Diverse skrap pa min dator

[andzze]

Hej

 

Idag sa tryckte jag pa en banner pa eforumsidan om att scanna datorn och sen var jag fast. Vet inte varfor jag gick pa den igen, men nu tjatar en massa pop/up pa att jag ska kopa deras antivirusprodukt for att rensa. Hadde iof. srap pa den innan

 

Kanonbra sammanstallning du gjorde forresten pa hur man gar vidare med att rensa, sa slipper man fraga dig varje gang. Du ar sa klok :-)

 

Har en XP

 

Hur gar jag vidare?

Gott nytt ar pa dig och alla andra har

 

 

FRST gav foljande logg

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-12-2014
Ran by XZMYYV (administrator) on SETHNWNGXA04602 on 26-12-2014 15:17:16
Running from C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temporary Internet Files\Content.IE5\397Y5YBV
Loaded Profiles: XZMYYV & administrator & localadmin (Available profiles: XZMYYV & administrator & localadmin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINNT\system32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(IDT, Inc.) C:\WINNT\DRIVERS\NOTEBOOKS\Audio\stacsv.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Kontiki Inc.) C:\Program Files\Kontiki\KService.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(NVIDIA Corporation) C:\WINNT\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(Microsoft Corporation) C:\WINNT\explorer.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Andrea Electronics Corporation) C:\WINNT\system32\AESTFltr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Softonic) C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Softonic\Softonic.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(WinZip Computing, Inc.) C:\Program Files\WinZip\WZQKPICK.EXE
(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe
(Microsoft Corporation) C:\WINNT\system32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
() C:\Program Files\AppEnable\bin\utilAppEnable.exe
() C:\Program Files\AppEnable\bin\AppEnable.PurBrowse.exe
() C:\Program Files\AppEnable\bin\AppEnable.expext.exe
() C:\Program Files\AppEnable\bin\AppEnable.BrowserAdapter.exe
() C:\Program Files\AppEnable\bin\AppEnable.BRT.Helper.exe
() C:\Program Files\AppEnable\updateAppEnable.exe
(Microsoft Corporation) C:\WINNT\system32\ctfmon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temporary Internet Files\Content.IE5\397Y5YBV\FRST[1].exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iMJPMIG8.1] => C:\WINNT\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [196608 2008-09-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NVHotkey] => rundll32.exe nvHotkey.dll,Start
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [442467 2008-08-25] (IDT, Inc.)
HKLM\...\Run: [AESTFltr] => C:\WINNT\system32\AESTFltr.exe [466944 2008-08-25] (Andrea Electronics Corporation)
HKLM\...\Run: [P10015] => WSCRIPT.EXE //B C:\LOGS\P10015\P10015_wallpaper.vbs
HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [synchronization Manager] => C:\WINNT\system32\mobsync.exe [143360 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [161088 2011-01-12] (McAfee, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2039192 2014-11-24] (APN)
HKLM\...\Winlogon: [userinit] C:\WINNT\system32\userinit.exe,
HKLM\...\Winlogon: [shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [uIHost] C:\WINNT\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINNT\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINNT\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKLM\...\Policies\Explorer: [PreXPSP2ShellProtocolBehavior] 0
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\Run: [CTFMON.EXE] => C:\WINNT\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\Policies\Explorer: [btn_Home] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\Policies\Explorer: [btn_Fullscreen] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\Policies\Explorer: [btn_Tools] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\Policies\Explorer: [btn_Print] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\Policies\Explorer: [btn_Edit] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\Policies\Explorer: [btn_Cut] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\Policies\Explorer: [btn_Copy] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\Policies\Explorer: [btn_Paste] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\Policies\Explorer: [btn_Encoding] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\MountPoints2: {0908d747-9de1-11dc-a3d3-9b55eee4b565} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\MountPoints2: {09919e39-0abb-11dc-bd6b-d1b38b4c2a32} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\MountPoints2: {3dcbaf14-0a11-11dc-9ab8-e92d850bdf2b} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\MountPoints2: {486f3bf8-09f7-11dc-b2c9-b590483e6432} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\MountPoints2: {bc33e1f0-0982-11dc-b647-b883c76da250} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\MountPoints2: {da2857a8-1068-11dc-ab84-f5d2d6fc9f35} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\...\MountPoints2: {fbbe4110-15f4-11dc-a66b-b8f89be89c32} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [ctfmon.exe] => C:\WINNT\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-23] (Google Inc.)
