Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Service function NtMapViewOfSection Hook alert in AVG scan [Solved]

Started by Paul432220 , Jul 11 2016 01:13 PM

This topic is locked

#1
Paul432220

Posted 11 July 2016 - 01:13 PM

Member

Member
78 posts

Hi,

I have an old laptop with XP SP3 that i want to use occasionally to surf on the internet. I installed AVG free antivirus and Malwarebytes antimalware on it to protect it.

At my first (and subsequent ) scans, AVG always alerts a critical (red X) message with the text in the title of this topic.

I already took some actions, but without any result to get this message out of the way, i ran ADWcleaner, TDSS killer, Combofix.

When i tried running GMER rootkit, i got a Windows BSOD, a second trial resulted in the same situation.

I have run also the FRST exe as requested and have attached the txt file below. On the laptop, there is also an old Symantec Endpoint sofware, but i'm not subscribed any longer for this so it is completely outdated (but still runs as i have not found a way to get writ of it). Any help is more than welcome, thanks.

#2
Jr0x

Posted 17 July 2016 - 03:37 AM

Malware removal team

Malware Removal
1,830 posts

Hi Paul432220,

Welcome to :welcome: . My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.

Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
If there is anything you are unclear of, please ask before you start the fix.
Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
There may be delayed response to you as we may live in different timezone.
Inform me of anything that happens unexpectedly during the fix at any point of time.
As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

Let's get started.

It is very important that you do not run those tool you mentioned unsupervised as it may cause more harm than good. Since you have ran the scripts, I would like a copy of the log files of those tools that you have ran.

You can find the logs of those tool at:

AdwCleaner: C:\AdwCleaner\AdwCleaner[XX].txt
TDSS Killer: C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt
Combofix: C:\ComboFix.txt

There is also no log file being attached. I would like to see the FRST log file before we proceed.

Scan with Farbar's Recovery Scan Tool (FRST)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
Paul432220

Posted 17 July 2016 - 10:39 AM

Member

Topic Starter
Member
78 posts

Hi JR0x,

tx for replying to my topic !

I'll paste you respectively, Adwcleaner.txt, TDSSKiller.txt, FRST.txt, Addition.txt.

I cannot provide you the file Combofix.txt, when running Combofix, i received (did 2 trials) a Windows Blue screen.... and no Combofix.txt file can be found afterwards...

Cheers, Paul

# AdwCleaner v5.201 - Logfile created 11/07/2016 at 15:53:19
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-10.3 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (X86)
# Username : BE76601 - T400
# Running from : C:\instexe\adwcleaner_5.201.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\igs
[-] Folder Deleted : C:\Program Files\Conduit
[-] Folder Deleted : C:\Program Files\FunWebProducts

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\system32\conduitEngine.tmp

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\s
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1700389
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
[-] Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
[-] Key Deleted : HKLM\SOFTWARE\Classes\ieplugin.JQSIEStartDetectorImpl
[-] Key Deleted : HKLM\SOFTWARE\Classes\ieplugin.JQSIEStartDetectorImpl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCSuiteCalendarView
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolband.EB_ExplorerBar
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolband.EB_ExplorerBar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolband.IPM_PrintListItem
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolband.IPM_PrintListItem.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolband.PM_Launcher
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolband.PM_Launcher.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolband.PM_PrintManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolband.PM_PrintManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolband.PR_BindStatusCallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolband.PR_BindStatusCallback.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolband.PR_CancelButtonEventHandler
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolband.PR_CancelButtonEventHandler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolband.TBToolband
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolband.TBToolband.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolband.UserOptions
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolband.UserOptions.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{38552F25-8DED-4206-BB21-041EF53328F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Headlight
[-] Key Deleted : HKCU\Software\IGS
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKCU\Software\PriceGong
[-] Key Deleted : HKCU\Software\ProgSense
[-] Key Deleted : HKCU\Software\searchya
[-] Key Deleted : HKCU\Software\searchya.com
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\IGS
[-] Key Deleted : HKLM\SOFTWARE\InstallCore
[-] Key Deleted : HKLM\SOFTWARE\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [8525 bytes] - [11/07/2016 15:53:19]
C:\AdwCleaner\AdwCleaner[S1].txt - [9890 bytes] - [11/07/2016 15:51:08]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8671 bytes] ##########

