Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Chrome.exe *32 [Solved]


  • This topic is locked This topic is locked

#1
catherine3122

catherine3122

    Member

  • Member
  • PipPip
  • 10 posts

Hello,

 

I have a number of processes operating with exe *32 in the name (it originated with chrome.exe *32 - I have uninstalled chrome and now it relates to other applications). These processes use up heaps of memory and do not relate to an application in use.

 

I've tried using malwarebytes but it has not resolved the problem.

 

Below is the FRST log.

 

Any assistance would be greatly appreciated.

 

Cheers,

Catherine

 

----

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by Glenn (administrator) on GLENN-PC on 27-10-2014 08:04:08
Running from C:\Users\Glenn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46F21CPH
Loaded Profiles: Glenn &  (Available profiles: Glenn)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1441792 2010-06-09] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-06] (Intel® Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-30] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3587055226-2106997194-2688200268-1000\...\Run: [Google Update] => C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-17] (Google Inc.)
HKU\S-1-5-21-3587055226-2106997194-2688200268-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-17] (Google Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {CF9C56F7-05E4-472B-81AD-BE27088DD207} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-10-26]

Chrome:
=======
CHR HomePage: Default -> hxxp://ifmintranet/
CHR Profile: C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-26]
CHR Extension: (Google Docs) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-26]
CHR Extension: (Google Drive) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (YouTube) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-26]
CHR Extension: (Google Cast) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-10-26]
CHR Extension: (Google Search) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-26]
CHR Extension: (Google Sheets) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-26]
CHR Extension: (AdBlock) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-26]
CHR Extension: (Norton Identity Safe) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-26]
CHR Extension: (Nielsen) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgalnioijgchfablfaknkbliianenml [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Norton Security Toolbar) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-10-26]
CHR Extension: (Gmail) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-08] (Red Bend Ltd.) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-10] (Stardock Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-06] ()
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-01-01] ()
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-08] (Intel® Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20141016.001\BHDrvx64.sys [1587416 2014-10-04] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-28] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20141024.001\IDSvia64.sys [633560 2014-09-30] (Symantec Corporation)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141026.001\ENG64.SYS [129752 2014-10-22] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141026.001\EX64.SYS [2137304 2014-10-22] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-07] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-03] ()
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-12-30] (CyberLink Corp.)
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\appobserver64.sys [X]
S3 L1C; system32\DRIVERS\L1C62x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 08:03 - 2014-10-27 08:04 - 00000000 ____D () C:\FRST
2014-10-26 20:27 - 2014-10-26 20:27 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-26 20:22 - 2014-10-26 20:22 - 00001075 _____ () C:\Users\Glenn\Desktop\JRT.txt
2014-10-26 20:18 - 2014-10-26 20:18 - 00000000 ____D () C:\Windows\ERUNT
2014-10-26 20:00 - 2014-10-26 20:03 - 00000000 ____D () C:\AdwCleaner
2014-10-26 18:54 - 2014-10-27 07:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 18:54 - 2014-10-26 18:54 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 18:54 - 2014-10-26 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 18:54 - 2014-10-26 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-26 18:54 - 2014-10-26 18:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 18:54 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-26 18:54 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-26 18:54 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-26 18:21 - 2014-10-26 18:21 - 00000000 ____D () C:\Windows\pss
2014-10-18 18:01 - 2014-10-10 12:53 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-18 18:01 - 2014-10-10 12:53 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-18 18:01 - 2014-10-10 12:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-18 18:01 - 2014-09-15 11:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-04 20:59 - 2014-10-04 20:59 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 08:05 - 2011-03-04 20:28 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 08:01 - 2009-07-14 15:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 08:01 - 2009-07-14 15:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 07:59 - 2014-01-07 10:10 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-10-27 07:52 - 2009-07-14 16:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-27 07:48 - 2014-08-17 20:26 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000UA.job
2014-10-27 07:48 - 2009-07-14 16:10 - 01076661 _____ () C:\Windows\WindowsUpdate.log
2014-10-26 20:04 - 2010-11-12 16:33 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-10-26 20:04 - 2010-11-12 16:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-10-26 20:04 - 2010-11-12 16:23 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-10-26 20:04 - 2010-11-12 16:03 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log
2014-10-26 20:04 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-26 20:04 - 2009-07-14 15:51 - 00063022 _____ () C:\Windows\setupact.log
2014-10-26 20:03 - 2012-06-12 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-26 20:03 - 2010-11-12 17:46 - 02186554 _____ () C:\Windows\PFRO.log
2014-10-26 19:55 - 2011-03-04 20:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-26 19:49 - 2010-11-12 16:12 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-10-26 19:22 - 2012-06-12 17:56 - 00000000 ____D () C:\ProgramData\InstallMate
2014-10-26 18:41 - 2012-06-15 18:41 - 00000000 ____D () C:\Users\Glenn\Tracing
2014-10-26 18:07 - 2011-03-05 18:32 - 00000000 ____D () C:\Users\Glenn\AppData\Roaming\BitTorrent
2014-10-26 18:01 - 2011-03-04 20:28 - 00000000 ____D () C:\Users\Glenn\AppData\Local\Google
2014-10-26 18:00 - 2012-06-15 17:41 - 00000000 ____D () C:\Users\Glenn\Desktop\Catherine work
2014-10-26 18:00 - 2011-03-04 20:28 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-26 18:00 - 2011-03-04 20:28 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-26 18:00 - 2011-03-04 20:28 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 17:39 - 2014-08-17 20:26 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000Core.job
2014-10-25 14:37 - 2011-12-21 19:54 - 00000000 ____D () C:\Users\Glenn\AppData\Local\CrashDumps
2014-10-22 17:34 - 2014-08-17 20:26 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000UA
2014-10-22 17:34 - 2014-08-17 20:26 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000Core
2014-10-19 03:28 - 2009-07-14 15:45 - 00408088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 03:26 - 2014-07-13 04:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-19 03:10 - 2013-07-18 04:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-19 03:10 - 2011-03-19 21:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-19 03:02 - 2013-01-27 15:11 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-04 20:59 - 2014-01-07 10:06 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
2014-10-04 20:58 - 2014-01-07 10:09 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-04 20:58 - 2014-01-07 10:09 - 00002399 _____ () C:\Users\Public\Desktop\Norton AntiVirus.lnk
2014-10-04 20:58 - 2014-01-07 10:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus

Some content of TEMP:
====================
C:\Users\Glenn\AppData\Local\Temp\Quarantine.exe
C:\Users\Glenn\AppData\Local\Temp\sqlite3.dll
C:\Users\Glenn\AppData\Local\Temp\{92ECB90F-3CB7-4245-80DE-E410B7339B86}.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-19 03:58

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2014
Ran by Glenn at 2014-10-27 08:05:28
Running from C:\Users\Glenn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46F21CPH
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton AntiVirus (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.0 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
Call of Duty® 4 - Modern Warfare™ (x32 Version: 1.00.0000 - Activision) Hidden
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Garmin ANT Agent (HKLM-x32\...\{CB5F6422-502E-477C-B31D-25ECE8F829E6}) (Version: 2.3.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Healthy Edge (HKLM-x32\...\{3EF0E626-A5F3-4BA8-A6EA-676D4A7AFA28}) (Version: 1.7.1 - Tanita)
Intel PROSet Wireless (Version:  - ) Hidden
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.0005 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iRip (HKLM-x32\...\{67155532-D66C-4B52-A1A4-7F0B9817A3F0}) (Version: 1.0.1.27 - The Little App Factory, LLC.)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.6.15 - Symantec Corporation)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.20.0 - Synaptics Incorporated)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3587055226-2106997194-2688200268-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3587055226-2106997194-2688200268-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3587055226-2106997194-2688200268-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

13-08-2014 17:00:42 Windows Update
22-08-2014 09:25:32 Scheduled Checkpoint
31-08-2014 10:37:11 Scheduled Checkpoint
13-09-2014 04:29:26 Windows Update
18-10-2014 16:00:48 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07588CB6-8411-4396-9CB8-858A840D1BB4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000Core => C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-17] (Google Inc.)
Task: {07F91B9A-9277-40F6-84B3-3AB25ECCF2E5} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe
Task: {12CDB51E-E1B8-41C0-A7D3-83C6B80CE27E} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {315F06DC-867E-4DB2-ABCD-5C9A2F139204} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {45B07F35-0043-4955-B369-6E28082B1AF8} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {4B4F67DB-C1A2-4319-AF70-F53DD5020173} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {535716F8-044B-414E-9827-D332ED144E3B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3587055226-2106997194-2688200268-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {53E2DF92-1836-46E9-8036-0DBE3916BA4E} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {6F21E956-FB10-4065-BD72-4A48A17E4951} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3587055226-2106997194-2688200268-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {848F5249-6B16-480F-BF8D-FE59D3BEE8EC} - System32\Tasks\4681 => Wscript.exe C:\Users\Glenn\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {A4F440EC-75AD-4595-BB1B-7C63D0C6CADF} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {AAE01B08-6041-4890-BC16-D812314BC335} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000UA => C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-17] (Google Inc.)
Task: {E1D29441-20A0-47F6-824D-510E9FA5F8EA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F05EACEE-3E1F-4654-AC86-CD4D34B73C90} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {FF107D89-D6FC-4963-B9AB-05B7774684D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000Core.job => C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000UA.job => C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-03-06 02:21 - 2010-03-06 02:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-01-01 17:05 - 2013-01-01 17:08 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-11-12 16:23 - 2011-08-19 02:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2010-03-06 02:21 - 2010-03-06 02:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-06-24 23:56 - 2011-06-24 23:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 23:56 - 2011-06-24 23:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\28829759.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\28829759.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Glenn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ANT Agent => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MsgCenterExe => "C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe"  -osboot
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SynTPEnh => %PROGRAMFILES%\Synaptics\SynTP\SynTPEnh.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3587055226-2106997194-2688200268-500 - Administrator - Disabled)
Glenn (S-1-5-21-3587055226-2106997194-2688200268-1000 - Administrator - Enabled) => C:\Users\Glenn
Guest (S-1-5-21-3587055226-2106997194-2688200268-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3587055226-2106997194-2688200268-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/27/2014 07:48:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 47%
Total physical RAM: 5940.52 MB
Available physical RAM: 3143.75 MB
Total Pagefile: 11879.15 MB
Available Pagefile: 8787.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:465.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi Catherine,

 

I'll have a look and get back to you within the day. :)


  • 0

#3
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hello again Catherine,

 

Let's talk about some of this.

 

I have a number of processes operating with exe *32 in the name

Unfortunately, for as much help as Task Manager can be, it can cause undo concern too.

 

Here is the "thing" with Chrome *32 and multiple instances. With IE and FF, if one page crashes, the whole thing comes down. Chrome sought to solve that issue by starting a separate "instance" for every open web page. Hence, it's quite possible to have many Chrome *32 pages open and that's not necessarily a bad thing. That's just Chrome doing what Chrome does. That said, I don't see any Chrome issues of concern.

 

I have uninstalled chrome and now it relates to other applications). These processes use up heaps of memory and do not relate to an application in use.

I highlighted a piece of the sentence above..."now it relates to other applications". Could you tell me more about this? I'm not understanding what you're saying.

 

I've tried using malwarebytes but it has not resolved the problem.

MBAM is a good tool and likely did what it was supposed to do. However, I have a few other tools at my disposal

 

So, in your next post please expand on the question I have (above), in the meantime I'm going to clean up what I do see on your computer and then we'll see where we are.

 

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif



Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:

    start
    
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Task: {53E2DF92-1836-46E9-8036-0DBE3916BA4E} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
    Task: {848F5249-6B16-480F-BF8D-FE59D3BEE8EC} - System32\Tasks\4681 => Wscript.exe C:\Users\Glenn\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
    URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR HomePage: Default -> hxxp://ifmintranet/
    CMD: DEL %TEMP%\*.* /F /S /Q
    CMD: RD /S /Q %TEMP% 
    REBOOT:
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

JRTbythisisu.png Fix with Junkware Removal Tool
 
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
  •  
    Please include the contents of that file in your reply.
     
    Do not forget to re-enable your previously switched off protection software!
    Please also manually reboot your machine after this procedure.
     
    adwcleaner_new.png Scan with AdwCleaner
     
    Please download AdwCleaner by Xplode and save the file to your desktop.
     
    • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
  •  
    Please include the contents of that file in your reply.

     

     

    51a612a8b27e2-Zoek.png Scan with ZOEK

    Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
    Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

    • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    • Wait patiently until the main console will appear, it may take a minute or two.
    • In the main box please paste in the following script:

      createsrpoint;
      process;
      services-list;
      systemspecs;
      startupall;
      skipfix-iedefaults;
      firefoxlook;
      chromelook;
      filesrcm;
      installedprogs;
    • Make sure that Scan All Users option is checked.
    • Push Run Script and wait patiently. The scan may take a couple of minutes.
    • When the scan completes, a zoek-results logfile should open in notepad.
    • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)


    Post its content into your next reply.

    • 0

    #4
    catherine3122

    catherine3122

      Member

    • Topic Starter
    • Member
    • PipPip
    • 10 posts

    Hi Biscuithd,

     

    Thank you very much for taking the time to help me.

     

    I am sorry my explanations haven't been clear! I have self diagnosed with the chrome.exe*32 malware based on googling. I was finding that chrome would crash, then when I tried to reopen it, the browser would not appear, but there would be multiple chrome.exe*32 processes in task manager. When I closed these, I was then able to reopen chrome.

     

    I've since removed chrome, but am seeing a large number of other exe*32 in my task manager - e.g. iexplore.exe*32 (four or five versions), nav.exe*32 etc. I assumed that this was still related to the malware, as my other computer does not have the " *32 " in any process names in task manager and is running better than this computer.

     

    Hopefully this makes more sense.

     

    I've run the steps you have advised below. The fix log is posted below and I will do the remaining outputs in a further post.