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [softonic for Windows] => C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Softonic\Softonic.exe [4170224 2014-04-29] (Softonic)
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro\OptProLauncher.exe [148048 2014-11-04] (PC Utilities Software Limited)
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Home] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Fullscreen] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Tools] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Print] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Edit] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Cut] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Copy] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Paste] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Encoding] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Run: [CTFMON.EXE] => C:\WINNT\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Home] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Fullscreen] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Tools] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Print] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Edit] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Cut] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Copy] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Paste] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Encoding] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {0908d747-9de1-11dc-a3d3-9b55eee4b565} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {09919e39-0abb-11dc-bd6b-d1b38b4c2a32} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {3dcbaf14-0a11-11dc-9ab8-e92d850bdf2b} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {486f3bf8-09f7-11dc-b2c9-b590483e6432} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {bc33e1f0-0982-11dc-b647-b883c76da250} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {da2857a8-1068-11dc-ab84-f5d2d6fc9f35} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {fbbe4110-15f4-11dc-a66b-b8f89be89c32} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\Run: [CTFMON.EXE] => C:\WINNT\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\Policies\Explorer: [btn_Home] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\Policies\Explorer: [btn_Fullscreen] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\Policies\Explorer: [btn_Tools] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\Policies\Explorer: [btn_Print] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\Policies\Explorer: [btn_Edit] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\Policies\Explorer: [btn_Cut] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\Policies\Explorer: [btn_Copy] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\Policies\Explorer: [btn_Paste] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\Policies\Explorer: [btn_Encoding] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\MountPoints2: {0908d747-9de1-11dc-a3d3-9b55eee4b565} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\MountPoints2: {09919e39-0abb-11dc-bd6b-d1b38b4c2a32} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\MountPoints2: {3dcbaf14-0a11-11dc-9ab8-e92d850bdf2b} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\MountPoints2: {486f3bf8-09f7-11dc-b2c9-b590483e6432} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\MountPoints2: {bc33e1f0-0982-11dc-b647-b883c76da250} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\MountPoints2: {da2857a8-1068-11dc-ab84-f5d2d6fc9f35} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\...\MountPoints2: {fbbe4110-15f4-11dc-a66b-b8f89be89c32} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\Run: [ctfmon.exe] => C:\WINNT\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\RunOnce: [P09098] => WSCRIPT.EXE //B C:\Deploy\P09098\P09098_EFSCipherFix.vbs
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\Policies\Explorer: [btn_Home] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\Policies\Explorer: [btn_Fullscreen] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\Policies\Explorer: [btn_Tools] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\Policies\Explorer: [btn_Print] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\Policies\Explorer: [btn_Edit] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\Policies\Explorer: [btn_Cut] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\Policies\Explorer: [btn_Copy] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\Policies\Explorer: [btn_Paste] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\Policies\Explorer: [btn_Encoding] 0