16:29:28.0631 0x1400 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
16:29:34.0663 0x1400 ============================================================
16:29:34.0663 0x1400 Current date / time: 2016/07/11 16:29:34.0663
16:29:34.0663 0x1400 SystemInfo:
16:29:34.0663 0x1400
16:29:34.0663 0x1400 OS Version: 5.1.2600 ServicePack: 3.0
16:29:34.0663 0x1400 Product type: Workstation
16:29:34.0663 0x1400 ComputerName: T400
16:29:34.0663 0x1400 UserName: BE76601
16:29:34.0663 0x1400 Windows directory: C:\WINDOWS
16:29:34.0663 0x1400 System windows directory: C:\WINDOWS
16:29:34.0663 0x1400 Processor architecture: Intel x86
16:29:34.0663 0x1400 Number of processors: 2
16:29:34.0663 0x1400 Page size: 0x1000
16:29:34.0663 0x1400 Boot type: Normal boot
16:29:34.0663 0x1400 ============================================================
16:29:35.0803 0x1400 KLMD registered as C:\WINDOWS\system32\drivers\03016499.sys
16:29:36.0881 0x1400 System UUID: {616A235C-D685-630D-CFC2-37EBA64FFE2F}
16:29:38.0960 0x1400 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
16:29:38.0960 0x1400 ============================================================
16:29:38.0960 0x1400 \Device\Harddisk0\DR0:
16:29:38.0975 0x1400 MBR partitions:
16:29:38.0975 0x1400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3B10, BlocksNum 0x12A14C00
16:29:38.0975 0x1400 ============================================================
16:29:38.0991 0x1400 Initialize success
16:29:38.0991 0x1400 ============================================================
16:29:46.0819 0x045c ============================================================
16:29:46.0819 0x045c Scan started
16:29:46.0819 0x045c Mode: Manual;
16:29:46.0819 0x045c ============================================================
16:29:46.0819 0x045c KSN ping started
16:29:50.0553 0x045c KSN ping finished: true
16:29:50.0663 0x045c ================ Scan system memory ========================
16:29:58.0053 0x045c System memory - ok
16:29:58.0053 0x045c ================ Scan services =============================
16:29:58.0085 0x045c Abiosdsk - ok
16:29:58.0085 0x045c abp480n5 - ok
16:29:58.0100 0x045c ACPI - ok
16:29:58.0100 0x045c ACPIEC - ok
16:29:58.0116 0x045c AcPrfMgrSvc - ok
16:29:58.0116 0x045c AcSvc - ok
16:29:58.0131 0x045c adpu160m - ok
16:29:58.0131 0x045c aec - ok
16:29:58.0147 0x045c AFD - ok
16:29:58.0147 0x045c agp440 - ok
16:29:58.0163 0x045c agpCPQ - ok
16:29:58.0163 0x045c Aha154x - ok
16:29:58.0178 0x045c aic78u2 - ok
16:29:58.0178 0x045c aic78xx - ok
16:29:58.0194 0x045c Alerter - ok
16:29:58.0241 0x045c ALG - ok
16:29:58.0272 0x045c AliIde - ok
16:29:58.0303 0x045c alim1541 - ok
16:29:58.0319 0x045c amdagp - ok
16:29:58.0335 0x045c amsint - ok
16:29:58.0335 0x045c ANC - ok
16:29:58.0350 0x045c AppMgmt - ok
16:29:58.0350 0x045c Arp1394 - ok
16:29:58.0366 0x045c artstartsvc - ok
16:29:58.0366 0x045c asc - ok
16:29:58.0366 0x045c asc3350p - ok
16:29:58.0381 0x045c asc3550 - ok
16:29:58.0397 0x045c Aspi32 - ok
16:29:58.0397 0x045c aspnet_state - ok
16:29:58.0413 0x045c astcc - ok
16:29:58.0413 0x045c AsyncMac - ok
16:29:58.0428 0x045c atapi - ok
16:29:58.0428 0x045c Atdisk - ok
16:29:58.0428 0x045c Atmarpc - ok
16:29:58.0444 0x045c AudioSrv - ok
16:29:58.0460 0x045c audstub - ok
16:29:58.0460 0x045c Avgdiskx - ok
16:29:58.0475 0x045c AVGIDSAgent - ok
16:29:58.0491 0x045c AVGIDSDriverl - ok
16:29:58.0491 0x045c AVGIDSHX - ok
16:29:58.0506 0x045c AVGIDSShim - ok
16:29:58.0506 0x045c Avgldx86 - ok
16:29:58.0522 0x045c Avglogx - ok
16:29:58.0522 0x045c Avgmfx86 - ok
16:29:58.0538 0x045c Avgrkx86 - ok
16:29:58.0553 0x045c avgsvc - ok
16:29:58.0553 0x045c Avgtdix - ok
16:29:58.0569 0x045c avgunivx - ok
16:29:58.0569 0x045c avgwd - ok
16:29:58.0569 0x045c avpnnic - ok
16:29:58.0585 0x045c b57w2k - ok
16:29:58.0600 0x045c Beep - ok
16:29:58.0600 0x045c BITS - ok
16:29:58.0631 0x045c Browser - ok
16:29:58.0647 0x045c btaudio - ok
16:29:58.0663 0x045c BTDriver - ok
16:29:58.0663 0x045c BthEnum - ok
16:29:58.0678 0x045c BthPan - ok
16:29:58.0694 0x045c BTHPORT - ok
16:29:58.0694 0x045c BthServ - ok
16:29:58.0710 0x045c BTHUSB - ok
16:29:58.0710 0x045c BTKRNL - ok
16:29:58.0725 0x045c btwdins - ok
16:29:58.0741 0x045c BTWDNDIS - ok
16:29:58.0741 0x045c btwmodem - ok
16:29:58.0756 0x045c BTWUSB - ok
16:29:58.0756 0x045c cbidf - ok
16:29:58.0772 0x045c cbidf2k - ok
16:29:58.0772 0x045c ccEvtMgr - ok
16:29:58.0788 0x045c ccSetMgr - ok
16:29:58.0788 0x045c cd20xrnt - ok
16:29:58.0803 0x045c Cdaudio - ok
16:29:58.0819 0x045c Cdfs - ok
16:29:58.0819 0x045c Cdrom - ok
16:29:58.0835 0x045c Changer - ok
16:29:58.0835 0x045c CiSvc - ok
16:29:58.0835 0x045c ClipSrv - ok
16:29:58.0850 0x045c clr_optimization_v2.0.50727_32 - ok
16:29:58.0850 0x045c clr_optimization_v4.0.30319_32 - ok
16:29:58.0850 0x045c CmBatt - ok
16:29:58.0866 0x045c CmdIde - ok
16:29:58.0866 0x045c CnxtHdAudService - ok
16:29:58.0866 0x045c COH_Mon - ok
16:29:58.0881 0x045c Compbatt - ok
16:29:58.0881 0x045c COMSysApp - ok
16:29:58.0913 0x045c Cpqarray - ok
16:29:58.0913 0x045c CryptSvc - ok
16:29:58.0913 0x045c dac2w2k - ok
16:29:58.0928 0x045c dac960nt - ok
16:29:58.0928 0x045c DcomLaunch - ok
16:29:58.0944 0x045c dgderdrv - ok
16:29:58.0944 0x045c Dhcp - ok
16:29:58.0960 0x045c Disk - ok
16:29:58.0960 0x045c dmadmin - ok
16:29:58.0975 0x045c dmboot - ok
16:29:58.0975 0x045c dmio - ok
16:29:58.0991 0x045c dmload - ok
16:29:58.0991 0x045c dmserver - ok
16:29:58.0991 0x045c DMusic - ok
16:29:59.0006 0x045c Dnscache - ok
16:29:59.0006 0x045c Dot3svc - ok
16:29:59.0006 0x045c dpti2o - ok
16:29:59.0022 0x045c drmkaud - ok
16:29:59.0022 0x045c dsNcAdpt - ok
16:29:59.0038 0x045c e1yexpress - ok
16:29:59.0038 0x045c EapHost - ok
16:29:59.0038 0x045c eeCtrl - ok
16:29:59.0053 0x045c EGATHDRV - ok
16:29:59.0053 0x045c EraserUtilRebootDrv - ok
16:29:59.0069 0x045c ERSvc - ok
16:29:59.0069 0x045c Eventlog - ok
16:29:59.0069 0x045c EventSystem - ok
16:29:59.0085 0x045c EvtEng - ok
16:29:59.0085 0x045c Fastfat - ok
16:29:59.0085 0x045c FastUserSwitchingCompatibility - ok
16:29:59.0100 0x045c Fdc - ok
16:29:59.0100 0x045c Fips - ok
16:29:59.0100 0x045c Flpydisk - ok
16:29:59.0116 0x045c FltMgr - ok
16:29:59.0116 0x045c FontCache3.0.0.0 - ok
16:29:59.0116 0x045c FsUsbExDisk - ok
16:29:59.0131 0x045c FsUsbExService - ok
16:29:59.0131 0x045c Fs_Rec - ok
16:29:59.0147 0x045c Ftdisk - ok
16:29:59.0147 0x045c getPlusHelper - ok
16:29:59.0163 0x045c Gpc - ok
16:29:59.0163 0x045c GTF32BUS - ok
16:29:59.0163 0x045c GTPTSER - ok
16:29:59.0178 0x045c GTSCSER - ok
16:29:59.0178 0x045c gupdate1ca1825452a051e - ok
16:29:59.0178 0x045c gupdatem - ok
16:29:59.0194 0x045c gusvc - ok
16:29:59.0210 0x045c HDAudBus - ok
16:29:59.0210 0x045c HECI - ok
16:29:59.0210 0x045c helpsvc - ok
16:29:59.0225 0x045c HidServ - ok
16:29:59.0225 0x045c HidUsb - ok
16:29:59.0225 0x045c hkmsvc - ok
16:29:59.0241 0x045c hpn - ok
16:29:59.0241 0x045c HSFHWAZL - ok
16:29:59.0241 0x045c HSF_DPV - ok
16:29:59.0256 0x045c HTTP - ok
16:29:59.0256 0x045c HTTPFilter - ok
16:29:59.0272 0x045c hwdatacard - ok
16:29:59.0272 0x045c i2omgmt - ok
16:29:59.0272 0x045c i2omp - ok
16:29:59.0288 0x045c i8042prt - ok
16:29:59.0303 0x045c ialm - ok
16:29:59.0319 0x045c iastor - ok
16:29:59.0319 0x045c ibm4610drv - ok
16:29:59.0335 0x045c IBMPMDRV - ok
16:29:59.0335 0x045c IBMPMSVC - ok
16:29:59.0335 0x045c IBMTPCHK - ok
16:29:59.0350 0x045c IDriverT - ok
16:29:59.0350 0x045c idsvc - ok
16:29:59.0366 0x045c Imapi - ok
16:29:59.0366 0x045c ImapiService - ok
16:29:59.0366 0x045c ini910u - ok
16:29:59.0381 0x045c IntelIde - ok
16:29:59.0381 0x045c intelppm - ok
16:29:59.0397 0x045c Ip6Fw - ok
16:29:59.0397 0x045c IpFilterDriver - ok
16:29:59.0397 0x045c IpInIp - ok
16:29:59.0413 0x045c IpNat - ok
16:29:59.0413 0x045c IPSec - ok
16:29:59.0428 0x045c IRENUM - ok
16:29:59.0428 0x045c ISAMsmt - ok
16:29:59.0444 0x045c isapnp - ok
16:29:59.0444 0x045c JavaQuickStarterService - ok
16:29:59.0444 0x045c Kbdclass - ok
16:29:59.0460 0x045c kbdhid - ok
16:29:59.0460 0x045c kmixer - ok
16:29:59.0475 0x045c KSecDD - ok
16:29:59.0491 0x045c lanmanserver - ok
16:29:59.0491 0x045c lanmanworkstation - ok
16:29:59.0506 0x045c lbrtfdc - ok
16:29:59.0506 0x045c LENOVO.MICMUTE - ok
16:29:59.0522 0x045c lenovo.smi - ok
16:29:59.0522 0x045c LiveUpdate - ok
16:29:59.0538 0x045c LmHosts - ok
16:29:59.0538 0x045c MBAMProtector - ok
16:29:59.0553 0x045c MBAMScheduler - ok
16:29:59.0569 0x045c MBAMService - ok
16:29:59.0569 0x045c MBAMSwissArmy - ok
16:29:59.0585 0x045c mdmxsdk - ok
16:29:59.0585 0x045c Messenger - ok
16:29:59.0600 0x045c mnmdd - ok
16:29:59.0600 0x045c mnmsrvc - ok
16:29:59.0600 0x045c Modem - ok
16:29:59.0616 0x045c Mouclass - ok
16:29:59.0616 0x045c mouhid - ok
16:29:59.0631 0x045c MountMgr - ok
16:29:59.0631 0x045c MozillaMaintenance - ok
16:29:59.0631 0x045c mraid35x - ok
16:29:59.0647 0x045c MRxDAV - ok
16:29:59.0647 0x045c MRxSmb - ok
16:29:59.0647 0x045c MSDTC - ok
16:29:59.0663 0x045c Msfs - ok
16:29:59.0678 0x045c MSIServer - ok
16:29:59.0678 0x045c MSKSSRV - ok
16:29:59.0694 0x045c MSPCLOCK - ok
16:29:59.0694 0x045c MSPQM - ok
16:29:59.0710 0x045c mssmbios - ok
16:29:59.0710 0x045c Mup - ok
16:29:59.0710 0x045c napagent - ok
16:29:59.0725 0x045c NAVENG - ok
16:29:59.0725 0x045c NAVEX15 - ok
16:29:59.0741 0x045c NDIS - ok
16:29:59.0741 0x045c NdisTapi - ok
16:29:59.0756 0x045c Ndisuio - ok
16:29:59.0756 0x045c NdisWan - ok
16:29:59.0756 0x045c NDProxy - ok
16:29:59.0772 0x045c NetBIOS - ok
16:29:59.0772 0x045c NetBT - ok
16:29:59.0772 0x045c NetDDE - ok
16:29:59.0788 0x045c NetDDEdsdm - ok
16:29:59.0788 0x045c Netlogon - ok
16:29:59.0788 0x045c Netman - ok
16:29:59.0803 0x045c NetTcpPortSharing - ok
16:29:59.0803 0x045c NETw5x32 - ok
16:29:59.0819 0x045c NETwNx32 - ok
16:29:59.0819 0x045c NIC1394 - ok
16:29:59.0819 0x045c Nla - ok
16:29:59.0835 0x045c Npfs - ok
16:29:59.0835 0x045c Ntfs - ok
16:29:59.0835 0x045c NtLmSsp - ok
16:29:59.0850 0x045c NtmsSvc - ok
16:29:59.0850 0x045c Null - ok
16:29:59.0866 0x045c NwlnkFlt - ok
16:29:59.0866 0x045c NwlnkFwd - ok
16:29:59.0866 0x045c ohci1394 - ok
16:29:59.0881 0x045c optousb - ok
16:29:59.0881 0x045c ose - ok
16:29:59.0897 0x045c PalmUSBD - ok
16:29:59.0897 0x045c Parport - ok
16:29:59.0913 0x045c PartMgr - ok
16:29:59.0913 0x045c ParVdm - ok
16:29:59.0928 0x045c pccsmcfd - ok
16:29:59.0944 0x045c PCI - ok
16:29:59.0944 0x045c PCIDump - ok
16:29:59.0960 0x045c PCIIde - ok
16:29:59.0960 0x045c Pcmcia - ok
16:29:59.0975 0x045c PDCOMP - ok
16:29:59.0975 0x045c PDFRAME - ok
16:29:59.0991 0x045c PDRELI - ok
16:29:59.0991 0x045c PDRFRAME - ok
16:30:00.0006 0x045c perc2 - ok
16:30:00.0006 0x045c perc2hib - ok
16:30:00.0038 0x045c PGP RDD Service - ok
16:30:00.0038 0x045c PGPdisk - ok
16:30:00.0038 0x045c PGPsdkDriver - ok
16:30:00.0053 0x045c PGPwded - ok
16:30:00.0053 0x045c Pgpwdefs - ok
16:30:00.0069 0x045c PlugPlay - ok
16:30:00.0069 0x045c PMEM - ok
16:30:00.0069 0x045c pneteth - ok
16:30:00.0085 0x045c PolicyAgent - ok
16:30:00.0085 0x045c Power Manager DBC Service - ok
16:30:00.0085 0x045c PptpMiniport - ok
16:30:00.0100 0x045c ProtectedStorage - ok
16:30:00.0100 0x045c Ptilink - ok
16:30:00.0100 0x045c PxHelp20 - ok
16:30:00.0116 0x045c ql1080 - ok
16:30:00.0116 0x045c Ql10wnt - ok
16:30:00.0131 0x045c ql12160 - ok
16:30:00.0131 0x045c ql1240 - ok
16:30:00.0131 0x045c ql1280 - ok
16:30:00.0147 0x045c RasAcd - ok
16:30:00.0147 0x045c RasAuto - ok
16:30:00.0147 0x045c Rasl2tp - ok
16:30:00.0163 0x045c RasMan - ok
16:30:00.0163 0x045c RasPppoe - ok
16:30:00.0178 0x045c Raspti - ok
16:30:00.0178 0x045c Rdbss - ok
16:30:00.0178 0x045c RDPCDD - ok
16:30:00.0194 0x045c rdpdr - ok
16:30:00.0210 0x045c RDPWD - ok
16:30:00.0210 0x045c RDSessMgr - ok
16:30:00.0210 0x045c redbook - ok
16:30:00.0225 0x045c RegSrvc - ok
16:30:00.0225 0x045c RemoteAccess - ok
16:30:00.0225 0x045c RemoteRegistry - ok
16:30:00.0241 0x045c RFCOMM - ok
16:30:00.0241 0x045c RpcLocator - ok
16:30:00.0256 0x045c RpcSs - ok
16:30:00.0256 0x045c RSVP - ok
16:30:00.0256 0x045c S24EventMonitor - ok
16:30:00.0272 0x045c s24trans - ok
16:30:00.0272 0x045c SamSs - ok
16:30:00.0272 0x045c SCardSvr - ok
16:30:00.0288 0x045c Schedule - ok
16:30:00.0303 0x045c Secdrv - ok
16:30:00.0303 0x045c seclogon - ok
16:30:00.0303 0x045c SENS - ok
16:30:00.0319 0x045c serenum - ok
16:30:00.0319 0x045c Serial - ok
16:30:00.0335 0x045c ServiceLayer - ok
16:30:00.0350 0x045c Sfloppy - ok
16:30:00.0366 0x045c SharedAccess - ok
16:30:00.0366 0x045c ShellHWDetection - ok
16:30:00.0366 0x045c Shockprf - ok
16:30:00.0381 0x045c Simbad - ok
16:30:00.0381 0x045c sisagp - ok
16:30:00.0397 0x045c SmcService - ok
16:30:00.0413 0x045c SNAC - ok
16:30:00.0413 0x045c SONYPVU1 - ok
16:30:00.0428 0x045c Sparrow - ok
16:30:00.0428 0x045c SPBBCDrv - ok
16:30:00.0428 0x045c splitter - ok
16:30:00.0444 0x045c Spooler - ok
16:30:00.0444 0x045c sr - ok
16:30:00.0460 0x045c srservice - ok
16:30:00.0460 0x045c SRTSP - ok
16:30:00.0460 0x045c SRTSPL - ok
16:30:00.0475 0x045c SRTSPX - ok
16:30:00.0475 0x045c Srv - ok
16:30:00.0491 0x045c SSDPSRV - ok
16:30:00.0491 0x045c stisvc - ok
16:30:00.0491 0x045c swenum - ok
16:30:00.0506 0x045c swmidi - ok
16:30:00.0506 0x045c SwPrv - ok
16:30:00.0522 0x045c Symantec AntiVirus - ok
16:30:00.0522 0x045c symc810 - ok
16:30:00.0538 0x045c symc8xx - ok
16:30:00.0538 0x045c SymEvent - ok
16:30:00.0553 0x045c SYMREDRV - ok
16:30:00.0553 0x045c SYMTDI - ok
16:30:00.0553 0x045c sym_hi - ok
16:30:00.0569 0x045c sym_u3 - ok
16:30:00.0569 0x045c SynTP - ok
16:30:00.0585 0x045c sysaudio - ok
16:30:00.0585 0x045c SysmonLog - ok
16:30:00.0585 0x045c SysPlant - ok
16:30:00.0600 0x045c tap0801 - ok
16:30:00.0600 0x045c tap0901 - ok
16:30:00.0616 0x045c TapiSrv - ok
16:30:00.0616 0x045c Tcpip - ok
16:30:00.0631 0x045c TDPIPE - ok
16:30:00.0631 0x045c TDTCP - ok
16:30:00.0631 0x045c Teefer2 - ok
16:30:00.0647 0x045c TermDD - ok
16:30:00.0647 0x045c TermService - ok
16:30:00.0663 0x045c TGRAB - ok
16:30:00.0663 0x045c Themes - ok
16:30:00.0678 0x045c TlntSvr - ok
16:30:00.0678 0x045c TosIde - ok
16:30:00.0678 0x045c TPDIGIMN - ok
16:30:00.0694 0x045c TPHDEXLGSVC - ok
16:30:00.0694 0x045c TPHKDRV - ok
16:30:00.0710 0x045c TPHKLOAD - ok
16:30:00.0710 0x045c TPHKSVC - ok
16:30:00.0725 0x045c TpKmpSVC - ok
16:30:00.0725 0x045c tpm - ok
16:30:00.0725 0x045c TPPWRIF - ok
16:30:00.0741 0x045c TrkWks - ok
16:30:00.0741 0x045c TSClient - ok
16:30:00.0756 0x045c TSMAPIP - ok
16:30:00.0756 0x045c Udfs - ok
16:30:00.0772 0x045c ultra - ok
16:30:00.0772 0x045c UnlockerDriver5 - ok
16:30:00.0788 0x045c Update - ok
16:30:00.0788 0x045c upnphost - ok
16:30:00.0788 0x045c UPS - ok
16:30:00.0803 0x045c usbccgp - ok
16:30:00.0819 0x045c usbehci - ok
16:30:00.0819 0x045c usbhub - ok
16:30:00.0819 0x045c usbprint - ok
16:30:00.0835 0x045c usbscan - ok
16:30:00.0835 0x045c USBSTOR - ok
16:30:00.0850 0x045c usbuhci - ok
16:30:00.0850 0x045c usb_rndisx - ok
16:30:00.0866 0x045c VgaSave - ok
16:30:00.0866 0x045c viaagp - ok
16:30:00.0866 0x045c ViaIde - ok
16:30:00.0881 0x045c VolSnap - ok
16:30:00.0881 0x045c VSS - ok
16:30:00.0897 0x045c W32Time - ok
16:30:00.0913 0x045c Wanarp - ok
16:30:00.0913 0x045c wcndis - ok
16:30:00.0913 0x045c Wdf01000 - ok
16:30:00.0928 0x045c WDICA - ok
16:30:00.0928 0x045c wdmaud - ok
16:30:00.0944 0x045c WebClient - ok
16:30:00.0944 0x045c winachsf - ok
16:30:00.0960 0x045c winmgmt - ok
16:30:00.0975 0x045c WmdmPmSN - ok
16:30:00.0991 0x045c Wmi - ok
16:30:00.0991 0x045c WmiAcpi - ok
16:30:01.0006 0x045c WmiApSrv - ok
16:30:01.0006 0x045c WpdUsb - ok
16:30:01.0022 0x045c WPFFontCache_v0400 - ok
16:30:01.0022 0x045c WPS - ok
16:30:01.0038 0x045c WpsHelper - ok
16:30:01.0038 0x045c WS2IFSL - ok
16:30:01.0053 0x045c wscsvc - ok
16:30:01.0053 0x045c wuauserv - ok
16:30:01.0053 0x045c WudfPf - ok
16:30:01.0069 0x045c WudfRd - ok
16:30:01.0069 0x045c WudfSvc - ok
16:30:01.0085 0x045c WZCSVC - ok
16:30:01.0085 0x045c xmlprov - ok
16:30:01.0116 0x045c ================ Scan global ===============================
16:30:01.0116 0x045c [ Global ] - ok
16:30:01.0131 0x045c ================ Scan MBR ==================================
16:30:01.0147 0x045c [ 8DF5B5BEA574E45645AB0C4ECAD7A39F ] \Device\Harddisk0\DR0
16:30:01.0256 0x045c \Device\Harddisk0\DR0 - ok
16:30:01.0256 0x045c ================ Scan VBR ==================================
16:30:01.0256 0x045c [ 5FDB6DECC83714AB8F4BE7C47E90E197 ] \Device\Harddisk0\DR0\Partition1
16:30:01.0256 0x045c \Device\Harddisk0\DR0\Partition1 - ok
16:30:01.0256 0x045c ================ Scan generic autorun ======================
16:30:01.0256 0x045c IMJPMIG8.1 - ok
16:30:01.0256 0x045c PHIME2002ASync - ok
16:30:01.0272 0x045c PHIME2002A - ok
16:30:01.0272 0x045c IgfxTray - ok
16:30:01.0272 0x045c HotKeysCmds - ok
16:30:01.0272 0x045c Persistence - ok
16:30:01.0272 0x045c BluetoothAuthenticationAgent - ok
16:30:01.0272 0x045c TpShocks - ok
16:30:01.0272 0x045c PWRMGRTR - ok
16:30:01.0288 0x045c BLOG - ok
16:30:01.0288 0x045c SynTPEnh - ok
16:30:01.0288 0x045c TPFNF7 - ok
16:30:01.0288 0x045c TPKMAPHELPER - ok
16:30:01.0288 0x045c ACTray - ok
16:30:01.0288 0x045c ACWLIcon - ok
16:30:01.0303 0x045c PSQLLauncher - ok
16:30:01.0303 0x045c Resume copy - ok
16:30:01.0303 0x045c WinPatrol - ok
16:30:01.0303 0x045c QuickTime Task - ok
16:30:01.0303 0x045c pmonmh - ok
16:30:01.0303 0x045c ccApp - ok
16:30:01.0319 0x045c KernelFaultCheck - ok
16:30:01.0319 0x045c LenovoAutoScrollUtility - ok
16:30:01.0319 0x045c SunJavaUpdateSched - ok
16:30:01.0319 0x045c AvgUi - ok
16:30:01.0319 0x045c AVG_UI - ok
16:30:01.0319 0x045c OpwareSE2 - ok
16:30:01.0335 0x045c openvpn-gui - ok
16:30:01.0335 0x045c CanonSolutionMenuEx - ok
16:30:01.0335 0x045c CanonMyPrinter - ok
16:30:01.0335 0x045c ACT_APL - ok
16:30:01.0335 0x045c MSConfig - ok
16:30:01.0335 0x045c Virtual Dimension - ok
16:30:01.0350 0x045c Cookienator - ok
16:30:01.0350 0x045c ctfmon.exe - ok
16:30:01.0350 0x045c PDHookServer - ok
16:30:01.0350 0x045c SymphonyPreLoad - ok
16:30:01.0350 0x045c AeroSnap - ok
16:30:01.0741 0x045c AV detected via SS1: AVG AntiVirus Free Edition, 2016.0, enabled, updated
16:30:01.0741 0x045c AV detected via SS1: Symantec Endpoint Protection, 11.0.6200.513, enabled, outofdate
16:30:01.0756 0x045c FW detected via SS1: Symantec Endpoint Protection, 10.0, enabled
16:30:04.0210 0x045c ============================================================
16:30:04.0210 0x045c Scan finished
16:30:04.0210 0x045c ============================================================
16:30:04.0241 0x0240 Detected object count: 0
16:30:04.0241 0x0240 Actual detected object count: 0
16:30:08.0100 0x0f18 ============================================================
16:30:08.0100 0x0f18 Scan started
16:30:08.0100 0x0f18 Mode: Manual;
16:30:08.0100 0x0f18 ============================================================
16:30:08.0100 0x0f18 KSN ping started
16:30:10.0460 0x0f18 KSN ping finished: true
16:30:10.0460 0x0f18 ================ Scan system memory ========================
16:30:11.0991 0x0f18 System memory - ok
16:30:11.0991 0x0f18 ================ Scan services =============================
16:30:12.0006 0x0f18 Abiosdsk - ok
16:30:12.0006 0x0f18 abp480n5 - ok
16:30:12.0006 0x0f18 ACPI - ok
16:30:12.0022 0x0f18 ACPIEC - ok
16:30:12.0022 0x0f18 AcPrfMgrSvc - ok
16:30:12.0022 0x0f18 AcSvc - ok
16:30:12.0038 0x0f18 adpu160m - ok
16:30:12.0038 0x0f18 aec - ok
16:30:12.0038 0x0f18 AFD - ok
16:30:12.0053 0x0f18 agp440 - ok
16:30:12.0053 0x0f18 agpCPQ - ok
16:30:12.0053 0x0f18 Aha154x - ok
16:30:12.0069 0x0f18 aic78u2 - ok
16:30:12.0069 0x0f18 aic78xx - ok
16:30:12.0069 0x0f18 Alerter - ok
16:30:12.0085 0x0f18 ALG - ok
16:30:12.0085 0x0f18 AliIde - ok
16:30:12.0085 0x0f18 alim1541 - ok
16:30:12.0100 0x0f18 amdagp - ok
16:30:12.0100 0x0f18 amsint - ok
16:30:12.0100 0x0f18 ANC - ok
16:30:12.0116 0x0f18 AppMgmt - ok
16:30:12.0116 0x0f18 Arp1394 - ok
16:30:12.0116 0x0f18 artstartsvc - ok
16:30:12.0131 0x0f18 asc - ok
16:30:12.0131 0x0f18 asc3350p - ok
16:30:12.0131 0x0f18 asc3550 - ok
16:30:12.0147 0x0f18 Aspi32 - ok
16:30:12.0147 0x0f18 aspnet_state - ok
16:30:12.0163 0x0f18 astcc - ok
16:30:12.0163 0x0f18 AsyncMac - ok
16:30:12.0178 0x0f18 atapi - ok
16:30:12.0178 0x0f18 Atdisk - ok
16:30:12.0178 0x0f18 Atmarpc - ok
16:30:12.0194 0x0f18 AudioSrv - ok
16:30:12.0194 0x0f18 audstub - ok
16:30:12.0194 0x0f18 Avgdiskx - ok
16:30:12.0210 0x0f18 AVGIDSAgent - ok
16:30:12.0210 0x0f18 AVGIDSDriverl - ok
16:30:12.0210 0x0f18 AVGIDSHX - ok
16:30:12.0225 0x0f18 AVGIDSShim - ok
16:30:12.0225 0x0f18 Avgldx86 - ok
16:30:12.0225 0x0f18 Avglogx - ok
16:30:12.0241 0x0f18 Avgmfx86 - ok
16:30:12.0241 0x0f18 Avgrkx86 - ok
16:30:12.0241 0x0f18 avgsvc - ok
16:30:12.0256 0x0f18 Avgtdix - ok
16:30:12.0256 0x0f18 avgunivx - ok
16:30:12.0256 0x0f18 avgwd - ok
16:30:12.0272 0x0f18 avpnnic - ok
16:30:12.0272 0x0f18 b57w2k - ok
16:30:12.0288 0x0f18 Beep - ok
16:30:12.0288 0x0f18 BITS - ok
16:30:12.0288 0x0f18 Browser - ok
16:30:12.0303 0x0f18 btaudio - ok
16:30:12.0303 0x0f18 BTDriver - ok
16:30:12.0303 0x0f18 BthEnum - ok
16:30:12.0319 0x0f18 BthPan - ok
16:30:12.0319 0x0f18 BTHPORT - ok
16:30:12.0319 0x0f18 BthServ - ok
16:30:12.0335 0x0f18 BTHUSB - ok
16:30:12.0335 0x0f18 BTKRNL - ok
16:30:12.0335 0x0f18 btwdins - ok
16:30:12.0350 0x0f18 BTWDNDIS - ok
16:30:12.0350 0x0f18 btwmodem - ok
16:30:12.0350 0x0f18 BTWUSB - ok
16:30:12.0366 0x0f18 cbidf - ok
16:30:12.0366 0x0f18 cbidf2k - ok
16:30:12.0366 0x0f18 ccEvtMgr - ok
16:30:12.0381 0x0f18 ccSetMgr - ok
16:30:12.0381 0x0f18 cd20xrnt - ok
16:30:12.0381 0x0f18 Cdaudio - ok
16:30:12.0397 0x0f18 Cdfs - ok
16:30:12.0397 0x0f18 Cdrom - ok
16:30:12.0397 0x0f18 Changer - ok
16:30:12.0413 0x0f18 CiSvc - ok
16:30:12.0413 0x0f18 ClipSrv - ok
16:30:12.0413 0x0f18 clr_optimization_v2.0.50727_32 - ok
16:30:12.0428 0x0f18 clr_optimization_v4.0.30319_32 - ok
16:30:12.0428 0x0f18 CmBatt - ok
16:30:12.0444 0x0f18 CmdIde - ok
16:30:12.0444 0x0f18 CnxtHdAudService - ok
16:30:12.0444 0x0f18 COH_Mon - ok
16:30:12.0460 0x0f18 Compbatt - ok
16:30:12.0460 0x0f18 COMSysApp - ok
16:30:12.0475 0x0f18 Cpqarray - ok
16:30:12.0475 0x0f18 CryptSvc - ok
16:30:12.0491 0x0f18 dac2w2k - ok
16:30:12.0491 0x0f18 dac960nt - ok
16:30:12.0491 0x0f18 DcomLaunch - ok
16:30:12.0491 0x0f18 dgderdrv - ok
16:30:12.0506 0x0f18 Dhcp - ok
16:30:12.0506 0x0f18 Disk - ok
16:30:12.0522 0x0f18 dmadmin - ok
16:30:12.0522 0x0f18 dmboot - ok
16:30:12.0522 0x0f18 dmio - ok
16:30:12.0538 0x0f18 dmload - ok
16:30:12.0538 0x0f18 dmserver - ok
16:30:12.0538 0x0f18 DMusic - ok
16:30:12.0553 0x0f18 Dnscache - ok
16:30:12.0553 0x0f18 Dot3svc - ok
16:30:12.0553 0x0f18 dpti2o - ok
16:30:12.0569 0x0f18 drmkaud - ok
16:30:12.0569 0x0f18 dsNcAdpt - ok
16:30:12.0569 0x0f18 e1yexpress - ok
16:30:12.0585 0x0f18 EapHost - ok
16:30:12.0585 0x0f18 eeCtrl - ok
16:30:12.0585 0x0f18 EGATHDRV - ok
16:30:12.0600 0x0f18 EraserUtilRebootDrv - ok
16:30:12.0600 0x0f18 ERSvc - ok
16:30:12.0600 0x0f18 Eventlog - ok
16:30:12.0616 0x0f18 EventSystem - ok
16:30:12.0616 0x0f18 EvtEng - ok
16:30:12.0616 0x0f18 Fastfat - ok
16:30:12.0631 0x0f18 FastUserSwitchingCompatibility - ok
16:30:12.0631 0x0f18 Fdc - ok
16:30:12.0631 0x0f18 Fips - ok
16:30:12.0647 0x0f18 Flpydisk - ok
16:30:12.0647 0x0f18 FltMgr - ok
16:30:12.0647 0x0f18 FontCache3.0.0.0 - ok
16:30:12.0663 0x0f18 FsUsbExDisk - ok
16:30:12.0663 0x0f18 FsUsbExService - ok
16:30:12.0663 0x0f18 Fs_Rec - ok
16:30:12.0678 0x0f18 Ftdisk - ok
16:30:12.0678 0x0f18 getPlusHelper - ok
16:30:12.0678 0x0f18 Gpc - ok
16:30:12.0694 0x0f18 GTF32BUS - ok
16:30:12.0694 0x0f18 GTPTSER - ok
16:30:12.0694 0x0f18 GTSCSER - ok
16:30:12.0710 0x0f18 gupdate1ca1825452a051e - ok
16:30:12.0710 0x0f18 gupdatem - ok
16:30:12.0710 0x0f18 gusvc - ok
16:30:12.0725 0x0f18 HDAudBus - ok
16:30:12.0725 0x0f18 HECI - ok
16:30:12.0741 0x0f18 helpsvc - ok
16:30:12.0741 0x0f18 HidServ - ok
16:30:12.0741 0x0f18 HidUsb - ok
16:30:12.0756 0x0f18 hkmsvc - ok
16:30:12.0756 0x0f18 hpn - ok
16:30:12.0756 0x0f18 HSFHWAZL - ok
16:30:12.0772 0x0f18 HSF_DPV - ok
16:30:12.0772 0x0f18 HTTP - ok
16:30:12.0772 0x0f18 HTTPFilter - ok
16:30:12.0788 0x0f18 hwdatacard - ok
16:30:12.0788 0x0f18 i2omgmt - ok
16:30:12.0788 0x0f18 i2omp - ok
16:30:12.0803 0x0f18 i8042prt - ok
16:30:12.0803 0x0f18 ialm - ok
16:30:12.0803 0x0f18 iastor - ok
16:30:12.0819 0x0f18 ibm4610drv - ok
16:30:12.0819 0x0f18 IBMPMDRV - ok
16:30:12.0819 0x0f18 IBMPMSVC - ok
16:30:12.0835 0x0f18 IBMTPCHK - ok
16:30:12.0835 0x0f18 IDriverT - ok
16:30:12.0835 0x0f18 idsvc - ok
16:30:12.0850 0x0f18 Imapi - ok
16:30:12.0850 0x0f18 ImapiService - ok
16:30:12.0866 0x0f18 ini910u - ok
16:30:12.0866 0x0f18 IntelIde - ok
16:30:12.0866 0x0f18 intelppm - ok
16:30:12.0881 0x0f18 Ip6Fw - ok
16:30:12.0881 0x0f18 IpFilterDriver - ok
16:30:12.0881 0x0f18 IpInIp - ok
16:30:12.0897 0x0f18 IpNat - ok
16:30:12.0897 0x0f18 IPSec - ok
16:30:12.0897 0x0f18 IRENUM - ok
16:30:12.0913 0x0f18 ISAMsmt - ok
16:30:12.0913 0x0f18 isapnp - ok
16:30:12.0928 0x0f18 JavaQuickStarterService - ok
16:30:12.0928 0x0f18 Kbdclass - ok
16:30:12.0928 0x0f18 kbdhid - ok
16:30:12.0944 0x0f18 kmixer - ok
16:30:12.0944 0x0f18 KSecDD - ok
16:30:12.0944 0x0f18 lanmanserver - ok
16:30:12.0960 0x0f18 lanmanworkstation - ok
16:30:12.0960 0x0f18 lbrtfdc - ok
16:30:12.0960 0x0f18 LENOVO.MICMUTE - ok
16:30:12.0975 0x0f18 lenovo.smi - ok
16:30:12.0975 0x0f18 LiveUpdate - ok
16:30:12.0991 0x0f18 LmHosts - ok
16:30:12.0991 0x0f18 MBAMProtector - ok
16:30:12.0991 0x0f18 MBAMScheduler - ok
16:30:13.0006 0x0f18 MBAMService - ok
16:30:13.0006 0x0f18 MBAMSwissArmy - ok
16:30:13.0006 0x0f18 mdmxsdk - ok
16:30:13.0022 0x0f18 Messenger - ok
16:30:13.0022 0x0f18 mnmdd - ok
16:30:13.0022 0x0f18 mnmsrvc - ok
16:30:13.0038 0x0f18 Modem - ok
16:30:13.0038 0x0f18 Mouclass - ok
16:30:13.0038 0x0f18 mouhid - ok
16:30:13.0053 0x0f18 MountMgr - ok
16:30:13.0053 0x0f18 MozillaMaintenance - ok
16:30:13.0053 0x0f18 mraid35x - ok
16:30:13.0069 0x0f18 MRxDAV - ok
16:30:13.0069 0x0f18 MRxSmb - ok
16:30:13.0069 0x0f18 MSDTC - ok
16:30:13.0085 0x0f18 Msfs - ok
16:30:13.0085 0x0f18 MSIServer - ok
16:30:13.0100 0x0f18 MSKSSRV - ok
16:30:13.0100 0x0f18 MSPCLOCK - ok
16:30:13.0100 0x0f18 MSPQM - ok
16:30:13.0116 0x0f18 mssmbios - ok
16:30:13.0116 0x0f18 Mup - ok
16:30:13.0116 0x0f18 napagent - ok
16:30:13.0131 0x0f18 NAVENG - ok
16:30:13.0131 0x0f18 NAVEX15 - ok
16:30:13.0147 0x0f18 NDIS - ok
16:30:13.0147 0x0f18 NdisTapi - ok
16:30:13.0147 0x0f18 Ndisuio - ok
16:30:13.0163 0x0f18 NdisWan - ok
16:30:13.0163 0x0f18 NDProxy - ok
16:30:13.0163 0x0f18 NetBIOS - ok
16:30:13.0178 0x0f18 NetBT - ok
16:30:13.0178 0x0f18 NetDDE - ok
16:30:13.0178 0x0f18 NetDDEdsdm - ok
16:30:13.0194 0x0f18 Netlogon - ok
16:30:13.0194 0x0f18 Netman - ok
16:30:13.0194 0x0f18 NetTcpPortSharing - ok
16:30:13.0210 0x0f18 NETw5x32 - ok
16:30:13.0210 0x0f18 NETwNx32 - ok
16:30:13.0210 0x0f18 NIC1394 - ok
16:30:13.0225 0x0f18 Nla - ok
16:30:13.0225 0x0f18 Npfs - ok
16:30:13.0241 0x0f18 Ntfs - ok
16:30:13.0241 0x0f18 NtLmSsp - ok
16:30:13.0241 0x0f18 NtmsSvc - ok
16:30:13.0256 0x0f18 Null - ok
16:30:13.0256 0x0f18 NwlnkFlt - ok
16:30:13.0256 0x0f18 NwlnkFwd - ok
16:30:13.0272 0x0f18 ohci1394 - ok
16:30:13.0272 0x0f18 optousb - ok
16:30:13.0272 0x0f18 ose - ok
16:30:13.0288 0x0f18 PalmUSBD - ok
16:30:13.0288 0x0f18 Parport - ok
16:30:13.0303 0x0f18 PartMgr - ok
16:30:13.0303 0x0f18 ParVdm - ok
16:30:13.0303 0x0f18 pccsmcfd - ok
16:30:13.0319 0x0f18 PCI - ok
16:30:13.0319 0x0f18 PCIDump - ok
16:30:13.0319 0x0f18 PCIIde - ok
16:30:13.0335 0x0f18 Pcmcia - ok
16:30:13.0335 0x0f18 PDCOMP - ok
16:30:13.0335 0x0f18 PDFRAME - ok
16:30:13.0350 0x0f18 PDRELI - ok
16:30:13.0350 0x0f18 PDRFRAME - ok
16:30:13.0350 0x0f18 perc2 - ok
16:30:13.0366 0x0f18 perc2hib - ok
16:30:13.0381 0x0f18 PGP RDD Service - ok
16:30:13.0381 0x0f18 PGPdisk - ok
16:30:13.0397 0x0f18 PGPsdkDriver - ok
16:30:13.0397 0x0f18 PGPwded - ok
16:30:13.0397 0x0f18 Pgpwdefs - ok
16:30:13.0413 0x0f18 PlugPlay - ok
16:30:13.0413 0x0f18 PMEM - ok
16:30:13.0413 0x0f18 pneteth - ok
16:30:13.0428 0x0f18 PolicyAgent - ok
16:30:13.0428 0x0f18 Power Manager DBC Service - ok
16:30:13.0444 0x0f18 PptpMiniport - ok
16:30:13.0444 0x0f18 ProtectedStorage - ok
16:30:13.0444 0x0f18 Ptilink - ok
16:30:13.0460 0x0f18 PxHelp20 - ok
16:30:13.0460 0x0f18 ql1080 - ok
16:30:13.0460 0x0f18 Ql10wnt - ok
16:30:13.0475 0x0f18 ql12160 - ok
16:30:13.0475 0x0f18 ql1240 - ok
16:30:13.0491 0x0f18 ql1280 - ok
16:30:13.0491 0x0f18 RasAcd - ok
16:30:13.0491 0x0f18 RasAuto - ok
16:30:13.0506 0x0f18 Rasl2tp - ok
16:30:13.0506 0x0f18 RasMan - ok
16:30:13.0506 0x0f18 RasPppoe - ok
16:30:13.0522 0x0f18 Raspti - ok
16:30:13.0522 0x0f18 Rdbss - ok
16:30:13.0538 0x0f18 RDPCDD - ok
16:30:13.0538 0x0f18 rdpdr - ok
16:30:13.0553 0x0f18 RDPWD - ok
16:30:13.0553 0x0f18 RDSessMgr - ok
16:30:13.0553 0x0f18 redbook - ok
16:30:13.0569 0x0f18 RegSrvc - ok
16:30:13.0569 0x0f18 RemoteAccess - ok
16:30:13.0585 0x0f18 RemoteRegistry - ok
16:30:13.0585 0x0f18 RFCOMM - ok
16:30:13.0585 0x0f18 RpcLocator - ok
16:30:13.0600 0x0f18 RpcSs - ok
16:30:13.0600 0x0f18 RSVP - ok
16:30:13.0600 0x0f18 S24EventMonitor - ok
16:30:13.0616 0x0f18 s24trans - ok
16:30:13.0616 0x0f18 SamSs - ok
16:30:13.0631 0x0f18 SCardSvr - ok
16:30:13.0631 0x0f18 Schedule - ok
16:30:13.0647 0x0f18 Secdrv - ok
16:30:13.0647 0x0f18 seclogon - ok
16:30:13.0663 0x0f18 SENS - ok
16:30:13.0663 0x0f18 serenum - ok
16:30:13.0663 0x0f18 Serial - ok
16:30:13.0678 0x0f18 ServiceLayer - ok
16:30:13.0694 0x0f18 Sfloppy - ok
16:30:13.0710 0x0f18 SharedAccess - ok
16:30:13.0710 0x0f18 ShellHWDetection - ok
16:30:13.0725 0x0f18 Shockprf - ok
16:30:13.0725 0x0f18 Simbad - ok
16:30:13.0725 0x0f18 sisagp - ok
16:30:13.0741 0x0f18 SmcService - ok
16:30:13.0756 0x0f18 SNAC - ok
16:30:13.0756 0x0f18 SONYPVU1 - ok
16:30:13.0772 0x0f18 Sparrow - ok
16:30:13.0772 0x0f18 SPBBCDrv - ok
16:30:13.0772 0x0f18 splitter - ok
16:30:13.0788 0x0f18 Spooler - ok
16:30:13.0788 0x0f18 sr - ok
16:30:13.0803 0x0f18 srservice - ok
16:30:13.0803 0x0f18 SRTSP - ok
16:30:13.0803 0x0f18 SRTSPL - ok
16:30:13.0819 0x0f18 SRTSPX - ok
16:30:13.0819 0x0f18 Srv - ok
16:30:13.0835 0x0f18 SSDPSRV - ok
16:30:13.0835 0x0f18 stisvc - ok
16:30:13.0835 0x0f18 swenum - ok
16:30:13.0850 0x0f18 swmidi - ok
16:30:13.0850 0x0f18 SwPrv - ok
16:30:13.0866 0x0f18 Symantec AntiVirus - ok
16:30:13.0866 0x0f18 symc810 - ok
16:30:13.0881 0x0f18 symc8xx - ok
16:30:13.0881 0x0f18 SymEvent - ok
16:30:13.0897 0x0f18 SYMREDRV - ok
16:30:13.0897 0x0f18 SYMTDI - ok
16:30:13.0897 0x0f18 sym_hi - ok
16:30:13.0913 0x0f18 sym_u3 - ok
16:30:13.0913 0x0f18 SynTP - ok
16:30:13.0928 0x0f18 sysaudio - ok
16:30:13.0928 0x0f18 SysmonLog - ok
16:30:13.0928 0x0f18 SysPlant - ok
16:30:13.0944 0x0f18 tap0801 - ok
16:30:13.0944 0x0f18 tap0901 - ok
16:30:13.0960 0x0f18 TapiSrv - ok
16:30:13.0960 0x0f18 Tcpip - ok
16:30:13.0960 0x0f18 TDPIPE - ok
16:30:13.0975 0x0f18 TDTCP - ok
16:30:13.0975 0x0f18 Teefer2 - ok
16:30:13.0991 0x0f18 TermDD - ok
16:30:13.0991 0x0f18 TermService - ok
16:30:14.0006 0x0f18 TGRAB - ok
16:30:14.0006 0x0f18 Themes - ok
16:30:14.0006 0x0f18 TlntSvr - ok
16:30:14.0022 0x0f18 TosIde - ok
16:30:14.0022 0x0f18 TPDIGIMN - ok
16:30:14.0038 0x0f18 TPHDEXLGSVC - ok
16:30:14.0038 0x0f18 TPHKDRV - ok
16:30:14.0038 0x0f18 TPHKLOAD - ok
16:30:14.0053 0x0f18 TPHKSVC - ok
16:30:14.0053 0x0f18 TpKmpSVC - ok
16:30:14.0069 0x0f18 tpm - ok
16:30:14.0069 0x0f18 TPPWRIF - ok
16:30:14.0085 0x0f18 TrkWks - ok
16:30:14.0085 0x0f18 TSClient - ok
16:30:14.0100 0x0f18 TSMAPIP - ok
16:30:14.0100 0x0f18 Udfs - ok
16:30:14.0100 0x0f18 ultra - ok
16:30:14.0116 0x0f18 UnlockerDriver5 - ok
16:30:14.0116 0x0f18 Update - ok
16:30:14.0131 0x0f18 upnphost - ok
16:30:14.0131 0x0f18 UPS - ok
16:30:14.0147 0x0f18 usbccgp - ok
16:30:14.0147 0x0f18 usbehci - ok
16:30:14.0163 0x0f18 usbhub - ok
16:30:14.0163 0x0f18 usbprint - ok
16:30:14.0178 0x0f18 usbscan - ok
16:30:14.0178 0x0f18 USBSTOR - ok
16:30:14.0178 0x0f18 usbuhci - ok
16:30:14.0194 0x0f18 usb_rndisx - ok
16:30:14.0194 0x0f18 VgaSave - ok
16:30:14.0210 0x0f18 viaagp - ok
16:30:14.0210 0x0f18 ViaIde - ok
16:30:14.0225 0x0f18 VolSnap - ok
16:30:14.0225 0x0f18 VSS - ok
16:30:14.0241 0x0f18 W32Time - ok
16:30:14.0241 0x0f18 Wanarp - ok
16:30:14.0256 0x0f18 wcndis - ok
16:30:14.0256 0x0f18 Wdf01000 - ok
16:30:14.0272 0x0f18 WDICA - ok
16:30:14.0272 0x0f18 wdmaud - ok
16:30:14.0288 0x0f18 WebClient - ok
16:30:14.0288 0x0f18 winachsf - ok
16:30:14.0303 0x0f18 winmgmt - ok
16:30:14.0319 0x0f18 WmdmPmSN - ok
16:30:14.0319 0x0f18 Wmi - ok
16:30:14.0335 0x0f18 WmiAcpi - ok
16:30:14.0335 0x0f18 WmiApSrv - ok
16:30:14.0350 0x0f18 WpdUsb - ok
16:30:14.0350 0x0f18 WPFFontCache_v0400 - ok
16:30:14.0366 0x0f18 WPS - ok
16:30:14.0366 0x0f18 WpsHelper - ok
16:30:14.0381 0x0f18 WS2IFSL - ok
16:30:14.0381 0x0f18 wscsvc - ok
16:30:14.0397 0x0f18 wuauserv - ok
16:30:14.0397 0x0f18 WudfPf - ok
16:30:14.0397 0x0f18 WudfRd - ok
16:30:14.0413 0x0f18 WudfSvc - ok
16:30:14.0413 0x0f18 WZCSVC - ok
16:30:14.0428 0x0f18 xmlprov - ok
16:30:14.0460 0x0f18 ================ Scan global ===============================
16:30:14.0460 0x0f18 [ Global ] - ok
16:30:14.0460 0x0f18 ================ Scan MBR ==================================
16:30:14.0506 0x0f18 [ 8DF5B5BEA574E45645AB0C4ECAD7A39F ] \Device\Harddisk0\DR0
16:30:14.0600 0x0f18 \Device\Harddisk0\DR0 - ok
16:30:14.0600 0x0f18 ================ Scan VBR ==================================
16:30:14.0600 0x0f18 [ 5FDB6DECC83714AB8F4BE7C47E90E197 ] \Device\Harddisk0\DR0\Partition1
16:30:14.0600 0x0f18 \Device\Harddisk0\DR0\Partition1 - ok
16:30:14.0616 0x0f18 ================ Scan generic autorun ======================
16:30:14.0616 0x0f18 IMJPMIG8.1 - ok
16:30:14.0616 0x0f18 PHIME2002ASync - ok
16:30:14.0616 0x0f18 PHIME2002A - ok
16:30:14.0616 0x0f18 IgfxTray - ok
16:30:14.0616 0x0f18 HotKeysCmds - ok
16:30:14.0616 0x0f18 Persistence - ok
16:30:14.0616 0x0f18 BluetoothAuthenticationAgent - ok
16:30:14.0631 0x0f18 TpShocks - ok
16:30:14.0631 0x0f18 PWRMGRTR - ok
16:30:14.0631 0x0f18 BLOG - ok
16:30:14.0631 0x0f18 SynTPEnh - ok
16:30:14.0631 0x0f18 TPFNF7 - ok
16:30:14.0631 0x0f18 TPKMAPHELPER - ok
16:30:14.0647 0x0f18 ACTray - ok
16:30:14.0647 0x0f18 ACWLIcon - ok
16:30:14.0647 0x0f18 PSQLLauncher - ok
16:30:14.0647 0x0f18 Resume copy - ok
16:30:14.0647 0x0f18 WinPatrol - ok
16:30:14.0647 0x0f18 QuickTime Task - ok
16:30:14.0647 0x0f18 pmonmh - ok
16:30:14.0663 0x0f18 ccApp - ok
16:30:14.0663 0x0f18 KernelFaultCheck - ok
16:30:14.0663 0x0f18 LenovoAutoScrollUtility - ok
16:30:14.0663 0x0f18 SunJavaUpdateSched - ok
16:30:14.0663 0x0f18 AvgUi - ok
16:30:14.0663 0x0f18 AVG_UI - ok
16:30:14.0678 0x0f18 OpwareSE2 - ok
16:30:14.0678 0x0f18 openvpn-gui - ok
16:30:14.0678 0x0f18 CanonSolutionMenuEx - ok
16:30:14.0678 0x0f18 CanonMyPrinter - ok
16:30:14.0678 0x0f18 ACT_APL - ok
16:30:14.0678 0x0f18 MSConfig - ok
16:30:14.0678 0x0f18 Virtual Dimension - ok
16:30:14.0694 0x0f18 Cookienator - ok
16:30:14.0694 0x0f18 ctfmon.exe - ok
16:30:14.0694 0x0f18 PDHookServer - ok
16:30:14.0694 0x0f18 SymphonyPreLoad - ok
16:30:14.0694 0x0f18 AeroSnap - ok
16:30:14.0725 0x0f18 AV detected via SS1: AVG AntiVirus Free Edition, 2016.0, enabled, updated
16:30:14.0725 0x0f18 AV detected via SS1: Symantec Endpoint Protection, 11.0.6200.513, enabled, outofdate
16:30:14.0725 0x0f18 FW detected via SS1: Symantec Endpoint Protection, 10.0, enabled
16:30:17.0069 0x0f18 ============================================================
16:30:17.0069 0x0f18 Scan finished
16:30:17.0069 0x0f18 ============================================================
16:30:17.0069 0x14a0 Detected object count: 0
16:30:17.0069 0x14a0 Actual detected object count: 0
16:31:01.0194 0x04a8 ============================================================
16:31:01.0194 0x04a8 Scan started
16:31:01.0194 0x04a8 Mode: Manual; SigCheck;
16:31:01.0194 0x04a8 ============================================================
16:31:01.0194 0x04a8 KSN ping started
16:31:03.0553 0x04a8 KSN ping finished: true
16:31:03.0616 0x04a8 ================ Scan system memory ========================
16:31:05.0131 0x04a8 System memory - ok
16:31:05.0131 0x04a8 ================ Scan services =============================
16:31:05.0147 0x04a8 Abiosdsk - ok
16:31:05.0163 0x04a8 abp480n5 - ok
16:31:05.0163 0x04a8 ACPI - ok
16:31:05.0163 0x04a8 ACPIEC - ok
16:31:05.0178 0x04a8 AcPrfMgrSvc - ok
16:31:05.0178 0x04a8 AcSvc - ok
16:31:05.0178 0x04a8 adpu160m - ok
16:31:05.0194 0x04a8 aec - ok
16:31:05.0194 0x04a8 AFD - ok
16:31:05.0194 0x04a8 agp440 - ok
16:31:05.0210 0x04a8 agpCPQ - ok
16:31:05.0210 0x04a8 Aha154x - ok
16:31:05.0225 0x04a8 aic78u2 - ok
16:31:05.0225 0x04a8 aic78xx - ok
16:31:05.0225 0x04a8 Alerter - ok
16:31:05.0225 0x04a8 ALG - ok
16:31:05.0241 0x04a8 AliIde - ok
16:31:05.0241 0x04a8 alim1541 - ok
16:31:05.0256 0x04a8 amdagp - ok
16:31:05.0256 0x04a8 amsint - ok
16:31:05.0256 0x04a8 ANC - ok
16:31:05.0272 0x04a8 AppMgmt - ok
16:31:05.0272 0x04a8 Arp1394 - ok
16:31:05.0272 0x04a8 artstartsvc - ok
16:31:05.0288 0x04a8 asc - ok
16:31:05.0288 0x04a8 asc3350p - ok
16:31:05.0288 0x04a8 asc3550 - ok
16:31:05.0303 0x04a8 Aspi32 - ok
16:31:05.0303 0x04a8 aspnet_state - ok
16:31:05.0319 0x04a8 astcc - ok
16:31:05.0319 0x04a8 AsyncMac - ok
16:31:05.0319 0x04a8 atapi - ok
16:31:05.0335 0x04a8 Atdisk - ok
16:31:05.0335 0x04a8 Atmarpc - ok
16:31:05.0335 0x04a8 AudioSrv - ok
16:31:05.0350 0x04a8 audstub - ok
16:31:05.0350 0x04a8 Avgdiskx - ok
16:31:05.0366 0x04a8 AVGIDSAgent - ok
16:31:05.0366 0x04a8 AVGIDSDriverl - ok
16:31:05.0366 0x04a8 AVGIDSHX - ok
16:31:05.0381 0x04a8 AVGIDSShim - ok
16:31:05.0381 0x04a8 Avgldx86 - ok
16:31:05.0381 0x04a8 Avglogx - ok
16:31:05.0397 0x04a8 Avgmfx86 - ok
16:31:05.0397 0x04a8 Avgrkx86 - ok
16:31:05.0397 0x04a8 avgsvc - ok
16:31:05.0413 0x04a8 Avgtdix - ok
16:31:05.0413 0x04a8 avgunivx - ok
16:31:05.0413 0x04a8 avgwd - ok
16:31:05.0428 0x04a8 avpnnic - ok
16:31:05.0428 0x04a8 b57w2k - ok
16:31:05.0444 0x04a8 Beep - ok
16:31:05.0444 0x04a8 BITS - ok
16:31:05.0444 0x04a8 Browser - ok
16:31:05.0460 0x04a8 btaudio - ok
16:31:05.0460 0x04a8 BTDriver - ok
16:31:05.0460 0x04a8 BthEnum - ok
16:31:05.0475 0x04a8 BthPan - ok
16:31:05.0475 0x04a8 BTHPORT - ok
16:31:05.0475 0x04a8 BthServ - ok
16:31:05.0491 0x04a8 BTHUSB - ok
16:31:05.0491 0x04a8 BTKRNL - ok
16:31:05.0491 0x04a8 btwdins - ok
16:31:05.0506 0x04a8 BTWDNDIS - ok
16:31:05.0506 0x04a8 btwmodem - ok
16:31:05.0506 0x04a8 BTWUSB - ok
16:31:05.0522 0x04a8 cbidf - ok
16:31:05.0522 0x04a8 cbidf2k - ok
16:31:05.0522 0x04a8 ccEvtMgr - ok
16:31:05.0538 0x04a8 ccSetMgr - ok
16:31:05.0538 0x04a8 cd20xrnt - ok
16:31:05.0538 0x04a8 Cdaudio - ok
16:31:05.0553 0x04a8 Cdfs - ok
16:31:05.0553 0x04a8 Cdrom - ok
16:31:05.0553 0x04a8 Changer - ok
16:31:05.0569 0x04a8 CiSvc - ok
16:31:05.0569 0x04a8 ClipSrv - ok
16:31:05.0569 0x04a8 clr_optimization_v2.0.50727_32 - ok
16:31:05.0585 0x04a8 clr_optimization_v4.0.30319_32 - ok
16:31:05.0585 0x04a8 CmBatt - ok
16:31:05.0585 0x04a8 CmdIde - ok
16:31:05.0600 0x04a8 CnxtHdAudService - ok
16:31:05.0600 0x04a8 COH_Mon - ok
16:31:05.0600 0x04a8 Compbatt - ok
16:31:05.0616 0x04a8 COMSysApp - ok
16:31:05.0631 0x04a8 Cpqarray - ok
16:31:05.0631 0x04a8 CryptSvc - ok
16:31:05.0631 0x04a8 dac2w2k - ok
16:31:05.0647 0x04a8 dac960nt - ok
16:31:05.0647 0x04a8 DcomLaunch - ok
16:31:05.0647 0x04a8 dgderdrv - ok
16:31:05.0663 0x04a8 Dhcp - ok
16:31:05.0663 0x04a8 Disk - ok
16:31:05.0663 0x04a8 dmadmin - ok
16:31:05.0678 0x04a8 dmboot - ok
16:31:05.0678 0x04a8 dmio - ok
16:31:05.0678 0x04a8 dmload - ok
16:31:05.0694 0x04a8 dmserver - ok
16:31:05.0694 0x04a8 DMusic - ok
16:31:05.0694 0x04a8 Dnscache - ok
16:31:05.0710 0x04a8 Dot3svc - ok
16:31:05.0710 0x04a8 dpti2o - ok
16:31:05.0710 0x04a8 drmkaud - ok
16:31:05.0725 0x04a8 dsNcAdpt - ok
16:31:05.0725 0x04a8 e1yexpress - ok
16:31:05.0725 0x04a8 EapHost - ok
16:31:05.0741 0x04a8 eeCtrl - ok
16:31:05.0741 0x04a8 EGATHDRV - ok
16:31:05.0741 0x04a8 EraserUtilRebootDrv - ok
16:31:05.0756 0x04a8 ERSvc - ok
16:31:05.0756 0x04a8 Eventlog - ok
16:31:05.0756 0x04a8 EventSystem - ok
16:31:05.0772 0x04a8 EvtEng - ok
16:31:05.0772 0x04a8 Fastfat - ok
16:31:05.0772 0x04a8 FastUserSwitchingCompatibility - ok
16:31:05.0788 0x04a8 Fdc - ok
16:31:05.0788 0x04a8 Fips - ok
16:31:05.0788 0x04a8 Flpydisk - ok
16:31:05.0803 0x04a8 FltMgr - ok
16:31:05.0803 0x04a8 FontCache3.0.0.0 - ok
16:31:05.0803 0x04a8 FsUsbExDisk - ok
16:31:05.0819 0x04a8 FsUsbExService - ok
16:31:05.0819 0x04a8 Fs_Rec - ok
16:31:05.0819 0x04a8 Ftdisk - ok
16:31:05.0835 0x04a8 getPlusHelper - ok
16:31:05.0835 0x04a8 Gpc - ok
16:31:05.0850 0x04a8 GTF32BUS - ok
16:31:05.0850 0x04a8 GTPTSER - ok
16:31:05.0850 0x04a8 GTSCSER - ok
16:31:05.0866 0x04a8 gupdate1ca1825452a051e - ok
16:31:05.0866 0x04a8 gupdatem - ok
16:31:05.0866 0x04a8 gusvc - ok
16:31:05.0881 0x04a8 HDAudBus - ok
16:31:05.0881 0x04a8 HECI - ok
16:31:05.0881 0x04a8 helpsvc - ok
16:31:05.0897 0x04a8 HidServ - ok
16:31:05.0897 0x04a8 HidUsb - ok
16:31:05.0897 0x04a8 hkmsvc - ok
16:31:05.0913 0x04a8 hpn - ok
16:31:05.0913 0x04a8 HSFHWAZL - ok
16:31:05.0913 0x04a8 HSF_DPV - ok
16:31:05.0928 0x04a8 HTTP - ok
16:31:05.0928 0x04a8 HTTPFilter - ok
16:31:05.0928 0x04a8 hwdatacard - ok
16:31:05.0944 0x04a8 i2omgmt - ok
16:31:05.0944 0x04a8 i2omp - ok
16:31:05.0944 0x04a8 i8042prt - ok
16:31:05.0960 0x04a8 ialm - ok
16:31:05.0960 0x04a8 iastor - ok
16:31:05.0975 0x04a8 ibm4610drv - ok
16:31:05.0975 0x04a8 IBMPMDRV - ok
16:31:05.0975 0x04a8 IBMPMSVC - ok
16:31:05.0991 0x04a8 IBMTPCHK - ok
16:31:05.0991 0x04a8 IDriverT - ok
16:31:05.0991 0x04a8 idsvc - ok
16:31:06.0006 0x04a8 Imapi - ok
16:31:06.0006 0x04a8 ImapiService - ok
16:31:06.0006 0x04a8 ini910u - ok
16:31:06.0022 0x04a8 IntelIde - ok
16:31:06.0022 0x04a8 intelppm - ok
16:31:06.0038 0x04a8 Ip6Fw - ok
16:31:06.0038 0x04a8 IpFilterDriver - ok
16:31:06.0038 0x04a8 IpInIp - ok
16:31:06.0053 0x04a8 IpNat - ok
16:31:06.0053 0x04a8 IPSec - ok
16:31:06.0053 0x04a8 IRENUM - ok
16:31:06.0069 0x04a8 ISAMsmt - ok
16:31:06.0069 0x04a8 isapnp - ok
16:31:06.0085 0x04a8 JavaQuickStarterService - ok
16:31:06.0085 0x04a8 Kbdclass - ok
16:31:06.0085 0x04a8 kbdhid - ok
16:31:06.0100 0x04a8 kmixer - ok
16:31:06.0100 0x04a8 KSecDD - ok
16:31:06.0100 0x04a8 lanmanserver - ok
16:31:06.0116 0x04a8 lanmanworkstation - ok
16:31:06.0116 0x04a8 lbrtfdc - ok
16:31:06.0116 0x04a8 LENOVO.MICMUTE - ok
16:31:06.0131 0x04a8 lenovo.smi - ok
16:31:06.0131 0x04a8 LiveUpdate - ok
16:31:06.0147 0x04a8 LmHosts - ok
16:31:06.0147 0x04a8 MBAMProtector - ok
16:31:06.0147 0x04a8 MBAMScheduler - ok
16:31:06.0163 0x04a8 MBAMService - ok
16:31:06.0163 0x04a8 MBAMSwissArmy - ok
16:31:06.0163 0x04a8 mdmxsdk - ok
16:31:06.0178 0x04a8 Messenger - ok
16:31:06.0178 0x04a8 mnmdd - ok
16:31:06.0178 0x04a8 mnmsrvc - ok
16:31:06.0194 0x04a8 Modem - ok
16:31:06.0194 0x04a8 Mouclass - ok
16:31:06.0210 0x04a8 mouhid - ok
16:31:06.0210 0x04a8 MountMgr - ok
16:31:06.0210 0x04a8 MozillaMaintenance - ok
16:31:06.0225 0x04a8 mraid35x - ok
16:31:06.0225 0x04a8 MRxDAV - ok
16:31:06.0225 0x04a8 MRxSmb - ok
16:31:06.0241 0x04a8 MSDTC - ok
16:31:06.0241 0x04a8 Msfs - ok
16:31:06.0256 0x04a8 MSIServer - ok
16:31:06.0256 0x04a8 MSKSSRV - ok
16:31:06.0256 0x04a8 MSPCLOCK - ok
16:31:06.0272 0x04a8 MSPQM - ok
16:31:06.0272 0x04a8 mssmbios - ok
16:31:06.0272 0x04a8 Mup - ok
16:31:06.0288 0x04a8 napagent - ok
16:31:06.0288 0x04a8 NAVENG - ok
16:31:06.0288 0x04a8 NAVEX15 - ok
16:31:06.0303 0x04a8 NDIS - ok
16:31:06.0303 0x04a8 NdisTapi - ok
16:31:06.0303 0x04a8 Ndisuio - ok
16:31:06.0319 0x04a8 NdisWan - ok
16:31:06.0319 0x04a8 NDProxy - ok
16:31:06.0319 0x04a8 NetBIOS - ok
16:31:06.0335 0x04a8 NetBT - ok
16:31:06.0335 0x04a8 NetDDE - ok
16:31:06.0335 0x04a8 NetDDEdsdm - ok
16:31:06.0350 0x04a8 Netlogon - ok
16:31:06.0350 0x04a8 Netman - ok
16:31:06.0350 0x04a8 NetTcpPortSharing - ok
16:31:06.0366 0x04a8 NETw5x32 - ok
16:31:06.0366 0x04a8 NETwNx32 - ok
16:31:06.0381 0x04a8 NIC1394 - ok
16:31:06.0381 0x04a8 Nla - ok
16:31:06.0381 0x04a8 Npfs - ok
16:31:06.0397 0x04a8 Ntfs - ok
16:31:06.0397 0x04a8 NtLmSsp - ok
16:31:06.0397 0x04a8 NtmsSvc - ok
16:31:06.0413 0x04a8 Null - ok
16:31:06.0413 0x04a8 NwlnkFlt - ok
16:31:06.0413 0x04a8 NwlnkFwd - ok
16:31:06.0428 0x04a8 ohci1394 - ok
16:31:06.0428 0x04a8 optousb - ok
16:31:06.0444 0x04a8 ose - ok
16:31:06.0444 0x04a8 PalmUSBD - ok
16:31:06.0444 0x04a8 Parport - ok
16:31:06.0460 0x04a8 PartMgr - ok
16:31:06.0460 0x04a8 ParVdm - ok
16:31:06.0475 0x04a8 pccsmcfd - ok
16:31:06.0475 0x04a8 PCI - ok
16:31:06.0475 0x04a8 PCIDump - ok
16:31:06.0491 0x04a8 PCIIde - ok
16:31:06.0491 0x04a8 Pcmcia - ok
16:31:06.0491 0x04a8 PDCOMP - ok
16:31:06.0506 0x04a8 PDFRAME - ok
16:31:06.0506 0x04a8 PDRELI - ok
16:31:06.0506 0x04a8 PDRFRAME - ok
16:31:06.0522 0x04a8 perc2 - ok
16:31:06.0522 0x04a8 perc2hib - ok
16:31:06.0538 0x04a8 PGP RDD Service - ok
16:31:06.0538 0x04a8 PGPdisk - ok
16:31:06.0553 0x04a8 PGPsdkDriver - ok
16:31:06.0553 0x04a8 PGPwded - ok
16:31:06.0569 0x04a8 Pgpwdefs - ok
16:31:06.0569 0x04a8 PlugPlay - ok
16:31:06.0569 0x04a8 PMEM - ok
16:31:06.0585 0x04a8 pneteth - ok
16:31:06.0585 0x04a8 PolicyAgent - ok
16:31:06.0585 0x04a8 Power Manager DBC Service - ok
16:31:06.0600 0x04a8 PptpMiniport - ok
16:31:06.0600 0x04a8 ProtectedStorage - ok
16:31:06.0616 0x04a8 Ptilink - ok
16:31:06.0616 0x04a8 PxHelp20 - ok
16:31:06.0616 0x04a8 ql1080 - ok
16:31:06.0631 0x04a8 Ql10wnt - ok
16:31:06.0631 0x04a8 ql12160 - ok
16:31:06.0631 0x04a8 ql1240 - ok
16:31:06.0647 0x04a8 ql1280 - ok
16:31:06.0647 0x04a8 RasAcd - ok
16:31:06.0647 0x04a8 RasAuto - ok
16:31:06.0663 0x04a8 Rasl2tp - ok
16:31:06.0663 0x04a8 RasMan - ok
16:31:06.0678 0x04a8 RasPppoe - ok
16:31:06.0678 0x04a8 Raspti - ok
16:31:06.0678 0x04a8 Rdbss - ok
16:31:06.0694 0x04a8 RDPCDD - ok
16:31:06.0694 0x04a8 rdpdr - ok
16:31:06.0710 0x04a8 RDPWD - ok
16:31:06.0710 0x04a8 RDSessMgr - ok
16:31:06.0725 0x04a8 redbook - ok
16:31:06.0725 0x04a8 RegSrvc - ok
16:31:06.0725 0x04a8 RemoteAccess - ok
16:31:06.0741 0x04a8 RemoteRegistry - ok
16:31:06.0741 0x04a8 RFCOMM - ok
16:31:06.0756 0x04a8 RpcLocator - ok
16:31:06.0756 0x04a8 RpcSs - ok
16:31:06.0756 0x04a8 RSVP - ok
16:31:06.0772 0x04a8 S24EventMonitor - ok
16:31:06.0772 0x04a8 s24trans - ok
16:31:06.0772 0x04a8 SamSs - ok
16:31:06.0788 0x04a8 SCardSvr - ok
16:31:06.0788 0x04a8 Schedule - ok
16:31:06.0803 0x04a8 Secdrv - ok
16:31:06.0803 0x04a8 seclogon - ok
16:31:06.0819 0x04a8 SENS - ok
16:31:06.0819 0x04a8 serenum - ok
16:31:06.0819 0x04a8 Serial - ok
16:31:06.0835 0x04a8 ServiceLayer - ok
16:31:06.0850 0x04a8 Sfloppy - ok
16:31:06.0866 0x04a8 SharedAccess - ok
16:31:06.0866 0x04a8 ShellHWDetection - ok
16:31:06.0881 0x04a8 Shockprf - ok
16:31:06.0881 0x04a8 Simbad - ok
16:31:06.0881 0x04a8 sisagp - ok
16:31:06.0897 0x04a8 SmcService - ok
16:31:06.0913 0x04a8 SNAC - ok
16:31:06.0913 0x04a8 SONYPVU1 - ok
16:31:06.0928 0x04a8 Sparrow - ok
16:31:06.0928 0x04a8 SPBBCDrv - ok
16:31:06.0928 0x04a8 splitter - ok
16:31:06.0944 0x04a8 Spooler - ok
16:31:06.0944 0x04a8 sr - ok
16:31:06.0960 0x04a8 srservice - ok
16:31:06.0960 0x04a8 SRTSP - ok
16:31:06.0960 0x04a8 SRTSPL - ok
16:31:06.0975 0x04a8 SRTSPX - ok
16:31:06.0975 0x04a8 Srv - ok
16:31:06.0975 0x04a8 SSDPSRV - ok
16:31:06.0991 0x04a8 stisvc - ok
16:31:06.0991 0x04a8 swenum - ok
16:31:07.0006 0x04a8 swmidi - ok
16:31:07.0006 0x04a8 SwPrv - ok
16:31:07.0022 0x04a8 Symantec AntiVirus - ok
16:31:07.0022 0x04a8 symc810 - ok
16:31:07.0022 0x04a8 symc8xx - ok
16:31:07.0038 0x04a8 SymEvent - ok
16:31:07.0038 0x04a8 SYMREDRV - ok
16:31:07.0053 0x04a8 SYMTDI - ok
16:31:07.0053 0x04a8 sym_hi - ok
16:31:07.0069 0x04a8 sym_u3 - ok
16:31:07.0069 0x04a8 SynTP - ok
16:31:07.0069 0x04a8 sysaudio - ok
16:31:07.0085 0x04a8 SysmonLog - ok
16:31:07.0085 0x04a8 SysPlant - ok
16:31:07.0100 0x04a8 tap0801 - ok
16:31:07.0100 0x04a8 tap0901 - ok
16:31:07.0116 0x04a8 TapiSrv - ok
16:31:07.0116 0x04a8 Tcpip - ok
16:31:07.0116 0x04a8 TDPIPE - ok
16:31:07.0131 0x04a8 TDTCP - ok
16:31:07.0131 0x04a8 Teefer2 - ok
16:31:07.0147 0x04a8 TermDD - ok
16:31:07.0147 0x04a8 TermService - ok
16:31:07.0147 0x04a8 TGRAB - ok
16:31:07.0163 0x04a8 Themes - ok
16:31:07.0163 0x04a8 TlntSvr - ok
16:31:07.0178 0x04a8 TosIde - ok
16:31:07.0178 0x04a8 TPDIGIMN - ok
16:31:07.0178 0x04a8 TPHDEXLGSVC - ok
16:31:07.0194 0x04a8 TPHKDRV - ok
16:31:07.0194 0x04a8 TPHKLOAD - ok
16:31:07.0210 0x04a8 TPHKSVC - ok
16:31:07.0210 0x04a8 TpKmpSVC - ok
16:31:07.0225 0x04a8 tpm - ok
16:31:07.0225 0x04a8 TPPWRIF - ok
16:31:07.0225 0x04a8 TrkWks - ok
16:31:07.0241 0x04a8 TSClient - ok
16:31:07.0256 0x04a8 TSMAPIP - ok
16:31:07.0256 0x04a8 Udfs - ok
16:31:07.0256 0x04a8 ultra - ok
16:31:07.0272 0x04a8 UnlockerDriver5 - ok
16:31:07.0272 0x04a8 Update - ok
16:31:07.0288 0x04a8 upnphost - ok
16:31:07.0288 0x04a8 UPS - ok
16:31:07.0303 0x04a8 usbccgp - ok
16:31:07.0303 0x04a8 usbehci - ok
16:31:07.0319 0x04a8 usbhub - ok
16:31:07.0319 0x04a8 usbprint - ok
16:31:07.0319 0x04a8 usbscan - ok
16:31:07.0335 0x04a8 USBSTOR - ok
16:31:07.0335 0x04a8 usbuhci - ok
16:31:07.0350 0x04a8 usb_rndisx - ok
16:31:07.0350 0x04a8 VgaSave - ok
16:31:07.0366 0x04a8 viaagp - ok
16:31:07.0366 0x04a8 ViaIde - ok
16:31:07.0366 0x04a8 VolSnap - ok
16:31:07.0381 0x04a8 VSS - ok
16:31:07.0397 0x04a8 W32Time - ok
16:31:07.0397 0x04a8 Wanarp - ok
16:31:07.0413 0x04a8 wcndis - ok
16:31:07.0413 0x04a8 Wdf01000 - ok
16:31:07.0428 0x04a8 WDICA - ok
16:31:07.0428 0x04a8 wdmaud - ok
16:31:07.0428 0x04a8 WebClient - ok
16:31:07.0444 0x04a8 winachsf - ok
16:31:07.0460 0x04a8 winmgmt - ok
16:31:07.0475 0x04a8 WmdmPmSN - ok
16:31:07.0475 0x04a8 Wmi - ok
16:31:07.0491 0x04a8 WmiAcpi - ok
16:31:07.0491 0x04a8 WmiApSrv - ok
16:31:07.0506 0x04a8 WpdUsb - ok
16:31:07.0506 0x04a8 WPFFontCache_v0400 - ok
16:31:07.0522 0x04a8 WPS - ok
16:31:07.0522 0x04a8 WpsHelper - ok
16:31:07.0538 0x04a8 WS2IFSL - ok
16:31:07.0538 0x04a8 wscsvc - ok
16:31:07.0538 0x04a8 wuauserv - ok
16:31:07.0553 0x04a8 WudfPf - ok
16:31:07.0553 0x04a8 WudfRd - ok
16:31:07.0569 0x04a8 WudfSvc - ok
16:31:07.0569 0x04a8 WZCSVC - ok
16:31:07.0585 0x04a8 xmlprov - ok
16:31:07.0616 0x04a8 ================ Scan global ===============================
16:31:07.0616 0x04a8 [ Global ] - ok
16:31:07.0616 0x04a8 ================ Scan MBR ==================================
16:31:07.0663 0x04a8 [ 8DF5B5BEA574E45645AB0C4ECAD7A39F ] \Device\Harddisk0\DR0
16:31:07.0756 0x04a8 \Device\Harddisk0\DR0 - ok
16:31:07.0772 0x04a8 ================ Scan VBR ==================================
16:31:07.0772 0x04a8 [ 5FDB6DECC83714AB8F4BE7C47E90E197 ] \Device\Harddisk0\DR0\Partition1
16:31:07.0772 0x04a8 \Device\Harddisk0\DR0\Partition1 - ok
16:31:07.0772 0x04a8 ================ Scan generic autorun ======================
16:31:07.0772 0x04a8 IMJPMIG8.1 - ok
16:31:07.0772 0x04a8 PHIME2002ASync - ok
16:31:07.0772 0x04a8 PHIME2002A - ok
16:31:07.0772 0x04a8 IgfxTray - ok
16:31:07.0772 0x04a8 HotKeysCmds - ok
16:31:07.0788 0x04a8 Persistence - ok
16:31:07.0788 0x04a8 BluetoothAuthenticationAgent - ok
16:31:07.0788 0x04a8 TpShocks - ok
16:31:07.0788 0x04a8 PWRMGRTR - ok
16:31:07.0788 0x04a8 BLOG - ok
16:31:07.0788 0x04a8 SynTPEnh - ok
16:31:07.0803 0x04a8 TPFNF7 - ok
16:31:07.0803 0x04a8 TPKMAPHELPER - ok
16:31:07.0803 0x04a8 ACTray - ok
16:31:07.0803 0x04a8 ACWLIcon - ok
16:31:07.0803 0x04a8 PSQLLauncher - ok
16:31:07.0803 0x04a8 Resume copy - ok
16:31:07.0819 0x04a8 WinPatrol - ok
16:31:07.0819 0x04a8 QuickTime Task - ok
16:31:07.0819 0x04a8 pmonmh - ok
16:31:07.0819 0x04a8 ccApp - ok
16:31:07.0819 0x04a8 KernelFaultCheck - ok
16:31:07.0819 0x04a8 LenovoAutoScrollUtility - ok
16:31:07.0819 0x04a8 SunJavaUpdateSched - ok
16:31:07.0835 0x04a8 AvgUi - ok
16:31:07.0835 0x04a8 AVG_UI - ok
16:31:07.0835 0x04a8 OpwareSE2 - ok
16:31:07.0835 0x04a8 openvpn-gui - ok
16:31:07.0835 0x04a8 CanonSolutionMenuEx - ok
16:31:07.0835 0x04a8 CanonMyPrinter - ok
16:31:07.0850 0x04a8 ACT_APL - ok
16:31:07.0850 0x04a8 MSConfig - ok
16:31:07.0850 0x04a8 Virtual Dimension - ok
16:31:07.0850 0x04a8 Cookienator - ok
16:31:07.0850 0x04a8 ctfmon.exe - ok
16:31:07.0850 0x04a8 PDHookServer - ok
16:31:07.0850 0x04a8 SymphonyPreLoad - ok
16:31:07.0866 0x04a8 AeroSnap - ok
16:31:07.0897 0x04a8 AV detected via SS1: AVG AntiVirus Free Edition, 2016.0, enabled, updated
16:31:07.0897 0x04a8 AV detected via SS1: Symantec Endpoint Protection, 11.0.6200.513, enabled, outofdate
16:31:07.0897 0x04a8 FW detected via SS1: Symantec Endpoint Protection, 10.0, enabled
16:31:10.0256 0x04a8 ============================================================
16:31:10.0256 0x04a8 Scan finished
16:31:10.0256 0x04a8 ============================================================
16:31:10.0272 0x02bc Detected object count: 0
16:31:10.0272 0x02bc Actual detected object count: 0
16:31:13.0366 0x0348 Deinitialize success