     

    Cheers,

    Catherine

    ----------------------

     

    Fixlog

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 01
    Ran by Glenn at 2014-10-29 09:42:37 Run:1
    Running from C:\Users\Glenn\Downloads
    Loaded Profile: Glenn (Available profiles: Glenn)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start

    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Task: {53E2DF92-1836-46E9-8036-0DBE3916BA4E} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
    Task: {848F5249-6B16-480F-BF8D-FE59D3BEE8EC} - System32\Tasks\4681 => Wscript.exe C:\Users\Glenn\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
    URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR HomePage: Default -> hxxp://ifmintranet/
    CMD: DEL %TEMP%\*.* /F /S /Q
    CMD: RD /S /Q %TEMP%
    REBOOT:
    end
    *****************

    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53E2DF92-1836-46E9-8036-0DBE3916BA4E}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53E2DF92-1836-46E9-8036-0DBE3916BA4E}" => Key deleted successfully.
    C:\Windows\System32\Tasks\0 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{848F5249-6B16-480F-BF8D-FE59D3BEE8EC}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{848F5249-6B16-480F-BF8D-FE59D3BEE8EC}" => Key deleted successfully.
    C:\Windows\System32\Tasks\4681 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4681" => Key deleted successfully.
    C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
    C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => value deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
    "HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
    "HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => value deleted successfully.
    "HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}" => Key not found.
    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    Chrome HomePage deleted successfully.

    =========  DEL %TEMP%\*.* /F /S /Q =========

    Deleted file - C:\Users\Glenn\AppData\Local\Temp\119F.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\148D.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\5688.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\59530652.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\59F1.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\65A3.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\6AF3.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\A558.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\AA56B9E2-F222-43EB-B185-22EF86D5E046.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\AdobeARM.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\AdobeARM_NotLocked.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\adwcleaner.db
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\AdwCleaner.jpg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\ArmUI.ini
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\au-descriptor-1.7.0_71-b14.xml
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\AUCHECK_CORE.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\AUCHECK_PARSER.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\BC18.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\C50C551B-346A-41C7-8B11-2D08F63F4852.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\C9D.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CE37.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CF1DAAD0-ED97-49B9-9848-D4A2961A3FD1.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\chrome_installer.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Cleaning.ico
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Cln78CA-20140220-090150.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Cln78CA.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\ClnD48D-20141026-194841.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\ClnD48D.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CtxInstall-CitrixHDXMediaStreamForFlash-ClientInstall.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CtxInstall-DesktopViewer.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CtxInstall-GenericUSB.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CtxInstall-ICAWebWrapper.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CtxInstall-PNAWrapper.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CtxInstall-SSONWrapper.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR1645.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR18B3.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR1EB3.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR22D3.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR2503.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR35B9.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR3EB7.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR4597.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR4EAB.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR5115.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR5B77.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR5EDE.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR6035.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR666F.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR670F.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR6804.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR68D.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR6D38.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR768F.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR7AC2.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR8109.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR813C.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR8CF7.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR91EC.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR9817.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVR998.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVRA540.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVRA8.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVRABA4.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVRB3A0.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVRB8E6.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVRC293.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVRC83A.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVRCB32.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVRD01A.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVRD317.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVRD491.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVRD747.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVRE55A.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVRF1E4.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\CVRF3C4.tmp.cvr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\datEF18.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Donate.ico
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\EE59.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\error087080_01.xml
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\EULA.txt
    C:\Users\Glenn\AppData\Local\Temp\F121.tmp
    Access is denied.
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\F7F8A206-9F3E-4F98-B993-DD98B0900AD1.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\F97FEF2D-1139-44B0-83CB-9DB54D4D88F8.dat
    C:\Users\Glenn\AppData\Local\Temp\FXSAPIDebugLogFile.txt
    The process cannot access the file because it is being used by another process.
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\JRT.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jusched.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\nslD7D7.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\nsvD509.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OOBE(20140504184747CEC).log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\preferences
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\preferences00
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Quarantine.exe
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Report.ico
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Scan.ico
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Setup Log 2014-08-17 #001.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\sqlite3.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\StructuredQuery.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\SYMEVENT.LOG
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\TrolleyExpress-20140220-090031.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\TrolleyExpress-20140220-090118.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\TrolleyExpress-20140220-090150.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\TrolleyExpress-20140220-090257.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\TrolleyExpress-20141026-194841.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Uninstall.ico
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\wct5EE1.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\wct6D95.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\WER2B48.tmp.appcompat.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\wmplog00.sqm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\wmsetup.log
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{92ECB90F-3CB7-4245-80DE-E410B7339B86}.exe
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\~DF13545E8FF1458373.TMP
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\~DF25A805F5CB8157C3.TMP
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\~DF7EB15A9EBE5E1B4A.TMP
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\~DF84C3C2330BD3D493.TMP
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\~DF900D5CF9410764D2.TMP
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\~DF904C56410B43F49F.TMP
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\~DF986EFE947DFECDE8.TMP
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\~DFAFEFDA007F1355CC.TMP
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\~DFB298B9CC862097B0.TMP
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\~DFC30C156A51C933D7.TMP
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\~DFC50C1938D6B84D60.TMP
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\~DFDFF7F4E868F6C336.TMP
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\2488_32400\crl-set
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\2488_32400\manifest.fingerprint
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\2488_32400\manifest.json
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\2560_13720\crl-set
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\2560_13720\manifest.fingerprint
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\2560_13720\manifest.json
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\2560_8882\crl-set
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\2560_8882\manifest.fingerprint
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\2560_8882\manifest.json
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\4212_13771\crl-set
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\4212_13771\manifest.fingerprint
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\4212_13771\manifest.json
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\4308_19760\crl-set
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\4308_19760\manifest.fingerprint
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\4308_19760\manifest.json
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\5816_25002\crl-set
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\5816_25002\manifest.fingerprint
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\5816_25002\manifest.json
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\5932_16877\crl-set
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\5932_16877\manifest.fingerprint
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\5932_16877\manifest.json
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\6200_5666\crl-set
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\6200_5666\manifest.fingerprint
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\6200_5666\manifest.json
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\6968_17872\crl-set
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\6968_17872\manifest.fingerprint
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\6968_17872\manifest.json
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\7760_26692\crl-set
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\7760_26692\manifest.fingerprint
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\7760_26692\manifest.json
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\8088_8111\crl-set
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\8088_8111\manifest.fingerprint
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\8088_8111\manifest.json
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\8148_3692\crl-set
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\8148_3692\manifest.fingerprint
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\8148_3692\manifest.json
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\9308_4733\crl-set
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\9308_4733\manifest.fingerprint
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\9308_4733\manifest.json
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\ANTAgent\Garmin-ANT-Agent™_2.3.3.zip
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\ANTAgent\gcdFC38.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Garmin ANT Agent™\ErrorReport.xml
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Garmin Software Updates\Garmin ANT Agent™.exe
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Garmin Software Updates\Garmin ANT Agent™.udr
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\appinit64_null.reg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\appinit_null.reg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\ask.bat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\askCLSID.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\askregkey_x64.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\askregkey_x86.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\askregvalue_x64.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\askregvalue_x86.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\askservices.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\badAPPINIT.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\badFOLDERS.cfg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\badFOLDERScom.cfg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\badFOLDERSstart.cfg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\badLNK.cfg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\badvalues.cfg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\BHO_clsid.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\BHO_name.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\browsermngr_keys.cfg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\browsermngr_values.cfg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\CHOICE.DAT
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\chrome.bat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\CHRregkey_x64.cfg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\CHRregkey_x86.cfg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\CHR_extensions.cfg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\CHR_open_x64.reg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\CHR_open_x86.reg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\clean_shortcut.vbs
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\currentmd5.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\CUT.DAT
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\datamngr_del.reg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\defaultscope.cfg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\delfolders.bat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\ev_clear.bat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\FFbrowsermngr.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\FFextensions.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\FFpluginREG.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\FFplugins.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\FFprefs.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\FFregkey_x64.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\FFregkey_x86.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\FFwhtlist.cfg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\FFXML.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\FFXPI.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\FF_open_x64.reg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\FF_open_x86.reg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\firefox.bat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\get.bat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\GREP.DAT
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\IEwhtlst.cfg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\iexplore.bat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\IE_open_x64.reg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\IE_open_x86.reg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\IFEO.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\libiconv2.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\libintl3.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\medfos.bat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\misc.bat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\mws.bat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\newmd5.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\NIRCMD.DAT
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\pcre3.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\prelim.bat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\regex2.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\runvalues.bat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\runvalues_x64.cfg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\runvalues_x86.cfg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\searchlnk.bat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\SED.DAT
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\sednewline.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\services.dat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\serviceseventlog.cfg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\SHORTCUT.DAT
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\surfvox.bat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\TDL4.bat
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\WGET.DAT
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\winlogon.reg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\erunt\ERDNT.E_E
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\erunt\ERDNTDOS.LOC
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\erunt\ERDNTWIN.LOC
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\erunt\ERUNT.LOC
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\erunt\README.TXT
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\jrt\temp\null.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\A9RBC3.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\dat2F4.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\datF3E5.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\0MCG2N9I.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\1POS9NN1.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\3BYQHDOA.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\548AUVSI.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\6GG05WEO.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\A2ZNX5UK.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\AJYGV5LQ.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\D01D2HS3.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\D09GUQU3.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\FY2PH48U.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\H5BFBH7Z.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\M4MXZPYE.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\N70YATEQ.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\OCMRHWEO.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\U221ZBQW.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\V875BIFV.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\VHN4SX88.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\WM4BIRW6.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\YJKVEK2W.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Cookies\Z5DSLE90.txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\0[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\0[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\0[2].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\1029398246[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\1029398246[2].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\[email protected][1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\about-carousel-1[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\about-carousel-2[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\about-carousel-3[1].jpg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\AIbEiAIAAABDCMfx_9mslLX-OSILdmNhcmRfcGhvdG8qKGMzOTBjMzdiZjMwZDk3YTE1MTBmZjBjMTQ5ZGE0MjY5ZWMyYTdlMTUwASt3_X7LIGPmTh4skTO8bq5sPk2Y[1].jpg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\arabic[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\arrow_right[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\cb=gapi[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\cb=gapi[2].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\cb=gapi[3].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\chat-34cfc5a266109a1829cf01bdebf98b3b[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\cleardot[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\close[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\contract[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\css_injector_18[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\css_injector_37[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\datepicker[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\ellipsis[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\en[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\f[1].txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\f[2].txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\f[3].txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\general-51d583f1fd064eadd1975a8bdef3ef93[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\geoipAPI[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\gmail.min[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\google_com_au[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\i1_71651352[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\ie[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\II3_Servers[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\img_assist[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\im_callphone3[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\ita_sprite2[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\jquery-scripts[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\jquery.cookie.min[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\jquery.cycle.all.min[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\jquery.metadata.min[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\js_injector_37[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\kl_country_selector[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\layout[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\lightbox[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\links[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\loading[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\logo11w[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\logo_small[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\maia[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\map_[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\mmcore[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\mobile-feature-1[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\navigation[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\ne[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\node[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\photo[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\photo[2].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\poll[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\recentposts[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\rs=ACT90oEsyMgzC-AYnIIm44JsksadBBfFkQ[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\rs=AGLTcCNSD-RJQ8OU9VPYkiZKmTCOADXfow[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\rs=AGLTcCPi0dBSF4KfkiadJY-vU8pwTwkV_A[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\rs=AItRSTNgNcxdD6pYC8gSfU-MxR_MoSKlbw[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\rs=AItRSTNgNcxdD6pYC8gSfU-MxR_MoSKlbw[2].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\rs=AItRSTNgNcxdD6pYC8gSfU-MxR_MoSKlbw[3].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\security-for-business-ico[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\security-target-bg[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\ServiceLogin[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\SetSID[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\si[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\social-facebook-ico-footer[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\social-gplus-ico-footer[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\swftools_jw5[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\system[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\s_code[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\tabicons_black[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\tabs[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\universal_language_settings-21[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\url[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\utag.12[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\utag.v[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\video[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\views[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\views_slideshow_ddblock.admin[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\2XT0CEFJ\wireframes[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\0[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\0[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\0[2].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\[email protected][1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\[email protected],x94,x95[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\[email protected][1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\65698178[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\advanced_profile[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\aggregator[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\arrow_down[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\backgrounds[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\browser_chrome[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\canvas[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\cb=gapi[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\cb=gapi[2].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\checkmark2[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\cleardot[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\close-x[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\core_rpc_shindig.random_shindig.sha1[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\css[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\css_injector_27[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\css_injector_388[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\css_injector_4[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\custom_search[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\date[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\dn[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\DXI1ORHCpsQm3Vp6mXoaTXZ2MAKAc2x4R1uOSeegc5U[1].eot
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\empty[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\empty[2].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\en[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\fieldgroup[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\footer[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\f[1].txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\f[2].txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\ga[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\genpass[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\gmail_com[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\google[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\header-menu-arrow[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\hscv[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\html-elements[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\img_assist[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\jquery.min[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\js_injector_106[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\js_injector_16[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\js_injector_1[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\js_injector_30[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\k3k702ZOKiLJc3WVjuplzHZ2MAKAc2x4R1uOSeegc5U[1].eot
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\kl_country_selector[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\korea[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\logo_strip_2x[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\maia.experimental[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\mgyhp_sm[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\MTP_ySUJH_bn48VBG8sNSnZ2MAKAc2x4R1uOSeegc5U[1].eot
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\no_photo[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\nr-100[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\panels[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\pause[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\profile_mask2_27px_noborder[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\rs=AGLTcCNSD-RJQ8OU9VPYkiZKmTCOADXfow[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\rs=AItRSTNgNcxdD6pYC8gSfU-MxR_MoSKlbw[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\rs=AItRSTNgNcxdD6pYC8gSfU-MxR_MoSKlbw[2].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\rs=AItRSTOA0QwxeGyXmQcdjbEcYlq50ATW8w[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\search-grey[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\security-for-home-ico-flat[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\security-for-home-ico-glossy[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\ServiceLogin[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\SetSID[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\social-youtube-ico-footer[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\sprite_black2[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\sprite_importance2[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\stream_showroom-d8de88384f6e5817983d0fcec12c128a[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\super-menu-bg[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\super-menu-btn-bg[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\super-menu-right-border[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\swftools[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\system-menus[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\tap[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\TDSSKiller-Screenshots-sm[1].jpg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\tia[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\Transparent[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\unnamed[1].jpg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\utag.19[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\utag.62[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\utag.76[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\u[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\video[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9HM8515M\views_slideshow[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\1555158088-postmessagerelay[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\[email protected][1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\4b3bf28b47[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\8a29e0dc-0902-4175-86f5-2c4a36904633[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\about[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\bind[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\blocks[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\bvapi[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\cb=gapi[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\cb=gapi[2].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\chat_message_52df20dbc4522c398abba5d0b6377131[1].mp2
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\china[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\circle-hangout-video[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\circle-help[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\circle-storage[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\cleardot[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\cleardot[2].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\cms[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\comments[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\css_injector_1[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\css_injector_24[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\css_injector_386[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\css_injector_41[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\custom_search[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\dn[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\empty[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\en_dvorak[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\flat_property_icons[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\frame[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\f[1].txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\f[2].txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\f[3].txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\f[4].txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\f[5].txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\f[6].txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\general_black-16bf964ab5b51c4b7462e4429bfa7fe8[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\gmail.min[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\google_com_au[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\google_logo_41[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\grippy_large[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\header[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\ie9[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\II3_Rules[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\InstantInvite3[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\interface[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\japan[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\jquery.timeentry[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\js_injector_13[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\js_injector_19[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\js_injector_31[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\lightbox_alt[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\logo_2x[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\mail[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\map_ico[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\markers[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\munchkin[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\nav_logo195[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\nodes[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\pages[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\panels[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\photo[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\play[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\plusone[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\plus_black[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\pollanon.pack[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\postmessageRelay[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\postmessageRelay[2].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\prev_alt[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\rs=AGLTcCOT9aVKnpycTz7JBvs0uCEKdqMT5w[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\rs=AItRSTNgNcxdD6pYC8gSfU-MxR_MoSKlbw[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\rs=AItRSTNgNcxdD6pYC8gSfU-MxR_MoSKlbw[2].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\rs=AItRSTNgNcxdD6pYC8gSfU-MxR_MoSKlbw[3].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\rs=AItRSTNgNcxdD6pYC8gSfU-MxR_MoSKlbw[4].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\rs=AItRSTOafP_tmwH7926AUTBqDvbFAuXBfA[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\rs=AItRSTOf4RsnXT5NDCU0fUfcRjN0Stg1Ng[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\security-for-business-ico-flat[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\SmallBusinesses_5[1].jpg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\style[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\super-menu-left-border[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\super-nav-sub-btn[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\swftools[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\TDSSKiller[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\unnamed[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\unnamed[2].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\uploaderapi2[1].swf
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\utag.41[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\utag.75[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CIBNPN46\utag[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\0[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\0[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\0[2].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\3qPfgRJhy_o6IWGjH-pPcw[1].eot
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\8a29e0dc-0902-4175-86f5-2c4a36904633[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\about[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\analytics[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\api[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\arrow_down_tlp[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\availability[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\avatar_2x[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\blank[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\block-editing[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\cb=gapi[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\cb=gapi[2].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\cb=gapi[3].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\cbst[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\chrome-48[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\circle-inbox-b[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\cleardot[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\cleardot[2].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\close_0[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\content-module[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\css[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\css_injector_25[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\ctools[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\defaults[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\drupal[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\empty[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\expand[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\fields[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\filefield[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\forms[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\f[1].txt
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\googlemail-16[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\googleplus_color_33-d28e37b6be3328c1aab7a37fa108901f[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\InstantTracking[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\InstantTracking[2].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\jquery.maphilight.min[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\js_injector_106[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\js_injector_23[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\js_injector_29[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\js_injector_31[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\kaspersky-footer-logo[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\kaspersky_usatheme_logo[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\light-grey-disclosure-arrow-down[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\lightbox[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\logintoboggan[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\maia[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\messages[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\nav_Bullet[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\next_alt[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\pollanon[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\print[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\profile_mask2[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\proxy[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\rs=ACT90oEsyMgzC-AYnIIm44JsksadBBfFkQ[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\rs=ACT90oEsyMgzC-AYnIIm44JsksadBBfFkQ[2].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\rs=AItRSTNgNcxdD6pYC8gSfU-MxR_MoSKlbw[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\rs=AItRSTNgNcxdD6pYC8gSfU-MxR_MoSKlbw[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\rs=AItRSTNgNcxdD6pYC8gSfU-MxR_MoSKlbw[2].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\rs=AItRSTNgNcxdD6pYC8gSfU-MxR_MoSKlbw[3].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\rs=AItRSTNgNcxdD6pYC8gSfU-MxR_MoSKlbw[4].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\rs=AItRSTNgNcxdD6pYC8gSfU-MxR_MoSKlbw[5].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\rs=AItRSTPLYqq5loOR9078NjrWstRw2XtJlg[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\search_white[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\sidebar[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\SmartButton[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\social-twitter-ico-footer[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\spinner_18_18[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\star4[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\swfobject[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\trackingAPI[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\unnamed[1].gif
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\unnamed[1].jpg
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\user[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\utag.35[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\utag.sync[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\u[1].htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\v1_4118d12d[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\v5us[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\views-styles[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\views_slideshow[1].css
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\work-feature-1[1].png
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\FWZXL35P\WRe18[1].js
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_1F4C482D-C20C-421A-8764-08241F17DEC2.0\2BBBF0F1.xlsx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_1F4C482D-C20C-421A-8764-08241F17DEC2.0\3472E8B0.xlsx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_1F4C482D-C20C-421A-8764-08241F17DEC2.0\56F929EF.xlsx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_1F4C482D-C20C-421A-8764-08241F17DEC2.0\A214423E.xlsx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_1F4C482D-C20C-421A-8764-08241F17DEC2.0\C9B35B24.xlsx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_1F4C482D-C20C-421A-8764-08241F17DEC2.0\mso300D.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_1F4C482D-C20C-421A-8764-08241F17DEC2.0\mso8C4E.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_1F4C482D-C20C-421A-8764-08241F17DEC2.0\mso9187.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_1F4C482D-C20C-421A-8764-08241F17DEC2.0\mso9A25.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_1F4C482D-C20C-421A-8764-08241F17DEC2.0\msoE70B.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_388BFF0A-410C-48F0-9561-063B480CEB9C.0\2BAE5F84.docx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_388BFF0A-410C-48F0-9561-063B480CEB9C.0\mso824A.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_388BFF0A-410C-48F0-9561-063B480CEB9C.0\~WRS{2ED8BA75-3A58-4DA9-8191-495D35B211B3}.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_388BFF0A-410C-48F0-9561-063B480CEB9C.0\~WRS{3790B405-D0DC-42F3-A22F-7C448862C14A}.tmp
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_388BFF0A-410C-48F0-9561-063B480CEB9C.0\msohtmlclip1\01\clip_colorschememapping.xml
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_388BFF0A-410C-48F0-9561-063B480CEB9C.0\msohtmlclip1\01\clip_plchdr.htm
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_388BFF0A-410C-48F0-9561-063B480CEB9C.0\msohtmlclip1\01\clip_themedata.thmx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_45E98FE8-8AA1-4C31-B8E1-3EB5BA6BD94A.0\6C7A2473.docx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_45E98FE8-8AA1-4C31-B8E1-3EB5BA6BD94A.0\76453BBA.docx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\OICE_DE101983-3F21-4417-B1D2-E9860F59F28B.0\161ECEF4.docx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\TCD1A41.tmp\CleanGradient.thmx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\TCD5301.tmp\CleanGradient.thmx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\TCD567A.tmp\CleanGradient.thmx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\TCD66A5.tmp\CleanGradient.thmx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\TCD6C39.tmp\CleanGradient.thmx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\TCD9159.tmp\CleanGradient.thmx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\TCDA6F3.tmp\CleanGradient.thmx
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\VBE\MSForms.exd
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\VBE\RefEdit.exd
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\GoogleCrashHandler.exe
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\GoogleCrashHandler64.exe
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\GoogleUpdate.exe
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\GoogleUpdateBroker.exe
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\GoogleUpdateComRegisterShell64.exe
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\GoogleUpdateHelper.msi
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\GoogleUpdateOnDemand.exe
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\GoogleUpdateSetup.exe
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdate.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_am.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_ar.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_bg.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_bn.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_ca.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_cs.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_da.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_de.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_el.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_en-GB.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_en.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_es-419.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_es.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_et.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_fa.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_fi.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_fil.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_fr.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_gu.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_hi.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_hr.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_hu.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_id.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_is.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_it.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_iw.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_ja.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_kn.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_ko.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_lt.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_lv.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_ml.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_mr.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_ms.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_nl.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_no.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_pl.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_pt-BR.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_pt-PT.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_ro.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_ru.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_sk.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_sl.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_sr.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_sv.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_sw.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_ta.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_te.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_th.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_tr.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_uk.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_ur.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_vi.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_zh-CN.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\goopdateres_zh-TW.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\npGoogleUpdate3.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\psmachine.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\psmachine_64.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\psuser.dll
    Deleted file - C:\Users\Glenn\AppData\Local\Temp\{39710861-7C53-4CB5-BEBB-17AE268382F6}\psuser_64.dll

