039849622-1508179741-2467914619-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54425F44-454D-4F5F-5637-7A786E7484D7}\ (AskBar)
    Cookies _____________________________________________________________________
      C:\Users\cheryl\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
      C:\Users\cheryl\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
      C:\Users\cheryl\AppData\Roaming\Microsoft\Windows\Cookies\M0SJJGFE.txt
      C:\Users\cheryl\AppData\Roaming\Microsoft\Windows\Cookies\MSOJK6F0.txt
    
    
     
  2. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    That shouldn't be too much of a problem, the FRST report is showing that only 38% of the Ram was being used.

    There is a bit to clean up in the report though.
    So let's do that first.

    I personally wouldn't run the trial version of MBAM...... i'd just stick with the free version.

    Step 1
    Check the Add/Remove and see if this will uninstall.

    Recipe Hub Internet Explorer Toolbar

    Step 2
    Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    2cf1672fdd2151dad6f349c704143429.png

    The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


    Step 3
    Please reset Google Chrome
    • Click the Menu option button at the top right of the Google Chrome screen
    • Select Settings.
    • Click Show advanced settings and find the "Reset browser settings” section.
    • Click Reset browser settings.
    • In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes.

    Resetting your browser settings will impact the settings below:

    Default search engine and saved search engines will be reset and to their original defaults.
    Homepage button will be hidden and the URL that you previously set will be removed.
    Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.
    New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.
    Pinned tabs will be unpinned.
    Content settings will be cleared and reset to their installation defaults.
    Cookies and site data will be cleared.
    Extensions and themes will be disabled.

    In your next reply, please submit:
    Fixlog.txt

    and let me know of any improvement.


    Thanks.
     

    Attached Files:

  3. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Thank Pete,

    The Receipe Hub toolbar didn't uninstall. I received this:

    Error loading C:\Program Files\ReceipeHub_2j\bar\1.bin\2jBar.dll
    The specified module could not be found.

    Here's the FRST fix log.

    The machine still isn't right. There seems to be a lot of disk activity. When typing here, sometimes there is a lag between when I hit a key and when the text appears on the screen. Could it be MS Security Essentials? I see the hard drive access light coming for no reason. I'm going to uninstall MSE and MBAM to see if they're causing this problem.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2015
    Ran by cheryl at 2015-02-12 14:49:48 Run:1
    Running from C:\Users\cheryl\Desktop
    Loaded Profiles: cheryl (Available profiles: cheryl)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-4039849622-1508179741-2467914619-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-4039849622-1508179741-2467914619-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    URLSearchHook: HKLM - (No Name) - {23256f20-0d9b-4323-b005-6e5de569c4b7} - No File
    SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 catchme; \??\C:\Users\cheryl\AppData\Local\Temp\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\cheryl\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
    Task: {0D73A534-9A5F-4E19-9789-C13EE4989295} - \LaunchApp No Task File <==== ATTENTION
    Task: {22743D65-8643-4AC3-B24A-248A7B9A2213} - \PC Optimizer Pro Idle No Task File <==== ATTENTION
    Task: {2E6ED05F-E119-4EA6-AF49-4C66157D4AC7} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\SymErr.exe
    Task: {2EB21625-D763-4481-80F2-AF0BFC2AFF88} - System32\Tasks\{8CE164D2-7F85-4971-92FA-41255D67D9E1} => pcalua.exe -a "C:\Users\cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGV074LG\1912TitanicMysterySetup.exe" -d C:\Users\cheryl\Desktop
    Task: {6454CBD1-E9DB-4F8F-A337-A6E0C6D28BEA} - System32\Tasks\{73485632-D110-4441-A958-B162DD7F3E16} => pcalua.exe -a "C:\Users\cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9QYNJDQY\MysteryPINewYorkSetup[1].exe" -d C:\Users\cheryl\Desktop
    Task: {7FA6488E-5D49-41B0-BF1E-CAEB85EF909D} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\WSCStub.exe
    Task: {8442C2D0-A5F5-4388-A1D8-5FBB9CF5EDCF} - System32\Tasks\{CFA1D023-CE7E-4639-9BA7-6B699D5E3571} => pcalua.exe -a C:\Users\cheryl\Desktop\ltpb1setup.exe -d C:\Users\cheryl\Desktop
    Task: {EA475B3C-85A7-4F56-B20B-D2613C86DE99} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\SymErr.exe
    AlternateDataStreams: C:\ProgramData\TEMP:00479775
    AlternateDataStreams: C:\ProgramData\TEMP:0441DB7A
    AlternateDataStreams: C:\ProgramData\TEMP:05D71A7E
    AlternateDataStreams: C:\ProgramData\TEMP:0F2BA284
    AlternateDataStreams: C:\ProgramData\TEMP:178D4338
    AlternateDataStreams: C:\ProgramData\TEMP:179D1352
    AlternateDataStreams: C:\ProgramData\TEMP:188C91D2
    AlternateDataStreams: C:\ProgramData\TEMP:1DCEDB1E
    AlternateDataStreams: C:\ProgramData\TEMP:1E5E0A4D
    AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B
    AlternateDataStreams: C:\ProgramData\TEMP:2032CC2B
    AlternateDataStreams: C:\ProgramData\TEMP:2A0793CA
    AlternateDataStreams: C:\ProgramData\TEMP:2D7D575C
    AlternateDataStreams: C:\ProgramData\TEMP:2FCCEABB
    AlternateDataStreams: C:\ProgramData\TEMP:37A3BA29
    AlternateDataStreams: C:\ProgramData\TEMP:3A6F413D
    AlternateDataStreams: C:\ProgramData\TEMP:3B5038B1
    AlternateDataStreams: C:\ProgramData\TEMP:3C77A608
    AlternateDataStreams: C:\ProgramData\TEMP:3E69E337
    AlternateDataStreams: C:\ProgramData\TEMP:491EFB75
    AlternateDataStreams: C:\ProgramData\TEMP:4AC9B4B7
    AlternateDataStreams: C:\ProgramData\TEMP:4C255337
    AlternateDataStreams: C:\ProgramData\TEMP:52A6151E
    AlternateDataStreams: C:\ProgramData\TEMP:5A99DEB7
    AlternateDataStreams: C:\ProgramData\TEMP:5A9F1AE5
    AlternateDataStreams: C:\ProgramData\TEMP:5B6F7F60
    AlternateDataStreams: C:\ProgramData\TEMP:60505779
    AlternateDataStreams: C:\ProgramData\TEMP:621BEE66
    AlternateDataStreams: C:\ProgramData\TEMP:62E437EB
    AlternateDataStreams: C:\ProgramData\TEMP:63C7DF25
    AlternateDataStreams: C:\ProgramData\TEMP:68AFE32C
    AlternateDataStreams: C:\ProgramData\TEMP:6B709AD7
    AlternateDataStreams: C:\ProgramData\TEMP:7592CE27
    AlternateDataStreams: C:\ProgramData\TEMP:77A023CE
    AlternateDataStreams: C:\ProgramData\TEMP:7B626525
    AlternateDataStreams: C:\ProgramData\TEMP:7C60A173
    AlternateDataStreams: C:\ProgramData\TEMP:7E6454EB
    AlternateDataStreams: C:\ProgramData\TEMP:7F24D3D8
    AlternateDataStreams: C:\ProgramData\TEMP:810DD53F
    AlternateDataStreams: C:\ProgramData\TEMP:81AFC66E
    AlternateDataStreams: C:\ProgramData\TEMP:864881BF
    AlternateDataStreams: C:\ProgramData\TEMP:8B4B9596
    AlternateDataStreams: C:\ProgramData\TEMP:8BB2EC84
    AlternateDataStreams: C:\ProgramData\TEMP:8BD8CD95
    AlternateDataStreams: C:\ProgramData\TEMP:8F09BC2E
    AlternateDataStreams: C:\ProgramData\TEMP:94B46CA2
    AlternateDataStreams: C:\ProgramData\TEMP:9530B6DE
    AlternateDataStreams: C:\ProgramData\TEMP:9E9BA8D0
    AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
    AlternateDataStreams: C:\ProgramData\TEMP:A37A44E3
    AlternateDataStreams: C:\ProgramData\TEMP:A51C9924
    AlternateDataStreams: C:\ProgramData\TEMP:A53FFC56
    AlternateDataStreams: C:\ProgramData\TEMP:A6D6E537
    AlternateDataStreams: C:\ProgramData\TEMP:AA243C48
    AlternateDataStreams: C:\ProgramData\TEMP:AA354EC0
    AlternateDataStreams: C:\ProgramData\TEMP:B1873334
    AlternateDataStreams: C:\ProgramData\TEMP:B47F9D81
    AlternateDataStreams: C:\ProgramData\TEMP:B6C77675
    AlternateDataStreams: C:\ProgramData\TEMP:BEC3E79A
    AlternateDataStreams: C:\ProgramData\TEMP:C0A1A8AA
    AlternateDataStreams: C:\ProgramData\TEMP:C22C13A5
    AlternateDataStreams: C:\ProgramData\TEMP:C76CFF82
    AlternateDataStreams: C:\ProgramData\TEMP:CAB5D296
    AlternateDataStreams: C:\ProgramData\TEMP:D51A5707
    AlternateDataStreams: C:\ProgramData\TEMP:D8C96088
    AlternateDataStreams: C:\ProgramData\TEMP:DC732357
    AlternateDataStreams: C:\ProgramData\TEMP:F216755A
    AlternateDataStreams: C:\ProgramData\TEMP:FE9F7F81
    AlternateDataStreams: C:\ProgramData\TEMP:FFC893E1
    C:\Program Files\Norton AntiVirus
    Hosts:
    CMD: ipconfig /flushdns
    EmptyTemp:
    *****************
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-4039849622-1508179741-2467914619-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-4039849622-1508179741-2467914619-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{23256f20-0d9b-4323-b005-6e5de569c4b7} => value deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key deleted successfully.
    HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => Key not found.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-4039849622-1508179741-2467914619-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
    HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
    blbdrive => Service deleted successfully.
    catchme => Service deleted successfully.
    IpInIp => Service deleted successfully.
    NwlnkFlt => Service deleted successfully.
    NwlnkFwd => Service deleted successfully.
    "HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
    "HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
    "HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
    "HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
    "HKU\S-1-5-21-4039849622-1508179741-2467914619-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D73A534-9A5F-4E19-9789-C13EE4989295}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D73A534-9A5F-4E19-9789-C13EE4989295}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22743D65-8643-4AC3-B24A-248A7B9A2213}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22743D65-8643-4AC3-B24A-248A7B9A2213}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro Idle" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E6ED05F-E119-4EA6-AF49-4C66157D4AC7}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E6ED05F-E119-4EA6-AF49-4C66157D4AC7}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Norton AntiVirus\Norton Error Analyzer => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton AntiVirus\Norton Error Analyzer" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EB21625-D763-4481-80F2-AF0BFC2AFF88}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EB21625-D763-4481-80F2-AF0BFC2AFF88}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{8CE164D2-7F85-4971-92FA-41255D67D9E1} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8CE164D2-7F85-4971-92FA-41255D67D9E1}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6454CBD1-E9DB-4F8F-A337-A6E0C6D28BEA}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6454CBD1-E9DB-4F8F-A337-A6E0C6D28BEA}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{73485632-D110-4441-A958-B162DD7F3E16} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{73485632-D110-4441-A958-B162DD7F3E16}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FA6488E-5D49-41B0-BF1E-CAEB85EF909D}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FA6488E-5D49-41B0-BF1E-CAEB85EF909D}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Norton WSC Integration => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8442C2D0-A5F5-4388-A1D8-5FBB9CF5EDCF}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8442C2D0-A5F5-4388-A1D8-5FBB9CF5EDCF}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{CFA1D023-CE7E-4639-9BA7-6B699D5E3571} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CFA1D023-CE7E-4639-9BA7-6B699D5E3571}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA475B3C-85A7-4F56-B20B-D2613C86DE99}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA475B3C-85A7-4F56-B20B-D2613C86DE99}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Norton AntiVirus\Norton Error Processor => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton AntiVirus\Norton Error Processor" => Key deleted successfully.
    C:\ProgramData\TEMP => ":00479775" ADS removed successfully.
    C:\ProgramData\TEMP => ":0441DB7A" ADS removed successfully.
    C:\ProgramData\TEMP => ":05D71A7E" ADS removed successfully.
    C:\ProgramData\TEMP => ":0F2BA284" ADS removed successfully.
    C:\ProgramData\TEMP => ":178D4338" ADS removed successfully.
    C:\ProgramData\TEMP => ":179D1352" ADS removed successfully.
    C:\ProgramData\TEMP => ":188C91D2" ADS removed successfully.
    C:\ProgramData\TEMP => ":1DCEDB1E" ADS removed successfully.
    C:\ProgramData\TEMP => ":1E5E0A4D" ADS removed successfully.
    C:\ProgramData\TEMP => ":1ECED34B" ADS removed successfully.
    C:\ProgramData\TEMP => ":2032CC2B" ADS removed successfully.
    C:\ProgramData\TEMP => ":2A0793CA" ADS removed successfully.
    C:\ProgramData\TEMP => ":2D7D575C" ADS removed successfully.
    C:\ProgramData\TEMP => ":2FCCEABB" ADS removed successfully.
    C:\ProgramData\TEMP => ":37A3BA29" ADS removed successfully.
    C:\ProgramData\TEMP => ":3A6F413D" ADS removed successfully.
    C:\ProgramData\TEMP => ":3B5038B1" ADS removed successfully.
    C:\ProgramData\TEMP => ":3C77A608" ADS removed successfully.
    C:\ProgramData\TEMP => ":3E69E337" ADS removed successfully.
    C:\ProgramData\TEMP => ":491EFB75" ADS removed successfully.
    C:\ProgramData\TEMP => ":4AC9B4B7" ADS removed successfully.
    C:\ProgramData\TEMP => ":4C255337" ADS removed successfully.
    C:\ProgramData\TEMP => ":52A6151E" ADS removed successfully.
    C:\ProgramData\TEMP => ":5A99DEB7" ADS removed successfully.
    C:\ProgramData\TEMP => ":5A9F1AE5" ADS removed successfully.
    C:\ProgramData\TEMP => ":5B6F7F60" ADS removed successfully.
    C:\ProgramData\TEMP => ":60505779" ADS removed successfully.
    C:\ProgramData\TEMP => ":621BEE66" ADS removed successfully.
    C:\ProgramData\TEMP => ":62E437EB" ADS removed successfully.
    C:\ProgramData\TEMP => ":63C7DF25" ADS removed successfully.
    C:\ProgramData\TEMP => ":68AFE32C" ADS removed successfully.
    C:\ProgramData\TEMP => ":6B709AD7" ADS removed successfully.
    C:\ProgramData\TEMP => ":7592CE27" ADS removed successfully.
    C:\ProgramData\TEMP => ":77A023CE" ADS removed successfully.
    C:\ProgramData\TEMP => ":7B626525" ADS removed successfully.
    C:\ProgramData\TEMP => ":7C60A173" ADS removed successfully.
    C:\ProgramData\TEMP => ":7E6454EB" ADS removed successfully.
    C:\ProgramData\TEMP => ":7F24D3D8" ADS removed successfully.
    C:\ProgramData\TEMP => ":810DD53F" ADS removed successfully.
    C:\ProgramData\TEMP => ":81AFC66E" ADS removed successfully.
    C:\ProgramData\TEMP => ":864881BF" ADS removed successfully.
    C:\ProgramData\TEMP => ":8B4B9596" ADS removed successfully.
    C:\ProgramData\TEMP => ":8BB2EC84" ADS removed successfully.
    C:\ProgramData\TEMP => ":8BD8CD95" ADS removed successfully.
    C:\ProgramData\TEMP => ":8F09BC2E" ADS removed successfully.
    C:\ProgramData\TEMP => ":94B46CA2" ADS removed successfully.
    C:\ProgramData\TEMP => ":9530B6DE" ADS removed successfully.
    C:\ProgramData\TEMP => ":9E9BA8D0" ADS removed successfully.
    C:\ProgramData\TEMP => ":A02025CE" ADS removed successfully.
    C:\ProgramData\TEMP => ":A37A44E3" ADS removed successfully.
    C:\ProgramData\TEMP => ":A51C9924" ADS removed successfully.
    C:\ProgramData\TEMP => ":A53FFC56" ADS removed successfully.
    C:\ProgramData\TEMP => ":A6D6E537" ADS removed successfully.
    C:\ProgramData\TEMP => ":AA243C48" ADS removed successfully.
    C:\ProgramData\TEMP => ":AA354EC0" ADS removed successfully.
    C:\ProgramData\TEMP => ":B1873334" ADS removed successfully.
    C:\ProgramData\TEMP => ":B47F9D81" ADS removed successfully.
    C:\ProgramData\TEMP => ":B6C77675" ADS removed successfully.
    C:\ProgramData\TEMP => ":BEC3E79A" ADS removed successfully.
    C:\ProgramData\TEMP => ":C0A1A8AA" ADS removed successfully.
    C:\ProgramData\TEMP => ":C22C13A5" ADS removed successfully.
    C:\ProgramData\TEMP => ":C76CFF82" ADS removed successfully.
    C:\ProgramData\TEMP => ":CAB5D296" ADS removed successfully.
    C:\ProgramData\TEMP => ":D51A5707" ADS removed successfully.
    C:\ProgramData\TEMP => ":D8C96088" ADS removed successfully.
    C:\ProgramData\TEMP => ":DC732357" ADS removed successfully.
    C:\ProgramData\TEMP => ":F216755A" ADS removed successfully.
    C:\ProgramData\TEMP => ":FE9F7F81" ADS removed successfully.
    C:\ProgramData\TEMP => ":FFC893E1" ADS removed successfully.
    "C:\Program Files\Norton AntiVirus" => File/Directory not found.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    ========= ipconfig /flushdns =========