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-07-2016 01
Ran by BE76601 (administrator) on T400 (11-07-2016 17:14:45)
Running from C:\instexe
Loaded Profiles: BE76601 (Available Profiles: BE76601)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(IBM) C:\Program Files\IBM\Java60\jre\bin\jqs.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
(Lenovo.) C:\WINDOWS\system32\TPHDEXLG.exe
() C:\WINDOWS\system32\TpKmpSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(BillP Studios) C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.7.2\pmonmh.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Symantec Corporation) C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
(Avanquest Software) C:\Program Files\Avanquest\PowerDesk\pddlghlp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(IBM) C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.1.20120110-2000\program\soffice.bin
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [TpShocks] => C:\WINDOWS\SYSTEM32\TpShocks.exe [181536 2008-06-06] (Lenovo.)
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [BLOG] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [820520 2007-11-22] (Synaptics, Inc.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-31] (Lenovo Group Limited)
HKLM\...\Run: [TPKMAPHELPER] => C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [868352 2007-01-09] (Lenovo)
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [431464 2011-04-14] (Lenovo )
HKLM\...\Run: [ACWLIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [189800 2011-04-14] (Lenovo )
HKLM\...\Run: [PSQLLauncher] => "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
HKLM\...\Run: [Resume copy] => copyfstq.exe /startup
HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [222784 2005-12-12] (BillP Studios)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [pmonmh] => C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.7.2\pmonmh.exe [184371 2012-06-14] ()
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2011-11-07] (Symantec Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [LenovoAutoScrollUtility] => C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [43960 2010-04-01] (Lenovo Group Limited)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [5351184 2016-06-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [OpwareSE2] => C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [openvpn-gui] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [99328 2005-08-18] ()
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [ACT_APL] => "C:\Program Files\ACT\ACT for Windows\ACT_APL.exe"
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\ACNotify: C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACNotify.dll [2011-04-14] (Lenovo )
Winlogon\Notify\NavLogon:
HKLM\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [Virtual Dimension] => C:\Program Files\Virtual Dimension\VirtualDimension.exe [466432 2006-05-08] (Typz Software)
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [Cookienator] => C:\Program Files\Cookienator\cookienator.exe [1333472 2009-10-19] (CodeFromThe70s.org)
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [PDHookServer] => C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe [60416 2012-12-14] ()
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [SymphonyPreLoad] => "C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony" -nogui -nosplash
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [AeroSnap] => C:\Program Files\AeroSnap\AeroSnap.exe
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [NoDevMgrUpdate] 1
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [NoSaveSettings] 1
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Home] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Fullscreen] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Tools] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Print] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Edit] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Cut] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Copy] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Paste] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Encoding] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\MountPoints2: ##IBMBEFS001.BRU.BE.IBM.COM#ACROBAT6 - Z:\AutoPlay.exe -c
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\MountPoints2: ##IBMBEFS001.BRU.BE.IBM.COM#PROJ2002 - Z:\setup.exe /AUTORUN
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\MountPoints2: ##IBMBEFS001.BRU.BE.IBM.COM#VISIO22P - Z:\setup.exe /AUTORUN
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\MountPoints2: {05db6ca0-db7f-11df-b99a-00234df72bd3} - E:\HPLauncher.exe
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\MountPoints2: {52f8fac8-c546-11de-98e2-020255061358} - E:\setupSNK.exe
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\MountPoints2: {7a9787b4-3bb6-11de-985f-0022fa617594} - iexplorer.exe -copy
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\MountPoints2: {96c82515-3795-11e0-b9df-00234df72bd3} - E:\wyskq6lt.exe
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ss3dfo.scr [704512 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\FileMonitor32.dll => C:\WINDOWS\system32\FileMonitor32.dll [107520 2012-12-14] ()
Lsa: [Notification Packages] scecli ACGina PGPpwflt ACGina
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dialog Helper.lnk [2013-02-01]
ShortcutTarget: Dialog Helper.lnk -> C:\Program Files\Avanquest\PowerDesk\pddlghlp.exe (Avanquest Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk [2013-01-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IBM Connections Drafts Monitor.lnk [2012-03-07]
ShortcutTarget: IBM Connections Drafts Monitor.lnk -> C:\Program Files\IBM\Connections Files connectors\LFMonitor.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGP Tray.lnk [2016-07-11]
ShortcutTarget: PGP Tray.lnk -> C:\WINDOWS\Installer\{98F75B02-CCED-4568-9DEC-522A9512477E}\Icon6560581611.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.2
Tcpip\..\Interfaces\{DE4541DF-ED95-4A05-99DC-7EB9B77E2F9C}: [DhcpNameServer] 192.168.0.2
Tcpip\..\Interfaces\{F331C6FC-8137-4709-A97C-4D7B168CCA6C}: [DhcpNameServer] 192.168.0.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3277949548-3100964623-776316575-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://w3.ibm.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> {A455E32A-3DE6-47CC-B4C2-7E006963690A} URL = hxxp://w3.ibm.com/bluepages/simpleSearch.wss?searchFor={searchTerms}&searchBy=name&sourceid=Mozilla-search
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> {C4D5EAC9-67DA-4B95-832B-0EFE686B77D4} URL = hxxps://w3.ibm.com/connections/search/web/search?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> {FE206555-0DAA-495B-A428-01631917F40B} URL = hxxp://w3.ibm.com/search/do/search?queryType=simple&qt={searchTerms}&w3scope=w3General&sourceid=Mozilla-search
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\IBM\Java60\jre\bin\ssv.dll [2013-04-24] (IBM)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll [2013-04-24] (IBM)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ie\jqs_plugin.dll [2013-04-24] (IBM)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-06-28] (CANON INC.)
Toolbar: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> No Name - {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} - No File
Toolbar: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
Toolbar: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-06-28] (CANON INC.)
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} hxxps://www-03.ibm.com/qp2.cab
DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228972592890
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228972560421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://
DPF: {8B8A0588-356B-431E-A4C3-A56553266DAA} hxxps://w3-501.ibm.com/transform/crm/europe/be/callcenter/21219/applets/SiebelAx_Smartscript.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} hxxp://w3.ibm.com/bluepages/scripts/lnwebassist.cab
DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} hxxp://w3-03.ibm.com/tools/print/plugin/gpwsx.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://
DPF: {DF9541C7-3923-4229-B24C-2AFE7DE3FEC1} hxxps://w3-501.ibm.com/transform/crm/europe/be/sales/21112/applets/SiebelAx_Smartscript.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aoadyda8.default-1372317202890
FF Homepage: hxxp://www.google.be/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-07-07] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2011-10-17] (Google)
FF Plugin: @ibm.com/Java -> C:\Program Files\IBM\Java50\jre\bin\npoji610.dll [2008-10-23] (IBM)
FF Plugin: @ibm.com/Java142 -> C:\Program Files\IBM\Java142\jre\bin\npoji610.dll [No File]
FF Plugin: @IBM.com/JavaPlugin -> C:\Program Files\IBM\Java60\jre\bin\plugin2\npjp2.dll [2013-04-24] (IBM)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-06-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-06] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-18] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npcpsweb.dll [2010-08-02] (IBM )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll [2009-09-23] (NOS Microsystems Ltd.)
FF Extension: IE Tab - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aoadyda8.default-1372317202890\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2016-07-03]
FF Extension: Download Statusbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aoadyda8.default-1372317202890\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2016-07-03]
FF Extension: IBM Add To Notes Address Book BluePages Plugin - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aoadyda8.default-1372317202890\Extensions\[email protected] [2013-07-03] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-07-07] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-07-07] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-11] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ff [2013-07-03] [not signed]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4092672 2016-06-29] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [890128 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [594904 2016-06-29] (AVG Technologies CZ, s.r.o.)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-11-07] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-11-07] (Symantec Corporation)
R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [233472 2013-05-22] (Teruten) [File not signed]
S4 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
S4 gupdate1ca1825452a051e; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-08-08] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\IBM\Java60\jre\bin\jqs.exe [158016 2013-04-24] (IBM)
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2011-04-04] (Lenovo Group Limited)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-09-07] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 PGP RDD Service; C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe [1588544 2012-07-21] (Symantec Corporation)
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [53248 2009-04-16] () [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [966656 2010-10-19] (Intel® Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 SmcService; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe [1893728 2011-11-07] (Symantec Corporation)
S4 SNAC; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SNAC.EXE [357744 2011-11-07] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [1839776 2011-11-07] (Symantec Corporation)
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [130920 2011-04-20] (Lenovo Group Limited)
R2 TpKmpSVC; C:\WINDOWS\system32\TpKmpSVC.exe [32768 2006-06-29] () [File not signed]
S2 artstartsvc; C:\Program Files\IBM\Mobility Client\artstartsvc.exe [X]
S2 ISAMsmt; C:\Program Files\C4ebreg\isamsmt.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 ANC; C:\WINDOWS\System32\drivers\ANC.SYS [11520 2011-04-08] (IBM Corp.) [File not signed]
R2 Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [243456 2016-06-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [201472 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [212736 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [191744 2016-06-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [217344 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-01] (AVG Technologies CZ, s.r.o.)
S3 avpnnic; C:\WINDOWS\System32\DRIVERS\avpnnic.sys [11392 2009-10-07] (AT&T) [File not signed]
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [533152 2009-09-18] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [993576 2010-09-23] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2008-07-24] (Broadcom Corporation.)
S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37032 2008-02-04] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [51752 2010-09-16] (Broadcom Corporation.)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [754176 2008-05-22] (Conexant Systems Inc.)
S3 COH_Mon; C:\WINDOWS\system32\Drivers\COH_Mon.sys [23888 2011-11-07] (Symantec Corporation)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [243856 2008-09-19] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-05-19] (Symantec Corporation)
R2 EGATHDRV; C:\WINDOWS\SYSTEM32\EGATHDRV.SYS [17104 2012-02-09] (IBM Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-05-19] (Symantec Corporation)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed]
S3 GTF32BUS; C:\WINDOWS\System32\DRIVERS\gtf32bus.sys [32000 2006-03-28] (Option N.V.)
S3 GTPTSER; C:\WINDOWS\System32\DRIVERS\gtptser.sys [8064 2007-04-14] (Option N.V.) [File not signed]
S3 GTSCSER; C:\WINDOWS\System32\DRIVERS\gtscser.sys [18944 2006-03-28] (Option N.V.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210560 2008-04-10] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985472 2008-04-10] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2011-04-08] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-07-11] (Malwarebytes)
R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140524.016\NAVENG.SYS [93272 2014-05-19] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140524.016\NAVEX15.SYS [1612376 2014-05-19] (Symantec Corporation)
R3 NETwNx32; C:\WINDOWS\System32\DRIVERS\NETwNx32.sys [6913920 2010-10-18] (Intel Corporation)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16694 2009-05-10] (PalmSource, Inc.)
R2 PGPdisk; C:\WINDOWS\system32\Drivers\PGPdisk.sys [244448 2012-07-21] (Symantec Corporation)
R1 PGPsdkDriver; C:\WINDOWS\System32\Drivers\PGPsdk.sys [41520 2012-07-21] (Symantec Corporation)
R0 PGPwded; C:\WINDOWS\system32\Drivers\PGPwded.sys [312952 2012-07-21] (Symantec Corporation)
R0 Pgpwdefs; C:\WINDOWS\System32\DRIVERS\Pgpwdefs.sys [14792 2012-07-21] (Symantec Corporation)
R2 PMEM; C:\WINDOWS\system32\drivers\PMEMNT.SYS [7012 2008-10-10] (Microsoft Corporation) [File not signed]
S3 pneteth; C:\WINDOWS\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2011-11-07] (Symantec Corporation)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [284720 2011-11-07] (Symantec Corporation)
S3 SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [320944 2011-11-07] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [43696 2011-11-07] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [125488 2011-11-22] (Symantec Corporation)
R3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [26416 2011-11-07] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [188080 2011-11-07] (Symantec Corporation)
R1 SysPlant; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [99696 2011-11-07] (Symantec Corporation)
S3 tap0801; C:\WINDOWS\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project) [File not signed]
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26112 2010-08-20] (The OpenVPN Project) [File not signed]
R3 Teefer2; C:\WINDOWS\System32\DRIVERS\teefer2.sys [67472 2011-11-07] (Symantec Corporation)
R2 TGRAB; C:\WINDOWS\system32\tgrab.sys [8288 2012-02-09] () [File not signed]
R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R3 tpm; C:\WINDOWS\System32\DRIVERS\tpm.sys [13824 2008-03-26] (Intel Corporation)
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2004-11-30] () [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [4608 2008-07-31] () [File not signed]
S3 wcndis; C:\WINDOWS\System32\DRIVERS\wcndis.sys [8704 2006-01-30] () [File not signed]
R1 WPS; C:\WINDOWS\system32\drivers\wpsdrvnt.sys [43888 2011-11-07] (Symantec Corporation)
R3 WpsHelper; C:\WINDOWS\system32\drivers\WpsHelper.sys [174056 2012-09-30] (Symantec Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X]
S3 ibm4610drv; System32\Drivers\Ibm4610drv.sys [X]
S3 NETw5x32; system32\DRIVERS\NETw5x32.sys [X]
S3 optousb; system32\DRIVERS\optousb.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-14] (Microsoft Corporation)
S3 TSClient; system32\drivers\tsclient.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-11 17:09 - 2016-07-11 17:09 - 00000000 _____ C:\Documents and Settings\Administrator\Desktop\FRST.exe
2016-07-11 16:39 - 2016-07-11 17:14 - 00000000 ____D C:\FRST
2016-07-11 16:29 - 2016-07-11 16:31 - 00111442 _____ C:\TDSSKiller.3.1.0.9_11.07.2016_16.29.28_log.txt
2016-07-11 15:50 - 2016-07-11 15:53 - 00000000 ____D C:\AdwCleaner
2016-07-08 11:04 - 2016-07-11 15:54 - 00173288 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2016-07-07 23:56 - 2016-07-11 16:45 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-07 23:55 - 2016-07-07 23:55 - 00000787 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-07 23:55 - 2016-07-07 23:55 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-07 23:55 - 2016-07-07 23:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-07 23:55 - 2016-07-07 23:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-07-07 23:55 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-07 23:55 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-07-07 18:44 - 2016-07-07 18:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-07 18:37 - 2016-07-11 15:57 - 00000424 _____ C:\WINDOWS\Tasks\AVG-SSU_0516piz.job
2016-07-07 18:37 - 2016-07-07 18:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg_Update_0516piz
2016-07-07 18:34 - 2016-07-07 18:34 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG
2016-07-07 18:33 - 2016-07-07 18:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2016-07-07 18:33 - 2016-07-07 18:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2016-07-07 18:31 - 2016-07-07 18:31 - 00000000 ___HD C:\$AVG
2016-07-07 18:29 - 2016-07-11 15:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2016-07-07 18:29 - 2016-07-07 18:29 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2016-07-07 18:29 - 2016-07-07 18:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Zen
2016-07-07 18:29 - 2016-07-07 18:29 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
2016-07-07 18:26 - 2016-07-07 18:30 - 00000000 ____D C:\Program Files\AVG
2016-07-07 18:24 - 2016-07-07 18:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg
2016-07-07 18:24 - 2016-07-07 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2016-07-07 18:24 - 2016-07-07 18:29 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\AvgSetupLog
2016-07-07 18:23 - 2016-07-11 17:14 - 00000000 ____D C:\instexe
2016-07-07 18:14 - 2016-07-07 18:14 - 00000820 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2016-07-03 17:26 - 2016-07-03 17:26 - 00000495 _____ C:\WINDOWS\VersataQIuninstall.iss

