AdwCleaner Log
# AdwCleaner v4.101 - Report created 21/11/2014 at 22:22:00
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : dennis pengelly - DENTECH-CXSLVNS
# Running from : C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\My Documents\Downloads\adwcleaner_4.101.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
-\\ Google Chrome v39.0.2171.65
*************************
AdwCleaner[R0].txt - [2550 octets] - [21/11/2014 22:17:36]
AdwCleaner[S0].txt - [2505 octets] - [21/11/2014 22:22:00]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2565 octets] ##########
JRT Log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Microsoft Windows XP x86
Ran by dennis pengelly on Fri 11/21/2014 at 22:32:18.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/21/2014 at 22:39:20.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logs (Part 1)
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-11-2014
Ran by dennis pengelly (administrator) on DENTECH-CXSLVNS on 21-11-2014 22:43:21
Running from C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\My Documents\Downloads
Loaded Profile: dennis pengelly (Available profiles: dennis pengelly)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ATI Technologies Inc.) C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
(NDS Technologies) C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\PCShowServerPMWrapper.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
() C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\NDSPCShowServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [335872 2004-03-23] (ATI Technologies, Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [55824 2007-07-17] (Logitech, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-07-01] (RealNetworks, Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-21] (AVAST Software)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-1801674531-790525478-725345543-1004\...\Run: [ATI Launchpad] => C:\Program Files\ATI Multimedia\main\launchpd.exe [106570 2004-03-31] (ATI Technologies Inc.)
HKU\S-1-5-21-1801674531-790525478-725345543-1004\...\Run: [ATI Remote Control] => C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe [196608 2004-03-23] (ATI Technologies Inc.)
HKU\S-1-5-21-1801674531-790525478-725345543-1004\...\Run: [PCShowServer] => C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\PCShowServerPMWrapper.exe [1651072 2014-10-29] (NDS Technologies)
Startup: C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\dennis pengelly\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1801674531-790525478-725345543-1004] => 0.0.0.0:80
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1801674531-790525478-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1801674531-790525478-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
https://www.google.com/?trackid=sp-006
URLSearchHook: HKU\S-1-5-21-1801674531-790525478-725345543-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-1801674531-790525478-725345543-1004 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn13\yt.dll (Yahoo! Inc.)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL =
https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL =
https://www.google.com/search?q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1801674531-790525478-725345543-1004 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
FireFox:
========
FF ProfilePath: C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Mozilla\Firefox\Profiles\uifpypoh.default
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1801674531-790525478-725345543-1004: @cisco.com/PlayerPlugin -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\npPlayerPlugin.dll (Cisco)
FF Plugin HKU\S-1-5-21-1801674531-790525478-725345543-1004: @cisco.com/PlayerPlugin64 -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\win64\npPlayerPlugin64.dll (Cisco)
FF Plugin HKU\S-1-5-21-1801674531-790525478-725345543-1004: Charter.com/PlayerPlugin -> C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter\Charter TV Player\npPlayerPlugin.dll (Cisco)
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-01]
FF HKLM\...\Firefox\Extensions: [
wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-21]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR HomePage: Default ->
https://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-28]
CHR Extension: (Google Drive) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-02]
CHR Extension: (YouTube) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-28]
CHR Extension: (Google Search) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-28]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-21]
CHR Extension: (RealDownloader) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-09]
CHR Extension: (Google Wallet) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-28]
CHR Extension: (Gmail) - C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-03-23] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [61440 2003-06-16] () [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S3 x10nets; C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-21] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-21] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-21] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-21] ()
R3 ATI Remote Wonder II; C:\WINDOWS\System32\drivers\ATIRWVD.SYS [258044 2004-01-23] (Jungo) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23904 2010-05-14] (Logitech Inc.)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-07] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-07] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-07] (HP)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-21] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\EG1032xp.sys [71040 2005-01-31] (Linksys, A Division of Cisco Systems, Inc )