    ========= End of CMD: =========

    =========  RD /S /Q %TEMP% =========

    C:\Users\Glenn\AppData\Local\Temp\F121.tmp - Access is denied.
    C:\Users\Glenn\AppData\Local\Temp\FXSAPIDebugLogFile.txt - The process cannot access the file because it is being used by another process.
    C:\Users\Glenn\AppData\Local\Temp\preferences00 - Access is denied.
    C:\Users\Glenn\AppData\Local\Temp\~DF904C56410B43F49F.TMP - Access is denied.
    C:\Users\Glenn\AppData\Local\Temp\~DF986EFE947DFECDE8.TMP - Access is denied.

    ========= End of CMD: =========

     

    The system needed a reboot.

    ==== End of Fixlog ====

     

     


    • 0

    #5
    catherine3122

    catherine3122

      Member

    • Topic Starter
    • Member
    • PipPip
    • 10 posts

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 6.3.3 (10.21.2014:1)

    OS: Windows 7 Home Premium x64

    Ran by Glenn on Wed 29/10/2014 at  9:57:35.98

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services

    ~~~ Registry Values

    ~~~ Registry Keys

    ~~~ Files

    ~~~ Folder

    ~~~ Event Viewer Logs were cleared

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on Wed 29/10/2014 at 10:01:30.46


    End of JRT log

     

     

    # AdwCleaner v4.002 - Report created 29/10/2014 at 10:19:34

    # DB v2014-10-26.6

    # Updated 27/10/2014 by Xplode

    # Operating System : Windows 7 Home Premium  (64 bits)

    # Username : Glenn - GLENN-PC

    # Running from : C:\Users\Glenn\Desktop\AdwCleaner.exe

    # Option : Clean

    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    ***** [ Scheduled Tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16476

    -\\ Mozilla Firefox v

    -\\ Google Chrome v

    *************************

    AdwCleaner[R0].txt - [5214 octets] - [26/10/2014 20:01:00]

    AdwCleaner[R1].txt - [966 octets] - [29/10/2014 10:06:59]

    AdwCleaner[R2].txt - [1025 octets] - [29/10/2014 10:12:33]

    AdwCleaner[S0].txt - [4984 octets] - [26/10/2014 20:03:04]

    AdwCleaner[S1].txt - [943 octets] - [29/10/2014 10:19:34]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1002 octets] ##########

     

     

    Zoek.exe v5.0.0.0 Updated 28-10-2014

    Tool run by Glenn on Wed 29/10/2014 at 10:26:46.94.

    Microsoft Windows 7 Home Premium  6.1.7600  x64

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\Glenn\AppData\Local\Temp\Temp1_zoek.zip\zoek.exe [Scan all users] [Script inserted]

     

    ==== System Restore Info ======================

     

    29/10/2014 10:29:10 AM Zoek.exe System Restore Point Created Succesfully.

     

    ==== Installed Programs ======================

     

    Adobe AIR 

    Adobe Flash Player 10 ActiveX 

    Adobe Reader X (10.0.1) 

    Apple Application Support 

    Apple Mobile Device Support 

    Apple Software Update 

    Best Buy pc app 

    BitTorrent 

    Bonjour 

    Call of Duty® 4 - Modern Warfare™ 

    ChromecastApp 

    D3DX10 

    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition 

    Dell DataSafe Local Backup 

    Dell Dock 

    Dell Edoc Viewer 

    Dell Getting Started Guide 

    Dell Webcam Central 

    Garmin ANT Agent 

    Garmin USB Drivers 

    Google Earth Plug-in 

    Google Update Helper 

    Healthy Edge 

    Intel PROSet Wireless 

    Intel WiMAX Tutorial 

    Intel® Graphics Media Accelerator Driver 

    Intel® Management Engine Components 

    Intel® PROSet/Wireless WiFi Software 

    Intel® Turbo Boost Technology Monitor 

    Intel® Wireless Display 

    Intel© PROSet/Wireless WiMAX Software 

    Internet Explorer 

    iRip 

    iTunes 

    Java Auto Updater 

    Java™ 6 Update 20 

    Java™ 6 Update 20 (64-bit) 

    Junk Mail filter update 

    Malwarebytes Anti-Malware version 2.0.3.1025 

    Microsoft .NET Framework 4 Client Profile 

    Microsoft Application Error Reporting 

    Microsoft Office 2010 

    Microsoft Office Access MUI (English) 2010 

    Microsoft Office Access Setup Metadata MUI (English) 2010 

    Microsoft Office Excel MUI (English) 2010 

    Microsoft Office Groove MUI (English) 2010 

    Microsoft Office InfoPath MUI (English) 2010 

    Microsoft Office Office 64-bit Components 2010 

    Microsoft Office OneNote MUI (English) 2010 

    Microsoft Office Outlook MUI (English) 2010 

    Microsoft Office PowerPoint MUI (English) 2010 

    Microsoft Office Professional Plus 2010 

    Microsoft Office Proof (English) 2010 

    Microsoft Office Proof (French) 2010 

    Microsoft Office Proof (Spanish) 2010 

    Microsoft Office Proofing (English) 2010 

    Microsoft Office Publisher MUI (English) 2010 

    Microsoft Office Shared 64-bit MUI (English) 2010 

    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 

    Microsoft Office Shared MUI (English) 2010 

    Microsoft Office Shared Setup Metadata MUI (English) 2010 

    Microsoft Office Word MUI (English) 2010 

    Microsoft Silverlight 

    Microsoft SQL Server 2005 Compact Edition [ENU] 