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\MountPoints2: {0908d747-9de1-11dc-a3d3-9b55eee4b565} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\MountPoints2: {09919e39-0abb-11dc-bd6b-d1b38b4c2a32} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\MountPoints2: {3dcbaf14-0a11-11dc-9ab8-e92d850bdf2b} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\MountPoints2: {486f3bf8-09f7-11dc-b2c9-b590483e6432} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\MountPoints2: {bc33e1f0-0982-11dc-b647-b883c76da250} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\MountPoints2: {da2857a8-1068-11dc-ab84-f5d2d6fc9f35} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\MountPoints2: {fbbe4110-15f4-11dc-a66b-b8f89be89c32} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\...\MountPoints2: {fc7e63e8-a9ac-11dc-83cc-9db049a64361} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINNT\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-23] (Google Inc.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [435096 2008-11-04] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\Policies\Explorer: [btn_Home] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Fullscreen] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Tools] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Print] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Edit] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Cut] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Copy] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Paste] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Encoding] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Startup: C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
AutoConfigURL: [.DEFAULT] => http://saabproxy.saab.com/accelerated_pac_base.pac
AutoConfigURL: [s-1-5-19] => http://autoproxy.gm.com
AutoConfigURL: [s-1-5-20] => http://autoproxy.gm.com
AutoConfigURL: [s-1-5-21-2086223142-3201976994-1658009677-1610] => http://pviapc.rsh.europe.gm.com/gmeproxy.pac
AutoConfigURL: [s-1-5-21-2086223142-3201976994-1658009677-4238] => file://C:\Program Files\AppEnable\bin\Pac9064.js
AutoConfigURL: [s-1-5-21-2086223142-3201976994-1658009677-500] => http://pviapc.rsh.europe.gm.com/gmeproxy.pac
AutoConfigURL: [s-1-5-21-2652258310-2023322990-2681115859-1067] => http://autoproxy.gm.com
AutoConfigURL: [s-1-5-21-2652258310-2023322990-2681115859-500] => http://autoproxy.gm.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com/
HKU\S-1-5-21-2086223142-3201976994-1658009677-1610\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com/
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com/
HKU\S-1-5-21-2652258310-2023322990-2681115859-1067\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com/
HKU\S-1-5-21-2652258310-2023322990-2681115859-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-2086223142-3201976994-1658009677-4238 - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
SearchScopes: HKLM -> {8b0d31e7-0331-43cc-87cd-a472317f1305} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNzfb013YYDE&ptb=601D6205-B60F-4B51-A607-12477879E1D8&psa=&ind=2010120203&ptnrS=ZNzfb013YYDE&si=&st=sb&n=77d0000b&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2086223142-3201976994-1658009677-4238 -> {4B027DED-BC40-4387-9D3C-732D49B113AD} URL = http://www.search.ask.com/web?p2=%5EADN%5EOSJ000%5EYY%5ESE&gct=sb&itbv=12.0.1.100&o=APN10616&tpid=ORJ-V7&apn_uid=637AA3FD-B27F-4ACD-B314-FDDA6FBC412E&apn_ptnrs=ADN&apn_dtid=%5EOSJ000%5EYY%5ESE&apn_dbr=ie_8.0.6001.18702&doi=2013-09-02&trgb=IE&q={searchTerms}&psv=
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Länkhjälp till Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: AppEnable 1.0.0.6 -> {23d4646c-263a-4e2d-a08c-6c704557973d} -> C:\Program Files\AppEnable\AppEnableBHO.dll (AppEnable)
BHO: PDFXChange 4.0 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
BHO: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: FinneDealSouftt -> {7e242f4c-13cb-4e3f-bf04-abfd814e9021} -> C:\Documents and Settings\All Users\Application Data\FinneDealSouftt\gKtQXnTsZbhK1H.dll ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2086223142-3201976994-1658009677-4238 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2086223142-3201976994-1658009677-4238 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2086223142-3201976994-1658009677-4238 -> No Name - {4F524A2D-5637-006A-76A7-7A786E7484D7} -  No File
Toolbar: HKU\S-1-5-21-2086223142-3201976994-1658009677-4238 -> Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mygmgw.gm.com/http://sethnma03.eur.corp.gm.com/iNotes6W.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8462336 2011-01-21] (Microsoft Corporation)
Winsock: Catalog5 01 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINNT\system32\winrnr.dll [16896] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Winsock: Catalog9 01 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINNT\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINNT\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 14 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 15 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 16 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 17 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 18 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 19 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 20 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 21 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINNT\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-21]
FF HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - C:\firefox\FirefoxPortable\App\Firefox\firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-12]