S3 a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-21 22:42 - 2014-11-21 22:43 - 00000000 ____D () C:\FRST
2014-11-21 22:39 - 2014-11-21 22:39 - 00001206 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\JRT.txt
2014-11-21 22:32 - 2014-11-21 22:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-21 22:26 - 2014-11-21 22:26 - 00002645 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\AdwCleaner[S0].txt
2014-11-21 22:17 - 2014-11-21 22:22 - 00000000 ____D () C:\AdwCleaner
2014-11-21 20:52 - 2014-11-21 22:43 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp
2014-11-21 20:52 - 2014-11-21 20:52 - 00019613 _____ () C:\ComboFix.txt
2014-11-21 20:52 - 2014-11-21 20:52 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
2014-11-21 20:52 - 2014-11-21 20:52 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2014-11-21 20:17 - 2014-01-22 11:38 - 00000211 _____ () C:\Boot.bak
2014-11-21 20:16 - 2014-11-21 20:17 - 00000000 _RSHD () C:\cmdcons
2014-11-21 20:16 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-11-21 20:12 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-11-21 20:12 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-11-21 20:12 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-11-21 20:12 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-11-21 20:12 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-11-21 20:12 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-11-21 20:12 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-11-21 20:12 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-11-21 20:12 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-11-21 20:11 - 2014-11-21 20:52 - 00000000 ____D () C:\Qoobox
2014-11-21 20:10 - 2014-11-21 20:50 - 00000000 ____D () C:\WINDOWS\erdnt
2014-11-21 15:41 - 2014-11-21 15:41 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Temp
2014-11-21 15:39 - 2014-11-21 15:39 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\AVAST Software
2014-11-21 15:38 - 2014-11-21 15:38 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-11-21 15:37 - 2014-11-21 22:25 - 00000382 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-11-21 15:37 - 2014-11-21 15:37 - 00001731 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Avast Free Antivirus.lnk
2014-11-21 15:37 - 2014-11-21 15:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVAST Software
2014-11-21 15:37 - 2014-11-21 15:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVAST Software
2014-11-21 15:34 - 2014-11-21 20:47 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-11-21 15:34 - 2014-11-21 15:37 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-11-21 15:34 - 2014-11-21 15:33 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-11-21 15:34 - 2014-11-21 15:33 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-11-21 15:34 - 2014-11-21 15:33 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-11-21 15:34 - 2014-11-21 15:33 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-11-21 15:34 - 2014-11-21 15:33 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-11-21 15:34 - 2014-11-21 15:33 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-11-21 15:34 - 2014-11-21 15:33 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-11-21 15:33 - 2014-11-21 15:33 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-11-21 15:29 - 2014-11-21 15:29 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-21 15:28 - 2014-11-21 15:29 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
2014-11-21 15:28 - 2014-11-21 15:29 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
2014-11-21 14:56 - 2014-11-21 21:00 - 00000353 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\Other PC problems.txt
2014-11-21 14:40 - 2014-11-21 14:40 - 00001507 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\Notepad.lnk
2014-11-21 12:06 - 2014-11-21 12:06 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\CHARTER
2014-11-21 12:05 - 2014-11-21 12:05 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Charter
2014-11-21 09:47 - 2014-11-21 09:47 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
2014-11-21 09:47 - 2014-11-21 09:47 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
2014-11-20 22:49 - 2014-11-21 01:47 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
2014-11-20 22:49 - 2014-11-21 01:47 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
2014-11-20 22:01 - 2014-11-20 22:01 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-11-20 22:01 - 2014-11-20 22:01 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\RogueKiller
2014-11-20 22:01 - 2014-11-20 22:01 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\RogueKiller
2014-11-20 15:36 - 2014-11-20 15:37 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Mozilla
2014-11-20 15:36 - 2014-11-20 15:36 - 00000730 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-20 15:36 - 2014-11-20 15:36 - 00000730 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-20 15:36 - 2014-11-20 15:36 - 00000724 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
2014-11-20 15:36 - 2014-11-20 15:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-20 15:36 - 2014-11-20 15:36 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Mozilla
2014-11-20 15:36 - 2014-11-20 15:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
2014-11-20 15:36 - 2014-11-20 15:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla
2014-11-20 15:35 - 2014-11-20 15:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-20 14:50 - 2014-11-20 14:50 - 00015648 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-20 14:37 - 2014-11-20 14:37 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\Logitech® Webcam Software