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-11 17:15 - 2005-04-04 19:48 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-07-11 15:58 - 2009-03-23 19:58 - 00000304 _____ C:\WINDOWS\Tasks\PMTask.job
2016-07-11 15:57 - 2004-08-04 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-07-11 15:56 - 2005-04-04 19:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-11 15:54 - 2013-03-15 09:12 - 00032620 _____ C:\WINDOWS\SchedLgU.Txt
2016-07-11 15:54 - 2005-04-04 19:48 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-07-11 15:38 - 2005-04-04 20:34 - 00000294 ___SH C:\boot.ini
2016-07-11 15:38 - 2004-08-04 07:00 - 00000573 _____ C:\WINDOWS\win.ini
2016-07-11 15:38 - 2004-08-04 07:00 - 00000274 _____ C:\WINDOWS\system.ini
2016-07-08 11:11 - 2005-04-04 19:43 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-07-08 11:05 - 2005-04-04 20:28 - 00000000 ____D C:\WINDOWS\system
2016-07-08 10:24 - 2009-06-29 08:55 - 00000000 ____D C:\WINDOWS\pss
2016-07-08 10:19 - 2005-04-04 20:28 - 00000000 ___HD C:\WINDOWS\inf
2016-07-08 10:13 - 2012-05-03 22:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-08 10:13 - 2009-05-08 20:21 - 00000000 ____D C:\Program Files\Yahoo!
2016-07-08 10:13 - 2005-04-04 20:34 - 00332760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-08 10:09 - 2005-04-04 19:48 - 00000000 ____D C:\Documents and Settings\Administrator
2016-07-07 22:08 - 2009-05-08 20:21 - 00000000 ____D C:\siebel
2016-07-07 22:08 - 2007-03-06 00:02 - 00000000 ____D C:\temp
2016-07-07 21:21 - 2009-03-23 21:09 - 00000000 ____D C:\ecountry
2016-07-07 18:46 - 2012-04-03 15:15 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-07-07 18:46 - 2011-06-08 07:37 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-07-07 18:46 - 2006-04-12 04:08 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2016-07-07 18:24 - 2005-04-04 20:17 - 00091560 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-07-07 18:21 - 2009-05-08 20:11 - 00000000 ___RD C:\$user
2016-07-07 18:15 - 2009-05-09 16:16 - 00000000 ____D C:\Program Files\MonkMerg
2016-07-07 18:15 - 2005-04-05 21:45 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-07-07 18:15 - 2005-04-04 22:08 - 00000000 ____D C:\Program Files\IBM
2016-07-07 18:14 - 2009-08-08 14:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2016-07-07 18:14 - 2009-08-08 14:38 - 00000000 ____D C:\Program Files\Google
2016-07-07 18:10 - 2012-03-25 21:08 - 00000000 ____D C:\Program Files\TeamViewer
2016-07-07 18:05 - 2009-05-09 16:14 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Yahoo!
2016-07-07 18:05 - 2009-05-09 16:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo!
2016-07-07 17:55 - 2009-03-23 19:52 - 00000000 ____D C:\Program Files\CONEXANT
2016-07-07 17:49 - 2006-03-27 23:50 - 00000000 ____D C:\Program Files\WST
2016-07-07 17:44 - 2005-04-05 21:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IBM
2016-07-07 17:43 - 2005-04-05 21:45 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2016-07-07 17:41 - 2008-11-15 01:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tivoli Storage Manager
2016-07-07 17:39 - 2011-10-21 17:57 - 00000000 ____D C:\Program Files\CoreFTP
2016-07-07 17:39 - 2011-10-21 17:57 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Core FTP
2016-07-07 17:36 - 2012-12-27 18:26 - 00000000 ____D C:\Program Files\CompanionLink
2016-07-03 20:41 - 2006-04-12 04:08 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-07-03 17:46 - 2009-03-23 20:04 - 00000000 ____D C:\Program Files\AT&T Network Client
2016-07-03 17:41 - 2005-04-04 20:17 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
2016-07-03 17:39 - 2009-08-28 08:46 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
2016-07-03 17:39 - 2009-05-09 16:09 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
2016-07-03 17:37 - 2014-06-16 08:22 - 00000000 ____D C:\POS
2016-07-03 17:29 - 2009-05-08 11:33 - 00000000 ____D C:\econfig
2016-07-03 17:26 - 2009-05-08 11:29 - 00000000 ____D C:\epricer
2016-07-03 17:20 - 2013-01-13 18:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2016-07-03 17:20 - 2013-01-13 18:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-07-03 17:13 - 2012-02-25 10:43 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Samsung
2016-07-03 17:13 - 2012-02-24 13:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
2016-07-03 17:13 - 2012-02-24 13:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Samsung
2016-07-03 17:10 - 2013-04-23 17:55 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Juniper Networks
2016-07-03 17:02 - 2010-01-12 14:19 - 00000000 ____D C:\notes
2016-07-01 20:19 - 2009-10-10 10:09 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat

==================== Files in the root of some directories =======

2013-07-12 18:34 - 2013-07-12 18:34 - 0000664 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.tmp
2009-08-05 09:09 - 2011-12-29 17:35 - 0009216 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-05-16 20:17 - 2009-05-16 20:17 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2013-02-23 17:46 - 2013-02-23 17:46 - 0338815 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\speeddial.crx
2011-05-20 07:46 - 2011-05-20 07:46 - 8892928 _____ () C:\Documents and Settings\All Users\Application Data\atscie.msi
2009-05-16 21:02 - 2013-12-17 22:12 - 0004096 _____ () C:\Documents and Settings\All Users\Application Data\ScheduledItems

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\Checkupdate.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Foxit Reader Updater.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Foxit Updater.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\gcapi_dll.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\gtapi_signed.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\KUIU.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\libeay32.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\lih5tcjm.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\msvcr120.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sfextra.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\Sqlite3.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_tmp_epadmdll_8764669666870851182.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-07-2016 01
Ran by BE76601 (2016-07-11 17:16:04)
Running from C:\instexe
Microsoft Windows XP Professional Service Pack 3 (X86) (2009-04-27 22:41:43)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