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 

    Microsoft Visual C++ 2005 Redistributable 

    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 

    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 

    MobileMe Control Panel 

    MSVCRT 

    MSVCRT_amd64 

    Norton AntiVirus 

    Norton Identity Safe 

    PowerDVD DX 

    Quickset64 

    QuickTime 

    Realtek High Definition Audio Driver 

    Roxio Burn 

    Safari 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) 

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) 

    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition 

    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition 

    Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition 

    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition 

    Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition 

    Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition 

    Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition 

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition 

    Synaptics Pointing Device Driver 

    The SimsT 3 

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) 

    Update for Microsoft .NET Framework 4 Client Profile (KB2473228) 

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) 

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) 

    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition 

    Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition 

    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition 

    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition 

    Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition 

    Update for Microsoft Office 2010 (KB2494150) 

    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition 

    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition 

    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition 

    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition 

    Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition 

    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition 

    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition 

    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition 

    Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition 

    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition 

    Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition 

    Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition 

    Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition 

    Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition 

    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition 

    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition 

    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition 

    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition 

    Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition 

    Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition 

    Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) 

    Windows Live Communications Platform 

    Windows Live Essentials 

    Windows Live ID Sign-in Assistant 

    Windows Live Installer 

    Windows Live Language Selector 

    Windows Live Mail 

    Windows Live Messenger 

    Windows Live MIME IFilter 

    Windows Live Movie Maker 

    Windows Live Photo Common 

    Windows Live Photo Gallery 

    Windows Live PIMT Platform 

    Windows Live SOXE 

    Windows Live SOXE Definitions 

    Windows Live Sync 

    Windows Live UX Platform 

    Windows Live UX Platform Language Pack 

    Windows Live Writer 

    Windows Live Writer Resources 

     

    ==== Running Processes ======================

     

    C:\Program Files\Dell\DellDock\DockLogin.exe

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe

    C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe

    C:\Windows\SysWOW64\PnkBstrA.exe

    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

    C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe

    C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe

    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Users\Glenn\AppData\Local\Temp\Temp1_zoek.zip\zoek.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\SysWOW64\cmd.exe

     

    ==== Services (whitelist) ======================

    Powered by E Dev

     

    R2 - [AERTFilters] - Andrea RT Filters Service - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

    R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

    R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"

    R2 - [DMAgent] - Intel® PROSet/Wireless WiMAX Red Bend Device Management Service - "C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe"

    R2 - [DockLoginService] - Dock Login Service - C:\Program Files\Dell\DellDock\DockLogin.exe

    R2 - [EvtEng] - Intel® PROSet/Wireless Event Log - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    R2 - [LMS] - Intel® Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    R2 - [MBAMScheduler] - MBAMScheduler - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"

    R2 - [MBAMService] - MBAMService - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"

    R2 - [NAV] - Norton AntiVirus - "C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\diMaster.dll" /prefetch:1

    R2 - [NCO] - Norton Identity Safe - "C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe" /s "NCO" /m "C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\diMaster.dll" /prefetch:1

    R2 - [PnkBstrA] - PnkBstrA - C:\Windows\system32\PnkBstrA.exe

    R2 - [RegSrvc] - Intel® PROSet/Wireless Registry Service - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    R2 - [SftService] - SoftThinks Agent Service - "C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE"

    R2 - [UNS] - Intel® Management & Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

    R2 - [WiMAXAppSrv] - Intel® PROSet/Wireless WiMAX Service - "C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe"

    R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

    R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"

    R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding

    R3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"

    R3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe

    R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe

    S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

    S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe

    S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe

    S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

    S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe

    S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe

    S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe

    S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc

    S3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"

    S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice

    S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe

    S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V

    S3 - [MyWiFiDHCPDNS] - Wireless PAN DHCP Server - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

    S3 - [ose] - Office  Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

    S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe

    S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe

    S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe

    S3 - [TurboBoost] - TurboBoost - "C:\Program Files\Intel\TurboBoost\TurboBoost.exe"

    S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe

    S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe

    S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"

    S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe

    S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

     

    ==== System Specs ======================

     

    Windows: Windows 7 Home Premium Edition (64-bit) (Build 7600)

    Memory (RAM): 5941 MB

    CPU Info: Intel® Core™ i5 CPU       M 460  @ 2.53GHz

    CPU Speed: 2579.3 MHz

    Sound Card: Speakers (Realtek High Definiti |

    Display Adapters: Intel® HD Graphics | Intel® HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

    Monitors: 1x; Generic PnP Monitor |

    Screen Resolution: 1600 X 900 - 32 bit

    Network: Network Present

    Network Adapters: Intel® Centrino® WiMAX 6250 | Microsoft Virtual WiFi Miniport Adapter #2 | Microsoft Virtual WiFi Miniport Adapter | Intel® Centrino® Advanced-N 6250 AGN

    CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRWBD CT30N

    Ports: COM Ports NOT Present. LPT Port NOT Present.

    Mouse: 5 Button Wheel Mouse Present

    Hard Disks: C:  581.4GB

    Hard Disks - Free: C:  466.0GB

    Manufacturer *: Dell Inc.

    BIOS Info: AT/AT COMPATIBLE | 09/13/10 | DELL   - 6040000

    Time Zone: AUS Eastern Standard Time

    Motherboard *: Dell Inc. 08VFX1

    Country: Australia

    Language: ENA

     

    ==== System Specs (Software) ======================

     

    Anti-Virus: Norton AntiVirus On-access scanning disabled (Outdated)

    Anti-Spyware: Norton AntiVirus disabled (Outdated)

    Anti-Spyware: Windows Defender disabled (Outdated)

    Internet Explorer Version: 9.0.8112.16421

    Adobe Reader version: 10.0.1.434

    Sun Java version: 1.6.0_20 (32-bit)

    Sun Java version: 1.6.0_20 (64-bit)

     

    ==== Files Recently Created / Modified ======================

     

    ====== C:\Windows ====

    ====== C:\Users\Glenn\AppData\Local\Temp ====

    2014-10-28 22:57:27              E0DC8C6BBC787B972A9A468648DBFD85             1008128  ----a-w-   C:\Users\Glenn\AppData\Local\Temp\jrt\libiconv2.dll

    2014-10-28 22:57:27              D202BAA425176287017FFE1FB5D1B77C              103424    ----a-w-   C:\Users\Glenn\AppData\Local\Temp\jrt\libintl3.dll

    2014-10-28 22:57:27              57CAC848FA14AE38F14F9441F8933282               140288    ----a-w-   C:\Users\Glenn\AppData\Local\Temp\jrt\pcre3.dll

    2014-10-28 22:57:27              547C43567AB8C08EB30F6C6BACB479A3              79360      ----a-w-   C:\Users\Glenn\AppData\Local\Temp\jrt\regex2.dll

    2014-10-28 22:57:27              2E0323A94915FAAB10A25F3BABF82584             157696    ----a-w-                C:\Users\Glenn\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

    2014-10-19 20:58:16              5C73E64374D9BA37AC5569D1F7DE5C9B              665682    ----a-w-   C:\Users\Glenn\AppData\Local\Temp\sqlite3.dll

    ====== Java Cache =====

    ====== C:\Windows\SysWOW64 =====

    ====== C:\Windows\SysWOW64\drivers =====

    ====== C:\Windows\Sysnative =====

    2014-10-18 07:01:35              29FBAC5B01211B8DA91FFB6F2044AAE2             276480    ----a-w-   C:\Windows\Sysnative\generaltel.dll

    2014-10-18 07:01:34              F531610F0692F9E7FA1D8972185E45D8               504320    ----a-w-   C:\Windows\Sysnative\aepdu.dll

    2014-10-18 07:01:34              EEF20CCCF38C8CF4749CC26702A00AFD               424448    ----a-w-   C:\Windows\Sysnative\aeinv.dll

    2014-10-18 07:01:28              6A7A217A6514BE39E78A7BF58C06F712              3195392  ----a-w-   C:\Windows\Sysnative\win32k.sys

    ====== C:\Windows\Sysnative\drivers =====

    2014-10-26 07:54:42              26C43960C99EE861A5D0EDC4DCF3B1C3              129752    ----a-w-   C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys

    2014-10-26 07:54:24              D3311B31C470E7681B14D9B014CBF9ED              93400      ----a-w-   C:\Windows\Sysnative\drivers\mbamchameleon.sys

    2014-10-26 07:54:24              95EF63A7827D4E3A229CBBCB42619E93              63704      ----a-w-   C:\Windows\Sysnative\drivers\mwac.sys

    2014-10-26 07:54:24              5C3669B71657F22E67A1D4BD49D2CBE7              25816      ----a-w-   C:\Windows\Sysnative\drivers\mbam.sys

    ====== C:\Windows\Tasks ======

    ====== C:\Windows\Temp ======

    ======= C:\Program Files =====

    ======= C:\PROGRA~2 =====

    2014-10-26 09:27:49              --------     d-----w-   C:\PROGRA~2\ESET

    ======= C: =====

    ====== C:\Users\Glenn\AppData\Roaming ======

    2014-10-25 03:39:07              --------     d-----w-   C:\Windows\SysNative\config\systemprofile\AppData\Local\CrashDumps

    ====== C:\Users\Glenn ======

    2014-10-28 23:06:39              FF33D8CDF04B1D15F3808D49406BEA43              1998336  ----a-w-   C:\Users\Glenn\Desktop\AdwCleaner.exe

    2014-10-28 22:57:14              27A4F18F1BB9F05D71128BADD4DCD5C3             1706144  ----a-w-   C:\Users\Glenn\Downloads\JRT.exe

    2014-10-28 22:41:21              943C708E6C85202BB41BAAED958F2D07              2113024  ----a-w-   C:\Users\Glenn\Downloads\FRST64.exe

     

    ====== C: exe-files ==

    2014-10-28 23:06:39              FF33D8CDF04B1D15F3808D49406BEA43              1998336  ----a-w-   C:\Users\Glenn\Desktop\AdwCleaner.exe

    2014-10-28 22:57:27              2E0323A94915FAAB10A25F3BABF82584             157696    ----a-w-                C:\Users\Glenn\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

    2014-10-28 22:57:14              27A4F18F1BB9F05D71128BADD4DCD5C3             1706144  ----a-w-   C:\Users\Glenn\Downloads\JRT.exe

    2014-10-28 22:41:21              943C708E6C85202BB41BAAED958F2D07              2113024  ----a-w-   C:\Users\Glenn\Downloads\FRST64.exe

    2014-10-28 22:34:36              943C708E6C85202BB41BAAED958F2D07              2113024  ----a-w-                C:\Users\Glenn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OE7BH40\FRST64.exe

    2014-10-26 09:27:49              E273331224005C5A8A504164373DE1DC               535304    ----a-w-   C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

    2014-10-26 09:27:49              9E47522861242EE002D7F385C35D1322               2887824  ----a-w-   C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

    2014-10-26 09:27:49              5B3DE7968D23B476AFB256D8014B25B9             333424    ----a-w-   C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe

    2014-10-26 09:27:49              47B06E473B78A792DF07D226E0537D63              119184    ----a-w-   C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

    2014-10-26 09:27:49              3C3F35C91F230493B088B334E39D1F7A               358144    ----a-w-   C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

    2014-10-26 07:01:24              EC87C870FC286178E461C1D917567DCE               41081424                ----a-w-   C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\38.0.2125.104\38.0.2125.104_chrome_installer.exe

    2014-10-26 07:00:44              821E577AB0B119278BD1940FEF224DDA             51080      ----atw-   C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateBroker.exe

    2014-10-26 07:00:44              4067DC9EA0640485F1CF395427FD5E9B               51080      ----atw-   C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe

    2014-10-26 07:00:44              27DC334376EE08A0962E6367E23D3CBA              880272    ----a-w-   C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateSetup.exe

    2014-10-26 07:00:43              976D5F35A058340DA2C160CEC4063C4B              230792    ----atw-   C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe

    2014-10-26 07:00:43              51508F0C2476177E50C31B0BBFBF1BDB              107912    ----atw-   C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdate.exe

    2014-10-26 07:00:43              26E37D5EAC3F1CF66587183AB348168C               114568    ----atw-   C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe

    2014-10-26 07:00:43              047556104954A72A2222FFF169166EEE               285064    ----atw-   C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe

    2014-10-23 08:10:45              68270679465EC5A66B65489C6E44AD64               11100752                ----a-w-   C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.104\38.0.2125.104_37.0.2062.124_chrome_updater.exe

    2014-10-22 06:34:26              821E577AB0B119278BD1940FEF224DDA             51080      ----atw-                C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateBroker.exe

    2014-10-22 06:34:26              4067DC9EA0640485F1CF395427FD5E9B               51080      ----atw-                C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe

    2014-10-22 06:34:26              27DC334376EE08A0962E6367E23D3CBA              880272    ----a-w-                C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateSetup.exe

    2014-10-22 06:34:21              976D5F35A058340DA2C160CEC4063C4B              230792    ----atw-                C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler.exe

    2014-10-22 06:34:21              26E37D5EAC3F1CF66587183AB348168C               114568    ----atw-                C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe

    2014-10-22 06:34:21              047556104954A72A2222FFF169166EEE               285064    ----atw-                C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler64.exe

    2014-10-22 06:34:20              51508F0C2476177E50C31B0BBFBF1BDB              107912    ----atw-                C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\GoogleUpdate.exe

    2014-10-22 06:34:16              27DC334376EE08A0962E6367E23D3CBA              880272    ----a-w-                C:\Users\Glenn\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.5\GoogleUpdateSetup.exe

    === C: other files ==

    2014-10-28 22:57:26              F56A319979F631C141F5FF02DF87FDB1               43563      ----a-w-   C:\Users\Glenn\AppData\Local\Temp\jrt\prelim.bat

    2014-10-28 22:57:26              DD1E4D974B1672ABD09EFFB225791C4A             1230        ----a-w-   C:\Users\Glenn\AppData\Local\Temp\jrt\TDL4.bat

    2014-10-28 22:57:26              AD2F52DC72B10AF331692E4A4DD80DFC             18670      ----a-w-   C:\Users\Glenn\AppData\Local\Temp\jrt\medfos.bat

    2014-10-28 22:57:26              AA0C656F898523BEDF2DA6923197BB80             1264        ----a-w-   C:\Users\Glenn\AppData\Local\Temp\jrt\surfvox.bat