CHR Extension: (Yet Another Lorem Ipsum Generator) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jffcmkkfbampimhpimhofhhkanhflfce [2014-12-26]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-23]
CHR Extension: (AppEnable) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnchmgjekkgjikkffmbglijobonbmaan [2014-12-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2014-12-14] (Adobe Systems Incorporated)
S4 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
R3 ALG; C:\WINNT\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] (APN LLC.)
S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation)
S4 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
S2 Ati HotKey Poller; C:\WINNT\system32\Ati2evxx.exe [344064 2005-01-20] (ATI Technologies Inc.)
R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION
R3 BITS; C:\WINNT\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S4 Browser; C:\WINNT\System32\browser.dll [77824 2008-04-14] (Microsoft Corporation)
R2 ca82e1a5; c:\Program Files\Optimizer Pro\OptProCrash.dll [3113040 2014-11-24] ()
S3 CiSvc; C:\WINNT\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
S4 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S3 COMSysApp; C:\WINNT\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
R2 CryptSvc; C:\WINNT\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)
R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation)
S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\WINNT\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)
R2 Dot3svc; C:\WINNT\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation)
R2 EapHost; C:\WINNT\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
R2 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
S4 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)
S4 Fax; C:\WINNT\system32\fxssvc.exe [267776 2008-04-14] (Microsoft Corporation)
R2 FlexClient; C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe [1421312 2011-10-26] (HP) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-06-21] (Macrovision Europe Ltd.) [File not signed]
R2 FlxNotifier; C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe [212992 2011-03-21] (HP) [File not signed]
S3 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
R2 HidServ; C:\WINNT\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation)
S3 hkmsvc; C:\WINNT\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
S3 ImapiService; C:\WINNT\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-27] (Oracle Corporation)
R2 KService; C:\Program Files\Kontiki\KService.exe [4873768 2010-07-28] (Kontiki Inc.)
R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)
S4 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S3 mnmsrvc; C:\WINNT\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
S3 MSDTC; C:\WINNT\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
S3 MSIServer; C:\WINNT\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 napagent; C:\WINNT\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINNT\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NetDDE; C:\WINNT\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
R2 Netlogon; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R3 Netman; C:\WINNT\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
R2 NVSvc; C:\WINNT\system32\nvsvc32.exe [159812 2008-08-25] (NVIDIA Corporation)
R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\WINNT\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 PolicyAgent; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 QsRUMAgent; C:\WINNT\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [200704 2011-02-04] (Quest Software) [File not signed]
S4 RasAuto; C:\WINNT\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
R3 RasMan; C:\WINNT\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [5886824 2014-12-02] (Reimage®)
S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation)
S3 RpcLocator; C:\WINNT\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation)
R2 RpcSs; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINNT\system32\rsvp.exe [132608 2001-08-23] (Microsoft Corporation)
R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
S3 Schedule; C:\WINNT\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)
R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)
R2 SENS; C:\WINNT\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 Spooler; C:\WINNT\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
R2 srservice; C:\WINNT\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
S4 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
R2 STacSV; c:\winnt\drivers\notebooks\audio\stacsv.exe [221273 2008-08-25] (IDT, Inc.)
R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)
S2 SuperProServer; C:\WINNT\system32\spnsrvnt.exe [118784 2001-04-06] () [File not signed]
S3 SwPrv; C:\WINNT\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)
R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)
R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation)
S4 Themes; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)
S4 TlntSvr; C:\WINNT\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
S4 TrkWks; C:\WINNT\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
R2 UMWdf; C:\WINNT\system32\wdfmgr.exe [38912 2005-01-28] (Microsoft Corporation)