2014-11-20 13:39 - 2014-11-20 13:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech
2014-11-20 13:39 - 2014-11-20 13:39 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech
2014-11-20 13:38 - 2014-11-20 14:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Logitech
2014-11-20 13:38 - 2014-11-20 14:37 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Logitech
2014-11-20 13:38 - 2014-11-20 13:38 - 00001261 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Logitech Webcam Software .lnk
2014-11-20 07:37 - 2014-11-20 07:37 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-11-18 07:55 - 2014-11-18 08:00 - 00026551 _____ () C:\WINDOWS\ie8Uninst.log
2014-11-17 21:56 - 2014-11-17 21:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\QuickTime
2014-11-17 21:56 - 2014-11-17 21:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\QuickTime
2014-11-17 21:51 - 2014-11-17 21:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
2014-11-17 21:51 - 2014-11-17 21:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
2014-11-17 21:50 - 2014-11-17 21:51 - 00000000 ____D () C:\Program Files\iTunes
2014-11-17 21:50 - 2014-11-17 21:51 - 00000000 ____D () C:\Program Files\iPod
2014-11-17 21:47 - 2014-11-17 21:50 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-17 21:47 - 2014-11-17 21:50 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-17 21:05 - 2014-11-17 21:05 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Emsisoft
2014-11-17 21:05 - 2014-11-17 21:05 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Emsisoft
2014-11-17 15:00 - 2014-11-18 09:21 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-11-15 20:26 - 2014-11-15 20:27 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\WinZip
2014-11-15 20:26 - 2014-11-15 20:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2014-11-15 20:26 - 2014-11-15 20:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2014-11-15 20:26 - 2014-11-15 20:26 - 00001732 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\WinZip.lnk
2014-11-15 20:26 - 2014-11-15 20:26 - 00001732 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\WinZip.lnk
2014-11-15 20:26 - 2014-11-15 20:26 - 00001732 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\WinZip.lnk
2014-11-15 20:26 - 2014-11-15 20:26 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinZip
2014-11-15 20:26 - 2014-11-15 20:26 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinZip
2014-11-15 20:25 - 2014-11-15 20:26 - 00000000 ____D () C:\Program Files\WinZip
2014-11-15 20:24 - 2014-11-15 20:24 - 00000000 ____D () C:\Program Files\File Association Helper
2014-11-15 19:54 - 2014-11-15 17:41 - 70867717 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\WP Productions Movie.MPG
2014-11-15 19:53 - 2014-11-15 19:53 - 00000529 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\Shortcut to explorer.lnk
2014-11-12 10:58 - 2014-11-12 11:00 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\Electronic Data Books
2014-11-07 09:12 - 2014-01-22 09:29 - 00000879 _____ () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\WordPad.lnk
2014-10-22 14:48 - 2014-10-22 14:49 - 06000640 _____ () C:\Program Files\GUT141.tmp
2014-10-22 14:48 - 2014-10-22 14:48 - 00000000 ____D () C:\Program Files\GUM140.tmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-21 22:44 - 2014-01-23 10:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-21 22:25 - 2014-07-01 08:32 - 00000298 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1801674531-790525478-725345543-1004.job
2014-11-21 22:25 - 2014-01-22 11:50 - 01545138 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-21 22:24 - 2014-07-01 08:32 - 00000306 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1801674531-790525478-725345543-1004.job
2014-11-21 22:24 - 2014-05-02 08:25 - 00000242 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-21 22:24 - 2014-01-23 10:00 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 22:24 - 2014-01-22 09:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-21 22:24 - 2014-01-22 04:15 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-21 22:24 - 2014-01-22 04:15 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-21 22:23 - 2014-01-22 09:38 - 00032498 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-21 22:22 - 2014-01-22 09:39 - 00000178 ___SH () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\ntuser.ini
2014-11-21 22:22 - 2014-01-22 09:39 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS
2014-11-21 22:06 - 2014-03-24 14:59 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-21 21:59 - 2014-01-23 10:00 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-21 20:52 - 2009-03-09 12:26 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-21 20:52 - 2009-03-09 12:26 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-11-21 20:47 - 2003-07-16 15:47 - 00000227 _____ () C:\WINDOWS\system.ini
2014-11-21 20:17 - 2014-01-22 04:10 - 00000327 __RSH () C:\boot.ini
2014-11-21 16:10 - 2014-04-09 09:40 - 00000000 ___RD () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\My Documents\Dropbox
2014-11-21 16:09 - 2014-04-09 09:36 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Dropbox
2014-11-21 15:03 - 2014-05-02 07:14 - 00083340 _____ () C:\WINDOWS\setupapi.log
2014-11-21 14:35 - 2014-01-22 13:01 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Application Data\Skype
2014-11-21 14:14 - 2014-03-28 07:54 - 00001813 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
2014-11-21 13:48 - 2014-09-10 10:35 - 00002265 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk
2014-11-20 22:44 - 2014-03-24 14:58 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-20 14:37 - 2009-03-10 10:06 - 00000000 ____D () C:\Program Files\Logitech
2014-11-20 13:43 - 2014-01-22 13:55 - 00011870 _____ () C:\WINDOWS\system32\lvcoinst.log
2014-11-20 13:43 - 2014-01-22 13:54 - 00011659 _____ () C:\WINDOWS\LDPINST.LOG
2014-11-20 13:43 - 2009-04-03 12:16 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2014-11-20 13:39 - 2011-01-11 07:25 - 00000000 ____D () C:\Program Files\Common Files\LWS
2014-11-20 12:43 - 2013-09-05 16:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-20 12:17 - 2014-01-22 04:11 - 00153897 _____ () C:\WINDOWS\setupact.log
2014-11-20 12:16 - 2014-01-28 12:14 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\LogiShrd
2014-11-20 12:16 - 2014-01-28 12:14 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\LogiShrd
2014-11-20 12:16 - 2014-01-22 13:59 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\LogiShrd
2014-11-20 07:41 - 2011-01-11 07:26 - 00000000 ____D () C:\WINDOWS\system32\logishrd
2014-11-20 07:40 - 2014-01-22 13:55 - 00000000 _____ () C:\WINDOWS\system32\Drivers\logiflt.iad
2014-11-18 08:02 - 2014-01-22 09:39 - 00000000 ___RD () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Start Menu\Programs\Accessories
2014-11-18 08:02 - 2009-03-09 07:05 - 00000000 ____D () C:\WINDOWS\Help
2014-11-18 08:00 - 2014-01-22 04:12 - 00369938 _____ () C:\WINDOWS\tsoc.log
2014-11-18 08:00 - 2014-01-22 04:12 - 00336371 _____ () C:\WINDOWS\comsetup.log
2014-11-18 08:00 - 2014-01-22 04:12 - 00204432 _____ () C:\WINDOWS\ntdtcsetup.log
2014-11-18 08:00 - 2014-01-22 04:12 - 00149926 _____ () C:\WINDOWS\iis6.log
2014-11-18 08:00 - 2014-01-22 04:12 - 00053281 _____ () C:\WINDOWS\ocmsn.log
2014-11-18 08:00 - 2014-01-22 04:12 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-11-18 07:56 - 2014-01-22 11:34 - 00169367 _____ () C:\WINDOWS\updspapi.log
2014-11-18 07:55 - 2014-01-22 04:12 - 00956176 _____ () C:\WINDOWS\FaxSetup.log
2014-11-18 07:55 - 2014-01-22 04:12 - 00476227 _____ () C:\WINDOWS\ocgen.log
2014-11-18 07:55 - 2014-01-22 04:12 - 00048408 _____ () C:\WINDOWS\msgsocm.log
2014-11-17 21:56 - 2014-01-22 08:13 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-17 21:50 - 2014-10-12 09:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-17 21:50 - 2014-10-12 09:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-11-17 21:28 - 2014-01-22 13:28 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\Application Data\SlimWare Utilities Inc
2014-11-17 17:24 - 2014-10-12 09:48 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-16 14:55 - 2014-09-10 10:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2014-11-16 14:55 - 2014-09-10 10:35 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2014-11-13 10:34 - 2014-01-22 10:00 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI MMC
2014-11-13 10:34 - 2014-01-22 10:00 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ATI MMC
2014-11-12 10:30 - 2014-06-17 07:21 - 00000000 ____D () C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Desktop\SELL
2014-11-12 09:43 - 2013-09-10 19:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-11-12 08:47 - 2014-01-23 10:00 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-12 08:47 - 2014-01-23 10:00 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-12 08:46 - 2014-07-09 08:44 - 17339056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-11-12 08:14 - 2014-07-17 07:51 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-12 08:14 - 2014-03-24 14:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-12 08:14 - 2014-03-24 14:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-12 08:14 - 2014-03-24 14:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-12 08:11 - 2003-07-16 15:53 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-05 11:08 - 2014-01-22 04:12 - 00466934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-31 23:25 - 2014-01-22 12:33 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
Files to move or delete:
====================
C:\Documents and Settings\dennis pengelly\Application Data\skype.ini
Some content of TEMP:
====================
C:\Documents and Settings\dennis pengelly\Local Settings\temp\10-2_legacy_xp32-64_dd_ccc.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\1MdMj.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\7HQr2P.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\aol_toolbar23.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\aol_toolbar37.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\AtiCimUn.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\avg-antivirus-free.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\AvWLF.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\bpuninstall.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\GenericUninstall.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\hsbing_717_active.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\qPwGj.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\SkypeSetup.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Documents and Settings\dennis pengelly\Local Settings\temp\System.Data.SQLite.dll
C:\Documents and Settings\dennis pengelly\Local Settings\temp\tbpreinst20.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\tbpreinst35.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\uninstaller.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\WSSetup.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\xMts8.exe
C:\Documents and Settings\dennis pengelly\Local Settings\temp\Y9mSd1.exe
C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\dennis pengelly.DENTECH-CXSLVNS\Local Settings\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================