    2014-10-28 22:57:26              8E6020C14F982CF11B3FE7DBB0CB8EDE              24738      ----a-w-                C:\Users\Glenn\AppData\Local\Temp\jrt\searchlnk.bat

    2014-10-28 22:57:26              86707BCE5CBB65D9B1C41E249B4423BA             152733    ----a-w-   C:\Users\Glenn\AppData\Local\Temp\jrt\firefox.bat

    2014-10-28 22:57:26              83F691D8398F0E37E71E9355BF730DB9               719          ----a-w-   C:\Users\Glenn\AppData\Local\Temp\jrt\ev_clear.bat

    2014-10-28 22:57:26              7F7A362CC9FBF3AD1D1E7C37DD825C0F              14957      ----a-w-   C:\Users\Glenn\AppData\Local\Temp\jrt\get.bat

    2014-10-28 22:57:26              730313487A4CF7DCAA4039643F72A1BE              184027    ----a-w-   C:\Users\Glenn\AppData\Local\Temp\jrt\misc.bat

    2014-10-28 22:57:26              4D80C7010E2CE44AB25FA25B013649E4              8085        ----a-w-   C:\Users\Glenn\AppData\Local\Temp\jrt\mws.bat

    2014-10-28 22:57:26              38A0BDF322ACCC968B0A824C38D50157              29635      ----a-w-   C:\Users\Glenn\AppData\Local\Temp\jrt\ask.bat

    2014-10-28 22:57:26              335DFF8F23E5EC02B5426362F0F8509B               31401      ----a-w-   C:\Users\Glenn\AppData\Local\Temp\jrt\iexplore.bat

    2014-10-28 22:57:26              323C58D6693BEC9A6A37566F37D81B22              9469        ----a-w-                C:\Users\Glenn\AppData\Local\Temp\jrt\runvalues.bat

    2014-10-28 22:57:26              0C4649A62845AB5D5DBCC4998477FF6D              1813        ----a-w-                C:\Users\Glenn\AppData\Local\Temp\jrt\delfolders.bat

    2014-10-28 22:57:26              048407135C9B1FB6A355E256BD96160D              14192      ----a-w-   C:\Users\Glenn\AppData\Local\Temp\jrt\chrome.bat

    2014-10-26 20:59:15              0510396A957E9FD7205BA62D3CAE4528              162392    ----a-w-                C:\Windows\System32\drivers\NSTx64\7DE07080.017\ccsetx64.sys

    2014-10-26 07:54:42              26C43960C99EE861A5D0EDC4DCF3B1C3              129752    ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys

    2014-10-26 07:54:24              D3311B31C470E7681B14D9B014CBF9ED              93400      ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys

    2014-10-26 07:54:24              95EF63A7827D4E3A229CBBCB42619E93              63704      ----a-w-   C:\Windows\System32\drivers\mwac.sys

    2014-10-26 07:54:24              5C3669B71657F22E67A1D4BD49D2CBE7              25816      ----a-w-   C:\Windows\System32\drivers\mbam.sys

    ==== Startup Registry Enabled ======================

    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

    [HKEY_USERS\S-1-5-21-3587055226-2106997194-2688200268-1000\Software\Microsoft\Windows\CurrentVersion\Run]

    "Google Update"="C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe /c"

    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "mctadmin"="C:\Windows\System32\mctadmin.exe"

    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "mctadmin"="C:\Windows\System32\mctadmin.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"

    "PDVDDXSrv"="C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

    "Google Update"="C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe /c"

    ==== Startup Registry Enabled x64 ======================

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IntelWirelessWiMAX"="C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe /tasktray /nosplash"

    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

    "IgfxTray"="C:\Windows\system32\igfxtray.exe"

    "IntelWireless"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel Wireless Tray"

    "Persistence"="C:\Windows\system32\igfxpers.exe"

     

    ==== Startup Registry Disabled x64 ======================

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

    "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="Adobe ARM"

    "hkey"="HKLM"

    "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]

    "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="Adobe Reader Speed Launcher"

    "hkey"="HKLM"

    "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ANT Agent]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="ANT Agent"

    "hkey"="HKCU"

    "command"="C:\\Program Files (x86)\\Garmin\\ANT Agent\\ANT Agent.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier]

    "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="AppleSyncNotifier"

    "hkey"="HKLM"

    "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]

    "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="APSDaemon"

    "hkey"="HKLM"

    "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="BitTorrent"

    "hkey"="HKCU"

    "command"="\"C:\\Program Files (x86)\\BitTorrent\\BitTorrent.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dell Webcam Central]

    "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="Dell Webcam Central"

    "hkey"="HKLM"

    "command"="\"C:\\Program Files (x86)\\Dell Webcam\\Dell Webcam Central\\WebcamDell2.exe\" /mode2"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Desktop Disc Tool]

    "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="Desktop Disc Tool"

    "hkey"="HKLM"

    "command"="\"C:\\Program Files (x86)\\Roxio\\Roxio Burn\\RoxioBurnLauncher.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]

    "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="iTunesHelper"

    "hkey"="HKLM"

    "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsgCenterExe]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="MsgCenterExe"

    "hkey"="HKCU"

    "command"="\"C:\\Program Files (x86)\\Real\\RealPlayer\\update\\RealOneMessageCenter.exe\"  -osboot"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="msnmsgr"

    "hkey"="HKCU"

    "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickSet]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="QuickSet"

    "hkey"="HKLM"

    "command"="C:\\Program Files\\Dell\\QuickSet\\QuickSet.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

    "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="QuickTime Task"

    "hkey"="HKLM"

    "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="RtHDVCpl"

    "hkey"="HKLM"

    "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]

    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

    "item"="SynTPEnh"

    "hkey"="HKLM"

    "command"="%PROGRAMFILES%\\Synaptics\\SynTP\\SynTPEnh.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Glenn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]

    "path"="C:\\Users\\Glenn\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dell Dock.lnk"

    "backup"="C:\\Windows\\pss\\Dell Dock.lnk.Startup"

    "backupExtension"=".Startup"

    "command"="C:\\PROGRA~1\\Dell\\DellDock\\DellDock.exe "

    "item"="Dell Dock"

    ==== Startup Folders ======================

    2010-11-12 05:19:30              829          ----a-w-   C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk

    2010-11-12 05:17:42              2000        ----a-w-   C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

    2010-11-12 05:19:30              829          ----a-w-   C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk

    2010-11-12 05:17:42              2000        ----a-w-   C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

    ==== Task Scheduler Jobs ======================

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]

    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26/10/2014 06:00 PM]

    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000Core.job --a------ :C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe []

    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000UA.job --a------ C:\Users\Glenn\AppData\LoC:al\Google\Update\GoogleUpdate.exe []

    ==== Other Scheduled Tasks ======================

    "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

    "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

    "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000Core" [C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe]

    "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000UA" [C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe]

    "C:\Windows\SysNative\tasks\JavaUpdateSched" [%COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe]

    "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe"]

    "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3587055226-2106997194-2688200268-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]

    "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3587055226-2106997194-2688200268-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]

    "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

    "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

    "C:\Windows\SysNative\tasks\Norton AntiVirus\Norton Error Analyzer" [C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe]

    "C:\Windows\SysNative\tasks\Norton AntiVirus\Norton Error Processor" [C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe]

    "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe]

    "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe]

    "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

    ==== Firefox Extensions Registry ======================

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

    "{F04D2D30-776C-4d02-8627-8E4385ECA58D}"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn" [29/10/2014 10:20 AM]

    ==== Firefox Extensions ======================

    ExtDir: C:\Users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

    - OneClickDownloader - %ExtDir%\[email protected]

    ExtDir: C:\Users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles

    - OneClickDownloader - %ExtDir%\extensions\[email protected]

    ==== Firefox Plugins ======================

    ==== Chromium Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

    iikflkcanblccfahdhdonehdalibjnif - No path found[]

    jpgalnioijgchfablfaknkbliianenml - No path found[]

    nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx[20/09/2014 07:52 PM]

    Google Slides - Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek

    Google Docs - Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

    Google Drive - Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

    Google Voice Search Hotword (Beta) - Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

    YouTube - Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

    Google Cast - Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd

    Google Search - Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

    Google Sheets - Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap

    AdBlock - Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

    Norton Identity Safe - Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif

    Nielsen - Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgalnioijgchfablfaknkbliianenml

    Google Wallet - Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

    Gmail - Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

    ==== IE Start and Search Settings ======================

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

    "Start Page"="http://www.google.com/"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

    "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"

    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.co...I7ADRA_enAU421"

    {CF9C56F7-05E4-472B-81AD-BE27088DD207} Unknown  Url="Not_Found"

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=0 folders=0 0 bytes)

    ==== EOF on Wed 29/10/2014 at 10:33:43.90 ======================


    • 0

    #6
    Biscuithd

    Biscuithd

      Trusted Helper

    • Malware Removal
    • 2,573 posts

    Ok, I understand now! :)

     

    I'm guessing that the problem is still there, so let's get another FRST scan.

     

    FRST.gif Scan with Farbar Recovery Scan Tool

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
      (XP users click run after receipt of Windows Security Warning - Open File).
    • When the tool opens click Yes to disclaimer.
    • Make sure that Addition option is checked.
    • Press Scan button and wait.
    • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

    Please copy and paste their content into your next reply.


    • 0

    #7
    catherine3122

    catherine3122

      Member

    • Topic Starter
    • Member
    • PipPip
    • 10 posts

    Thanks Biscuithd - please see below!

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
    Ran by Glenn (administrator) on GLENN-PC on 29-10-2014 18:54:39
    Running from C:\Users\Glenn\Downloads
    Loaded Profile: Glenn (Available profiles: Glenn)
    Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
    Internet Explorer Version 9
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1441792 2010-06-09] (Intel® Corporation)
    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-06] (Intel® Corporation)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-30] (CyberLink Corp.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3587055226-2106997194-2688200268-1000\...\Run: [Google Update] => C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-17] (Google Inc.)
    HKU\S-1-5-21-3587055226-2106997194-2688200268-1000\...\Run: [ANT Agent] => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14749544 2012-03-23] (GARMIN Corp.)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
    ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKCU - {CF9C56F7-05E4-472B-81AD-BE27088DD207} URL =
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
    DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
    Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
    FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2014-01-07]
    FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
    FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-10-29]

    Chrome:
    =======
    CHR Profile: C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-26]
    CHR Extension: (Google Docs) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-26]
    CHR Extension: (Google Drive) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-26]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
    CHR Extension: (YouTube) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-26]
    CHR Extension: (Google Cast) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-10-26]
    CHR Extension: (Google Search) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-26]
    CHR Extension: (Google Sheets) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-26]
    CHR Extension: (AdBlock) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-26]
    CHR Extension: (Norton Identity Safe) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-26]
    CHR Extension: (Nielsen) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgalnioijgchfablfaknkbliianenml [2014-10-26]
    CHR Extension: (Google Wallet) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-10-26]
    CHR Extension: (Gmail) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-26]
    CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-10-27]
    CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-10-27]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-08] (Red Bend Ltd.) [File not signed]
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-10] (Stardock Corporation) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-06] ()
    R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
    R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-01-01] ()
    R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-08] (Intel® Corporation) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-04] (Symantec Corporation)
    R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
    R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-28] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-10] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-10] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20141028.001\IDSvia64.sys [633560 2014-09-30] (Symantec Corporation)
    S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-29] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141027.032\ENG64.SYS [129752 2014-10-22] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141027.032\EX64.SYS [2137304 2014-10-22] (Symantec Corporation)
    R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-07] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-07] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
    R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-03] ()
    R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-12-30] (CyberLink Corp.)
    S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\appobserver64.sys [X]
    S3 L1C; system32\DRIVERS\L1C62x64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-29 18:54 - 2014-10-29 18:55 - 00017785 _____ () C:\Users\Glenn\Downloads\FRST.txt
    2014-10-29 10:28 - 2014-10-29 10:33 - 00039074 _____ () C:\zoek-results.log
    2014-10-29 10:27 - 2014-10-29 10:27 - 04256073 _____ () C:\Users\Glenn\Desktop\zoek.rar
    2014-10-29 10:26 - 2014-10-29 10:33 - 00000824 _____ () C:\runcheck.txt
    2014-10-29 10:26 - 2014-10-29 10:26 - 00000000 ____D () C:\zoek_backup
    2014-10-29 10:25 - 2014-10-29 10:26 - 04114148 _____ () C:\Users\Glenn\Desktop\zoek.zip
    2014-10-29 10:24 - 2014-10-29 10:24 - 00000000 _____ () C:\Users\Glenn\Downloads\zoek.exe
    2014-10-29 10:06 - 2014-10-29 10:06 - 01998336 _____ () C:\Users\Glenn\Desktop\AdwCleaner.exe
    2014-10-29 10:02 - 2014-10-29 10:02 - 00012999 ____H () C:\Users\Glenn\Desktop\~WRL0005.tmp
    2014-10-29 10:01 - 2014-10-29 10:01 - 00000633 _____ () C:\Users\Glenn\Desktop\JRT.txt
    2014-10-29 09:57 - 2014-10-29 09:57 - 01706144 _____ (Thisisu) C:\Users\Glenn\Downloads\JRT.exe
    2014-10-29 09:41 - 2014-10-29 09:42 - 02113024 _____ (Farbar) C:\Users\Glenn\Downloads\FRST64.exe
    2014-10-27 08:03 - 2014-10-29 18:54 - 00000000 ____D () C:\FRST
    2014-10-26 20:27 - 2014-10-26 20:27 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-10-26 20:18 - 2014-10-26 20:18 - 00000000 ____D () C:\Windows\ERUNT
    2014-10-26 20:00 - 2014-10-29 10:19 - 00000000 ____D () C:\AdwCleaner
    2014-10-26 18:54 - 2014-10-29 18:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-26 18:54 - 2014-10-26 18:54 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-26 18:54 - 2014-10-26 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-26 18:54 - 2014-10-26 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-26 18:54 - 2014-10-26 18:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-26 18:54 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-10-26 18:54 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-10-26 18:54 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-10-26 18:21 - 2014-10-26 18:21 - 00000000 ____D () C:\Windows\pss
    2014-10-18 18:01 - 2014-10-10 12:53 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-10-18 18:01 - 2014-10-10 12:53 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-10-18 18:01 - 2014-10-10 12:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-10-18 18:01 - 2014-09-15 11:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-10-04 20:59 - 2014-10-04 20:59 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-29 18:54 - 2009-07-14 16:10 - 01136648 _____ () C:\Windows\WindowsUpdate.log
    2014-10-29 18:52 - 2010-11-12 16:23 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
    2014-10-29 18:51 - 2010-11-12 16:33 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
    2014-10-29 18:51 - 2010-11-12 16:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
    2014-10-29 18:50 - 2010-11-12 17:46 - 02195346 _____ () C:\Windows\PFRO.log
    2014-10-29 18:50 - 2010-11-12 16:03 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log
    2014-10-29 18:50 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-10-29 18:50 - 2009-07-14 15:51 - 00063302 _____ () C:\Windows\setupact.log
    2014-10-29 10:39 - 2014-08-17 20:26 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000UA.job
    2014-10-29 10:27 - 2009-07-14 15:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-29 10:27 - 2009-07-14 15:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-29 10:05 - 2011-03-04 20:28 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-29 09:19 - 2009-07-14 16:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-10-28 22:45 - 2014-01-07 10:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
    2014-10-28 22:45 - 2014-01-07 10:10 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
    2014-10-28 19:10 - 2014-08-17 20:26 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000Core.job
    2014-10-26 20:03 - 2012-06-12 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-10-26 19:55 - 2011-03-04 20:28 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-10-26 19:49 - 2010-11-12 16:12 - 00000000 ____D () C:\Program Files (x86)\Citrix
    2014-10-26 19:22 - 2012-06-12 17:56 - 00000000 ____D () C:\ProgramData\InstallMate
    2014-10-26 18:41 - 2012-06-15 18:41 - 00000000 ____D () C:\Users\Glenn\Tracing
    2014-10-26 18:07 - 2011-03-05 18:32 - 00000000 ____D () C:\Users\Glenn\AppData\Roaming\BitTorrent
    2014-10-26 18:01 - 2011-03-04 20:28 - 00000000 ____D () C:\Users\Glenn\AppData\Local\Google
    2014-10-26 18:00 - 2012-06-15 17:41 - 00000000 ____D () C:\Users\Glenn\Desktop\Catherine work
    2014-10-26 18:00 - 2011-03-04 20:28 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-10-26 18:00 - 2011-03-04 20:28 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-10-26 18:00 - 2011-03-04 20:28 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-25 14:37 - 2011-12-21 19:54 - 00000000 ____D () C:\Users\Glenn\AppData\Local\CrashDumps
    2014-10-22 17:34 - 2014-08-17 20:26 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000UA
    2014-10-22 17:34 - 2014-08-17 20:26 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000Core
    2014-10-19 03:28 - 2009-07-14 15:45 - 00408088 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-19 03:26 - 2014-07-13 04:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-10-19 03:10 - 2013-07-18 04:00 - 00000000 ____D () C:\Windows\system32\MRT
    2014-10-19 03:10 - 2011-03-19 21:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-10-19 03:02 - 2013-01-27 15:11 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-10-04 20:59 - 2014-01-07 10:06 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
    2014-10-04 20:58 - 2014-01-07 10:09 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
    2014-10-04 20:58 - 2014-01-07 10:09 - 00002399 _____ () C:\Users\Public\Desktop\Norton AntiVirus.lnk
    2014-10-04 20:58 - 2014-01-07 10:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus

    Some content of TEMP:
    ====================
    C:\Users\Glenn\AppData\Local\Temp\7za.exe
    C:\Users\Glenn\AppData\Local\Temp\hijackthis.exe
    C:\Users\Glenn\AppData\Local\Temp\NirCmd.exe
    C:\Users\Glenn\AppData\Local\Temp\PEVZ.EXE
    C:\Users\Glenn\AppData\Local\Temp\Quarantine.exe
    C:\Users\Glenn\AppData\Local\Temp\remove.exe
    C:\Users\Glenn\AppData\Local\Temp\sed.exe
    C:\Users\Glenn\AppData\Local\Temp\shortcut.exe
    C:\Users\Glenn\AppData\Local\Temp\sqlite3.dll
    C:\Users\Glenn\AppData\Local\Temp\swreg.exe
    C:\Users\Glenn\AppData\Local\Temp\swxcacls.exe
    C:\Users\Glenn\AppData\Local\Temp\wget.exe
    C:\Users\Glenn\AppData\Local\Temp\zoek-delete.exe

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-10-19 03:58

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
    Ran by Glenn at 2014-10-29 18:56:54
    Running from C:\Users\Glenn\Downloads
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.53.64 - Adobe Systems Incorporated)
    Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
    BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.0 - )
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
    Call of Duty® 4 - Modern Warfare™ (x32 Version: 1.00.0000 - Activision) Hidden
    ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
    Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
    Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
    Garmin ANT Agent (HKLM-x32\...\{CB5F6422-502E-477C-B31D-25ECE8F829E6}) (Version: 2.3.3 - Garmin Ltd or its subsidiaries)
    Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
    Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
    Healthy Edge (HKLM-x32\...\{3EF0E626-A5F3-4BA8-A6EA-676D4A7AFA28}) (Version: 1.7.1 - Tanita)
    Intel PROSet Wireless (Version:  - ) Hidden
    Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
    Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
    Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
    Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
    Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.0005 - Intel Corporation)
    Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
    iRip (HKLM-x32\...\{67155532-D66C-4B52-A1A4-7F0B9817A3F0}) (Version: 1.0.1.27 - The Little App Factory, LLC.)
    iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
    Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
    Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
    Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
    Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
    PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.)
    QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
    Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
    Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
    Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.20.0 - Synaptics Incorporated)
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3587055226-2106997194-2688200268-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3587055226-2106997194-2688200268-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3587055226-2106997194-2688200268-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

    ==================== Restore Points  =========================

    13-08-2014 17:00:42 Windows Update
    22-08-2014 09:25:32 Scheduled Checkpoint
    31-08-2014 10:37:11 Scheduled Checkpoint
    13-09-2014 04:29:26 Windows Update
    18-10-2014 16:00:48 Windows Update
    28-10-2014 23:28:48 zoek.exe restore point
    29-10-2014 07:55:24 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {07588CB6-8411-4396-9CB8-858A840D1BB4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000Core => C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-17] (Google Inc.)
    Task: {07F91B9A-9277-40F6-84B3-3AB25ECCF2E5} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe
    Task: {12CDB51E-E1B8-41C0-A7D3-83C6B80CE27E} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-31] (Symantec Corporation)
    Task: {315F06DC-867E-4DB2-ABCD-5C9A2F139204} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
    Task: {45B07F35-0043-4955-B369-6E28082B1AF8} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe
    Task: {4B4F67DB-C1A2-4319-AF70-F53DD5020173} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
    Task: {535716F8-044B-414E-9827-D332ED144E3B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3587055226-2106997194-2688200268-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {6F21E956-FB10-4065-BD72-4A48A17E4951} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3587055226-2106997194-2688200268-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {A4F440EC-75AD-4595-BB1B-7C63D0C6CADF} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe
    Task: {AAE01B08-6041-4890-BC16-D812314BC335} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000UA => C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-17] (Google Inc.)
    Task: {E1D29441-20A0-47F6-824D-510E9FA5F8EA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {F05EACEE-3E1F-4654-AC86-CD4D34B73C90} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-31] (Symantec Corporation)
    Task: {FF107D89-D6FC-4963-B9AB-05B7774684D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000Core.job => C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000UA.job => C:\Users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2010-03-06 02:21 - 2010-03-06 02:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2013-01-01 17:05 - 2013-01-01 17:08 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2010-11-12 16:23 - 2011-08-19 02:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    2010-03-06 02:21 - 2010-03-06 02:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
    2011-06-24 23:56 - 2011-06-24 23:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-06-24 23:56 - 2011-06-24 23:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\28829759.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\28829759.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^Glenn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: ANT Agent => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
    MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: BitTorrent => "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
    MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: MsgCenterExe => "C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe"  -osboot
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: SynTPEnh => %PROGRAMFILES%\Synaptics\SynTP\SynTPEnh.exe

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3587055226-2106997194-2688200268-500 - Administrator - Disabled)
    Glenn (S-1-5-21-3587055226-2106997194-2688200268-1000 - Administrator - Enabled) => C:\Users\Glenn
    Guest (S-1-5-21-3587055226-2106997194-2688200268-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3587055226-2106997194-2688200268-1002 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: Ethernet Controller
    Description: Ethernet Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (10/29/2014 06:52:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    Error: (10/29/2014 06:51:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    Error: (10/29/2014 10:21:59 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    Error: (10/29/2014 10:21:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
    Percentage of memory in use: 36%
    Total physical RAM: 5940.52 MB
    Available physical RAM: 3771.71 MB
    Total Pagefile: 11879.15 MB
    Available Pagefile: 9595.32 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:465.65 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 07F2837E)
    Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
    Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=581.4 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    • 0

    #8
    Biscuithd

    Biscuithd

      Trusted Helper

    • Malware Removal
    • 2,573 posts

    Hi Catherine,

     

    Next steps...

     

    5204fb054866c-TFC_nieuw_25x25.png Clean Temporary Files with TFC

    Please download TFC by OldTimer and save it to your desktop.

    • Right-click on 5204fb054866c-TFC_nieuw_25x25.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    • Close any open programs and save your current work.
    • Click the Start button to begin. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a couple of minutes.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

    This tool doesn't generate any report. Instead I recommend to keep it for good maintenance of your machine.

     

     

    51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

    This is a very powerful tool that should be used only if advised by Malware Analyst.
    Do not run ComboFix on your own!


    Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
    Temporary disable your AntiVirus and AntiSpyware protection - instructions here.



    • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    • Accept the disclaimer and agree if prompted to install Recovery Console.
    • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
    • This scan may take some time!
    • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

    Include that log in your next reply.
    icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
    icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

     

     

    We'll search for some remnants that might be hiding.
     
    Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Install the progam and select update
     
    • Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits

    MBAMsettings.JPG

     
    • Go back to the Dashboard and select Scan Now

    MBAMScan.JPG

     
    • If threats are detected, click the Apply Actions button, MBAM will ask for a reboot

    MBAMReboot.JPG

     
    • On completion of the scan (or after the reboot) select View Detailed Log
    Select Export > Select text file and save to the desktop.

    MBAMLog.JPG

     
     
    Please post that log for my review.
     
    Last, after all these are complete, let me know if we've fixed the *32 issue.

    • 0

    #9
    catherine3122

    catherine3122

      Member

    • Topic Starter
    • Member
    • PipPip
    • 10 posts

    Hi Biscuithd,

     

    Unfortunately, these steps haven't fixed the problem.

     

    Logs pasted below.

     

    ComboFix 14-10-29.01 - Glenn 31/10/2014   8:02.1.4 - x64
    Microsoft Windows 7 Home Premium   6.1.7600.0.1252.61.1033.18.5941.3885 [GMT 11:00]
    Running from: c:\users\Glenn\Desktop\ComboFix.exe
    AV: Norton AntiVirus *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    SP: Norton AntiVirus *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\msdownld.tmp
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-09-28 to 2014-10-30  )))))))))))))))))))))))))))))))
    .
    .
    2014-10-30 21:08 . 2014-10-30 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-10-30 21:07 . 2014-10-30 21:07 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D3A86A7-2307-455E-BB91-29DD40A8AA0F}\offreg.dll
    2014-10-30 20:59 . 2014-10-19 16:37 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D3A86A7-2307-455E-BB91-29DD40A8AA0F}\mpengine.dll
    2014-10-28 23:26 . 2014-10-28 23:26 -------- d-----w- C:\zoek_backup
    2014-10-26 21:03 . 2014-10-29 07:57 -------- d-----w- C:\FRST
    2014-10-26 20:59 . 2014-10-26 20:59 -------- d-----w- c:\windows\system32\drivers\NSTx64\7DE07080.017
    2014-10-26 09:27 . 2014-10-26 09:27 -------- d-----w- c:\program files (x86)\ESET
    2014-10-26 09:18 . 2014-10-26 09:18 -------- d-----w- c:\windows\ERUNT
    2014-10-26 09:00 . 2014-10-28 23:19 -------- d-----w- C:\AdwCleaner
    2014-10-26 07:54 . 2014-10-30 20:55 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-10-26 07:54 . 2014-10-26 07:54 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-10-26 07:54 . 2014-10-26 07:54 -------- d-----w- c:\programdata\Malwarebytes
    2014-10-26 07:54 . 2014-10-01 00:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-10-26 07:54 . 2014-10-01 00:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-10-26 07:54 . 2014-10-01 00:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-10-18 07:01 . 2014-10-10 01:53 276480 ----a-w- c:\windows\system32\generaltel.dll
    2014-10-18 07:01 . 2014-10-10 01:53 504320 ----a-w- c:\windows\system32\aepdu.dll
    2014-10-18 07:01 . 2014-10-10 01:47 424448 ----a-w- c:\windows\system32\aeinv.dll
    2014-10-18 07:01 . 2014-09-15 00:44 3195392 ----a-w- c:\windows\system32\win32k.sys
    2014-10-02 10:09 . 2014-10-18 07:00 -------- d-----w- c:\windows\system32\drivers\NAVx64\1506000.020
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-10-18 16:02 . 2013-01-27 04:11 103265616 ----a-w- c:\windows\system32\MRT.exe
    2014-10-02 04:53 . 2012-12-09 06:40 278152 ------w- c:\windows\system32\MpSigStub.exe
    2014-09-13 06:16 . 2010-06-24 00:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-07-02 05:14 . 2013-07-02 05:13 33546240 ----a-w- c:\program files (x86)\GUT4692.tmp
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-16 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\28829759.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 AppObserver;Application creation observer;c:\program files (x86)\NetRatingsNetSight\NetSight\meter3\appobserver64.sys;c:\program files (x86)\NetRatingsNetSight\NetSight\meter3\appobserver64.sys [x]
    R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
    R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1506000.020\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1506000.020\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys;c:\program files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [x]
    S1 ccSet_NAV;NAV Settings Manager;c:\windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NAVx64\1506000.020\ccSetx64.sys [x]
    S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE07080.017\ccSetx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20141028.001\IDSvia64.sys;c:\program files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20141028.001\IDSvia64.sys [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1506000.020\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NAVx64\1506000.020\SYMNETS.SYS [x]
    S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/11/11 23:20];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl;c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
    S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe;c:\program files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [x]
    S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
    S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
    S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
    S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 07:00]
    .
    2014-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 07:00]
    .
    2014-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000Core.job
    - c:\users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-17 09:26]
    .
    2014-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000UA.job
    - c:\users\Glenn\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-17 09:26]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-08 391192]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-08 166424]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    Trusted Zone: credit-suisse.com\access
    TCP: DhcpNameServer = 10.1.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application"
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
    "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
    "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.8.23\diMaster.dll\" /prefetch:1"
    "ImagePath"="\SystemRoot\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS"
    "TrustedImagePaths"="c:\program files (x86)\Norton AntiVirus\Engine\21.6.0.32;c:\program files (x86)\Norton AntiVirus\Engine64\21.6.0.32"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3587055226-2106997194-2688200268-1000\Software\SecuROM\License information*]
    "datasecu"=hex:87,e8,1c,52,35,4c,ac,81,f4,55,36,1c,b4,2a,4b,f4,5f,e3,4d,6c,c4,
       71,7e,7b,22,1f,2e,02,79,df,cf,8d,78,1e,e1,15,2f,94,95,f8,a6,1e,1f,c5,58,2a,\
    "rkeysecu"=hex:79,87,db,95,ba,00,f8,e2,21,20,e4,80,60,58,97,97
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-10-31  08:11:33
    ComboFix-quarantined-files.txt  2014-10-30 21:11
    .
    Pre-Run: 503,267,688,448 bytes free
    Post-Run: 503,097,278,464 bytes free
    .
    - - End Of File - - 087279895B5ABF4389693F97C483DFE4
     

    Malwarebytes found no issues.