ASPNET (S-1-5-21-3277949548-3100964623-776316575-1003 - Limited - Enabled)
BE76601 (S-1-5-21-3277949548-3100964623-776316575-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-3277949548-3100964623-776316575-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3277949548-3100964623-776316575-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3277949548-3100964623-776316575-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec Endpoint Protection (Enabled - Out of date) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection (Disabled) {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Connect Add-in (HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Adobe Acrobat Connect Add-in) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.48 - NOS Microsystems Ltd.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
AFP Workbench for Windows (HKLM\...\{53A93780-6073-4207-A729-A99A30AFDE40}) (Version: 1.58 - IBM - Printing Systems Division)
A-PDF Restrictions Remover (HKLM\...\A-PDF Restrictions Remover_is1) (Version: - A-PDF Solution)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
Asterisk Key (HKLM\...\Asterisk Key) (Version: - )
AttributeMagic Pro (HKLM\...\AMPro) (Version: - Elwinsoft)
AVG (HKLM\...\AvgZen) (Version: 1.72.2.24716 - AVG Technologies)
AVG (Version: 16.91.7688 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4627 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.91.7688 - AVG Technologies)
AVG Zen (Version: 1.72.1 - AVG Technologies) Hidden
Beyond Compare Version 3.3.5 (HKLM\...\BeyondCompare3_is1) (Version: - Scooter Software)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MG6100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series) (Version: - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6215.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 3.53.0.0 - Conexant)
Cookienator (HKLM\...\{BF307EDA-A176-4D83-9775-D337810CF7A7}) (Version: 2.6.41 - CodeFromThe70s.org)
CVE-2012-4792 (HKLM\...\{a1447a51-d8b1-4e93-bb19-82bd20da6fd2}.sdb) (Version: - )
DAO (HKLM\...\DAO) (Version: - )
Desktop Restore (HKLM\...\{228CEA74-6DD1-40B9-B95F-77273F4316B5}) (Version: 1.6.3 - JOConnell)
Documents To Go (HKLM\...\{BF7BE540-A2D9-41C1-AFD3-1842CEE0B16C}) (Version: 9.000.111 - DataViz Inc.)
Easy Unit Converter 1.21 (HKLM\...\Easy Unit Converter_is1) (Version: - )
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version: - )
FastStone Image Viewer 4.6 (HKLM\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
FileZilla Client 3.5.1 (HKLM\...\FileZilla Client) (Version: 3.5.1 - FileZilla Project)
Flash Movie Player 1.5 (HKLM\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
Foxit Reader (HKLM\...\{E52C258D-DCF6-411B-B690-06DAC5009F37}) (Version: 3.0.2009.1506 - Foxit Software)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.0.6.722 - Foxit Corporation)
FreeCommander 2009.02a (HKLM\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
Gebruikersregistratie voor Canon MG6100 series (HKLM\...\Gebruikersregistratie voor Canon MG6100 series) (Version: - )
Genie Backup Manager Home 7.0 (HKLM\...\{C39D2BC1-15AA-4221-A16D-71833F97450D}_is1) (Version: - Genie-Soft)
Google Earth (HKLM\...\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}) (Version: 6.1.0.5001 - Google)
Google Update Helper (Version: 1.3.21.123 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
HexEdit (HKLM\...\{6EC2F8D1-6303-4E49-9F17-4D537C648F5C}) (Version: 3.0.0 - Expert Commercial Software Pty Ltd)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation)
IBM 32-bit Runtime Environment for Java 2, v5.0 (HKLM\...\InstallShield_{4F3AFB85-B972-4621-AEB6-6C22317E145B}) (Version: 5.0 - IBM)
IBM 32-bit Runtime Environment for Java 2, v5.0 (Version: 5.0 - IBM) Hidden
IBM 32-bit Runtime Environment for Java v6 (HKLM\...\InstallShield_{75E7FEE8-16B1-4B1D-82B4-9594A38EDF76}) (Version: 6 - IBM)
IBM 32-bit Runtime Environment for Java v6 (Version: 6 - IBM) Hidden
IBM E-Pricer 11.3 (HKLM\...\{581D6519-D199-47A4-A31A-C75B14737CF9}) (Version: - )
IBM Lotus Sametime Advanced Embedded 8.5.1 (HKLM\...\{FE796A5A-97FE-4C5F-899A-FBB599B4A649}) (Version: 8.5.1.20110610-1701 - Uw bedrijfsnaam)
IBM Lotus Symphony (HKLM\...\{638b91e2-b5ee-49f3-8348-be72f2d65d13}) (Version: 3.01.12011 - IBM)
IBM My Help (HKLM\...\{DFF415AC-3883-4338-9365-DDCB74A0CFBA}) (Version: 1.7.8 - IBM)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{F8F28729-B336-492C-B4FD-53A9BBDF0482}) (Version: 13.04.0000 - Intel Corporation)
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.285 - InterVideo Inc.)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.250 - Oracle)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.99 - Symantec Corporation)
Lotus SmartSuite - English (HKLM\...\{536D6172-7453-7569-7465-392E38300409}) (Version: 9.8.0 - Lotus Development Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft GIF Animator (HKLM\...\GIF Animator) (Version: - )
Microsoft Office 2003 Proofing Tools (HKLM\...\{901F0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{90120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Viewer 2007 (HKLM\...\{95120000-0052-0409-0000-0000000FF1CE}) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Project Standard 2002 (HKLM\...\{903A0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2915.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version: - Microsoft Corporation)
Microsoft Visio Professional 2002 SR-1 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.1.2514 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Journal Viewer (HKLM\...\{43DCF766-6838-4F9A-8C91-D92DA586DFA7}) (Version: 1.5.2315.3 - Microsoft)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
My Help - Workstation Setup Wizard (HKLM\...\{7D968F83-A23F-40F7-937C-A3B5A0C44048}) (Version: 1.0 - IBM)
NetObjects Fusion MX (HKLM\...\NetObjects Fusion MX) (Version: - )
NPIF Network Print Information Frontend (HKLM\...\NPIF Network Print Information Frontend) (Version: - )
OmniPage SE 2.0 (HKLM\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
Palm (HKLM\...\{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}) (Version: 4.1.0420 - Palm, Inc.)
PC Connectivity Solution (HKLM\...\{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}) (Version: 10.50.2.0 - Nokia)
PGP Desktop (HKLM\...\{98F75B02-CCED-4568-9DEC-522A9512477E}) (Version: 10.2.1.4869 - PGP Corporation)
PowerDesk 9 (HKLM\...\{C4E1D1E5-0F67-463D-BD07-A24742AA7469}) (Version: 9.0.0.0 - Avanquest North America Inc.)
Presentation Director (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 4.01 - )
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Roxio DigitalMedia Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio DigitalMedia Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio DigitalMedia Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden
ShellExView (HKLM\...\ShellExView) (Version: 1.37 - NirSoft)
SourceGear DiffMerge (HKLM\...\{69440E1E-7D34-4C00-B878-9412B1707F1C}) (Version: 3.2.0.18185 - SourceGear)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Startup Delayer v2.5 (build 138) (HKLM\...\Startup Delayer) (Version: - )
SuperCat 4.4 (HKLM\...\SuperCat_is1) (Version: - )
Symantec Endpoint Protection (HKLM\...\{84B70C16-7032-41EE-965C-3C8D9D566CBB}) (Version: 11.0.6200.754 - Symantec Corporation)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.5.0.9700 - Lenovo)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.30 - )
ThinkPad Keyboard Customizer Utility (HKLM\...\{2111B23F-7FDA-4A41-8309-E5A1663CA296}) (Version: 1.3.53.0 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.62.00.00 - )
ThinkPad Power Manager (HKLM\...\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}) (Version: 1.60 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.3.6 - )
ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.04 - )
ThinkVantage Access Connections (HKLM\...\{7EB114D8-207F-45AE-BABD-1669715F2630}) (Version: 5.83 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.61 - Lenovo)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
Universal Viewer (ATViewer) (HKLM\...\Universal Viewer) (Version: - UVViewSoft)
Unlocker 1.8.5 (HKLM\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WebEx Support Manager for Internet Explorer (HKLM\...\{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}) (Version: 6.5.4917 - WebEx Communications Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Weergave op scherm (HKLM\...\OnScreenDisplay) (Version: 6.42.00 - )
Windows Configurator v0.6 (HKLM\...\Windows Configurator_is1) (Version: - Leszek Skorczyñski)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.8.0031.9 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Windows XP Video Screensaver Powertoy (HKLM\...\Windows XP Video Screensaver Powertoy_is1) (Version: - )
WinPatrol (HKLM\...\WinPatrol) (Version: - )
WinSCP 4.0.5 (HKLM\...\winscp3_is1) (Version: 4.0.5 - Martin Prikryl)
WinZip 11.2 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}) (Version: 11.3.8261 - WinZip Computing, S.L. )
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{0DA49AC1-FBD9-4F26-89C4-42074DE9F500}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{12630C47-7373-4463-8C38-EF1F45D08BB8}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{149EE4A0-EE69-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\Palm\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{149EE4A0-EE69-11D2-AC32-006008E3F0A2}\localserver32 -> C:\Program Files\Palm\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{149EE4A1-EE69-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\Palm\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{149EE4A1-EE69-11D2-AC32-006008E3F0A2}\localserver32 -> C:\Program Files\Palm\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{164A4365-064D-494D-92C8-9303A5080157}\InprocServer32 -> C:\Program Files\Palm\SgCalendar.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{188047CE-0F0A-11D7-8331-00C04FA03755}\localserver32 -> C:\Program Files\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{1C43DF3D-E1C6-473E-9627-D7638EF63690}\InprocServer32 -> C:\Program Files\Palm\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{1D67C047-F016-11D6-831E-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PictPreview.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{1E8640C7-545F-4E6A-83F4-D92706C99E00}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{1FFD7892-06E4-4A0A-941E-BC966900C883}\InprocServer32 -> C:\Program Files\Palm\PhotoDesktop\Media.ocx (Palm, Inc. developed by ArcSoft, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{209DAEB8-0F02-11D7-8331-00C04FA03755}\localserver32 -> C:\Program Files\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{28B8F788-271C-4618-9F55-4B1B40E6DF16}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{28DC33AE-D0A8-40A7-A9EA-5F6598207496}\InprocServer32 -> C:\Program Files\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{2CE29E35-35AA-455F-894F-F70BE74DB639}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{2E0C66AC-5A87-4AFF-AC9F-93B33D43E4ED}\InprocServer32 -> C:\Program Files\Palm\SgDateAlarm.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{3193996D-1AC8-11D4-80CC-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\AlarmSvr.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{3597288E-FF31-49C2-A58A-EA88F3CEDD42}\InprocServer32 -> C:\Program Files\Palm\SgCalendar.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{3B33746E-C60D-4213-9438-B36424338150}\InprocServer32 -> C:\Program Files\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{3B52D512-935F-11D6-82D4-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\InprocServer32 -> C:\econfig\cfgViews\richtx32.ocx => No File
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{3CF39B9A-0CF8-4792-A918-67573260BDBE}\InprocServer32 -> C:\Program Files\Palm\PhotoDesktop\Media.ocx (Palm, Inc. developed by ArcSoft, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{4054F903-7C40-43D0-8ACE-3F5D73A9890C}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{43F73EA1-92AE-11D6-82D3-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{496038FA-3891-4827-AFCD-A7B13B9FF75A}\InprocServer32 -> C:\Program Files\Palm\PhotoDesktop\PhotosPlugIn.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{49EB4C90-AE3D-4846-A719-F775FFEE600A}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{53DEC138-A51E-11D2-861E-00C04FA35C89}\InprocServer32 -> C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.3.20110915-1350\os\win32\x86\tlogpsdll.dll ()
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{55c1654e-09b5-4801-8b4e-13e42fb69d65}\localserver32 -> C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.3.20110915-1350\os\win32\x86\IEOOP.exe (IBM)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{57B98049-D96F-471B-942B-6B05CB2CFE0A}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{5AA15E20-EE68-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\Palm\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{61B7A221-D11F-4702-B5C0-79C492A726B9}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{6357BCA7-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\DefaultPlugin.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{6357BCB6-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PqiIcon.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{6357BCB9-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PqiIcon.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{6357BCBC-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PqiIcon.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{6357BCBE-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PqiIcon.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{6600B26A-CCCE-4EF9-870E-DAB97E489CDF}\InprocServer32 -> C:\Program Files\Palm\SgDateAlarm.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{660AF3D0-0EC6-4285-8447-B286B724687B}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{6c9c0659-0566-4349-abfd-833d49b9df36}\localserver32 -> "C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.1.2.200907141302\os\win32\x (the data entry has 63 more characters).
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{75C8163F-59DF-4C9D-BC00-D0419B2CED5B}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{763F9014-A89C-11D6-82E7-00C04FA03755}\localserver32 -> C:\Program Files\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{7686FC59-EA6F-11D5-823E-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\InstServ.dll (Palm, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{78547CB6-2D08-47F4-A1EB-AF576A33E433}\InprocServer32 -> C:\Program Files\Palm\SgContacts.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{7D11ED93-A77D-41FA-8EA5-5B39BC29E7F9}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{7DEBC7E0-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{7DEBC7E4-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{7DEBC7E6-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{7DEBC7E7-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{7DEBC7E9-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{80C297AB-A0CB-4CE4-A5F1-36EB810BE047}\InprocServer32 -> C:\Program Files\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{831B49E8-91A6-11D5-820F-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\ExpenseExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{831B49E9-91A6-11D5-820F-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\ExpenseExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{868C6D64-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\NotePadExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{868C6D65-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\NotePadExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{87001487-8B8A-4C40-BFEF-036F5BD5BAA3}\InprocServer32 -> C:\Program Files\Palm\PhotoDesktop\PhotosPlugIn.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{887A7C26-B4AF-4F22-BE5E-20C00D340C74}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{92DA540D-FCC0-442C-8F82-7F6C1DBD66C8}\InprocServer32 -> C:\Program Files\Palm\SgMemos.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A0C20550-9476-407C-BFB0-3C84C2639AE6}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A13FAF1A-6069-40A4-AD5F-110EFA282490}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A1EED615-F007-4D40-9C06-A3CCD3CB68E1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A4C43001-108F-48E8-B2FF-F174977EDF03}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A50DA40C-59F7-40A6-B2D1-748493584E9C}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A545EB9B-B12D-4BA6-8110-1D61A3566A93}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A61F01A5-CD25-4780-A3B9-041172CD6450}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{AB40E4E0-0F0C-11D7-8331-00C04FA03755}\localserver32 -> C:\Program Files\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{AD74B184-E73A-4565-A38C-1329A29C7260}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{AF04C884-2C5F-430F-97ED-6E127F47046C}\InprocServer32 -> C:\Program Files\Palm\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{AF478991-F6B0-40E8-856B-E80BE0677AFC}\InprocServer32 -> C:\Program Files\Palm\SgTasks.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{B2565128-0F22-11D7-8331-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{B2F7AF3C-0CA7-4EAE-BBBF-A748FBC500DD}\InprocServer32 -> C:\Program Files\Palm\SgMemos.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{B416D295-53BA-4E16-8D54-B80281643A8A}\InprocServer32 -> C:\Program Files\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{B53B7736-61FA-4EF3-8989-B83C80979D89}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{B9BF9DA9-1746-4C14-B53C-1826F81EAE0B}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{BD73860F-5142-44C9-B7C4-26CD2AB55477}\InprocServer32 -> C:\Program Files\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{BE1B5231-A3E2-11D6-82E3-00C04FA03755}\localserver32 -> C:\Program Files\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{BE1B5233-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{BE1B5235-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{BE44897A-EB38-11D5-823F-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\RegServ.dll ()
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{C0010C26-F44B-4BE2-9D65-04D3934C5E46}\InprocServer32 -> C:\Program Files\Palm\SgTasks.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{C11BCF07-4F91-4748-956E-2B4FFC9401C5}\InprocServer32 -> C:\Program Files\Palm\SgContacts.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{C2775C61-2C1C-4D50-A5E6-4814620116CD}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{C3DB9DF7-64EC-46EC-86C4-27668ABA9777}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{D75FA101-6942-47DF-88DF-353F30D35682}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{D79AC66C-BDB2-4028-B79A-F1465F8FBB56}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{DCDA65F9-134B-4333-BCA0-809306CB2F55}\InprocServer32 -> C:\Program Files\Palm\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{DD7731C5-1E16-4087-A57F-FEDCFBD8EB2B}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{DEF0B543-775C-4963-A116-DF304EE2C4DA}\InprocServer32 -> C:\Program Files\Palm\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{DFD4C164-AE18-11D6-82EC-00C04FA03755}\localserver32 -> C:\Program Files\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{E5A0FEE6-087B-4E48-BE06-5E1A1EF5E116}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{E851CFC8-5724-406D-9B36-11A44E72EA11}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{EE469827-4ED9-443B-9FB0-EFA81FEA6646}\InprocServer32 -> C:\Program Files\Palm\Components\DelDups.dll ( Palm, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{F0905939-16C0-4D2E-8F4F-73A4BEDEBE73}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{F1523FBD-0E09-4E8F-A952-B053B118FAAE}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{F21AC7C7-D6F5-11D6-8306-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll (Palm, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AVG-SSU_0516piz.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0516piz\AVG-Secure-Search-Update_0516piz.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PMTask.job => C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\Administrator\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Software995\Software995.com.lnk -> hxxp://www.software995.com (No File)

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Easy Unit Converter\Help.lnk -> C:\Program Files\Filesweb\EUC\uconvert.exe () -> hxxp://www.filesweb.com/easy_unit_converter.html

==================== Loaded Modules (Whitelisted) ==============

2012-12-14 12:50 - 2012-12-14 12:50 - 00107520 _____ () C:\WINDOWS\system32\FileMonitor32.dll
2012-11-16 20:41 - 2011-04-14 13:39 - 00086016 _____ () C:\Program Files\ThinkPad\ConnectUtilities\AcWrpc.dll
2009-03-23 20:04 - 2011-04-14 13:33 - 00044544 _____ () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll
2009-03-23 19:58 - 2009-04-16 13:41 - 00053248 ____N () C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
2009-03-23 19:58 - 2009-03-19 06:34 - 00196608 ____N () C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
2009-03-23 20:01 - 2006-06-29 23:57 - 00032768 _____ () C:\WINDOWS\system32\TpKmpSVC.exe
2012-12-14 12:51 - 2012-12-14 12:51 - 00011264 _____ () C:\Program Files\Avanquest\PowerDesk\DClickDesktopHook.dll
2011-08-28 23:19 - 2011-08-28 23:19 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2009-03-23 19:58 - 2009-04-16 13:39 - 00030720 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2010-09-22 15:18 - 2010-09-22 15:18 - 00075112 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2006-09-07 19:19 - 2006-09-07 19:19 - 00008704 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-09-22 15:18 - 2010-09-22 15:18 - 02860384 _____ () C:\WINDOWS\system32\btwicons.dll
2012-12-14 12:36 - 2012-12-14 12:36 - 00011264 _____ () C:\Program Files\Avanquest\PowerDesk\mxcview.dll
2012-12-14 12:37 - 2012-12-14 12:37 - 00111616 _____ () C:\Program Files\Avanquest\PowerDesk\mxgview.dll
2009-03-23 20:04 - 2011-04-14 13:33 - 00077824 _____ () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll
2009-03-23 19:58 - 2009-04-16 13:39 - 00049152 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
2009-03-23 20:04 - 2011-04-14 13:33 - 00258048 _____ () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
2012-06-28 12:18 - 2012-06-14 13:41 - 00184371 _____ () C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.7.2\pmonmh.exe
2016-07-07 18:26 - 2016-07-07 18:25 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll
2012-12-14 12:51 - 2012-12-14 12:51 - 00060416 _____ () C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
2012-12-06 10:59 - 2012-12-06 10:59 - 00967168 _____ () C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.1.20120110-2000\program\libxml2.dll
2012-12-06 10:59 - 2012-12-06 10:59 - 00163840 _____ () C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.basis.system.win32_3.0.1.20120110-2000\basis\program\libxslt.dll
2012-12-06 10:57 - 2012-12-06 10:57 - 00106496 _____ () C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.3.20110915-1350\os\win32\x86\comex.dll
2012-12-06 10:58 - 2012-12-06 10:58 - 00077824 _____ () C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.filetype.win32.x86_3.0.1.20120110-2000\seditorreg.dll
2012-12-06 10:59 - 2012-12-06 10:59 - 00139264 _____ () C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.basis.base.win32_3.0.1.20120110-2000\basis\program\NSLDAP32V50.dll
2016-07-07 18:46 - 2016-07-07 18:46 - 19455168 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll
2004-08-04 07:00 - 2013-01-02 08:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Onderhoudsadvies_leder.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\redisco.b.srl:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Sw_licenties.lwp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\WINDOWS:AstInfo [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 07:00 - 2013-07-22 20:29 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3277949548-3100964623-776316575-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.2
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CompanionLink => "c:\program files\companionlink\companionlink.exe" -Icon
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: SAOB Monitor => C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
MSCONFIG\startupreg: Tpam.exe => "C:\Program Files\IBM\Personal Communications\tpam.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe] => Enabled:SMC Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Symantec Client Security\Symantec AntiVirus\SNAC.EXE] => Enabled:SNAC Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Symantec Shared\ccApp.exe] => Enabled:Symantec Email
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\muzapp.exe] => Enabled:MUZ AOD APP player
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgdiagex.exe] => Enabled:AVG Diagnostics
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Restore Points =========================

01-07-2016 20:04:58 System Checkpoint
03-07-2016 16:58:07 Removed Lotus Notes 8.5.3.
03-07-2016 17:12:45 Removed Samsung Kies
03-07-2016 17:20:05 Verwijderd: Skype™ 6.3
03-07-2016 17:22:08 IBM Lotus Sametime Connect 8.5.1 verwijderd.
03-07-2016 17:26:41 Removed e-config
07-07-2016 17:36:52 Removed CompanionLink.
07-07-2016 17:40:59 Removed LotusLive Meetings for IBM
07-07-2016 17:41:46 Removed IBM Tivoli Storage Manager Client
07-07-2016 17:43:14 Verwijderd: IBM Personal Communications
07-07-2016 17:44:00 Removed IBM Tivoli Remote Control Ayúdame Premium Edition - Target.
07-07-2016 17:47:21 Removed Apple Application Support
07-07-2016 17:48:48 Verwijderd: Apple Software Update
07-07-2016 18:07:08 Removed Vodafone Mobile Connect Lite.
07-07-2016 18:10:07 Removed Tivoli Endpoint Manager Client.
07-07-2016 18:11:08 Removed Stickies
07-07-2016 18:13:17 Removed e-config Data Migration tool
07-07-2016 18:13:56 Removed GBS Solutions and Assets
07-07-2016 18:15:00 Removed Mobility Client
07-07-2016 18:30:29 Installed AVG 2016
07-07-2016 18:30:54 Installed AVG
11-07-2016 17:07:20 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Nokia 6120 classic
Description: Nokia 6120 classic
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2016 03:42:05 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: )
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymCorpUI.exe
Event Info: Free Memory
Action Taken: Logged
Actor Process: C:\Program Files\AVG\Av\avgui.exe (PID 5744)
Time: maandag 11 juli 2016 15:42:05

Error: (07/11/2016 03:42:05 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: )
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymCorpUI.exe
Event Info: Allocation Memory
Action Taken: Logged
Actor Process: C:\Program Files\AVG\Av\avgui.exe (PID 5744)
Time: maandag 11 juli 2016 15:42:05

Error: (07/11/2016 03:42:05 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: )
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymCorpUI.exe
Event Info: Write Memory
Action Taken: Logged
Actor Process: C:\Program Files\AVG\Av\avgui.exe (PID 5744)
Time: maandag 11 juli 2016 15:42:05

Error: (07/11/2016 03:41:46 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: T400)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymCorpUI.exe
Event Info: Resume Thread
Action Taken: Logged
Actor Process: C:\Program Files\Virtual Dimension\VirtualDimension.exe (PID 948)
Time: maandag 11 juli 2016 15:41:46

Error: (07/11/2016 03:41:46 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: T400)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymCorpUI.exe
Event Info: Write Memory
Action Taken: Logged
Actor Process: C:\Program Files\Virtual Dimension\VirtualDimension.exe (PID 948)
Time: maandag 11 juli 2016 15:41:46

Error: (07/11/2016 03:41:46 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: T400)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymCorpUI.exe
Event Info: Allocation Memory
Action Taken: Logged
Actor Process: C:\Program Files\Virtual Dimension\VirtualDimension.exe (PID 948)
Time: maandag 11 juli 2016 15:41:46

Error: (07/11/2016 03:41:46 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: T400)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymCorpUI.exe
Event Info: Create Thread
Action Taken: Logged
Actor Process: C:\Program Files\Virtual Dimension\VirtualDimension.exe (PID 948)
Time: maandag 11 juli 2016 15:41:46

Error: (07/11/2016 03:27:47 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: T400)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
Event Info: Resume Thread
Action Taken: Logged
Actor Process: C:\Program Files\Virtual Dimension\VirtualDimension.exe (PID 948)
Time: maandag 11 juli 2016 15:27:47

Error: (07/11/2016 03:27:47 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: T400)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
Event Info: Write Memory
Action Taken: Logged
Actor Process: C:\Program Files\Virtual Dimension\VirtualDimension.exe (PID 948)
Time: maandag 11 juli 2016 15:27:47

Error: (07/11/2016 03:27:47 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: T400)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
Event Info: Create Thread
Action Taken: Logged
Actor Process: C:\Program Files\Virtual Dimension\VirtualDimension.exe (PID 948)
Time: maandag 11 juli 2016 15:27:47

System errors:
=============
Error: (07/11/2016 03:56:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IBM Mobility Client Start Utility service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (07/11/2016 03:53:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/11/2016 03:53:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/11/2016 03:53:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/11/2016 03:53:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ThinkPad HDD APS Logging Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/11/2016 03:53:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/11/2016 03:53:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/11/2016 03:53:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (07/11/2016 03:53:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.

Error: (07/11/2016 03:53:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 82%
Total physical RAM: 1943.93 MB
Available physical RAM: 346.81 MB
Total Virtual: 3837.69 MB
Available Virtual: 2300.9 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:149.04 GB) (Free:23.04 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 64656469)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#4
Jr0x

Posted 18 July 2016 - 09:02 AM

Malware removal team

Malware Removal
1,830 posts

Hi Paul432220,

Move FRST to Desktop

I noticed that you did not run FRST from Desktop. Do note to move FRST from your C:\instexe folder to Desktop.

Also, your FRST run was outdated (ran on 11 July 2016). I would require you to run it again, and paste the latest FRST log and Addition log in your next reply.

#5
Paul432220

Posted 20 July 2016 - 07:27 AM

Member

Topic Starter
Member
78 posts

Hi Jr0X,

I have ran the FRST tool but now from my desktop as requested, i copy below the new FRST and addition logs,