R2 Update AppEnable; C:\Program Files\AppEnable\updateAppEnable.exe [524528 2014-12-26] ()
S3 upnphost; C:\WINNT\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation)
S3 UPS; C:\WINNT\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
R2 Util AppEnable; C:\Program Files\AppEnable\bin\utilAppEnable.exe [524528 2014-12-26] ()
S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)
R2 W32Time; C:\WINNT\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
S4 WebClient; C:\WINNT\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation)
R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)
S4 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [25088 2005-01-28] (Microsoft Corporation)
S3 Wmi; C:\WINNT\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINNT\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
S4 wscsvc; C:\WINNT\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)
R3 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation)
S3 xmlprov; C:\WINNT\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
S2 COSIDS_TB; "C:\Program Files\cosids\bin\tbmux32.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation)
R0 ACPIEC; C:\WINNT\System32\DRIVERS\ACPIEC.sys [11648 2001-08-23] (Microsoft Corporation)
S3 aeaudio; C:\WINNT\System32\drivers\aeaudio.sys [127744 2004-11-08] (Andrea Electronics Corporation) [File not signed]
S3 aec; C:\WINNT\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R3 AESTAud; C:\WINNT\System32\drivers\AESTAud.sys [108160 2008-08-25] (Andrea Electronics Corporation)
R1 AFD; C:\WINNT\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)
R0 AliIde; C:\WINNT\System32\DRIVERS\aliide.sys [5248 2001-08-17] (Acer Laboratories Inc.)
R3 ApfiltrService; C:\WINNT\System32\DRIVERS\Apfiltr.sys [170032 2008-09-02] (Alps Electric Co., Ltd.)
R3 Arp1394; C:\WINNT\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation)
S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation)
R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation)
S3 ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [965632 2005-01-20] (ATI Technologies Inc.)
S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)
R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
S3 b57w2k; C:\WINNT\System32\DRIVERS\b57xp32.sys [190592 2004-11-16] (Broadcom Corporation)
R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2001-08-23] (Microsoft Corporation)
S3 Bridge; C:\WINNT\System32\DRIVERS\bridge.sys [71552 2008-04-13] (Microsoft Corporation)
S3 BridgeMP; C:\WINNT\System32\DRIVERS\bridge.sys [71552 2008-04-13] (Microsoft Corporation)
S3 BTWUSB; C:\WINNT\System32\Drivers\btwusb.sys [55320 2004-11-04] (Broadcom Corporation.) [File not signed]
S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2001-08-23] (Microsoft Corporation)
S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2001-08-23] (Microsoft Corporation)
R4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation)
R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation)
R3 CmBatt; C:\WINNT\System32\DRIVERS\CmBatt.sys [13952 2008-04-13] (Microsoft Corporation)
R0 Compbatt; C:\WINNT\System32\DRIVERS\compbatt.sys [10240 2008-04-13] (Microsoft Corporation)
R0 Cpqarray; C:\WINNT\System32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation)
R3 cvusbdrv; C:\WINNT\System32\Drivers\cvusbdrv.sys [32808 2008-09-02] (Broadcom Corporation)
R0 dac960nt; C:\WINNT\System32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation)
R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation)
S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software)
R0 dmio; C:\WINNT\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software)
R0 dmload; C:\WINNT\System32\drivers\dmload.sys [5888 2001-08-23] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)
R3 e1yexpress; C:\WINNT\System32\DRIVERS\e1y5132.sys [244368 2008-08-25] (Intel Corporation)
R3 Eacfilt; C:\WINNT\System32\DRIVERS\eacfilt.sys [24521 2005-09-06] (Nortel Networks) [File not signed]
S4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation)
S3 Fdc; C:\WINNT\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation)
R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation)
S3 Flpydisk; C:\WINNT\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation)
R0 FltMgr; C:\WINNT\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation)
U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2001-08-23] (Microsoft Corporation)
R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2001-08-23] (Microsoft Corporation)
R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)
S3 GTIPCI21; C:\WINNT\System32\DRIVERS\gtipci21.sys [80384 2004-05-03] (Texas Instruments)
R3 HDAudBus; C:\WINNT\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
R3 HECI; C:\WINNT\System32\DRIVERS\HECI.sys [40832 2008-06-19] (Intel Corporation)
S3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation)
S3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation)
R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation)
S3 ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [776349 2004-12-21] (Intel Corporation) [File not signed]
R0 iaStor; C:\WINNT\System32\DRIVERS\iaStor.sys [318488 2008-09-02] (Intel Corporation)