    • 0

    #10
    Biscuithd

    Biscuithd

      Trusted Helper

    • Malware Removal
    • 2,573 posts

    Let me know if this takes care of it.

     

    FRST.gif Fix with Farbar Recovery Scan Tool
     

    icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
    icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif



    Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

    Copy the entire content of the codebox below and paste into the Notepad document:

    start
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\28829759.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\28829759.sys => ""="Driver"
    EmptyTemp:
    REBOOT:
    end
    
    • Click File, Save As and type fixlist.txt as the File Name.

    Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

    • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
      (XP users click run after receipt of Windows Security Warning - Open File).
    • Press the Fix button just once and wait.
    • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

    Please post it to your reply.


    • 0

    Advertisements


    #11
    catherine3122

    catherine3122

      Member

    • Topic Starter
    • Member
    • PipPip
    • 10 posts

    Hello,

     

    Unfortunately - still no luck!

     

    Log below

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-11-2014
    Ran by Glenn at 2014-11-02 18:20:51 Run:2
    Running from C:\Users\Glenn\Downloads
    Loaded Profiles: Glenn &  (Available profiles: Glenn)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\28829759.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\28829759.sys => ""="Driver"
    EmptyTemp:
    REBOOT:
    end
    *****************

    "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\28829759.sys" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\28829759.sys" => Key deleted successfully.
    EmptyTemp: => Removed 213.6 MB temporary data.

    The system needed a reboot.

    ==== End of Fixlog ====


    • 0

    #12
    Biscuithd

    Biscuithd

      Trusted Helper

    • Malware Removal
    • 2,573 posts

    Hi there :)

     

    Let's take care of a couple of things...

     

    Right now you have both Norton and Defender installed and running. More than one a/v causes inteference and then both a/v's tend to miss things. My preference is Defender, but uninstalling Norton is quite difficult, so for the time being, please disable Defender. We can discuss which a/v to stick with after we get the *32 issue cleaned up.

     

    Next, BitTorrent is installed and running. It is likely the initial source of your infection. Please uninstall it until we get things cleared up. :thumbsup:

     

    I have a new fix for you.

     

     

    FRST.gif Fix with Farbar Recovery Scan Tool

    icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
    icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


     

    Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

    Copy the entire content of the codebox below and paste into the Notepad document:

    start
    S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\appobserver64.sys [X]
    
    CustomCLSID: HKU\S-1-5-21-3587055226-2106997194-2688200268-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
    
    CustomCLSID: HKU\S-1-5-21-3587055226-2106997194-2688200268-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    
    CustomCLSID: HKU\S-1-5-21-3587055226-2106997194-2688200268-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
    
    
    EmptyTemp:
    
    REBOOT:
    
    end
    
    • Click File, Save As and type fixlist.txt as the File Name.

    Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

    • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
      (XP users click run after receipt of Windows Security Warning - Open File).
    • Press the Fix button just once and wait.
    • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

    Please post it to your reply.

     

    Also, Re-scan with FRST as you did previously and post the scan too.


    • 0

    #13
    catherine3122

    catherine3122

      Member

    • Topic Starter
    • Member
    • PipPip
    • 10 posts

    Hi Biscuithd

     

    I dont use bittorrent, so no problem in removing in permanently.

     

    Logs below:

     

    Fixlog:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
    Ran by Glenn at 2014-11-04 12:23:29 Run:3
    Running from C:\Users\Glenn\Downloads
    Loaded Profiles: Glenn &  (Available profiles: Glenn)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    start
    S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter3\appobserver64.sys [X]
     
    CustomCLSID: HKU\S-1-5-21-3587055226-2106997194-2688200268-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
     
    CustomCLSID: HKU\S-1-5-21-3587055226-2106997194-2688200268-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
     
    CustomCLSID: HKU\S-1-5-21-3587055226-2106997194-2688200268-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
     
     
    EmptyTemp:
     
    REBOOT:
     
    end
    *****************
     
    AppObserver => Service deleted successfully.
    "HKU\S-1-5-21-3587055226-2106997194-2688200268-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
    "HKU\S-1-5-21-3587055226-2106997194-2688200268-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
    "HKU\S-1-5-21-3587055226-2106997194-2688200268-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
    EmptyTemp: => Removed 34.7 MB temporary data.
     
     
    The system needed a reboot. 
     
    ==== End of Fixlog ====

     

     

    FRST log:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
    Ran by Glenn (administrator) on GLENN-PC on 04-11-2014 12:37:44
    Running from C:\Users\Glenn\Downloads
    Loaded Profile: Glenn (Available profiles: Glenn)
    Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
    Internet Explorer Version 9
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1441792 2010-06-09] (Intel® Corporation)
    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-06] (Intel® Corporation)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-30] (CyberLink Corp.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3587055226-2106997194-2688200268-1000\...\Run: [ANT Agent] => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14749544 2012-03-23] (GARMIN Corp.)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3587055226-2106997194-2688200268-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKCU - {CF9C56F7-05E4-472B-81AD-BE27088DD207} URL = 
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
    DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
    Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
     
    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
    FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-11-04]
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://ifmintranet/
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-26]
    CHR Extension: (Google Docs) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-26]
    CHR Extension: (Google Drive) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-26]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-04]
    CHR Extension: (YouTube) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-26]
    CHR Extension: (Google Cast) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-10-26]
    CHR Extension: (Google Search) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-26]
    CHR Extension: (Google Sheets) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-26]
    CHR Extension: (AdBlock) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-26]
    CHR Extension: (Norton Identity Safe) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-26]
    CHR Extension: (Nielsen) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgalnioijgchfablfaknkbliianenml [2014-10-26]
    CHR Extension: (Google Wallet) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
    CHR Extension: (Gmail) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-26]
    CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-10-27]
    CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-10-27]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-08] (Red Bend Ltd.) [File not signed]
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-10] (Stardock Corporation) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-06] ()
    R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
    R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-01-01] ()
    R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-08] (Intel® Corporation) [File not signed]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-04] (Symantec Corporation)
    R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
    R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-28] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-10] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-10] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20141101.001\IDSvia64.sys [633560 2014-09-30] (Symantec Corporation)
    S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-04] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141101.003\ENG64.SYS [129752 2014-10-22] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141101.003\EX64.SYS [2137304 2014-10-22] (Symantec Corporation)
    R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-07] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-07] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-02] ()
    R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-03] ()
    R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-12-30] (CyberLink Corp.)
    S3 L1C; system32\DRIVERS\L1C62x64.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-02 18:37 - 2014-11-02 18:37 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-11-02 18:37 - 2014-11-02 18:37 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-11-02 18:36 - 2014-11-02 18:37 - 14670424 _____ () C:\Users\Glenn\Downloads\RogueKiller.exe
    2014-11-02 18:19 - 2014-11-04 12:23 - 00000000 ____D () C:\Users\Glenn\Downloads\FRST-OlderVersion
    2014-10-31 08:50 - 2014-10-31 08:50 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-10-31 08:50 - 2014-10-31 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-10-31 08:11 - 2014-10-31 08:11 - 00019110 _____ () C:\ComboFix.txt
    2014-10-31 07:59 - 2011-06-26 17:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-10-31 07:59 - 2010-11-08 04:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-10-31 07:59 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-10-31 07:59 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-10-31 07:59 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-10-31 07:59 - 2000-08-31 11:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-10-31 07:59 - 2000-08-31 11:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-10-31 07:59 - 2000-08-31 11:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-10-31 07:58 - 2014-10-31 08:11 - 00000000 ____D () C:\Qoobox
    2014-10-31 07:57 - 2014-10-31 08:10 - 00000000 ____D () C:\Windows\erdnt
    2014-10-31 07:56 - 2014-10-31 07:57 - 05591672 ____R (Swearware) C:\Users\Glenn\Desktop\ComboFix.exe
    2014-10-31 07:51 - 2014-10-31 07:51 - 00448512 _____ (OldTimer Tools) C:\Users\Glenn\Desktop\TFC.exe
    2014-10-29 18:56 - 2014-10-29 18:57 - 00021413 _____ () C:\Users\Glenn\Downloads\Addition.txt
    2014-10-29 18:54 - 2014-11-04 12:37 - 00017981 _____ () C:\Users\Glenn\Downloads\FRST.txt
    2014-10-29 10:28 - 2014-10-29 10:33 - 00039074 _____ () C:\zoek-results.log
    2014-10-29 10:27 - 2014-10-29 10:27 - 04256073 _____ () C:\Users\Glenn\Desktop\zoek.rar
    2014-10-29 10:26 - 2014-10-29 10:33 - 00000824 _____ () C:\runcheck.txt
    2014-10-29 10:26 - 2014-10-29 10:26 - 00000000 ____D () C:\zoek_backup
    2014-10-29 10:25 - 2014-10-29 10:26 - 04114148 _____ () C:\Users\Glenn\Desktop\zoek.zip
    2014-10-29 10:24 - 2014-10-29 10:24 - 00000000 _____ () C:\Users\Glenn\Downloads\zoek.exe
    2014-10-29 10:06 - 2014-10-29 10:06 - 01998336 _____ () C:\Users\Glenn\Desktop\AdwCleaner.exe
    2014-10-29 10:01 - 2014-10-29 10:01 - 00000633 _____ () C:\Users\Glenn\Desktop\JRT.txt
    2014-10-29 09:57 - 2014-10-29 09:57 - 01706144 _____ (Thisisu) C:\Users\Glenn\Downloads\JRT.exe
    2014-10-29 09:41 - 2014-11-04 12:23 - 02114560 _____ (Farbar) C:\Users\Glenn\Downloads\FRST64.exe
    2014-10-27 08:03 - 2014-11-04 12:37 - 00000000 ____D () C:\FRST
    2014-10-26 20:27 - 2014-10-26 20:27 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-10-26 20:18 - 2014-10-26 20:18 - 00000000 ____D () C:\Windows\ERUNT
    2014-10-26 20:00 - 2014-10-29 10:19 - 00000000 ____D () C:\AdwCleaner
    2014-10-26 18:54 - 2014-11-04 12:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-26 18:54 - 2014-11-04 12:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-26 18:54 - 2014-10-26 18:54 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-26 18:54 - 2014-10-26 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-26 18:54 - 2014-10-26 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-26 18:54 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-10-26 18:54 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-10-26 18:54 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-10-26 18:21 - 2014-10-26 18:21 - 00000000 ____D () C:\Windows\pss
    2014-10-18 18:01 - 2014-10-10 12:53 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-10-18 18:01 - 2014-10-10 12:53 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-10-18 18:01 - 2014-10-10 12:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-10-18 18:01 - 2014-09-15 11:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-04 12:37 - 2010-11-12 16:23 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
    2014-11-04 12:35 - 2011-03-04 20:28 - 00000000 ____D () C:\Users\Glenn\AppData\Local\Google
    2014-11-04 12:32 - 2009-07-14 15:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-04 12:32 - 2009-07-14 15:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-04 12:31 - 2012-06-15 18:11 - 00000000 ____D () C:\Users\Glenn\Desktop\Catherine Other
    2014-11-04 12:30 - 2013-04-15 22:15 - 00000000 ____D () C:\Users\Glenn\Desktop\Back up from old laptop
    2014-11-04 12:30 - 2012-06-15 17:41 - 00000000 ____D () C:\Users\Glenn\Desktop\Catherine work
    2014-11-04 12:30 - 2012-06-15 17:40 - 00000000 ____D () C:\Users\Glenn\Desktop\House
    2014-11-04 12:29 - 2010-11-12 15:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-11-04 12:29 - 2009-07-14 16:10 - 01236328 _____ () C:\Windows\WindowsUpdate.log
    2014-11-04 12:28 - 2009-07-14 16:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2014-11-04 12:25 - 2010-11-12 16:33 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
    2014-11-04 12:25 - 2010-11-12 16:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
    2014-11-04 12:25 - 2010-11-12 16:03 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log
    2014-11-04 12:24 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-04 12:24 - 2009-07-14 15:51 - 00063582 _____ () C:\Windows\setupact.log
    2014-11-04 12:23 - 2014-08-17 20:26 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000Core.job
    2014-11-04 12:20 - 2009-07-14 16:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-04 12:17 - 2014-08-17 20:26 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000UA.job
    2014-11-04 12:17 - 2011-03-04 20:28 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-02 18:46 - 2011-03-04 20:28 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-10-31 19:01 - 2010-11-12 17:46 - 02196218 _____ () C:\Windows\PFRO.log
    2014-10-31 08:11 - 2009-07-14 14:20 - 00000000 __RHD () C:\Users\Default
    2014-10-31 08:09 - 2009-07-14 13:34 - 00000215 _____ () C:\Windows\system.ini
    2014-10-29 22:11 - 2014-01-08 03:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
    2014-10-28 22:45 - 2014-01-07 10:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
    2014-10-28 22:45 - 2014-01-07 10:10 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
    2014-10-28 06:34 - 2012-12-09 17:40 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-10-26 20:03 - 2012-06-12 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-10-26 19:49 - 2010-11-12 16:12 - 00000000 ____D () C:\Program Files (x86)\Citrix
    2014-10-26 19:22 - 2012-06-12 17:56 - 00000000 ____D () C:\ProgramData\InstallMate
    2014-10-26 18:41 - 2012-06-15 18:41 - 00000000 ____D () C:\Users\Glenn\Tracing
    2014-10-26 18:00 - 2011-03-04 20:28 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-10-26 18:00 - 2011-03-04 20:28 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-10-26 18:00 - 2011-03-04 20:28 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-22 17:34 - 2014-08-17 20:26 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000UA
    2014-10-22 17:34 - 2014-08-17 20:26 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3587055226-2106997194-2688200268-1000Core
    2014-10-19 03:28 - 2009-07-14 15:45 - 00408088 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-19 03:26 - 2014-07-13 04:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-10-19 03:10 - 2013-07-18 04:00 - 00000000 ____D () C:\Windows\system32\MRT
    2014-10-19 03:10 - 2011-03-19 21:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-10-19 03:02 - 2013-01-27 15:11 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-10-19 03:58
     