Cheers, Paul

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2016
Ran by BE76601 (administrator) on T400 (20-07-2016 14:53:35)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: BE76601 (Available Profiles: BE76601)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(IBM) C:\Program Files\IBM\Java60\jre\bin\jqs.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
(Lenovo.) C:\WINDOWS\system32\TPHDEXLG.exe
() C:\WINDOWS\system32\TpKmpSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(BillP Studios) C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
() C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.7.2\pmonmh.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(IBM) C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\symphony.exe
(Symantec Corporation) C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
(Avanquest Software) C:\Program Files\Avanquest\PowerDesk\pddlghlp.exe
(IBM) C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.1.20120110-2000\program\soffice.bin
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [181536 2008-06-06] (Lenovo.)
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [BLOG] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [820520 2007-11-22] (Synaptics, Inc.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-31] (Lenovo Group Limited)
HKLM\...\Run: [TPKMAPHELPER] => C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [868352 2007-01-09] (Lenovo)
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [431464 2011-04-14] (Lenovo )
HKLM\...\Run: [ACWLIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [189800 2011-04-14] (Lenovo )
HKLM\...\Run: [PSQLLauncher] => "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
HKLM\...\Run: [Resume copy] => copyfstq.exe /startup
HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [222784 2005-12-12] (BillP Studios)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [pmonmh] => C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.7.2\pmonmh.exe [184371 2012-06-14] ()
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2011-11-07] (Symantec Corporation)
HKLM\...\Run: [LenovoAutoScrollUtility] => C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [43960 2010-04-01] (Lenovo Group Limited)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [5351184 2016-06-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [OpwareSE2] => C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [openvpn-gui] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [99328 2005-08-18] ()
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [ACT_APL] => "C:\Program Files\ACT\ACT for Windows\ACT_APL.exe"
Winlogon\Notify\ACNotify: C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACNotify.dll [2011-04-14] (Lenovo )
Winlogon\Notify\NavLogon:
HKLM\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [Virtual Dimension] => C:\Program Files\Virtual Dimension\VirtualDimension.exe
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [Cookienator] => C:\Program Files\Cookienator\cookienator.exe [1333472 2009-10-19] (CodeFromThe70s.org)
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [PDHookServer] => C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe [60416 2012-12-14] ()
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [SymphonyPreLoad] => "C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony" -nogui -nosplash
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [AeroSnap] => C:\Program Files\AeroSnap\AeroSnap.exe
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [NoDevMgrUpdate] 1
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [NoSaveSettings] 1
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Home] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Fullscreen] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Tools] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Print] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Edit] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Cut] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Copy] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Paste] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Encoding] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ss3dfo.scr [704512 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
Lsa: [Notification Packages] scecli PGPpwflt
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dialog Helper.lnk [2013-02-01]
ShortcutTarget: Dialog Helper.lnk -> C:\Program Files\Avanquest\PowerDesk\pddlghlp.exe (Avanquest Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk [2013-01-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IBM Connections Drafts Monitor.lnk [2012-03-07]
ShortcutTarget: IBM Connections Drafts Monitor.lnk -> C:\Program Files\IBM\Connections Files connectors\LFMonitor.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGP Tray.lnk [2016-07-20]
ShortcutTarget: PGP Tray.lnk -> C:\WINDOWS\Installer\{98F75B02-CCED-4568-9DEC-522A9512477E}\Icon6560581611.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.2
Tcpip\..\Interfaces\{DE4541DF-ED95-4A05-99DC-7EB9B77E2F9C}: [DhcpNameServer] 192.168.0.2
Tcpip\..\Interfaces\{F331C6FC-8137-4709-A97C-4D7B168CCA6C}: [DhcpNameServer] 192.168.0.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3277949548-3100964623-776316575-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://w3.ibm.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> {A455E32A-3DE6-47CC-B4C2-7E006963690A} URL = hxxp://w3.ibm.com/bluepages/simpleSearch.wss?searchFor={searchTerms}&searchBy=name&sourceid=Mozilla-search
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> {C4D5EAC9-67DA-4B95-832B-0EFE686B77D4} URL = hxxps://w3.ibm.com/connections/search/web/search?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> {FE206555-0DAA-495B-A428-01631917F40B} URL = hxxp://w3.ibm.com/search/do/search?queryType=simple&qt={searchTerms}&w3scope=w3General&sourceid=Mozilla-search
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\IBM\Java60\jre\bin\ssv.dll [2013-04-24] (IBM)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll [2013-04-24] (IBM)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ie\jqs_plugin.dll [2013-04-24] (IBM)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-06-28] (CANON INC.)
Toolbar: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> No Name - {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} - No File
Toolbar: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
Toolbar: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-06-28] (CANON INC.)
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} hxxps://www-03.ibm.com/qp2.cab
DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228972592890
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228972560421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://
DPF: {8B8A0588-356B-431E-A4C3-A56553266DAA} hxxps://w3-501.ibm.com/transform/crm/europe/be/callcenter/21219/applets/SiebelAx_Smartscript.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} hxxp://w3.ibm.com/bluepages/scripts/lnwebassist.cab
DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} hxxp://w3-03.ibm.com/tools/print/plugin/gpwsx.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://
DPF: {DF9541C7-3923-4229-B24C-2AFE7DE3FEC1} hxxps://w3-501.ibm.com/transform/crm/europe/be/sales/21112/applets/SiebelAx_Smartscript.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aoadyda8.default-1372317202890
FF Homepage: hxxp://www.google.be/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-07-07] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2011-10-17] (Google)
FF Plugin: @ibm.com/Java -> C:\Program Files\IBM\Java50\jre\bin\npoji610.dll [2008-10-23] (IBM)
FF Plugin: @ibm.com/Java142 -> C:\Program Files\IBM\Java142\jre\bin\npoji610.dll [No File]
FF Plugin: @IBM.com/JavaPlugin -> C:\Program Files\IBM\Java60\jre\bin\plugin2\npjp2.dll [2013-04-24] (IBM)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-06-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-06] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-18] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npcpsweb.dll [2010-08-02] (IBM )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll [2009-09-23] (NOS Microsystems Ltd.)
FF Extension: IE Tab - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aoadyda8.default-1372317202890\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2016-07-03]
FF Extension: Download Statusbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aoadyda8.default-1372317202890\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2016-07-03]
FF Extension: IBM Add To Notes Address Book BluePages Plugin - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aoadyda8.default-1372317202890\Extensions\[email protected] [2013-07-03] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-07-07] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-07-07] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-11] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ff [2013-07-03] [not signed]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4092672 2016-06-29] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [890128 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [594904 2016-06-29] (AVG Technologies CZ, s.r.o.)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-11-07] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2011-11-07] (Symantec Corporation)
R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [233472 2013-05-22] (Teruten) [File not signed]
S4 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
S4 gupdate1ca1825452a051e; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-08-08] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\IBM\Java60\jre\bin\jqs.exe [158016 2013-04-24] (IBM)
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2011-04-04] (Lenovo Group Limited)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-09-07] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 PGP RDD Service; C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe [1588544 2012-07-21] (Symantec Corporation)
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [53248 2009-04-16] () [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [966656 2010-10-19] (Intel® Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 SmcService; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe [1893728 2011-11-07] (Symantec Corporation)
S4 SNAC; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SNAC.EXE [357744 2011-11-07] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [1839776 2011-11-07] (Symantec Corporation)
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [130920 2011-04-20] (Lenovo Group Limited)
R2 TpKmpSVC; C:\WINDOWS\system32\TpKmpSVC.exe [32768 2006-06-29] () [File not signed]
S2 artstartsvc; C:\Program Files\IBM\Mobility Client\artstartsvc.exe [X]
S2 ISAMsmt; C:\Program Files\C4ebreg\isamsmt.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 ANC; C:\WINDOWS\System32\drivers\ANC.SYS [11520 2011-04-08] (IBM Corp.) [File not signed]
R2 Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [243456 2016-06-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [201472 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [212736 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [191744 2016-06-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [217344 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-01] (AVG Technologies CZ, s.r.o.)
S3 avpnnic; C:\WINDOWS\System32\DRIVERS\avpnnic.sys [11392 2009-10-07] (AT&T) [File not signed]
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [533152 2009-09-18] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [993576 2010-09-23] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2008-07-24] (Broadcom Corporation.)
S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37032 2008-02-04] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [51752 2010-09-16] (Broadcom Corporation.)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [754176 2008-05-22] (Conexant Systems Inc.)
S3 COH_Mon; C:\WINDOWS\system32\Drivers\COH_Mon.sys [23888 2011-11-07] (Symantec Corporation)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [243856 2008-09-19] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-05-19] (Symantec Corporation)
R2 EGATHDRV; C:\WINDOWS\SYSTEM32\EGATHDRV.SYS [17104 2012-02-09] (IBM Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-05-19] (Symantec Corporation)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed]
S3 GTF32BUS; C:\WINDOWS\System32\DRIVERS\gtf32bus.sys [32000 2006-03-28] (Option N.V.)
S3 GTPTSER; C:\WINDOWS\System32\DRIVERS\gtptser.sys [8064 2007-04-14] (Option N.V.) [File not signed]
S3 GTSCSER; C:\WINDOWS\System32\DRIVERS\gtscser.sys [18944 2006-03-28] (Option N.V.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210560 2008-04-10] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985472 2008-04-10] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2011-04-08] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-07-20] (Malwarebytes)
R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140524.016\NAVENG.SYS [93272 2014-05-19] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140524.016\NAVEX15.SYS [1612376 2014-05-19] (Symantec Corporation)
R3 NETwNx32; C:\WINDOWS\System32\DRIVERS\NETwNx32.sys [6913920 2010-10-18] (Intel Corporation)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16694 2009-05-10] (PalmSource, Inc.)
R2 PGPdisk; C:\WINDOWS\system32\Drivers\PGPdisk.sys [244448 2012-07-21] (Symantec Corporation)
R1 PGPsdkDriver; C:\WINDOWS\System32\Drivers\PGPsdk.sys [41520 2012-07-21] (Symantec Corporation)
R0 PGPwded; C:\WINDOWS\system32\Drivers\PGPwded.sys [312952 2012-07-21] (Symantec Corporation)
R0 Pgpwdefs; C:\WINDOWS\System32\DRIVERS\Pgpwdefs.sys [14792 2012-07-21] (Symantec Corporation)
R2 PMEM; C:\WINDOWS\system32\drivers\PMEMNT.SYS [7012 2008-10-10] (Microsoft Corporation) [File not signed]
S3 pneteth; C:\WINDOWS\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2011-11-07] (Symantec Corporation)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [284720 2011-11-07] (Symantec Corporation)
S3 SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [320944 2011-11-07] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [43696 2011-11-07] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [125488 2011-11-22] (Symantec Corporation)
R3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [26416 2011-11-07] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [188080 2011-11-07] (Symantec Corporation)
R1 SysPlant; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [99696 2011-11-07] (Symantec Corporation)
S3 tap0801; C:\WINDOWS\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project) [File not signed]
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26112 2010-08-20] (The OpenVPN Project) [File not signed]
R3 Teefer2; C:\WINDOWS\System32\DRIVERS\teefer2.sys [67472 2011-11-07] (Symantec Corporation)
R2 TGRAB; C:\WINDOWS\system32\tgrab.sys [8288 2012-02-09] () [File not signed]
R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R3 tpm; C:\WINDOWS\System32\DRIVERS\tpm.sys [13824 2008-03-26] (Intel Corporation)
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2004-11-30] () [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [4608 2008-07-31] () [File not signed]
S3 wcndis; C:\WINDOWS\System32\DRIVERS\wcndis.sys [8704 2006-01-30] () [File not signed]
R1 WPS; C:\WINDOWS\system32\drivers\wpsdrvnt.sys [43888 2011-11-07] (Symantec Corporation)
R3 WpsHelper; C:\WINDOWS\system32\drivers\WpsHelper.sys [174056 2012-09-30] (Symantec Corporation)
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X]
S3 ibm4610drv; System32\Drivers\Ibm4610drv.sys [X]
S3 NETw5x32; system32\DRIVERS\NETw5x32.sys [X]
S3 optousb; system32\DRIVERS\optousb.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-14] (Microsoft Corporation)
S3 TSClient; system32\drivers\tsclient.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-20 14:53 - 2016-07-20 14:55 - 00033767 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-07-17 18:29 - 2016-07-17 18:28 - 00114688 _____ C:\WINDOWS\Minidump\Mini071716-01.dmp
2016-07-17 18:08 - 2016-07-17 18:26 - 00000000 ___SD C:\ComboFix
2016-07-11 21:28 - 2016-07-11 21:35 - 00000000 ____D C:\Program Files\FreeCommander XE
2016-07-11 21:28 - 2016-07-11 21:28 - 00000773 _____ C:\Documents and Settings\Administrator\Desktop\FreeCommander XE.lnk
2016-07-11 21:28 - 2016-07-11 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FreeCommander XE
2016-07-11 21:28 - 2016-07-11 21:28 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\FreeCommanderXE
2016-07-11 20:53 - 2016-07-11 20:52 - 00114688 _____ C:\WINDOWS\Minidump\Mini071116-03.dmp
2016-07-11 20:39 - 2016-07-11 20:39 - 00114688 _____ C:\WINDOWS\Minidump\Mini071116-02.dmp
2016-07-11 17:59 - 2016-07-11 17:59 - 00114688 _____ C:\WINDOWS\Minidump\Mini071116-01.dmp
2016-07-11 17:30 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2016-07-11 17:30 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2016-07-11 17:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2016-07-11 17:26 - 2016-07-11 17:30 - 00000000 ____D C:\Qoobox
2016-07-11 17:26 - 2016-07-11 17:26 - 00000000 ____D C:\WINDOWS\erdnt
2016-07-11 17:24 - 2016-07-11 17:25 - 05659622 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
2016-07-11 17:09 - 2016-07-20 14:46 - 01741824 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2016-07-11 16:39 - 2016-07-20 14:53 - 00000000 ____D C:\FRST
2016-07-11 16:29 - 2016-07-11 16:31 - 00111442 _____ C:\TDSSKiller.3.1.0.9_11.07.2016_16.29.28_log.txt
2016-07-11 15:50 - 2016-07-11 15:53 - 00000000 ____D C:\AdwCleaner
2016-07-08 11:04 - 2016-07-17 19:47 - 00173288 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2016-07-07 23:56 - 2016-07-20 14:33 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-07 23:55 - 2016-07-07 23:55 - 00000787 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-07 23:55 - 2016-07-07 23:55 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-07 23:55 - 2016-07-07 23:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-07 23:55 - 2016-07-07 23:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-07-07 23:55 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-07 23:55 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-07-07 18:44 - 2016-07-07 18:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-07 18:37 - 2016-07-20 14:33 - 00000424 _____ C:\WINDOWS\Tasks\AVG-SSU_0516piz.job
2016-07-07 18:37 - 2016-07-07 18:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg_Update_0516piz
2016-07-07 18:34 - 2016-07-07 18:34 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG
2016-07-07 18:33 - 2016-07-07 18:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2016-07-07 18:33 - 2016-07-07 18:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2016-07-07 18:31 - 2016-07-07 18:31 - 00000000 ___HD C:\$AVG
2016-07-07 18:29 - 2016-07-20 14:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2016-07-07 18:29 - 2016-07-07 18:29 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2016-07-07 18:29 - 2016-07-07 18:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Zen
2016-07-07 18:29 - 2016-07-07 18:29 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
2016-07-07 18:26 - 2016-07-07 18:30 - 00000000 ____D C:\Program Files\AVG
2016-07-07 18:24 - 2016-07-07 18:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg
2016-07-07 18:24 - 2016-07-07 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2016-07-07 18:24 - 2016-07-07 18:29 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\AvgSetupLog
2016-07-07 18:23 - 2016-07-17 18:06 - 00000000 ____D C:\instexe
2016-07-07 18:14 - 2016-07-20 14:44 - 00000820 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2016-07-03 17:26 - 2016-07-03 17:26 - 00000495 _____ C:\WINDOWS\VersataQIuninstall.iss

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-20 14:55 - 2005-04-04 19:48 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-07-20 14:35 - 2009-03-23 19:58 - 00000304 _____ C:\WINDOWS\Tasks\PMTask.job
2016-07-20 14:33 - 2004-08-04 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-07-20 14:31 - 2005-04-04 19:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-17 19:47 - 2013-03-15 09:12 - 00032414 _____ C:\WINDOWS\SchedLgU.Txt
2016-07-17 19:47 - 2005-04-04 19:48 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-07-17 18:29 - 2009-12-01 09:09 - 00000000 ____D C:\WINDOWS\Minidump
2016-07-17 18:29 - 2009-04-28 00:43 - 00000000 __SHD C:\WINDOWS\CSC
2016-07-11 20:36 - 2009-05-08 20:11 - 00000000 ___RD C:\$user
2016-07-11 17:46 - 2009-08-28 08:46 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
2016-07-11 15:38 - 2005-04-04 20:34 - 00000294 ___SH C:\boot.ini
2016-07-11 15:38 - 2004-08-04 07:00 - 00000573 _____ C:\WINDOWS\win.ini
2016-07-11 15:38 - 2004-08-04 07:00 - 00000274 _____ C:\WINDOWS\system.ini
2016-07-08 11:11 - 2005-04-04 19:43 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-07-08 11:05 - 2005-04-04 20:28 - 00000000 ____D C:\WINDOWS\system
2016-07-08 10:24 - 2009-06-29 08:55 - 00000000 ____D C:\WINDOWS\pss
2016-07-08 10:19 - 2005-04-04 20:28 - 00000000 ___HD C:\WINDOWS\inf
2016-07-08 10:13 - 2012-05-03 22:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-08 10:13 - 2009-05-08 20:21 - 00000000 ____D C:\Program Files\Yahoo!
2016-07-08 10:13 - 2005-04-04 20:34 - 00332760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-08 10:09 - 2005-04-04 19:48 - 00000000 ____D C:\Documents and Settings\Administrator
2016-07-07 22:08 - 2007-03-06 00:02 - 00000000 ____D C:\temp
2016-07-07 21:21 - 2009-03-23 21:09 - 00000000 ____D C:\ecountry
2016-07-07 18:46 - 2012-04-03 15:15 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-07-07 18:46 - 2011-06-08 07:37 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-07-07 18:46 - 2006-04-12 04:08 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2016-07-07 18:24 - 2005-04-04 20:17 - 00091560 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-07-07 18:15 - 2009-05-09 16:16 - 00000000 ____D C:\Program Files\MonkMerg
2016-07-07 18:15 - 2005-04-05 21:45 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-07-07 18:15 - 2005-04-04 22:08 - 00000000 ____D C:\Program Files\IBM
2016-07-07 18:14 - 2009-08-08 14:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2016-07-07 18:14 - 2009-08-08 14:38 - 00000000 ____D C:\Program Files\Google
2016-07-07 18:10 - 2012-03-25 21:08 - 00000000 ____D C:\Program Files\TeamViewer
2016-07-07 18:05 - 2009-05-09 16:14 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Yahoo!
2016-07-07 18:05 - 2009-05-09 16:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo!
2016-07-07 17:55 - 2009-03-23 19:52 - 00000000 ____D C:\Program Files\CONEXANT
2016-07-07 17:49 - 2006-03-27 23:50 - 00000000 ____D C:\Program Files\WST
2016-07-07 17:44 - 2005-04-05 21:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IBM
2016-07-07 17:43 - 2005-04-05 21:45 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2016-07-07 17:41 - 2008-11-15 01:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tivoli Storage Manager
2016-07-07 17:39 - 2011-10-21 17:57 - 00000000 ____D C:\Program Files\CoreFTP
2016-07-07 17:39 - 2011-10-21 17:57 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Core FTP
2016-07-07 17:36 - 2012-12-27 18:26 - 00000000 ____D C:\Program Files\CompanionLink
2016-07-03 20:41 - 2006-04-12 04:08 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-07-03 17:46 - 2009-03-23 20:04 - 00000000 ____D C:\Program Files\AT&T Network Client
2016-07-03 17:41 - 2005-04-04 20:17 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
2016-07-03 17:39 - 2009-05-09 16:09 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
2016-07-03 17:26 - 2009-05-08 11:29 - 00000000 ____D C:\epricer
2016-07-03 17:20 - 2013-01-13 18:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2016-07-03 17:20 - 2013-01-13 18:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-07-03 17:13 - 2012-02-25 10:43 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Samsung
2016-07-03 17:13 - 2012-02-24 13:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
2016-07-03 17:13 - 2012-02-24 13:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Samsung
2016-07-03 17:10 - 2013-04-23 17:55 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Juniper Networks
2016-07-03 17:02 - 2010-01-12 14:19 - 00000000 ____D C:\notes
2016-07-01 20:19 - 2009-10-10 10:09 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat

==================== Files in the root of some directories =======

2013-07-12 18:34 - 2013-07-12 18:34 - 0000664 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.tmp
2009-08-05 09:09 - 2011-12-29 17:35 - 0009216 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-05-16 20:17 - 2009-05-16 20:17 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2013-02-23 17:46 - 2013-02-23 17:46 - 0338815 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\speeddial.crx
2011-05-20 07:46 - 2011-05-20 07:46 - 8892928 _____ () C:\Documents and Settings\All Users\Application Data\atscie.msi
2009-05-16 21:02 - 2013-12-17 22:12 - 0004096 _____ () C:\Documents and Settings\All Users\Application Data\ScheduledItems

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2016
Ran by BE76601 (2016-07-20 14:56:00)
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2009-04-27 22:41:43)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

ASPNET (S-1-5-21-3277949548-3100964623-776316575-1003 - Limited - Enabled)
BE76601 (S-1-5-21-3277949548-3100964623-776316575-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-3277949548-3100964623-776316575-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3277949548-3100964623-776316575-1005 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3277949548-3100964623-776316575-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec Endpoint Protection (Enabled - Out of date) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection (Disabled) {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Connect Add-in (HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Adobe Acrobat Connect Add-in) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.48 - NOS Microsystems Ltd.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
AFP Workbench for Windows (HKLM\...\{53A93780-6073-4207-A729-A99A30AFDE40}) (Version: 1.58 - IBM - Printing Systems Division)
A-PDF Restrictions Remover (HKLM\...\A-PDF Restrictions Remover_is1) (Version: - A-PDF Solution)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
Asterisk Key (HKLM\...\Asterisk Key) (Version: - )
AttributeMagic Pro (HKLM\...\AMPro) (Version: - Elwinsoft)
AVG (HKLM\...\AvgZen) (Version: 1.72.2.24716 - AVG Technologies)
AVG (Version: 16.91.7688 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4627 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.91.7688 - AVG Technologies)
AVG Zen (Version: 1.72.1 - AVG Technologies) Hidden
Beyond Compare Version 3.3.5 (HKLM\...\BeyondCompare3_is1) (Version: - Scooter Software)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MG6100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series) (Version: - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6215.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 3.53.0.0 - Conexant)
Cookienator (HKLM\...\{BF307EDA-A176-4D83-9775-D337810CF7A7}) (Version: 2.6.41 - CodeFromThe70s.org)
CVE-2012-4792 (HKLM\...\{a1447a51-d8b1-4e93-bb19-82bd20da6fd2}.sdb) (Version: - )
DAO (HKLM\...\DAO) (Version: - )
Desktop Restore (HKLM\...\{228CEA74-6DD1-40B9-B95F-77273F4316B5}) (Version: 1.6.3 - JOConnell)
Documents To Go (HKLM\...\{BF7BE540-A2D9-41C1-AFD3-1842CEE0B16C}) (Version: 9.000.111 - DataViz Inc.)
Easy Unit Converter 1.21 (HKLM\...\Easy Unit Converter_is1) (Version: - )
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version: - )
FastStone Image Viewer 4.6 (HKLM\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
FileZilla Client 3.5.1 (HKLM\...\FileZilla Client) (Version: 3.5.1 - FileZilla Project)
Flash Movie Player 1.5 (HKLM\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
Foxit Reader (HKLM\...\{E52C258D-DCF6-411B-B690-06DAC5009F37}) (Version: 3.0.2009.1506 - Foxit Software)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.0.6.722 - Foxit Corporation)
FreeCommander XE (HKLM\...\FreeCommander XE_is1) (Version: - Marek Jasinski)
Gebruikersregistratie voor Canon MG6100 series (HKLM\...\Gebruikersregistratie voor Canon MG6100 series) (Version: - )
Genie Backup Manager Home 7.0 (HKLM\...\{C39D2BC1-15AA-4221-A16D-71833F97450D}_is1) (Version: - Genie-Soft)
Google Earth (HKLM\...\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}) (Version: 6.1.0.5001 - Google)
Google Update Helper (Version: 1.3.21.123 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
HexEdit (HKLM\...\{6EC2F8D1-6303-4E49-9F17-4D537C648F5C}) (Version: 3.0.0 - Expert Commercial Software Pty Ltd)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation)
IBM 32-bit Runtime Environment for Java 2, v5.0 (HKLM\...\InstallShield_{4F3AFB85-B972-4621-AEB6-6C22317E145B}) (Version: 5.0 - IBM)
IBM 32-bit Runtime Environment for Java 2, v5.0 (Version: 5.0 - IBM) Hidden
IBM 32-bit Runtime Environment for Java v6 (HKLM\...\InstallShield_{75E7FEE8-16B1-4B1D-82B4-9594A38EDF76}) (Version: 6 - IBM)
IBM 32-bit Runtime Environment for Java v6 (Version: 6 - IBM) Hidden
IBM E-Pricer 11.3 (HKLM\...\{581D6519-D199-47A4-A31A-C75B14737CF9}) (Version: - )
IBM Lotus Sametime Advanced Embedded 8.5.1 (HKLM\...\{FE796A5A-97FE-4C5F-899A-FBB599B4A649}) (Version: 8.5.1.20110610-1701 - Uw bedrijfsnaam)
IBM Lotus Symphony (HKLM\...\{638b91e2-b5ee-49f3-8348-be72f2d65d13}) (Version: 3.01.12011 - IBM)
IBM My Help (HKLM\...\{DFF415AC-3883-4338-9365-DDCB74A0CFBA}) (Version: 1.7.8 - IBM)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{F8F28729-B336-492C-B4FD-53A9BBDF0482}) (Version: 13.04.0000 - Intel Corporation)
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.285 - InterVideo Inc.)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.250 - Oracle)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.99 - Symantec Corporation)
Lotus SmartSuite - English (HKLM\...\{536D6172-7453-7569-7465-392E38300409}) (Version: 9.8.0 - Lotus Development Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft GIF Animator (HKLM\...\GIF Animator) (Version: - )
Microsoft Office 2003 Proofing Tools (HKLM\...\{901F0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{90120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Viewer 2007 (HKLM\...\{95120000-0052-0409-0000-0000000FF1CE}) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Project Standard 2002 (HKLM\...\{903A0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2915.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version: - Microsoft Corporation)
Microsoft Visio Professional 2002 SR-1 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.1.2514 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Journal Viewer (HKLM\...\{43DCF766-6838-4F9A-8C91-D92DA586DFA7}) (Version: 1.5.2315.3 - Microsoft)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation)
My Help - Workstation Setup Wizard (HKLM\...\{7D968F83-A23F-40F7-937C-A3B5A0C44048}) (Version: 1.0 - IBM)
NetObjects Fusion MX (HKLM\...\NetObjects Fusion MX) (Version: - )
NPIF Network Print Information Frontend (HKLM\...\NPIF Network Print Information Frontend) (Version: - )
OmniPage SE 2.0 (HKLM\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
Palm (HKLM\...\{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}) (Version: 4.1.0420 - Palm, Inc.)
PC Connectivity Solution (HKLM\...\{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}) (Version: 10.50.2.0 - Nokia)
PGP Desktop (HKLM\...\{98F75B02-CCED-4568-9DEC-522A9512477E}) (Version: 10.2.1.4869 - PGP Corporation)
PowerDesk 9 (HKLM\...\{C4E1D1E5-0F67-463D-BD07-A24742AA7469}) (Version: 9.0.0.0 - Avanquest North America Inc.)
Presentation Director (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 4.01 - )
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Roxio DigitalMedia Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio DigitalMedia Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio DigitalMedia Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden
ShellExView (HKLM\...\ShellExView) (Version: 1.37 - NirSoft)
SourceGear DiffMerge (HKLM\...\{69440E1E-7D34-4C00-B878-9412B1707F1C}) (Version: 3.2.0.18185 - SourceGear)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Startup Delayer v2.5 (build 138) (HKLM\...\Startup Delayer) (Version: - )
SuperCat 4.4 (HKLM\...\SuperCat_is1) (Version: - )
Symantec Endpoint Protection (HKLM\...\{84B70C16-7032-41EE-965C-3C8D9D566CBB}) (Version: 11.0.6200.754 - Symantec Corporation)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.5.0.9700 - Lenovo)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.30 - )
ThinkPad Keyboard Customizer Utility (HKLM\...\{2111B23F-7FDA-4A41-8309-E5A1663CA296}) (Version: 1.3.53.0 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.62.00.00 - )
ThinkPad Power Manager (HKLM\...\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}) (Version: 1.60 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.3.6 - )
ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.04 - )
ThinkVantage Access Connections (HKLM\...\{7EB114D8-207F-45AE-BABD-1669715F2630}) (Version: 5.83 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.61 - Lenovo)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
Universal Viewer (ATViewer) (HKLM\...\Universal Viewer) (Version: - UVViewSoft)
Unlocker 1.8.5 (HKLM\...\Unlocker) (Version: 1.8.5 - Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WebEx Support Manager for Internet Explorer (HKLM\...\{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}) (Version: 6.5.4917 - WebEx Communications Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Weergave op scherm (HKLM\...\OnScreenDisplay) (Version: 6.42.00 - )
Windows Configurator v0.6 (HKLM\...\Windows Configurator_is1) (Version: - Leszek Skorczyñski)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.8.0031.9 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Windows XP Video Screensaver Powertoy (HKLM\...\Windows XP Video Screensaver Powertoy_is1) (Version: - )
WinPatrol (HKLM\...\WinPatrol) (Version: - )
WinSCP 4.0.5 (HKLM\...\winscp3_is1) (Version: 4.0.5 - Martin Prikryl)
WinZip 11.2 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}) (Version: 11.3.8261 - WinZip Computing, S.L. )
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{0DA49AC1-FBD9-4F26-89C4-42074DE9F500}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{12630C47-7373-4463-8C38-EF1F45D08BB8}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{149EE4A0-EE69-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\Palm\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{149EE4A0-EE69-11D2-AC32-006008E3F0A2}\localserver32 -> C:\Program Files\Palm\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{149EE4A1-EE69-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\Palm\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{149EE4A1-EE69-11D2-AC32-006008E3F0A2}\localserver32 -> C:\Program Files\Palm\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{164A4365-064D-494D-92C8-9303A5080157}\InprocServer32 -> C:\Program Files\Palm\SgCalendar.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{188047CE-0F0A-11D7-8331-00C04FA03755}\localserver32 -> C:\Program Files\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{1C43DF3D-E1C6-473E-9627-D7638EF63690}\InprocServer32 -> C:\Program Files\Palm\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{1D67C047-F016-11D6-831E-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PictPreview.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{1E8640C7-545F-4E6A-83F4-D92706C99E00}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{1FFD7892-06E4-4A0A-941E-BC966900C883}\InprocServer32 -> C:\Program Files\Palm\PhotoDesktop\Media.ocx (Palm, Inc. developed by ArcSoft, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{209DAEB8-0F02-11D7-8331-00C04FA03755}\localserver32 -> C:\Program Files\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{28B8F788-271C-4618-9F55-4B1B40E6DF16}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{28DC33AE-D0A8-40A7-A9EA-5F6598207496}\InprocServer32 -> C:\Program Files\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{2CE29E35-35AA-455F-894F-F70BE74DB639}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{2E0C66AC-5A87-4AFF-AC9F-93B33D43E4ED}\InprocServer32 -> C:\Program Files\Palm\SgDateAlarm.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{3193996D-1AC8-11D4-80CC-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\AlarmSvr.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{3597288E-FF31-49C2-A58A-EA88F3CEDD42}\InprocServer32 -> C:\Program Files\Palm\SgCalendar.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{3B33746E-C60D-4213-9438-B36424338150}\InprocServer32 -> C:\Program Files\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{3B52D512-935F-11D6-82D4-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\InprocServer32 -> C:\econfig\cfgViews\richtx32.ocx => No File
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{3CF39B9A-0CF8-4792-A918-67573260BDBE}\InprocServer32 -> C:\Program Files\Palm\PhotoDesktop\Media.ocx (Palm, Inc. developed by ArcSoft, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{4054F903-7C40-43D0-8ACE-3F5D73A9890C}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{43F73EA1-92AE-11D6-82D3-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{496038FA-3891-4827-AFCD-A7B13B9FF75A}\InprocServer32 -> C:\Program Files\Palm\PhotoDesktop\PhotosPlugIn.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{49EB4C90-AE3D-4846-A719-F775FFEE600A}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{53DEC138-A51E-11D2-861E-00C04FA35C89}\InprocServer32 -> C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.3.20110915-1350\os\win32\x86\tlogpsdll.dll ()
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{55c1654e-09b5-4801-8b4e-13e42fb69d65}\localserver32 -> C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.3.20110915-1350\os\win32\x86\IEOOP.exe (IBM)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{57B98049-D96F-471B-942B-6B05CB2CFE0A}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{5AA15E20-EE68-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\Palm\ComConduit.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{61B7A221-D11F-4702-B5C0-79C492A726B9}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{6357BCA7-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\DefaultPlugin.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{6357BCB6-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PqiIcon.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{6357BCB9-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PqiIcon.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{6357BCBC-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PqiIcon.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{6357BCBE-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PqiIcon.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{6600B26A-CCCE-4EF9-870E-DAB97E489CDF}\InprocServer32 -> C:\Program Files\Palm\SgDateAlarm.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{660AF3D0-0EC6-4285-8447-B286B724687B}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{6c9c0659-0566-4349-abfd-833d49b9df36}\localserver32 -> "C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.1.2.200907141302\os\win32\x (the data entry has 63 more characters).
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{75C8163F-59DF-4C9D-BC00-D0419B2CED5B}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{763F9014-A89C-11D6-82E7-00C04FA03755}\localserver32 -> C:\Program Files\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{7686FC59-EA6F-11D5-823E-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\InstServ.dll (Palm, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{78547CB6-2D08-47F4-A1EB-AF576A33E433}\InprocServer32 -> C:\Program Files\Palm\SgContacts.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{7D11ED93-A77D-41FA-8EA5-5B39BC29E7F9}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{7DEBC7E0-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{7DEBC7E4-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{7DEBC7E6-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{7DEBC7E7-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{7DEBC7E9-FA1F-11D2-AC32-006008E3F0A2}\InprocServer32 -> C:\Program Files\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{80C297AB-A0CB-4CE4-A5F1-36EB810BE047}\InprocServer32 -> C:\Program Files\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{831B49E8-91A6-11D5-820F-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\ExpenseExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{831B49E9-91A6-11D5-820F-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\ExpenseExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{868C6D64-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\NotePadExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{868C6D65-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\NotePadExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{87001487-8B8A-4C40-BFEF-036F5BD5BAA3}\InprocServer32 -> C:\Program Files\Palm\PhotoDesktop\PhotosPlugIn.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{887A7C26-B4AF-4F22-BE5E-20C00D340C74}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{92DA540D-FCC0-442C-8F82-7F6C1DBD66C8}\InprocServer32 -> C:\Program Files\Palm\SgMemos.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A0C20550-9476-407C-BFB0-3C84C2639AE6}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A13FAF1A-6069-40A4-AD5F-110EFA282490}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A1EED615-F007-4D40-9C06-A3CCD3CB68E1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A4C43001-108F-48E8-B2FF-F174977EDF03}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A50DA40C-59F7-40A6-B2D1-748493584E9C}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A545EB9B-B12D-4BA6-8110-1D61A3566A93}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A61F01A5-CD25-4780-A3B9-041172CD6450}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{AB40E4E0-0F0C-11D7-8331-00C04FA03755}\localserver32 -> C:\Program Files\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{AD74B184-E73A-4565-A38C-1329A29C7260}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{AF04C884-2C5F-430F-97ED-6E127F47046C}\InprocServer32 -> C:\Program Files\Palm\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{AF478991-F6B0-40E8-856B-E80BE0677AFC}\InprocServer32 -> C:\Program Files\Palm\SgTasks.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{B2565128-0F22-11D7-8331-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{B2F7AF3C-0CA7-4EAE-BBBF-A748FBC500DD}\InprocServer32 -> C:\Program Files\Palm\SgMemos.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{B416D295-53BA-4E16-8D54-B80281643A8A}\InprocServer32 -> C:\Program Files\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{B53B7736-61FA-4EF3-8989-B83C80979D89}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{B9BF9DA9-1746-4C14-B53C-1826F81EAE0B}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{BD73860F-5142-44C9-B7C4-26CD2AB55477}\InprocServer32 -> C:\Program Files\Palm\ComDirect.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{BE1B5231-A3E2-11D6-82E3-00C04FA03755}\localserver32 -> C:\Program Files\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{BE1B5233-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{BE1B5235-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{BE44897A-EB38-11D5-823F-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\RegServ.dll ()
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{C0010C26-F44B-4BE2-9D65-04D3934C5E46}\InprocServer32 -> C:\Program Files\Palm\SgTasks.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{C11BCF07-4F91-4748-956E-2B4FFC9401C5}\InprocServer32 -> C:\Program Files\Palm\SgContacts.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{C2775C61-2C1C-4D50-A5E6-4814620116CD}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{C3DB9DF7-64EC-46EC-86C4-27668ABA9777}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{D75FA101-6942-47DF-88DF-353F30D35682}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{D79AC66C-BDB2-4028-B79A-F1465F8FBB56}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{DCDA65F9-134B-4333-BCA0-809306CB2F55}\InprocServer32 -> C:\Program Files\Palm\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{DD7731C5-1E16-4087-A57F-FEDCFBD8EB2B}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{DEF0B543-775C-4963-A116-DF304EE2C4DA}\InprocServer32 -> C:\Program Files\Palm\DmConduit.dll (PalmSource Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{DFD4C164-AE18-11D6-82EC-00C04FA03755}\localserver32 -> C:\Program Files\Palm\QuickInstall.exe (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{E5A0FEE6-087B-4E48-BE06-5E1A1EF5E116}\InprocServer32 -> C:\Program Files\Palm\ComStandard.dll (PalmSource, Inc.)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{E851CFC8-5724-406D-9B36-11A44E72EA11}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{EE469827-4ED9-443B-9FB0-EFA81FEA6646}\InprocServer32 -> C:\Program Files\Palm\Components\DelDups.dll ( Palm, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{F0905939-16C0-4D2E-8F4F-73A4BEDEBE73}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{F1523FBD-0E09-4E8F-A952-B053B118FAAE}\InprocServer32 -> C:\Program Files\Palm\PSDConduit.dll (PalmSource, Inc)
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{F21AC7C7-D6F5-11D6-8306-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll (Palm, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AVG-SSU_0516piz.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0516piz\AVG-Secure-Search-Update_0516piz.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PMTask.job => C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\Administrator\Start Menu\IBM SPST Client.lnk -> C:\Program Files\IBM\IBM SPST Client\launcher\hide.bat ()
Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\IBM SPST StandAlone Client\IBM SPST Client.lnk -> C:\Program Files\IBM\IBM SPST Client\launcher\hide.bat ()
Shortcut: C:\Documents and Settings\Administrator\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com
Shortcut: C:\Documents and Settings\Administrator\Desktop\Tools\IBM SPST Client.lnk -> C:\Program Files\IBM\IBM SPST Client\launcher\hide.bat ()
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Software995\Software995.com.lnk -> hxxp://www.software995.com

ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Easy Unit Converter\Help.lnk -> C:\Program Files\Filesweb\EUC\feedback.exe () -> hxxp://www.filesweb.com/easy_unit_converter.html

==================== Loaded Modules (Whitelisted) ==============

2012-11-16 20:41 - 2011-04-14 13:39 - 00086016 _____ () C:\Program Files\ThinkPad\ConnectUtilities\AcWrpc.dll
2009-03-23 20:04 - 2011-04-14 13:33 - 00044544 _____ () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll
2009-03-23 19:58 - 2009-04-16 13:41 - 00053248 ____N () C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
2009-03-23 19:58 - 2009-03-19 06:34 - 00196608 ____N () C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
2009-03-23 20:01 - 2006-06-29 23:57 - 00032768 _____ () C:\WINDOWS\system32\TpKmpSVC.exe
2009-03-23 20:04 - 2011-04-14 13:33 - 00077824 _____ () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll
2011-08-28 23:19 - 2011-08-28 23:19 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2009-03-23 19:58 - 2009-04-16 13:39 - 00030720 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2012-12-14 12:51 - 2012-12-14 12:51 - 00011264 _____ () C:\Program Files\Avanquest\PowerDesk\DClickDesktopHook.dll
2006-09-07 19:19 - 2006-09-07 19:19 - 00008704 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-12-14 12:36 - 2012-12-14 12:36 - 00011264 _____ () C:\Program Files\Avanquest\PowerDesk\mxcview.dll
2012-12-14 12:37 - 2012-12-14 12:37 - 00111616 _____ () C:\Program Files\Avanquest\PowerDesk\mxgview.dll
2010-09-22 15:18 - 2010-09-22 15:18 - 02860384 _____ () C:\WINDOWS\system32\btwicons.dll
2010-09-22 15:18 - 2010-09-22 15:18 - 00075112 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2009-03-23 19:58 - 2009-04-16 13:39 - 00049152 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
2009-03-23 20:04 - 2011-04-14 13:33 - 00258048 _____ () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
2012-06-28 12:18 - 2012-06-14 13:41 - 00184371 _____ () C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.7.2\pmonmh.exe
2016-07-07 18:26 - 2016-07-07 18:25 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll
2012-12-14 12:51 - 2012-12-14 12:51 - 00060416 _____ () C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
2011-09-15 17:19 - 2011-09-15 17:19 - 00081920 _____ () C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\eclipse_1118.dll
2011-09-15 17:19 - 2011-09-15 17:19 - 00110592 _____ () C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\pipeserver.dll
2013-04-26 11:11 - 2013-04-26 11:11 - 00073728 _____ () C:\Documents and Settings\Administrator\IBM\Lotus\Symphony\.config\org.eclipse.osgi\bundles\518\1\.cp\swtIbmWrapper.dll
2013-04-26 11:11 - 2013-04-26 11:11 - 00077824 _____ () C:\Documents and Settings\Administrator\IBM\Lotus\Symphony\.config\org.eclipse.osgi\bundles\237\1\.cp\officebean.dll
2012-12-06 10:57 - 2012-12-06 10:57 - 00106496 _____ () C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.3.20110915-1350\os\win32\x86\comex.dll
2012-12-06 10:58 - 2012-12-06 10:58 - 00077824 _____ () C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.filetype.win32.x86_3.0.1.20120110-2000\seditorReg.dll
2012-12-06 10:59 - 2012-12-06 10:59 - 00967168 _____ () C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.1.20120110-2000\program\libxml2.dll
2012-12-06 10:59 - 2012-12-06 10:59 - 00163840 _____ () C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.basis.system.win32_3.0.1.20120110-2000\basis\program\libxslt.dll
2012-12-06 10:58 - 2012-12-06 10:58 - 00077824 _____ () C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.filetype.win32.x86_3.0.1.20120110-2000\seditorreg.dll
2012-12-06 10:59 - 2012-12-06 10:59 - 00139264 _____ () C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.basis.base.win32_3.0.1.20120110-2000\basis\program\NSLDAP32V50.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Onderhoudsadvies_leder.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\redisco.b.srl:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Sw_licenties.lwp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 07:00 - 2013-07-22 20:29 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3277949548-3100964623-776316575-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.2
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CompanionLink => "c:\program files\companionlink\companionlink.exe" -Icon
MSCONFIG\startupreg: KiesPDLR => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: SAOB Monitor => C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
MSCONFIG\startupreg: Tpam.exe => "C:\Program Files\IBM\Personal Communications\tpam.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe] => Enabled:SMC Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Symantec Client Security\Symantec AntiVirus\SNAC.EXE] => Enabled:SNAC Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Symantec Shared\ccApp.exe] => Enabled:Symantec Email
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\muzapp.exe] => Enabled:MUZ AOD APP player
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgdiagex.exe] => Enabled:AVG Diagnostics
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Restore Points =========================

01-07-2016 20:04:58 System Checkpoint
03-07-2016 16:58:07 Removed Lotus Notes 8.5.3.
03-07-2016 17:12:45 Removed Samsung Kies
03-07-2016 17:20:05 Verwijderd: Skype™ 6.3
03-07-2016 17:22:08 IBM Lotus Sametime Connect 8.5.1 verwijderd.
03-07-2016 17:26:41 Removed e-config
07-07-2016 17:36:52 Removed CompanionLink.
07-07-2016 17:40:59 Removed LotusLive Meetings for IBM
07-07-2016 17:41:46 Removed IBM Tivoli Storage Manager Client
07-07-2016 17:43:14 Verwijderd: IBM Personal Communications
07-07-2016 17:44:00 Removed IBM Tivoli Remote Control Ayúdame Premium Edition - Target.
07-07-2016 17:47:21 Removed Apple Application Support
07-07-2016 17:48:48 Verwijderd: Apple Software Update
07-07-2016 18:07:08 Removed Vodafone Mobile Connect Lite.
07-07-2016 18:10:07 Removed Tivoli Endpoint Manager Client.
07-07-2016 18:11:08 Removed Stickies
07-07-2016 18:13:17 Removed e-config Data Migration tool
07-07-2016 18:13:56 Removed GBS Solutions and Assets
07-07-2016 18:15:00 Removed Mobility Client
07-07-2016 18:30:29 Installed AVG 2016
07-07-2016 18:30:54 Installed AVG
11-07-2016 17:07:20 System Checkpoint
17-07-2016 18:09:09 ComboFix created restore point

==================== Faulty Device Manager Devices =============

Name: Nokia 6120 classic
Description: Nokia 6120 classic
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2016 03:42:05 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: )
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymCorpUI.exe
Event Info: Free Memory
Action Taken: Logged
Actor Process: C:\Program Files\AVG\Av\avgui.exe (PID 5744)
Time: maandag 11 juli 2016 15:42:05

Error: (07/11/2016 03:42:05 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: )
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymCorpUI.exe
Event Info: Allocation Memory
Action Taken: Logged
Actor Process: C:\Program Files\AVG\Av\avgui.exe (PID 5744)
Time: maandag 11 juli 2016 15:42:05

Error: (07/11/2016 03:42:05 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: )
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymCorpUI.exe
Event Info: Write Memory
Action Taken: Logged
Actor Process: C:\Program Files\AVG\Av\avgui.exe (PID 5744)
Time: maandag 11 juli 2016 15:42:05

Error: (07/11/2016 03:41:46 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: T400)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymCorpUI.exe
Event Info: Resume Thread
Action Taken: Logged
Actor Process: C:\Program Files\Virtual Dimension\VirtualDimension.exe (PID 948)
Time: maandag 11 juli 2016 15:41:46

Error: (07/11/2016 03:41:46 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: T400)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymCorpUI.exe
Event Info: Write Memory
Action Taken: Logged
Actor Process: C:\Program Files\Virtual Dimension\VirtualDimension.exe (PID 948)
Time: maandag 11 juli 2016 15:41:46

Error: (07/11/2016 03:41:46 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: T400)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymCorpUI.exe
Event Info: Allocation Memory
Action Taken: Logged
Actor Process: C:\Program Files\Virtual Dimension\VirtualDimension.exe (PID 948)
Time: maandag 11 juli 2016 15:41:46

Error: (07/11/2016 03:41:46 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: T400)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymCorpUI.exe
Event Info: Create Thread
Action Taken: Logged
Actor Process: C:\Program Files\Virtual Dimension\VirtualDimension.exe (PID 948)
Time: maandag 11 juli 2016 15:41:46

Error: (07/11/2016 03:27:47 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: T400)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
Event Info: Resume Thread
Action Taken: Logged
Actor Process: C:\Program Files\Virtual Dimension\VirtualDimension.exe (PID 948)
Time: maandag 11 juli 2016 15:27:47

Error: (07/11/2016 03:27:47 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: T400)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
Event Info: Write Memory
Action Taken: Logged
Actor Process: C:\Program Files\Virtual Dimension\VirtualDimension.exe (PID 948)
Time: maandag 11 juli 2016 15:27:47

Error: (07/11/2016 03:27:47 PM) (Source: Symantec AntiVirus) (EventID: 45) (User: T400)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
Event Info: Create Thread
Action Taken: Logged
Actor Process: C:\Program Files\Virtual Dimension\VirtualDimension.exe (PID 948)
Time: maandag 11 juli 2016 15:27:47

System errors:
=============
Error: (07/20/2016 02:54:03 PM) (Source: 0) (EventID: 4321) (User: )
Description: IBMBE          :1d192.168.0.145192.168.0.132

Error: (07/20/2016 02:48:53 PM) (Source: BROWSER) (EventID: 8009) (User: )
Description: The browser was unable to promote itself to master browser. The computer that currently
believes it is the master browser is M93P.

Error: (07/20/2016 02:48:53 PM) (Source: 0) (EventID: 4321) (User: )
Description: IBMBE          :1d192.168.0.145192.168.0.132

Error: (07/20/2016 02:47:01 PM) (Source: 0) (EventID: 4321) (User: )
Description: IBMBE          :1d192.168.0.145192.168.0.132

Error: (07/20/2016 02:41:51 PM) (Source: 0) (EventID: 4321) (User: )
Description: IBMBE          :1d192.168.0.145192.168.0.132

Error: (07/20/2016 02:36:41 PM) (Source: 0) (EventID: 4321) (User: )
Description: IBMBE          :1d192.168.0.145192.168.0.132

Error: (07/20/2016 02:33:38 PM) (Source: 0) (EventID: 4321) (User: )
Description: IBMBE          :1d192.168.0.145192.168.0.132

Error: (07/20/2016 02:33:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgsvc service.

Error: (07/20/2016 02:32:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IBM Mobility Client Start Utility service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (07/17/2016 07:40:06 PM) (Source: 0) (EventID: 4321) (User: )
Description: IBMBE          :1d192.168.0.145192.168.0.132

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 74%
Total physical RAM: 1943.93 MB
Available physical RAM: 487.7 MB
Total Virtual: 3837.69 MB
Available Virtual: 2580.61 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:149.04 GB) (Free:99.43 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.73 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 64656469)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

#6
Jr0x

Posted 21 July 2016 - 08:35 AM

Malware removal team

Malware Removal
1,830 posts

Hi Paul432220,

As you mentioned previously that you had a couple of BSOD, I would like to gather some log to view.

WhoCrashed

Download WhoCrashed to your desktop.
Right click on the file and select Run as administrator.
Accept the Licence agreement to install the software.
Click the Analyse button.
Once analysis complete scroll down to view the report.
Please copy and paste the report produced in your next reply.

Since you're not using Norton anymore, it is better not to have 2 anti-virus in the same system. So we should have it removed as well.

Norton Removal Tool

Download Nortons Removal Tool and save the file to the Windows Desktop.
On your Windows desktop, double click on the Norton Removal icon to open it.
Follow the provided instructions.
Restart your machine.

Fix with FRST

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste.
Save it on the desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3277949548-3100964623-776316575-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> No Name - {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} -  No File
Toolbar: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} -  No File
DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
FF Plugin: @ibm.com/Java142 -> C:\Program Files\IBM\Java142\jre\bin\npoji610.dll [No File]
S2 artstartsvc; C:\Program Files\IBM\Mobility Client\artstartsvc.exe [X]
S2 ISAMsmt; C:\Program Files\C4ebreg\isamsmt.exe [X]
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X]
S3 ibm4610drv; System32\Drivers\Ibm4610drv.sys [X]
S3 NETw5x32; system32\DRIVERS\NETw5x32.sys [X]
S3 optousb; system32\DRIVERS\optousb.sys [X]
S3 TSClient; system32\drivers\tsclient.sys [X]
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{0DA49AC1-FBD9-4F26-89C4-42074DE9F500}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{1E8640C7-545F-4E6A-83F4-D92706C99E00}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\InprocServer32 -> C:\econfig\cfgViews\richtx32.ocx => No File
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{887A7C26-B4AF-4F22-BE5E-20C00D340C74}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A1EED615-F007-4D40-9C06-A3CCD3CB68E1}\InprocServer32 -> no filepath
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <==== ATTENTION
AlternateDataStreams: C:\Onderhoudsadvies_leder.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\redisco.b.srl:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Sw_licenties.lwp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]


C:\Program Files\IBM\Mobility Client\artstartsvc.exe
C:\Program Files\C4ebreg\isamsmt.exe
C:\Windows\System32\drivers\dgderdrv.sys
C:\Windows\system32\DRIVERS\dsNcAdpt.sys
C:\Windows\System32\Drivers\Ibm4610drv.sys
C:\Windows\system32\DRIVERS\NETw5x32.sys
C:\Windows\system32\DRIVERS\optousb.sys
C:\Windows\system32\drivers\tsclient.sys

Emptytemp:
Hosts:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.

In your next reply, please include the following:

WhoCrashed log
Any issue uninstalling Norton AV
FRST fixlog

#7
Paul432220

Posted 21 July 2016 - 02:48 PM

Member

Topic Starter
Member
78 posts

Hi Jr0x,

Attached below, the content of Whocrashed.log. I have to add to this that AVG captured a virus in some system restore points yesterday and so may have deleted some of the files that might have been included in this Crashreport.

Succesfully removed Norton AV

I attach also the content of the fixlog.txt file. After running FRST with the fix button, AVG deleted the FRST.exe that was on my desktop as it considered it a dangerous file, not clear to me if this has influenced the content of the fixlog.txt file.

Cheers, Paul

System Information (local)
--------------------------------------------------------------------------------

Computer name: T400
Windows version: Windows XP Service Pack 3, 5.1, build: 2600
Windows dir: C:\WINDOWS
Hardware: 6474B84, LENOVO
CPU: GenuineIntel Intel® Core™2 Duo CPU P8600 @ 2.40GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 2038362112 bytes total

--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.

The following dump files were found but could not be read. These files may be corrupt:
C:\WINDOWS\Minidump\Mini071116-01.dmp
C:\WINDOWS\Minidump\Mini071116-02.dmp
C:\WINDOWS\Minidump\Mini071116-03.dmp
C:\WINDOWS\Minidump\Mini071716-01.dmp

No valid crash dumps have been found on your computer

--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Crash dumps are enabled but no valid crash dumps have been found. In case you are experiencing system crashes, it may be that crash dumps are prevented from being written out. Check out the following article for possible causes: If crash dumps are not written out.

Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-07-2016
Ran by BE76601 (2016-07-21 22:40:17) Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: BE76601 (Available Profiles: BE76601)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3277949548-3100964623-776316575-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> No Name - {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} - No File
Toolbar: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
FF Plugin: @ibm.com/Java142 -> C:\Program Files\IBM\Java142\jre\bin\npoji610.dll [No File]
S2 artstartsvc; C:\Program Files\IBM\Mobility Client\artstartsvc.exe [X]
S2 ISAMsmt; C:\Program Files\C4ebreg\isamsmt.exe [X]
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X]
S3 ibm4610drv; System32\Drivers\Ibm4610drv.sys [X]
S3 NETw5x32; system32\DRIVERS\NETw5x32.sys [X]
S3 optousb; system32\DRIVERS\optousb.sys [X]
S3 TSClient; system32\drivers\tsclient.sys [X]
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{0DA49AC1-FBD9-4F26-89C4-42074DE9F500}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{1E8640C7-545F-4E6A-83F4-D92706C99E00}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\InprocServer32 -> C:\econfig\cfgViews\richtx32.ocx => No File
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{887A7C26-B4AF-4F22-BE5E-20C00D340C74}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A1EED615-F007-4D40-9C06-A3CCD3CB68E1}\InprocServer32 -> no filepath
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <==== ATTENTION
AlternateDataStreams: C:\Onderhoudsadvies_leder.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\redisco.b.srl:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Sw_licenties.lwp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

C:\Program Files\IBM\Mobility Client\artstartsvc.exe
C:\Program Files\C4ebreg\isamsmt.exe
C:\Windows\System32\drivers\dgderdrv.sys
C:\Windows\system32\DRIVERS\dsNcAdpt.sys
C:\Windows\System32\Drivers\Ibm4610drv.sys
C:\Windows\system32\DRIVERS\NETw5x32.sys
C:\Windows\system32\DRIVERS\optousb.sys
C:\Windows\system32\drivers\tsclient.sys

Emptytemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3277949548-3100964623-776316575-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3277949548-3100964623-776316575-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-3277949548-3100964623-776316575-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6AE02E1C-8859-4F57-9097-5A55A56A4CAF} => value removed successfully.
HKCR\CLSID\{6AE02E1C-8859-4F57-9097-5A55A56A4CAF} => key not found.
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{968631B6-4729-440D-9BF4-251F5593EC9A} => value removed successfully.
HKCR\CLSID\{968631B6-4729-440D-9BF4-251F5593EC9A} => key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1ACECAFE-0015-0000-0000-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\CLSID\{1ACECAFE-0015-0000-0000-ABCDEFFEDCBA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1ACECAFE-0016-0000-0000-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\CLSID\{1ACECAFE-0016-0000-0000-ABCDEFFEDCBA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => key removed successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}" => key removed successfully.
"HKCR\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}" => key removed successfully.
"HKLM\Software\MozillaPlugins\@ibm.com/Java142" => key removed successfully.
artstartsvc => service removed successfully.
ISAMsmt => service removed successfully.
catchme => service removed successfully.
dgderdrv => service removed successfully.
dsNcAdpt => service removed successfully.
ibm4610drv => service removed successfully.
NETw5x32 => service removed successfully.
optousb => service removed successfully.
TSClient => service removed successfully.
"HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{0DA49AC1-FBD9-4F26-89C4-42074DE9F500}" => key removed successfully.
"HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{1E8640C7-545F-4E6A-83F4-D92706C99E00}" => key removed successfully.
"HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}" => key removed successfully.
"HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{887A7C26-B4AF-4F22-BE5E-20C00D340C74}" => key removed successfully.
"HKU\S-1-5-21-3277949548-3100964623-776316575-500_Classes\CLSID\{A1EED615-F007-4D40-9C06-A3CCD3CB68E1}" => key removed successfully.
C:\WINDOWS\Tasks\Google Software Updater.job => moved successfully
C:\Onderhoudsadvies_leder.pdf => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully..
C:\redisco.b.srl => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully..
C:\Sw_licenties.lwp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully..
"C:\Program Files\IBM\Mobility Client\artstartsvc.exe" => not found.
"C:\Program Files\C4ebreg\isamsmt.exe" => not found.
"C:\Windows\System32\drivers\dgderdrv.sys" => not found.
"C:\Windows\system32\DRIVERS\dsNcAdpt.sys" => not found.
"C:\Windows\System32\Drivers\Ibm4610drv.sys" => not found.
"C:\Windows\system32\DRIVERS\NETw5x32.sys" => not found.
"C:\Windows\system32\DRIVERS\optousb.sys" => not found.
"C:\Windows\system32\drivers\tsclient.sys" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B

#8
Jr0x

Posted 23 July 2016 - 07:32 AM

Malware removal team

Malware Removal
1,830 posts

Hi Paul432220,

Don't worry too much regarding AVG flagging FRST as a virus. It's a false positive.

Let's run another couple of scans.

Scan with Malwarebytes Anti-Malware

Launch Malwarebytes from your Desktop
In Database version section, click Update Now
Once the update is done, click Settings>Detection and Protection
Make sure that all three boxes under Detection Options are checked
Go back to Dashboard and click the big, green Scan Now button.
Wait for Malwarebytes Anti-Malware to finish the scan
If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
Click Export, then click Copy to Clipboard.
Paste (CTRL+V) the log into your next reply.

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

Accept the Terms of Use and click Start.
Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

Download esetsmartinstaller_enu.exe that you'll be given link to.
Double click esetsmartinstaller_enu.exe.
Allow the Terms of Use and click Start.

To perform the scan:

Make sure that Enable detection of potentially unwanted applications is checked.
In the Advanced Settings dropdown menu:
- Make sure that Remove found threats is unchecked.
- Scan archives is checked.
- Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
- Use custom proxy settings is unchecked.
Click Start
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan.
When the scan is done, click Finish.
A logfile will be created at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!

Scan with Farbar's Recovery Scan Tool (FRST)

Note: Please disable AVG temporarily before downloading FRST

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

In your next reply, please include the following:

MalwareBytes log
ESET log
FRST log
How is your system running now and any other issue you're facing?

#9
Paul432220

Posted 23 July 2016 - 08:07 AM

Member

Topic Starter
Member
78 posts

Hi Jr0x,

I have the premioum version of Malware Bytes Anti-malware installed on that computer (i have a valid license for it), but it is obviously not located on the Desktop, can i use that one to run what you explained above ?

Cheers, Paul

#10
Jr0x

Posted 23 July 2016 - 08:08 AM

Malware removal team

Malware Removal
1,830 posts

Hi Paul,

Definitely. Apologies for the confusion.

#11
Paul432220

Posted 23 July 2016 - 02:08 PM

Member

Topic Starter
Member
78 posts

Hi Jr0x,

As requested, i attach in sequence below here, the Malware bytes log, ESET log and FRST log.

I did remark a bunch of infected files in the ESET log, many of them on the system restore volume...

Cheers, Paul

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23-7-2016
Scan Time: 16:49:23
Logfile: 2016 07 23 Malware_bytes_scanlog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.23.06
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: BE76601

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295549
Time Elapsed: 20 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.SearchYah, HKLM\SOFTWARE\CLASSES\esrv.searchyaESrvc, Quarantined, [f67c9394851551e5a06bc4f0996a58a8],
PUP.Optional.SearchYah, HKLM\SOFTWARE\CLASSES\esrv.searchyaESrvc.1, Quarantined, [78fa4bdc4d4de65031da10a4cc37c13f],
PUP.Optional.SmartBar, HKU\S-1-5-21-3277949548-3100964623-776316575-500\SOFTWARE\SMARTBAR, Quarantined, [0d659f88cad081b5aea3e9ccfb08d52b],

Registry Values: 1
PUP.Optional.SmartBar, HKU\S-1-5-21-3277949548-3100964623-776316575-500\SOFTWARE\SMARTBAR|GlobalUserId, 92F0FB8B-2638-4E94-A69C-77D114899BEF, Quarantined, [0d659f88cad081b5aea3e9ccfb08d52b]

Registry Data: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[512146e16e2c280eb16d1a5f1fe546ba]
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[601200270c8e4cea0817a9d0af55e917]
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[e58df4332c6e80b673ad4831a36137c9]

Folders: 15
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\tmp, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Log, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],

Files: 123
Rootkit.TDSS, C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ4.tmp, Quarantined, [650dc067d2c85fd73e2002125ca852ae],
PUP.Optional.FunMoods, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage, Quarantined, [cea42ef9a2f883b3f6936e3537cc2ad6],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\1.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\1.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\a.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\a.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\b.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\b.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\c.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\c.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\d.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\d.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\e.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\e.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\f.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\f.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\g.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\g.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\h.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\h.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\i.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\i.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\j.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\J.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\k.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\k.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\l.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\l.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\m.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\m.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\n.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\n.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\o.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\o.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\p.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\p.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\q.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\q.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\r.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\r.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\s.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\s.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\t.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\t.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\u.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\u.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\v.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\v.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\w.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\w.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\wlu.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\x.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\x.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\y.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\y.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\z.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\z.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\DialogsAPI.js, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\PIE.htc, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\settings.js, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\version.txt, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\close.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\closeBtn.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\powered-by.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settings.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settingsBtn.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\close.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\closeBtn.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next_hover.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\powered-by.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settings.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settingsBtn.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Thumbs.db, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_26447_25929_BE.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_26677_26159_BE.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_26679_26161_BE.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_26682_26164_BE.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_26683_26165_BE.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_26684_26166_BE.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_BE.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=26447&fid=25929.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=26677&fid=26159.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=26679&fid=26161.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=26682&fid=26164.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=26683&fid=26165.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=26684&fid=26166.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=26447&alertFeedId=25929.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=26677&alertFeedId=26159.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=26679&alertFeedId=26161.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=26682&alertFeedId=26164.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=26683&alertFeedId=26165.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=26684&alertFeedId=26166.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks\en.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en-us&browserType=IE&toolbarVersion=5_3_4_2.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en-us&browserType=IE&toolbarVersion=5_5_0_10.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en-us&browserType=IE&toolbarVersion=5_7_2_2.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en-us&browserType=IE&toolbarVersion=5_7_3_1.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en-us&browserType=IE&toolbarVersion=6_2_2_4.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en-us&browserType=IE&toolbarVersion=6_3_2_17.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en-us&browserType=IE&toolbarVersion=6_3_3_3.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en-us&browserType=IE&toolbarVersion=6_8_5_1.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],

Physical Sectors: 0
(No malicious items detected)

(end)

C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466500.dll   a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466501.dll   a variant of Win32/PriceGong.A potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466502.dll   a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466503.dll   a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466504.dll   a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466506.dll   a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466507.dll   a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466508.dll   a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466509.dll   a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466510.exe   Win32/Toolbar.Conduit.V potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466511.exe   Win32/Toolbar.Conduit.V potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466512.dll   a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466513.dll   a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466514.dll   Win32/Toolbar.Conduit.N potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466515.dll   Win32/Toolbar.Conduit.O potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466516.dll   Win32/Toolbar.Conduit.N potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466517.dll   a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466518.dll   Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466519.dll   a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466520.dll   a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466522.exe   a variant of Win32/Toolbar.Conduit.AR potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1300\A0470409.exe   a variant of Win32/DealPly.H potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1300\A0470552.dll   a variant of Win32/Toolbar.Conduit.AR potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1300\A0470553.dll   Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1300\A0470554.dll   Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1307\A0476500.exe   a variant of Win32/InstallCore.D potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1307\A0476501.exe   a variant of Win32/Toolbar.Conduit.AR potentially unwanted application,a variant of Win32/Toolbar.Conduit.B potentially unwanted application,Win32/Toolbar.Conduit.A potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1307\A0476502.exe   a variant of Win32/InstallCore.D potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1307\A0476503.exe   Win32/Toggle potentially unwanted application,a variant of Win32/Toolbar.Conduit.B potentially unwanted application,Win32/Toolbar.Conduit.Y potentially unwanted application,Win32/Toolbar.Conduit.A potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1307\A0476504.exe   Win32/DownloadAdmin.G potentially unwanted application,Win32/DownloadAdmin.H potentially unwanted application
C:\TDSSKiller_Quarantine\02.05.2012_12.52.16\mbr0000\tdlfs0000\tsk0009.dta   a variant of Win32/Olmasco.AD trojan
C:\TDSSKiller_Quarantine\02.05.2012_12.52.16\mbr0000\tdlfs0000\tsk0010.dta   a variant of Win32/Olmarik.AYN trojan

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2016 02
Ran by BE76601 (administrator) on T400 (23-07-2016 22:00:22)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: BE76601 (Available Profiles: BE76601)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(IBM) C:\Program Files\IBM\Java60\jre\bin\jqs.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Lenovo.) C:\WINDOWS\system32\TPHDEXLG.exe
() C:\WINDOWS\system32\TpKmpSvc.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(BillP Studios) C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
() C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.7.2\pmonmh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(IBM) C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\symphony.exe
(Symantec Corporation) C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
(Avanquest Software) C:\Program Files\Avanquest\PowerDesk\pddlghlp.exe
(IBM) C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.1.20120110-2000\program\soffice.bin
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [181536 2008-06-06] (Lenovo.)
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [BLOG] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [820520 2007-11-22] (Synaptics, Inc.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-31] (Lenovo Group Limited)
HKLM\...\Run: [TPKMAPHELPER] => C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [868352 2007-01-09] (Lenovo)
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [431464 2011-04-14] (Lenovo )
HKLM\...\Run: [ACWLIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [189800 2011-04-14] (Lenovo )
HKLM\...\Run: [PSQLLauncher] => "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
HKLM\...\Run: [Resume copy] => copyfstq.exe /startup
HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [222784 2005-12-12] (BillP Studios)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [pmonmh] => C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.7.2\pmonmh.exe [184371 2012-06-14] ()
HKLM\...\Run: [LenovoAutoScrollUtility] => C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [43960 2010-04-01] (Lenovo Group Limited)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [5351184 2016-06-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [OpwareSE2] => C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [openvpn-gui] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [99328 2005-08-18] ()
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [ACT_APL] => "C:\Program Files\ACT\ACT for Windows\ACT_APL.exe"
Winlogon\Notify\ACNotify: C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACNotify.dll [2011-04-14] (Lenovo )
Winlogon\Notify\NavLogon:
HKLM\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [Virtual Dimension] => C:\Program Files\Virtual Dimension\VirtualDimension.exe
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [Cookienator] => C:\Program Files\Cookienator\cookienator.exe [1333472 2009-10-19] (CodeFromThe70s.org)
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [PDHookServer] => C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe [60416 2012-12-14] ()
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [SymphonyPreLoad] => "C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony" -nogui -nosplash
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [AeroSnap] => C:\Program Files\AeroSnap\AeroSnap.exe
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [NoDevMgrUpdate] 1
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [NoSaveSettings] 1
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Home] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Fullscreen] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Tools] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Print] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Edit] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Cut] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Copy] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Paste] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Encoding] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ss3dfo.scr [704512 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
Lsa: [Notification Packages] scecli PGPpwflt
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dialog Helper.lnk [2013-02-01]
ShortcutTarget: Dialog Helper.lnk -> C:\Program Files\Avanquest\PowerDesk\pddlghlp.exe (Avanquest Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk [2013-01-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IBM Connections Drafts Monitor.lnk [2012-03-07]
ShortcutTarget: IBM Connections Drafts Monitor.lnk -> C:\Program Files\IBM\Connections Files connectors\LFMonitor.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGP Tray.lnk [2016-07-23]
ShortcutTarget: PGP Tray.lnk -> C:\WINDOWS\Installer\{98F75B02-CCED-4568-9DEC-522A9512477E}\Icon6560581611.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.2
Tcpip\..\Interfaces\{F331C6FC-8137-4709-A97C-4D7B168CCA6C}: [DhcpNameServer] 192.168.0.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://w3.ibm.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> {A455E32A-3DE6-47CC-B4C2-7E006963690A} URL = hxxp://w3.ibm.com/bluepages/simpleSearch.wss?searchFor={searchTerms}&searchBy=name&sourceid=Mozilla-search
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> {C4D5EAC9-67DA-4B95-832B-0EFE686B77D4} URL = hxxps://w3.ibm.com/connections/search/web/search?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> {FE206555-0DAA-495B-A428-01631917F40B} URL = hxxp://w3.ibm.com/search/do/search?queryType=simple&qt={searchTerms}&w3scope=w3General&sourceid=Mozilla-search
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\IBM\Java60\jre\bin\ssv.dll [2013-04-24] (IBM)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll [2013-04-24] (IBM)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ie\jqs_plugin.dll [2013-04-24] (IBM)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-06-28] (CANON INC.)
Toolbar: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-06-28] (CANON INC.)
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} hxxps://www-03.ibm.com/qp2.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228972592890
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228972560421
DPF: {8B8A0588-356B-431E-A4C3-A56553266DAA} hxxps://w3-501.ibm.com/transform/crm/europe/be/callcenter/21219/applets/SiebelAx_Smartscript.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} hxxp://w3.ibm.com/bluepages/scripts/lnwebassist.cab
DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} hxxp://w3-03.ibm.com/tools/print/plugin/gpwsx.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {DF9541C7-3923-4229-B24C-2AFE7DE3FEC1} hxxps://w3-501.ibm.com/transform/crm/europe/be/sales/21112/applets/SiebelAx_Smartscript.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aoadyda8.default-1372317202890
FF Homepage: hxxp://www.google.be/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-07-07] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2011-10-17] (Google)
FF Plugin: @ibm.com/Java -> C:\Program Files\IBM\Java50\jre\bin\npoji610.dll [2008-10-23] (IBM)
FF Plugin: @IBM.com/JavaPlugin -> C:\Program Files\IBM\Java60\jre\bin\plugin2\npjp2.dll [2013-04-24] (IBM)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-06-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-06] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-18] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npcpsweb.dll [2010-08-02] (IBM )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll [2009-09-23] (NOS Microsystems Ltd.)
FF Extension: IE Tab - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aoadyda8.default-1372317202890\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2016-07-03]
FF Extension: Download Statusbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aoadyda8.default-1372317202890\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2016-07-03]
FF Extension: IBM Add To Notes Address Book BluePages Plugin - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aoadyda8.default-1372317202890\Extensions\[email protected] [2013-07-03] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-07-07] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-07-07] [not signed]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4092672 2016-06-29] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [890128 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [594904 2016-06-29] (AVG Technologies CZ, s.r.o.)
R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [233472 2013-05-22] (Teruten) [File not signed]
S4 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
S4 gupdate1ca1825452a051e; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-08-08] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\IBM\Java60\jre\bin\jqs.exe [158016 2013-04-24] (IBM)
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2011-04-04] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 PGP RDD Service; C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe [1588544 2012-07-21] (Symantec Corporation)
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [53248 2009-04-16] () [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [966656 2010-10-19] (Intel® Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [130920 2011-04-20] (Lenovo Group Limited)
R2 TpKmpSVC; C:\WINDOWS\system32\TpKmpSVC.exe [32768 2006-06-29] () [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 ANC; C:\WINDOWS\System32\drivers\ANC.SYS [11520 2011-04-08] (IBM Corp.) [File not signed]
R2 Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [243456 2016-06-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [201472 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [212736 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [191744 2016-06-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [217344 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-01] (AVG Technologies CZ, s.r.o.)
S3 avpnnic; C:\WINDOWS\System32\DRIVERS\avpnnic.sys [11392 2009-10-07] (AT&T) [File not signed]
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [533152 2009-09-18] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [993576 2010-09-23] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2008-07-24] (Broadcom Corporation.)
S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37032 2008-02-04] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [51752 2010-09-16] (Broadcom Corporation.)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [754176 2008-05-22] (Conexant Systems Inc.)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [243856 2008-09-19] (Intel Corporation)
R2 EGATHDRV; C:\WINDOWS\SYSTEM32\EGATHDRV.SYS [17104 2012-02-09] (IBM Corporation)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed]
S3 GTF32BUS; C:\WINDOWS\System32\DRIVERS\gtf32bus.sys [32000 2006-03-28] (Option N.V.)
S3 GTPTSER; C:\WINDOWS\System32\DRIVERS\gtptser.sys [8064 2007-04-14] (Option N.V.) [File not signed]
S3 GTSCSER; C:\WINDOWS\System32\DRIVERS\gtscser.sys [18944 2006-03-28] (Option N.V.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210560 2008-04-10] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985472 2008-04-10] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2011-04-08] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-07-23] (Malwarebytes)
R3 NETwNx32; C:\WINDOWS\System32\DRIVERS\NETwNx32.sys [6913920 2010-10-18] (Intel Corporation)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16694 2009-05-10] (PalmSource, Inc.)
R2 PGPdisk; C:\WINDOWS\system32\Drivers\PGPdisk.sys [244448 2012-07-21] (Symantec Corporation)
R1 PGPsdkDriver; C:\WINDOWS\System32\Drivers\PGPsdk.sys [41520 2012-07-21] (Symantec Corporation)
R0 PGPwded; C:\WINDOWS\system32\Drivers\PGPwded.sys [312952 2012-07-21] (Symantec Corporation)
R0 Pgpwdefs; C:\WINDOWS\System32\DRIVERS\Pgpwdefs.sys [14792 2012-07-21] (Symantec Corporation)
R2 PMEM; C:\WINDOWS\system32\drivers\PMEMNT.SYS [7012 2008-10-10] (Microsoft Corporation) [File not signed]
S3 pneteth; C:\WINDOWS\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S3 tap0801; C:\WINDOWS\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project) [File not signed]
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26112 2010-08-20] (The OpenVPN Project) [File not signed]
R2 TGRAB; C:\WINDOWS\system32\tgrab.sys [8288 2012-02-09] () [File not signed]
R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R3 tpm; C:\WINDOWS\System32\DRIVERS\tpm.sys [13824 2008-03-26] (Intel Corporation)
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2004-11-30] () [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [4608 2008-07-31] () [File not signed]
S3 wcndis; C:\WINDOWS\System32\DRIVERS\wcndis.sys [8704 2006-01-30] () [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-14] (Microsoft Corporation)
S4 SysPlant; \SystemRoot\SYSTEM32\Drivers\SysPlant.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-23 21:59 - 2016-07-23 21:59 - 01744384 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2016-07-23 17:26 - 2016-07-23 17:26 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET
2016-07-23 16:29 - 2016-07-23 16:29 - 00000820 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2016-07-21 22:40 - 2016-07-21 22:40 - 00009192 _____ C:\Documents and Settings\Administrator\Desktop\Fixlog.txt
2016-07-21 22:38 - 2016-07-21 22:38 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\FRST-OlderVersion
2016-07-21 22:25 - 2016-07-21 22:16 - 00003616 _____ C:\Documents and Settings\Administrator\Desktop\fixlist.txt
2016-07-21 20:55 - 2016-07-21 20:55 - 00894960 _____ C:\Documents and Settings\Administrator\Desktop\Norton_Removal_Tool.exe
2016-07-21 20:53 - 2016-07-21 20:53 - 00000726 _____ C:\Documents and Settings\Administrator\Desktop\WhoCrashed.lnk
2016-07-21 20:53 - 2016-07-21 20:53 - 00000000 ____D C:\Program Files\WhoCrashed
2016-07-21 20:51 - 2016-07-21 20:52 - 02491240 _____ (Resplendence Software Projects Sp. ) C:\Documents and Settings\Administrator\Desktop\whocrashedSetup.exe
2016-07-20 14:56 - 2016-07-20 14:58 - 00055282 _____ C:\Documents and Settings\Administrator\Desktop\Addition.txt
2016-07-20 14:53 - 2016-07-23 22:00 - 00028187 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-07-17 18:29 - 2016-07-17 18:28 - 00114688 _____ C:\WINDOWS\Minidump\Mini071716-01.dmp
2016-07-17 18:08 - 2016-07-17 18:26 - 00000000 ___SD C:\ComboFix
2016-07-11 21:28 - 2016-07-11 21:35 - 00000000 ____D C:\Program Files\FreeCommander XE
2016-07-11 21:28 - 2016-07-11 21:28 - 00000773 _____ C:\Documents and Settings\Administrator\Desktop\FreeCommander XE.lnk
2016-07-11 21:28 - 2016-07-11 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FreeCommander XE
2016-07-11 21:28 - 2016-07-11 21:28 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\FreeCommanderXE
2016-07-11 20:53 - 2016-07-11 20:52 - 00114688 _____ C:\WINDOWS\Minidump\Mini071116-03.dmp
2016-07-11 20:39 - 2016-07-11 20:39 - 00114688 _____ C:\WINDOWS\Minidump\Mini071116-02.dmp
2016-07-11 17:59 - 2016-07-11 17:59 - 00114688 _____ C:\WINDOWS\Minidump\Mini071116-01.dmp
2016-07-11 17:30 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2016-07-11 17:30 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2016-07-11 17:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2016-07-11 17:26 - 2016-07-11 17:30 - 00000000 ____D C:\Qoobox
2016-07-11 17:26 - 2016-07-11 17:26 - 00000000 ____D C:\WINDOWS\erdnt
2016-07-11 17:24 - 2016-07-11 17:25 - 05659622 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
2016-07-11 16:39 - 2016-07-23 22:00 - 00000000 ____D C:\FRST
2016-07-11 16:29 - 2016-07-11 16:31 - 00111442 _____ C:\TDSSKiller.3.1.0.9_11.07.2016_16.29.28_log.txt
2016-07-11 15:50 - 2016-07-11 15:53 - 00000000 ____D C:\AdwCleaner
2016-07-08 11:04 - 2016-07-23 17:11 - 00173288 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2016-07-07 23:56 - 2016-07-23 19:40 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-07 23:55 - 2016-07-07 23:55 - 00000787 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-07 23:55 - 2016-07-07 23:55 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-07 23:55 - 2016-07-07 23:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-07 23:55 - 2016-07-07 23:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-07-07 23:55 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-07 23:55 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-07-07 18:44 - 2016-07-07 18:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-07 18:37 - 2016-07-23 17:13 - 00000424 _____ C:\WINDOWS\Tasks\AVG-SSU_0516piz.job
2016-07-07 18:37 - 2016-07-07 18:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg_Update_0516piz
2016-07-07 18:34 - 2016-07-07 18:34 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG
2016-07-07 18:33 - 2016-07-07 18:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2016-07-07 18:33 - 2016-07-07 18:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2016-07-07 18:31 - 2016-07-07 18:31 - 00000000 ___HD C:\$AVG
2016-07-07 18:29 - 2016-07-23 17:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2016-07-07 18:29 - 2016-07-07 18:29 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2016-07-07 18:29 - 2016-07-07 18:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Zen
2016-07-07 18:29 - 2016-07-07 18:29 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
2016-07-07 18:26 - 2016-07-07 18:30 - 00000000 ____D C:\Program Files\AVG
2016-07-07 18:24 - 2016-07-07 18:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg
2016-07-07 18:24 - 2016-07-07 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2016-07-07 18:24 - 2016-07-07 18:29 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\AvgSetupLog
2016-07-07 18:23 - 2016-07-23 17:25 - 00000000 ____D C:\instexe
2016-07-03 17:26 - 2016-07-03 17:26 - 00000495 _____ C:\WINDOWS\VersataQIuninstall.iss

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-23 22:00 - 2005-04-04 19:48 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-07-23 20:11 - 2009-05-08 12:20 - 00000000 ____D C:\instexe_T400
2016-07-23 17:14 - 2009-03-23 19:58 - 00000304 _____ C:\WINDOWS\Tasks\PMTask.job
2016-07-23 17:13 - 2005-04-04 19:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-23 17:13 - 2004-08-04 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-07-23 17:12 - 2007-02-23 00:59 - 00000000 ____D C:\WINDOWS\IBM
2016-07-23 17:11 - 2013-03-15 09:12 - 00032414 _____ C:\WINDOWS\SchedLgU.Txt
2016-07-23 17:11 - 2005-04-04 19:48 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-07-21 22:26 - 2006-01-24 02:45 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-07-21 22:26 - 2005-04-05 19:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Symantec
2016-07-21 21:51 - 2005-04-04 20:28 - 00000000 ___HD C:\WINDOWS\inf
2016-07-17 18:29 - 2009-12-01 09:09 - 00000000 ____D C:\WINDOWS\Minidump
2016-07-17 18:29 - 2009-04-28 00:43 - 00000000 __SHD C:\WINDOWS\CSC
2016-07-11 20:36 - 2009-05-08 20:11 - 00000000 ___RD C:\$user
2016-07-11 17:46 - 2009-08-28 08:46 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
2016-07-11 15:38 - 2005-04-04 20:34 - 00000294 ___SH C:\boot.ini
2016-07-11 15:38 - 2004-08-04 07:00 - 00000573 _____ C:\WINDOWS\win.ini
2016-07-11 15:38 - 2004-08-04 07:00 - 00000274 _____ C:\WINDOWS\system.ini
2016-07-08 11:11 - 2005-04-04 19:43 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-07-08 11:05 - 2005-04-04 20:28 - 00000000 ____D C:\WINDOWS\system
2016-07-08 10:24 - 2009-06-29 08:55 - 00000000 ____D C:\WINDOWS\pss
2016-07-08 10:13 - 2012-05-03 22:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-08 10:13 - 2009-05-08 20:21 - 00000000 ____D C:\Program Files\Yahoo!
2016-07-08 10:13 - 2005-04-04 20:34 - 00332760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-08 10:09 - 2005-04-04 19:48 - 00000000 ____D C:\Documents and Settings\Administrator
2016-07-07 22:08 - 2007-03-06 00:02 - 00000000 ____D C:\temp
2016-07-07 21:21 - 2009-03-23 21:09 - 00000000 ____D C:\ecountry
2016-07-07 18:46 - 2012-04-03 15:15 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-07-07 18:46 - 2011-06-08 07:37 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-07-07 18:46 - 2006-04-12 04:08 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2016-07-07 18:24 - 2005-04-04 20:17 - 00091560 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-07-07 18:15 - 2009-05-09 16:16 - 00000000 ____D C:\Program Files\MonkMerg
2016-07-07 18:15 - 2005-04-05 21:45 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-07-07 18:15 - 2005-04-04 22:08 - 00000000 ____D C:\Program Files\IBM
2016-07-07 18:14 - 2009-08-08 14:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2016-07-07 18:14 - 2009-08-08 14:38 - 00000000 ____D C:\Program Files\Google
2016-07-07 18:10 - 2012-03-25 21:08 - 00000000 ____D C:\Program Files\TeamViewer
2016-07-07 18:05 - 2009-05-09 16:14 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Yahoo!
2016-07-07 18:05 - 2009-05-09 16:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo!
2016-07-07 17:55 - 2009-03-23 19:52 - 00000000 ____D C:\Program Files\CONEXANT
2016-07-07 17:49 - 2006-03-27 23:50 - 00000000 ____D C:\Program Files\WST
2016-07-07 17:44 - 2005-04-05 21:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IBM
2016-07-07 17:43 - 2005-04-05 21:45 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2016-07-07 17:41 - 2008-11-15 01:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tivoli Storage Manager
2016-07-07 17:39 - 2011-10-21 17:57 - 00000000 ____D C:\Program Files\CoreFTP
2016-07-07 17:39 - 2011-10-21 17:57 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Core FTP
2016-07-07 17:36 - 2012-12-27 18:26 - 00000000 ____D C:\Program Files\CompanionLink
2016-07-03 20:41 - 2006-04-12 04:08 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-07-03 17:46 - 2009-03-23 20:04 - 00000000 ____D C:\Program Files\AT&T Network Client
2016-07-03 17:41 - 2005-04-04 20:17 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
2016-07-03 17:26 - 2009-05-08 11:29 - 00000000 ____D C:\epricer
2016-07-03 17:20 - 2013-01-13 18:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2016-07-03 17:20 - 2013-01-13 18:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-07-03 17:13 - 2012-02-25 10:43 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Samsung
2016-07-03 17:13 - 2012-02-24 13:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
2016-07-03 17:13 - 2012-02-24 13:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Samsung
2016-07-03 17:10 - 2013-04-23 17:55 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Juniper Networks
2016-07-03 17:02 - 2010-01-12 14:19 - 00000000 ____D C:\notes
2016-07-01 20:19 - 2009-10-10 10:09 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat

==================== Files in the root of some directories =======

2013-07-12 18:34 - 2013-07-12 18:34 - 0000664 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.tmp
2009-08-05 09:09 - 2011-12-29 17:35 - 0009216 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-05-16 20:17 - 2009-05-16 20:17 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2013-02-23 17:46 - 2013-02-23 17:46 - 0338815 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\speeddial.crx
2011-05-20 07:46 - 2011-05-20 07:46 - 8892928 _____ () C:\Documents and Settings\All Users\Application Data\atscie.msi
2009-05-16 21:02 - 2013-12-17 22:12 - 0004096 _____ () C:\Documents and Settings\All Users\Application Data\ScheduledItems

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

#12
Jr0x

Posted 24 July 2016 - 09:28 AM

Malware removal team

Malware Removal
1,830 posts

Hi Paul432220,

What did you mean when you mentioned that you did remarks on a bunch of files in the log? You should post the original log without any changes to it.

Fix with FRST

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste.
Save it on the desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S4 SysPlant; \SystemRoot\SYSTEM32\Drivers\SysPlant.sys [X]

C:\Windows\SYSTEM32\Drivers\SysPlant.sys

Emptytemp:
Hosts:
End

ESET full log (without any remarks or changes to the log)
FRST fixlog

#13
Paul432220

Posted 25 July 2016 - 03:09 AM

Member

Topic Starter
Member
78 posts

Hi Jr0x,

I have pasted in the previous reply the full FRST log, but when it was running, i saw it indicated in red (at a certain point) 3 threats, that's all...

Now, i have first ran the FRST tool with the fix you provided, than afterwards, i have ran again the ESET tool of which i will also paste the full log it generated this morning

Hope it wil help,

Cheers, Paul

Fix result of Farbar Recovery Scan Tool (x86) Version: 24-07-2016
Ran by BE76601 (2016-07-25 08:50:23) Run:2
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: BE76601 (Available Profiles: BE76601)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S4 SysPlant; \SystemRoot\SYSTEM32\Drivers\SysPlant.sys [X]

C:\Windows\SYSTEM32\Drivers\SysPlant.sys

Emptytemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
SysPlant => service removed successfully.
"C:\Windows\SYSTEM32\Drivers\SysPlant.sys" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 60599 B
Java, Flash, Steam htmlcache => 24266236 B
Windows/system/dllcache/drivers => 16971 B
Edge => 0 B
Chrome => 0 B
Firefox => 192065461 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default User => 330227 B
All Users => 0 B
systemprofile => 383468604 B
LocalService => 16686648 B
NetworkService => 146983 B
Administrator => 61117459 B

RecycleBin => 2657125 B
EmptyTemp: => 649.3 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 08:52:24 ====

C:\instexe_T400\SetupBatteryCare.zip   Win32/OpenCandy potentially unsafe application
C:\instexe_T400\Auslogic defrag\disk-defrag-setup.exe   a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\instexe_T400\CCleaner\ccsetup326.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466500.dll   a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466501.dll   a variant of Win32/PriceGong.A potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466502.dll   a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466503.dll   a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466504.dll   a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466506.dll   a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466507.dll   a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466508.dll   a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466509.dll   a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466510.exe   Win32/Toolbar.Conduit.V potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466511.exe   Win32/Toolbar.Conduit.V potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466512.dll   a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466513.dll   a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466514.dll   Win32/Toolbar.Conduit.N potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466515.dll   Win32/Toolbar.Conduit.O potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466516.dll   Win32/Toolbar.Conduit.N potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466517.dll   a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466518.dll   Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466519.dll   a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466520.dll   a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466522.exe   a variant of Win32/Toolbar.Conduit.AR potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1300\A0470409.exe   a variant of Win32/DealPly.H potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1300\A0470552.dll   a variant of Win32/Toolbar.Conduit.AR potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1300\A0470553.dll   Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1300\A0470554.dll   Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1301\A0472623.exe   a variant of Win32/TFTPD32.B potentially unsafe application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1307\A0476500.exe   a variant of Win32/InstallCore.D potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1307\A0476501.exe   a variant of Win32/Toolbar.Conduit.AR potentially unwanted application,a variant of Win32/Toolbar.Conduit.B potentially unwanted application,Win32/Toolbar.Conduit.A potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1307\A0476502.exe   a variant of Win32/InstallCore.D potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1307\A0476503.exe   Win32/Toggle potentially unwanted application,a variant of Win32/Toolbar.Conduit.B potentially unwanted application,Win32/Toolbar.Conduit.Y potentially unwanted application,Win32/Toolbar.Conduit.A potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1307\A0476504.exe   Win32/DownloadAdmin.G potentially unwanted application,Win32/DownloadAdmin.H potentially unwanted application
C:\TDSSKiller_Quarantine\02.05.2012_12.52.16\mbr0000\tdlfs0000\tsk0009.dta   a variant of Win32/Olmasco.AD trojan
C:\TDSSKiller_Quarantine\02.05.2012_12.52.16\mbr0000\tdlfs0000\tsk0010.dta   a variant of Win32/Olmarik.AYN trojan
C:\TFTP32\tftp32.zip   a variant of Win32/TFTPD32.B potentially unsafe application
C:\TFTP32\tftpd32.exe   a variant of Win32/TFTPD32.B potentially unsafe application

#14
Jr0x

Posted 25 July 2016 - 10:21 AM

Malware removal team

Malware Removal
1,830 posts

Hi Paul432220,

I noticed a few new items from the ESET log such as CCleaner, Disk-Defrag installer. As with the warning, these installer usually comes with PUP bundled application that will get installed together with the application that you installed. Do take note to not installed these bundled application as it is mostly unwanted applications. Unchecky is a excellent software that helps to prevent such PUP from installing to your machine.

Before I declare you as clean, do you have any other outstanding issue you would like to raise?

#15
Paul432220

Posted 25 July 2016 - 01:24 PM

Member

Topic Starter
Member
78 posts

Hi Jr0x,

tx, i do pay fully attention when installing applicatons (mostly sharware or freeware) to uncheck all the unwanted software they usually carry around.

I'll look into unchecky as it is better to have a tool that prevents this !

Let me run another full scan of AVG to see if the original issue is still there, i'll let you know once it finishes...

Cheers, Paul