    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    ========= End of CMD: =========
    EmptyTemp: => Removed 140.7 MB temporary data.

    The system needed a reboot.
    ==== End of Fixlog 14:50:15 ====
     
  4. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Forgot to mention, the Chrome reset went well.
     
  5. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    I have the Task Manager open and I'm watching the Processes. I have them sorted by CPU usage. Also watching the CPU Usage on the bottom of the window. CPU usage is about 8% with IE running. As soon as I start typing in this reply box, CPU Usage goes to 100%. Watching the CPU column, it shows that IE is the one that's using all the CPU resources.
     
  6. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    and how does that compare if you run another browser?
     
  7. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    I'm using Chrome now, it doesn't lag or use CPU resources the way that IE does. The CPU Usage goes up to about 45% when I start typing. IE was causing it to go to 100%.
     
  8. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    That just means that something has already removed the files but has left the uninstaller.
    It'll just be an orphan entry.

    I'd take out MBAM first.... then check IE again to see if it's still causing the problem.

    • Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
    • Restart your computer (very important).
    • Download mbam clean and save to your Desktop.
    • Please close all open applications and temporarily shutdown your antivirus to avoid any conflicts when running the tool.
    • Locate the file mbam-clean.exe and double-click to run it... Vista/Windows 7/8 users right-click and select Run As Administrator.. and follow the onscreen prompts.
    • It will ask to restart your computer, please allow it to do so (very important)
    • When removal is complete....Make sure you re-enabled your Anti-Virus/Internet-Security applications.
     
  9. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    MBAM is out and IE is responding with the same lag, even with MSE real-time protection turned off.

    Onto removing MSE.
     
  10. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Now trying with MSE removed. Same lag.

    Pete, if this machine is clean, I don't want to take up any more of your time. There are lots of posts out there on this subject. I can do the research knowing that it's not malware related.
     
  11. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    I doubt that it is malware related.
    Don't forget that the system is running an old version of IE. (IE9 )
    This may well be the problem.
    With old versions of IE it's best to forget them and use an alternative more up to date browser.
    The obvious choices would be between Chrome, Firefox or Opera.

    As you have nothing to lose, you could always try resetting IE back to the defaults and see if that finds any improvement.

    Reset IE back to the defaults.
    • Close any Internet Explorer or Windows Explorer windows that are currently open.
    • Open Internet Explorer by clicking the Start button, and then clicking Internet Explorer.
    • Click the Tools button, and then click Internet Options.
    • Click the Advanced tab, and then click Reset.
    • Select the Delete personal settings check box if you would like to remove browsing history, search providers, Accelerators, home pages, and InPrivate Filtering data.
    • In the Reset Internet Explorer Settings dialog box, click Reset.
    • When Internet Explorer finishes applying default settings, click Close, and then click OK.
    • Close Internet Explorer.
    • Your changes will take effect the next time you open Internet Explorer.
     
  12. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Thanks again. I had already reset IE. It didn't help. I'll check out some of the posts on the Internet. Otherwise, just stick with Chrome because it's working nicely.
     

Share This Page