    ==================== End Of Log ============================

    • 0

    #14
    Biscuithd

    Biscuithd

      Trusted Helper

    • Malware Removal
    • 2,573 posts

    FRST.gif Fix with Farbar Recovery Scan Tool

    icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
    icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif



    Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
    • Copy the entire content of the codebox below and paste into the Notepad document:

      start
       
       
      HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
      HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
      HKU\S-1-5-21-3587055226-2106997194-2688200268-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
      SearchScopes: HKCU - {CF9C56F7-05E4-472B-81AD-BE27088DD207} URL =
      CHR HomePage: Default -> hxxp://ifmintranet/
      CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
      CHR Profile: C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default
      CHR Extension: (Google Slides) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-26]
      CHR Extension: (Google Docs) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-26]
      CHR Extension: (Google Drive) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-26]
      CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-04]
      CHR Extension: (YouTube) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-26]
      CHR Extension: (Google Cast) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-10-26]
      CHR Extension: (Google Search) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-26]
      CHR Extension: (Google Sheets) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-26]
      CHR Extension: (AdBlock) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-26]
      CHR Extension: (Norton Identity Safe) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-26]
      CHR Extension: (Nielsen) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgalnioijgchfablfaknkbliianenml [2014-10-26]
      CHR Extension: (Google Wallet) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
      CHR Extension: (Gmail) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-26]
      S3 L1C; system32\DRIVERS\L1C62x64.sys [X]
       
      
      end
    • Click File, Save As and type fixlist.txt as the File Name.

    Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
    • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
      (XP users click run after receipt of Windows Security Warning - Open File).
    • Press the Fix button just once and wait.
    • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

    Please post it to your reply.

     

    In additional to posting the Fixlog, re-run FRST and do a scan (not a fix) and post the results of that as well.

     

    Last, let me know if the problem has been eliminated or not.


    • 0

    #15
    catherine3122

    catherine3122

      Member

    • Topic Starter
    • Member
    • PipPip
    • 10 posts

    Hi - unfortunately still no luck. Its a very stubborn bug!

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
    Ran by Glenn at 2014-11-07 18:15:09 Run:4
    Running from C:\Users\Glenn\Downloads
    Loaded Profiles: Glenn &  (Available profiles: Glenn)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    start
     
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3587055226-2106997194-2688200268-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKCU - {CF9C56F7-05E4-472B-81AD-BE27088DD207} URL =
    CHR HomePage: Default -> hxxp://ifmintranet/
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-26]
    CHR Extension: (Google Docs) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-26]
    CHR Extension: (Google Drive) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-26]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-04]
    CHR Extension: (YouTube) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-26]
    CHR Extension: (Google Cast) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-10-26]
    CHR Extension: (Google Search) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-26]
    CHR Extension: (Google Sheets) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-26]
    CHR Extension: (AdBlock) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-26]
    CHR Extension: (Norton Identity Safe) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-26]
    CHR Extension: (Nielsen) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgalnioijgchfablfaknkbliianenml [2014-10-26]
    CHR Extension: (Google Wallet) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
    CHR Extension: (Gmail) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-26]
    S3 L1C; system32\DRIVERS\L1C62x64.sys [X]
     
     
    end
    *****************
     
    HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-3587055226-2106997194-2688200268-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF9C56F7-05E4-472B-81AD-BE27088DD207}" => Key deleted successfully.
    "HKCR\CLSID\{CF9C56F7-05E4-472B-81AD-BE27088DD207}" => Key not found.
    Chrome HomePage deleted successfully.
    Chrome DefaultSuggestURL deleted successfully.
    CHR Profile: C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default => Error: No automatic fix found for this entry.
    C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek => Moved successfully.
    C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake => Moved successfully.
    C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf => Moved successfully.
    C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn => Moved successfully.
    C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => Moved successfully.
    C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd => Moved successfully.
    C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => Moved successfully.
    C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap => Moved successfully.
    C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom => Moved successfully.
    C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif => Moved successfully.
    C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgalnioijgchfablfaknkbliianenml => Moved successfully.
    C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
    C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia => Moved successfully.
    L1C => Service deleted successfully.
     
    ==== End of Fixlog ====
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
    Ran by Glenn (administrator) on GLENN-PC on 07-11-2014 18:19:04
    Running from C:\Users\Glenn\Downloads
    Loaded Profiles: Glenn &  (Available profiles: Glenn)
    Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
    Internet Explorer Version 9
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1441792 2010-06-09] (Intel® Corporation)
    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-06] (Intel® Corporation)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-30] (CyberLink Corp.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3587055226-2106997194-2688200268-1000\...\Run: [ANT Agent] => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14749544 2012-03-23] (GARMIN Corp.)
    HKU\S-1-5-21-3587055226-2106997194-2688200268-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ANT Agent] => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14749544 2012-03-23] (GARMIN Corp.)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKU\S-1-5-21-3587055226-2106997194-2688200268-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
    DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
    Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
     
    FireFox:
    ========
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
    FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-11-04]
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://ifmintranet/
    CHR Profile: C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-07]
    CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-10-27]
    CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-10-27]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-08] (Red Bend Ltd.) [File not signed]
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-10] (Stardock Corporation) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-06] ()
    R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
    R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-01-01] ()
    R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-08] (Intel® Corporation) [File not signed]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-04] (Symantec Corporation)
    R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
    R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-28] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-10] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-10] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20141106.001\IDSvia64.sys [633560 2014-09-30] (Symantec Corporation)
    S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-07] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141106.020\ENG64.SYS [129752 2014-10-22] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20141106.020\EX64.SYS [2137304 2014-10-22] (Symantec Corporation)
    R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-07] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-07] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-02] ()
    R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-03] ()
    R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-12-30] (CyberLink Corp.)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-02 18:37 - 2014-11-02 18:37 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-11-02 18:37 - 2014-11-02 18:37 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-11-02 18:36 - 2014-11-02 18:37 - 14670424 _____ () C:\Users\Glenn\Downloads\RogueKiller.exe
    2014-11-02 18:19 - 2014-11-04 12:23 - 00000000 ____D () C:\Users\Glenn\Downloads\FRST-OlderVersion
    2014-10-31 08:50 - 2014-10-31 08:50 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-10-31 08:50 - 2014-10-31 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-10-31 08:11 - 2014-10-31 08:11 - 00019110 _____ () C:\ComboFix.txt
    2014-10-31 07:59 - 2011-06-26 17:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-10-31 07:59 - 2010-11-08 04:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-10-31 07:59 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-10-31 07:59 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-10-31 07:59 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-10-31 07:59 - 2000-08-31 11:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-10-31 07:59 - 2000-08-31 11:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-10-31 07:59 - 2000-08-31 11:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-10-31 07:58 - 2014-10-31 08:11 - 00000000 ____D () C:\Qoobox
    2014-10-31 07:57 - 2014-10-31 08:10 - 00000000 ____D () C:\Windows\erdnt
    2014-10-31 07:56 - 2014-10-31 07:57 - 05591672 ____R (Swearware) C:\Users\Glenn\Desktop\ComboFix.exe
    2014-10-31 07:51 - 2014-10-31 07:51 - 00448512 _____ (OldTimer Tools) C:\Users\Glenn\Desktop\TFC.exe
    2014-10-29 18:56 - 2014-10-29 18:57 - 00021413 _____ () C:\Users\Glenn\Downloads\Addition.txt
    2014-10-29 18:54 - 2014-11-07 18:19 - 00015104 _____ () C:\Users\Glenn\Downloads\FRST.txt
    2014-10-29 10:28 - 2014-10-29 10:33 - 00039074 _____ () C:\zoek-results.log
    2014-10-29 10:27 - 2014-10-29 10:27 - 04256073 _____ () C:\Users\Glenn\Desktop\zoek.rar
    2014-10-29 10:26 - 2014-10-29 10:33 - 00000824 _____ () C:\runcheck.txt
    2014-10-29 10:26 - 2014-10-29 10:26 - 00000000 ____D () C:\zoek_backup
    2014-10-29 10:25 - 2014-11-04 14:21 - 02832462 _____ () C:\Users\Glenn\Desktop\zoek.zip
    2014-10-29 10:24 - 2014-10-29 10:24 - 00000000 _____ () C:\Users\Glenn\Downloads\zoek.exe
    2014-10-29 10:06 - 2014-10-29 10:06 - 01998336 _____ () C:\Users\Glenn\Desktop\AdwCleaner.exe
    2014-10-29 10:01 - 2014-10-29 10:01 - 00000633 _____ () C:\Users\Glenn\Desktop\JRT.txt
    2014-10-29 09:57 - 2014-10-29 09:57 - 01706144 _____ (Thisisu) C:\Users\Glenn\Downloads\JRT.exe
    2014-10-29 09:41 - 2014-11-04 12:23 - 02114560 _____ (Farbar) C:\Users\Glenn\Downloads\FRST64.exe
    2014-10-27 08:03 - 2014-11-07 18:19 - 00000000 ____D () C:\FRST
    2014-10-26 20:27 - 2014-10-26 20:27 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-10-26 20:18 - 2014-10-26 20:18 - 00000000 ____D () C:\Windows\ERUNT
    2014-10-26 20:00 - 2014-10-29 10:19 - 00000000 ____D () C:\AdwCleaner
    2014-10-26 18:54 - 2014-11-07 18:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-26 18:54 - 2014-11-05 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-26 18:54 - 2014-10-26 18:54 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-26 18:54 - 2014-10-26 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-26 18:54 - 2014-10-26 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-26 18:54 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-10-26 18:54 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-10-26 18:54 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-10-26 18:21 - 2014-10-26 18:21 - 00000000 ____D () C:\Windows\pss
    2014-10-18 18:01 - 2014-10-10 12:53 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-10-18 18:01 - 2014-10-10 12:53 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-10-18 18:01 - 2014-10-10 12:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-10-18 18:01 - 2014-09-15 11:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-07 18:14 - 2009-07-14 16:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-07 18:13 - 2011-03-04 20:28 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-07 18:13 - 2009-07-14 16:10 - 01248943 _____ () C:\Windows\WindowsUpdate.log
    2014-11-05 18:57 - 2010-11-12 16:23 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
    2014-11-04 12:39 - 2011-03-04 20:28 - 00000000 ____D () C:\Users\Glenn\AppData\Local\Google
    2014-11-04 12:32 - 2009-07-14 15:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-04 12:32 - 2009-07-14 15:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-04 12:31 - 2012-06-15 18:11 - 00000000 ____D () C:\Users\Glenn\Desktop\Catherine Other
    2014-11-04 12:30 - 2013-04-15 22:15 - 00000000 ____D () C:\Users\Glenn\Desktop\Back up from old laptop
    2014-11-04 12:30 - 2013-01-05 20:52 - 00000000 ____D () C:\Program Files (x86)\Origin Games
    2014-11-04 12:30 - 2012-06-15 17:41 - 00000000 ____D () C:\Users\Glenn\Desktop\Catherine work
    2014-11-04 12:30 - 2012-06-15 17:40 - 00000000 ____D () C:\Users\Glenn\Desktop\House
    2014-11-04 12:29 - 2010-11-12 15:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-11-04 12:28 - 2009-07-14 16:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2014-11-04 12:25 - 2010-11-12 16:33 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
    2014-11-04 12:25 - 2010-11-12 16:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
    2014-11-04 12:25 - 2010-11-12 16:03 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log
    2014-11-04 12:24 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-04 12:24 - 2009-07-14 15:51 - 00063582 _____ () C:\Windows\setupact.log
    2014-11-02 18:46 - 2011-03-04 20:28 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-10-31 19:01 - 2010-11-12 17:46 - 02196218 _____ () C:\Windows\PFRO.log
    2014-10-31 08:11 - 2009-07-14 14:20 - 00000000 __RHD () C:\Users\Default
    2014-10-31 08:09 - 2009-07-14 13:34 - 00000215 _____ () C:\Windows\system.ini
    2014-10-29 22:11 - 2014-01-08 03:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
    2014-10-28 22:45 - 2014-01-07 10:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
    2014-10-28 22:45 - 2014-01-07 10:10 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
    2014-10-28 06:34 - 2012-12-09 17:40 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-10-26 20:03 - 2012-06-12 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-10-26 19:49 - 2010-11-12 16:12 - 00000000 ____D () C:\Program Files (x86)\Citrix
    2014-10-26 19:22 - 2012-06-12 17:56 - 00000000 ____D () C:\ProgramData\InstallMate
    2014-10-26 18:41 - 2012-06-15 18:41 - 00000000 ____D () C:\Users\Glenn\Tracing
    2014-10-26 18:00 - 2011-03-04 20:28 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-10-26 18:00 - 2011-03-04 20:28 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-10-26 18:00 - 2011-03-04 20:28 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-19 03:28 - 2009-07-14 15:45 - 00408088 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-19 03:26 - 2014-07-13 04:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-10-19 03:10 - 2013-07-18 04:00 - 00000000 ____D () C:\Windows\system32\MRT
    2014-10-19 03:10 - 2011-03-19 21:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-10-19 03:02 - 2013-01-27 15:11 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-10-19 03:58
     
    ==================== End Of Log ============================

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP