Hi Jr0x,
As requested, i attach in sequence below here, the Malware bytes log, ESET log and FRST log.
I did remark a bunch of infected files in the ESET log, many of them on the system restore volume...
Cheers, Paul
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 23-7-2016
Scan Time: 16:49:23
Logfile: 2016 07 23 Malware_bytes_scanlog.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.07.23.06
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: BE76601
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295549
Time Elapsed: 20 min, 12 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.SearchYah, HKLM\SOFTWARE\CLASSES\esrv.searchyaESrvc, Quarantined, [f67c9394851551e5a06bc4f0996a58a8],
PUP.Optional.SearchYah, HKLM\SOFTWARE\CLASSES\esrv.searchyaESrvc.1, Quarantined, [78fa4bdc4d4de65031da10a4cc37c13f],
PUP.Optional.SmartBar, HKU\S-1-5-21-3277949548-3100964623-776316575-500\SOFTWARE\SMARTBAR, Quarantined, [0d659f88cad081b5aea3e9ccfb08d52b],
Registry Values: 1
PUP.Optional.SmartBar, HKU\S-1-5-21-3277949548-3100964623-776316575-500\SOFTWARE\SMARTBAR|GlobalUserId, 92F0FB8B-2638-4E94-A69C-77D114899BEF, Quarantined, [0d659f88cad081b5aea3e9ccfb08d52b]
Registry Data: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[512146e16e2c280eb16d1a5f1fe546ba]
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[601200270c8e4cea0817a9d0af55e917]
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[e58df4332c6e80b673ad4831a36137c9]
Folders: 15
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\tmp, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Log, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
Files: 123
Rootkit.TDSS, C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ4.tmp, Quarantined, [650dc067d2c85fd73e2002125ca852ae],
PUP.Optional.FunMoods, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage, Quarantined, [cea42ef9a2f883b3f6936e3537cc2ad6],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\1.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\1.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\a.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\a.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\b.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\b.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\c.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\c.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\d.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\d.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\e.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\e.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\f.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\f.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\g.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\g.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\h.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\h.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\i.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\i.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\j.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\J.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\k.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\k.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\l.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\l.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\m.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\m.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\n.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\n.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\o.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\o.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\p.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\p.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\q.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\q.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\r.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\r.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\s.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\s.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\t.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\t.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\u.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\u.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\v.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\v.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\w.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\w.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\wlu.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\x.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\x.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\y.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\y.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\z.txt, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.PriceGong, C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\z.xml, Quarantined, [de944dda6931e155a5525f5b61a15fa1],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\DialogsAPI.js, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\PIE.htc, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\settings.js, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\version.txt, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\close.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\closeBtn.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\powered-by.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settings.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settingsBtn.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\close.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\closeBtn.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next_hover.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\powered-by.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settings.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settingsBtn.png, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Thumbs.db, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_26447_25929_BE.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_26677_26159_BE.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_26679_26161_BE.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_26682_26164_BE.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_26683_26165_BE.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_26684_26166_BE.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_BE.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=26447&fid=25929.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=26677&fid=26159.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=26679&fid=26161.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=26682&fid=26164.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=26683&fid=26165.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=26684&fid=26166.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=26447&alertFeedId=25929.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=26677&alertFeedId=26159.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=26679&alertFeedId=26161.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=26682&alertFeedId=26164.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=26683&alertFeedId=26165.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=26684&alertFeedId=26166.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks\en.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en-us&browserType=IE&toolbarVersion=5_3_4_2.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en-us&browserType=IE&toolbarVersion=5_5_0_10.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en-us&browserType=IE&toolbarVersion=5_7_2_2.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en-us&browserType=IE&toolbarVersion=5_7_3_1.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en-us&browserType=IE&toolbarVersion=6_2_2_4.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en-us&browserType=IE&toolbarVersion=6_3_2_17.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en-us&browserType=IE&toolbarVersion=6_3_3_3.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
PUP.Optional.Conduit, C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en-us&browserType=IE&toolbarVersion=6_8_5_1.xml, Quarantined, [d79bc166c3d7b680da4e05c2b74b32ce],
Physical Sectors: 0
(No malicious items detected)
(end)
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466500.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466501.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466502.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466503.dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466504.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466506.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466507.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466508.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466509.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466510.exe Win32/Toolbar.Conduit.V potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466511.exe Win32/Toolbar.Conduit.V potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466512.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466513.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466514.dll Win32/Toolbar.Conduit.N potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466515.dll Win32/Toolbar.Conduit.O potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466516.dll Win32/Toolbar.Conduit.N potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466517.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466518.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466519.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466520.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1285\A0466522.exe a variant of Win32/Toolbar.Conduit.AR potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1300\A0470409.exe a variant of Win32/DealPly.H potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1300\A0470552.dll a variant of Win32/Toolbar.Conduit.AR potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1300\A0470553.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1300\A0470554.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1307\A0476500.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1307\A0476501.exe a variant of Win32/Toolbar.Conduit.AR potentially unwanted application,a variant of Win32/Toolbar.Conduit.B potentially unwanted application,Win32/Toolbar.Conduit.A potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1307\A0476502.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1307\A0476503.exe Win32/Toggle potentially unwanted application,a variant of Win32/Toolbar.Conduit.B potentially unwanted application,Win32/Toolbar.Conduit.Y potentially unwanted application,Win32/Toolbar.Conduit.A potentially unwanted application
C:\System Volume Information\_restore{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP1307\A0476504.exe Win32/DownloadAdmin.G potentially unwanted application,Win32/DownloadAdmin.H potentially unwanted application
C:\TDSSKiller_Quarantine\02.05.2012_12.52.16\mbr0000\tdlfs0000\tsk0009.dta a variant of Win32/Olmasco.AD trojan
C:\TDSSKiller_Quarantine\02.05.2012_12.52.16\mbr0000\tdlfs0000\tsk0010.dta a variant of Win32/Olmarik.AYN trojan
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2016 02
Ran by BE76601 (administrator) on T400 (23-07-2016 22:00:22)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: BE76601 (Available Profiles: BE76601)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(IBM) C:\Program Files\IBM\Java60\jre\bin\jqs.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Lenovo.) C:\WINDOWS\system32\TPHDEXLG.exe
() C:\WINDOWS\system32\TpKmpSvc.exe
() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Lenovo.) C:\WINDOWS\system32\TpShocks.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(BillP Studios) C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
() C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.7.2\pmonmh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(IBM) C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\symphony.exe
(Symantec Corporation) C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
(Avanquest Software) C:\Program Files\Avanquest\PowerDesk\pddlghlp.exe
(IBM) C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.1.20120110-2000\program\soffice.bin
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [181536 2008-06-06] (Lenovo.)
HKLM\...\Run: [PWRMGRTR] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [BLOG] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [820520 2007-11-22] (Synaptics, Inc.)
HKLM\...\Run: [TPFNF7] => C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [60192 2008-07-31] (Lenovo Group Limited)
HKLM\...\Run: [TPKMAPHELPER] => C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [868352 2007-01-09] (Lenovo)
HKLM\...\Run: [ACTray] => C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [431464 2011-04-14] (Lenovo )
HKLM\...\Run: [ACWLIcon] => C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [189800 2011-04-14] (Lenovo )
HKLM\...\Run: [PSQLLauncher] => "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
HKLM\...\Run: [Resume copy] => copyfstq.exe /startup
HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [222784 2005-12-12] (BillP Studios)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [417792 2009-11-11] (Apple Inc.)
HKLM\...\Run: [pmonmh] => C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.7.2\pmonmh.exe [184371 2012-06-14] ()
HKLM\...\Run: [LenovoAutoScrollUtility] => C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [43960 2010-04-01] (Lenovo Group Limited)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [5351184 2016-06-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [OpwareSE2] => C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [openvpn-gui] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [99328 2005-08-18] ()
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [ACT_APL] => "C:\Program Files\ACT\ACT for Windows\ACT_APL.exe"
Winlogon\Notify\ACNotify: C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACNotify.dll [2011-04-14] (Lenovo )
Winlogon\Notify\NavLogon:
HKLM\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [Virtual Dimension] => C:\Program Files\Virtual Dimension\VirtualDimension.exe
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [Cookienator] => C:\Program Files\Cookienator\cookienator.exe [1333472 2009-10-19] (CodeFromThe70s.org)
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [PDHookServer] => C:\Program Files\Avanquest\PowerDesk\PDHookServer.exe [60416 2012-12-14] ()
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [SymphonyPreLoad] => "C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony" -nogui -nosplash
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Run: [AeroSnap] => C:\Program Files\AeroSnap\AeroSnap.exe
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [NoDevMgrUpdate] 1
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [NoSaveSettings] 1
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Home] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Fullscreen] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Tools] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Print] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Edit] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Cut] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Copy] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Paste] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\...\Policies\Explorer: [Btn_Encoding] 0
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ss3dfo.scr [704512 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
Lsa: [Notification Packages] scecli PGPpwflt
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dialog Helper.lnk [2013-02-01]
ShortcutTarget: Dialog Helper.lnk -> C:\Program Files\Avanquest\PowerDesk\pddlghlp.exe (Avanquest Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk [2013-01-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IBM Connections Drafts Monitor.lnk [2012-03-07]
ShortcutTarget: IBM Connections Drafts Monitor.lnk -> C:\Program Files\IBM\Connections Files connectors\LFMonitor.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGP Tray.lnk [2016-07-23]
ShortcutTarget: PGP Tray.lnk -> C:\WINDOWS\Installer\{98F75B02-CCED-4568-9DEC-522A9512477E}\Icon6560581611.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.2
Tcpip\..\Interfaces\{F331C6FC-8137-4709-A97C-4D7B168CCA6C}: [DhcpNameServer] 192.168.0.2
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-3277949548-3100964623-776316575-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://w3.ibm.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> {A455E32A-3DE6-47CC-B4C2-7E006963690A} URL = hxxp://w3.ibm.com/bluepages/simpleSearch.wss?searchFor={searchTerms}&searchBy=name&sourceid=Mozilla-search
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> {C4D5EAC9-67DA-4B95-832B-0EFE686B77D4} URL = hxxps://w3.ibm.com/connections/search/web/search?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> {FE206555-0DAA-495B-A428-01631917F40B} URL = hxxp://w3.ibm.com/search/do/search?queryType=simple&qt={searchTerms}&w3scope=w3General&sourceid=Mozilla-search
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\IBM\Java60\jre\bin\ssv.dll [2013-04-24] (IBM)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll [2013-04-24] (IBM)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ie\jqs_plugin.dll [2013-04-24] (IBM)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-06-28] (CANON INC.)
Toolbar: HKU\S-1-5-21-3277949548-3100964623-776316575-500 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-06-28] (CANON INC.)
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} hxxps://www-03.ibm.com/qp2.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228972592890
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228972560421
DPF: {8B8A0588-356B-431E-A4C3-A56553266DAA} hxxps://w3-501.ibm.com/transform/crm/europe/be/callcenter/21219/applets/SiebelAx_Smartscript.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} hxxp://w3.ibm.com/bluepages/scripts/lnwebassist.cab
DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} hxxp://w3-03.ibm.com/tools/print/plugin/gpwsx.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {DF9541C7-3923-4229-B24C-2AFE7DE3FEC1} hxxps://w3-501.ibm.com/transform/crm/europe/be/sales/21112/applets/SiebelAx_Smartscript.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aoadyda8.default-1372317202890
FF Homepage: hxxp://www.google.be/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-07-07] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2011-10-17] (Google)
FF Plugin: @ibm.com/Java -> C:\Program Files\IBM\Java50\jre\bin\npoji610.dll [2008-10-23] (IBM)
FF Plugin: @IBM.com/JavaPlugin -> C:\Program Files\IBM\Java60\jre\bin\plugin2\npjp2.dll [2013-04-24] (IBM)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-06-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-06] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-18] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npcpsweb.dll [2010-08-02] (IBM )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-02-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll [2009-09-23] (NOS Microsystems Ltd.)
FF Extension: IE Tab - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aoadyda8.default-1372317202890\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2016-07-03]
FF Extension: Download Statusbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aoadyda8.default-1372317202890\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2016-07-03]
FF Extension: IBM Add To Notes Address Book BluePages Plugin - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aoadyda8.default-1372317202890\Extensions\[email protected] [2013-07-03] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-07-07] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-07-07] [not signed]
Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4092672 2016-06-29] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [890128 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [594904 2016-06-29] (AVG Technologies CZ, s.r.o.)
R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [233472 2013-05-22] (Teruten) [File not signed]
S4 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
S4 gupdate1ca1825452a051e; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-08-08] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\IBM\Java60\jre\bin\jqs.exe [158016 2013-04-24] (IBM)
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45496 2011-04-04] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 PGP RDD Service; C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe [1588544 2012-07-21] (Symantec Corporation)
R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [53248 2009-04-16] () [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [966656 2010-10-19] (Intel® Corporation) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [130920 2011-04-20] (Lenovo Group Limited)
R2 TpKmpSVC; C:\WINDOWS\system32\TpKmpSVC.exe [32768 2006-06-29] () [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 ANC; C:\WINDOWS\System32\drivers\ANC.SYS [11520 2011-04-08] (IBM Corp.) [File not signed]
R2 Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [243456 2016-06-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [201472 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [212736 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [191744 2016-06-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [217344 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-01] (AVG Technologies CZ, s.r.o.)
S3 avpnnic; C:\WINDOWS\System32\DRIVERS\avpnnic.sys [11392 2009-10-07] (AT&T) [File not signed]
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [533152 2009-09-18] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [993576 2010-09-23] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2008-07-24] (Broadcom Corporation.)
S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37032 2008-02-04] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [51752 2010-09-16] (Broadcom Corporation.)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [754176 2008-05-22] (Conexant Systems Inc.)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [243856 2008-09-19] (Intel Corporation)
R2 EGATHDRV; C:\WINDOWS\SYSTEM32\EGATHDRV.SYS [17104 2012-02-09] (IBM Corporation)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed]
S3 GTF32BUS; C:\WINDOWS\System32\DRIVERS\gtf32bus.sys [32000 2006-03-28] (Option N.V.)
S3 GTPTSER; C:\WINDOWS\System32\DRIVERS\gtptser.sys [8064 2007-04-14] (Option N.V.) [File not signed]
S3 GTSCSER; C:\WINDOWS\System32\DRIVERS\gtscser.sys [18944 2006-03-28] (Option N.V.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [210560 2008-04-10] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [985472 2008-04-10] (Conexant Systems, Inc.)
R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2011-04-08] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-07-23] (Malwarebytes)
R3 NETwNx32; C:\WINDOWS\System32\DRIVERS\NETwNx32.sys [6913920 2010-10-18] (Intel Corporation)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16694 2009-05-10] (PalmSource, Inc.)
R2 PGPdisk; C:\WINDOWS\system32\Drivers\PGPdisk.sys [244448 2012-07-21] (Symantec Corporation)
R1 PGPsdkDriver; C:\WINDOWS\System32\Drivers\PGPsdk.sys [41520 2012-07-21] (Symantec Corporation)
R0 PGPwded; C:\WINDOWS\system32\Drivers\PGPwded.sys [312952 2012-07-21] (Symantec Corporation)
R0 Pgpwdefs; C:\WINDOWS\System32\DRIVERS\Pgpwdefs.sys [14792 2012-07-21] (Symantec Corporation)
R2 PMEM; C:\WINDOWS\system32\drivers\PMEMNT.SYS [7012 2008-10-10] (Microsoft Corporation) [File not signed]
S3 pneteth; C:\WINDOWS\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S3 tap0801; C:\WINDOWS\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project) [File not signed]
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26112 2010-08-20] (The OpenVPN Project) [File not signed]
R2 TGRAB; C:\WINDOWS\system32\tgrab.sys [8288 2012-02-09] () [File not signed]
R1 TPHKDRV; C:\WINDOWS\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited)
R3 tpm; C:\WINDOWS\System32\DRIVERS\tpm.sys [13824 2008-03-26] (Intel Corporation)
R1 TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [4442 2004-11-30] () [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [4608 2008-07-31] () [File not signed]
S3 wcndis; C:\WINDOWS\System32\DRIVERS\wcndis.sys [8704 2006-01-30] () [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-14] (Microsoft Corporation)
S4 SysPlant; \SystemRoot\SYSTEM32\Drivers\SysPlant.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-23 21:59 - 2016-07-23 21:59 - 01744384 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2016-07-23 17:26 - 2016-07-23 17:26 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET
2016-07-23 16:29 - 2016-07-23 16:29 - 00000820 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2016-07-21 22:40 - 2016-07-21 22:40 - 00009192 _____ C:\Documents and Settings\Administrator\Desktop\Fixlog.txt
2016-07-21 22:38 - 2016-07-21 22:38 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\FRST-OlderVersion
2016-07-21 22:25 - 2016-07-21 22:16 - 00003616 _____ C:\Documents and Settings\Administrator\Desktop\fixlist.txt
2016-07-21 20:55 - 2016-07-21 20:55 - 00894960 _____ C:\Documents and Settings\Administrator\Desktop\Norton_Removal_Tool.exe
2016-07-21 20:53 - 2016-07-21 20:53 - 00000726 _____ C:\Documents and Settings\Administrator\Desktop\WhoCrashed.lnk
2016-07-21 20:53 - 2016-07-21 20:53 - 00000000 ____D C:\Program Files\WhoCrashed
2016-07-21 20:51 - 2016-07-21 20:52 - 02491240 _____ (Resplendence Software Projects Sp. ) C:\Documents and Settings\Administrator\Desktop\whocrashedSetup.exe
2016-07-20 14:56 - 2016-07-20 14:58 - 00055282 _____ C:\Documents and Settings\Administrator\Desktop\Addition.txt
2016-07-20 14:53 - 2016-07-23 22:00 - 00028187 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-07-17 18:29 - 2016-07-17 18:28 - 00114688 _____ C:\WINDOWS\Minidump\Mini071716-01.dmp
2016-07-17 18:08 - 2016-07-17 18:26 - 00000000 ___SD C:\ComboFix
2016-07-11 21:28 - 2016-07-11 21:35 - 00000000 ____D C:\Program Files\FreeCommander XE
2016-07-11 21:28 - 2016-07-11 21:28 - 00000773 _____ C:\Documents and Settings\Administrator\Desktop\FreeCommander XE.lnk
2016-07-11 21:28 - 2016-07-11 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FreeCommander XE
2016-07-11 21:28 - 2016-07-11 21:28 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\FreeCommanderXE
2016-07-11 20:53 - 2016-07-11 20:52 - 00114688 _____ C:\WINDOWS\Minidump\Mini071116-03.dmp
2016-07-11 20:39 - 2016-07-11 20:39 - 00114688 _____ C:\WINDOWS\Minidump\Mini071116-02.dmp
2016-07-11 17:59 - 2016-07-11 17:59 - 00114688 _____ C:\WINDOWS\Minidump\Mini071116-01.dmp
2016-07-11 17:30 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2016-07-11 17:30 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2016-07-11 17:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2016-07-11 17:30 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2016-07-11 17:26 - 2016-07-11 17:30 - 00000000 ____D C:\Qoobox
2016-07-11 17:26 - 2016-07-11 17:26 - 00000000 ____D C:\WINDOWS\erdnt
2016-07-11 17:24 - 2016-07-11 17:25 - 05659622 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
2016-07-11 16:39 - 2016-07-23 22:00 - 00000000 ____D C:\FRST
2016-07-11 16:29 - 2016-07-11 16:31 - 00111442 _____ C:\TDSSKiller.3.1.0.9_11.07.2016_16.29.28_log.txt
2016-07-11 15:50 - 2016-07-11 15:53 - 00000000 ____D C:\AdwCleaner
2016-07-08 11:04 - 2016-07-23 17:11 - 00173288 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2016-07-07 23:56 - 2016-07-23 19:40 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-07 23:55 - 2016-07-07 23:55 - 00000787 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-07 23:55 - 2016-07-07 23:55 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-07 23:55 - 2016-07-07 23:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-07 23:55 - 2016-07-07 23:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-07-07 23:55 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-07 23:55 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-07-07 18:44 - 2016-07-07 18:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-07 18:37 - 2016-07-23 17:13 - 00000424 _____ C:\WINDOWS\Tasks\AVG-SSU_0516piz.job
2016-07-07 18:37 - 2016-07-07 18:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg_Update_0516piz
2016-07-07 18:34 - 2016-07-07 18:34 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG
2016-07-07 18:33 - 2016-07-07 18:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2016-07-07 18:33 - 2016-07-07 18:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2016-07-07 18:31 - 2016-07-07 18:31 - 00000000 ___HD C:\$AVG
2016-07-07 18:29 - 2016-07-23 17:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2016-07-07 18:29 - 2016-07-07 18:29 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2016-07-07 18:29 - 2016-07-07 18:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Zen
2016-07-07 18:29 - 2016-07-07 18:29 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
2016-07-07 18:26 - 2016-07-07 18:30 - 00000000 ____D C:\Program Files\AVG
2016-07-07 18:24 - 2016-07-07 18:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg
2016-07-07 18:24 - 2016-07-07 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2016-07-07 18:24 - 2016-07-07 18:29 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\AvgSetupLog
2016-07-07 18:23 - 2016-07-23 17:25 - 00000000 ____D C:\instexe
2016-07-03 17:26 - 2016-07-03 17:26 - 00000495 _____ C:\WINDOWS\VersataQIuninstall.iss
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-23 22:00 - 2005-04-04 19:48 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-07-23 20:11 - 2009-05-08 12:20 - 00000000 ____D C:\instexe_T400
2016-07-23 17:14 - 2009-03-23 19:58 - 00000304 _____ C:\WINDOWS\Tasks\PMTask.job
2016-07-23 17:13 - 2005-04-04 19:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-23 17:13 - 2004-08-04 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-07-23 17:12 - 2007-02-23 00:59 - 00000000 ____D C:\WINDOWS\IBM
2016-07-23 17:11 - 2013-03-15 09:12 - 00032414 _____ C:\WINDOWS\SchedLgU.Txt
2016-07-23 17:11 - 2005-04-04 19:48 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-07-21 22:26 - 2006-01-24 02:45 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-07-21 22:26 - 2005-04-05 19:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Symantec
2016-07-21 21:51 - 2005-04-04 20:28 - 00000000 ___HD C:\WINDOWS\inf
2016-07-17 18:29 - 2009-12-01 09:09 - 00000000 ____D C:\WINDOWS\Minidump
2016-07-17 18:29 - 2009-04-28 00:43 - 00000000 __SHD C:\WINDOWS\CSC
2016-07-11 20:36 - 2009-05-08 20:11 - 00000000 ___RD C:\$user
2016-07-11 17:46 - 2009-08-28 08:46 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
2016-07-11 15:38 - 2005-04-04 20:34 - 00000294 ___SH C:\boot.ini
2016-07-11 15:38 - 2004-08-04 07:00 - 00000573 _____ C:\WINDOWS\win.ini
2016-07-11 15:38 - 2004-08-04 07:00 - 00000274 _____ C:\WINDOWS\system.ini
2016-07-08 11:11 - 2005-04-04 19:43 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-07-08 11:05 - 2005-04-04 20:28 - 00000000 ____D C:\WINDOWS\system
2016-07-08 10:24 - 2009-06-29 08:55 - 00000000 ____D C:\WINDOWS\pss
2016-07-08 10:13 - 2012-05-03 22:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-08 10:13 - 2009-05-08 20:21 - 00000000 ____D C:\Program Files\Yahoo!
2016-07-08 10:13 - 2005-04-04 20:34 - 00332760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-08 10:09 - 2005-04-04 19:48 - 00000000 ____D C:\Documents and Settings\Administrator
2016-07-07 22:08 - 2007-03-06 00:02 - 00000000 ____D C:\temp
2016-07-07 21:21 - 2009-03-23 21:09 - 00000000 ____D C:\ecountry
2016-07-07 18:46 - 2012-04-03 15:15 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-07-07 18:46 - 2011-06-08 07:37 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-07-07 18:46 - 2006-04-12 04:08 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2016-07-07 18:24 - 2005-04-04 20:17 - 00091560 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-07-07 18:15 - 2009-05-09 16:16 - 00000000 ____D C:\Program Files\MonkMerg
2016-07-07 18:15 - 2005-04-05 21:45 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-07-07 18:15 - 2005-04-04 22:08 - 00000000 ____D C:\Program Files\IBM
2016-07-07 18:14 - 2009-08-08 14:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2016-07-07 18:14 - 2009-08-08 14:38 - 00000000 ____D C:\Program Files\Google
2016-07-07 18:10 - 2012-03-25 21:08 - 00000000 ____D C:\Program Files\TeamViewer
2016-07-07 18:05 - 2009-05-09 16:14 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Yahoo!
2016-07-07 18:05 - 2009-05-09 16:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo!
2016-07-07 17:55 - 2009-03-23 19:52 - 00000000 ____D C:\Program Files\CONEXANT
2016-07-07 17:49 - 2006-03-27 23:50 - 00000000 ____D C:\Program Files\WST
2016-07-07 17:44 - 2005-04-05 21:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IBM
2016-07-07 17:43 - 2005-04-05 21:45 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2016-07-07 17:41 - 2008-11-15 01:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tivoli Storage Manager
2016-07-07 17:39 - 2011-10-21 17:57 - 00000000 ____D C:\Program Files\CoreFTP
2016-07-07 17:39 - 2011-10-21 17:57 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Core FTP
2016-07-07 17:36 - 2012-12-27 18:26 - 00000000 ____D C:\Program Files\CompanionLink
2016-07-03 20:41 - 2006-04-12 04:08 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-07-03 17:46 - 2009-03-23 20:04 - 00000000 ____D C:\Program Files\AT&T Network Client
2016-07-03 17:41 - 2005-04-04 20:17 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
2016-07-03 17:26 - 2009-05-08 11:29 - 00000000 ____D C:\epricer
2016-07-03 17:20 - 2013-01-13 18:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2016-07-03 17:20 - 2013-01-13 18:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-07-03 17:13 - 2012-02-25 10:43 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Samsung
2016-07-03 17:13 - 2012-02-24 13:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
2016-07-03 17:13 - 2012-02-24 13:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Samsung
2016-07-03 17:10 - 2013-04-23 17:55 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Juniper Networks
2016-07-03 17:02 - 2010-01-12 14:19 - 00000000 ____D C:\notes
2016-07-01 20:19 - 2009-10-10 10:09 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
==================== Files in the root of some directories =======
2013-07-12 18:34 - 2013-07-12 18:34 - 0000664 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.tmp
2009-08-05 09:09 - 2011-12-29 17:35 - 0009216 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-05-16 20:17 - 2009-05-16 20:17 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2013-02-23 17:46 - 2013-02-23 17:46 - 0338815 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\speeddial.crx
2011-05-20 07:46 - 2011-05-20 07:46 - 8892928 _____ () C:\Documents and Settings\All Users\Application Data\atscie.msi
2009-05-16 21:02 - 2013-12-17 22:12 - 0004096 _____ () C:\Documents and Settings\All Users\Application Data\ScheduledItems
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================