S3 IFXTPM; C:\WINNT\System32\DRIVERS\IFXTPM.SYS [32640 2004-09-02] (Infineon Technologies AG)
R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation)
R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation)
R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation)
S3 Ip6Fw; C:\WINNT\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2001-08-23] (Microsoft Corporation)
S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation)
R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation)
R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation)
S3 IPSECEXT; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155184 2005-09-06] (Nortel Networks NA, Inc.) [File not signed]
R3 IPSECSHM; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155184 2005-09-06] (Nortel Networks NA, Inc.) [File not signed]
S3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation)
R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation)
R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation)
S1 kbdhid; C:\WINNT\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation)
R3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2001-08-23] (Microsoft Corporation)
S3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation)
R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation)
S3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation)
R0 MpFilter; C:\WINNT\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKslf79ee807; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93A2F556-4CA6-43F9-A3FC-D6AA65001700}\MpKslf79ee807.sys [39464 2014-12-26] (Microsoft Corporation)
S3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation)
R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation)
R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation)
S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)
S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)
R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation)
R0 msvmscsi; C:\WINNT\System32\DRIVERS\msvmscsi.sys [16112 2004-07-14] (Microsoft Corporation)
R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation)
R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)
R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation)
R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation)
R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [40960 2010-11-02] (Microsoft Corporation)
R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation)
R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation)
R3 NETw5x32; C:\WINNT\System32\DRIVERS\NETw5x32.sys [4203392 2009-05-28] (Intel Corporation)
R3 NIC1394; C:\WINNT\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation)
R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation)
R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation)
R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2001-08-23] (Microsoft Corporation)
R3 nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [6591872 2008-08-25] (NVIDIA Corporation)
S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2001-08-23] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2001-08-23] (Microsoft Corporation)
R0 ohci1394; C:\WINNT\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation)
S3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation)
R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation)
S4 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2001-08-23] (Microsoft Corporation)
R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation)
R0 PCIIde; C:\WINNT\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation)
R0 Pcmcia; C:\WINNT\System32\DRIVERS\pcmcia.sys [120192 2008-04-13] (Microsoft Corporation)
R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation)
R3 PSched; C:\WINNT\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation)
R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2001-08-23] (Parallel Technologies, Inc.)
R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2001-08-23] (Microsoft Corporation)
S3 Rasirda; C:\WINNT\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation)
R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation)
R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2001-08-23] (Microsoft Corporation)
R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation)
R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2001-08-23] (Microsoft Corporation)
R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation)
R3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139656 2011-06-24] (Microsoft Corporation)
R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
R2 rimmptsk; C:\WINNT\System32\DRIVERS\rimmptsk.sys [39936 2008-09-02] (REDC)
R3 sdbus; C:\WINNT\System32\DRIVERS\sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 seehcri; C:\WINNT\System32\DRIVERS\seehcri.sys [27632 2011-01-18] (Sony Ericsson Mobile Communications)
R3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation)
R1 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation)
S3 sffdisk; C:\WINNT\System32\DRIVERS\sffdisk.sys [11904 2008-04-13] (Microsoft Corporation)
S3 sffp_sd; C:\WINNT\System32\DRIVERS\sffp_sd.sys [11008 2008-04-13] (Microsoft Corporation)
S3 Sfloppy; C:\WINNT\System32\DRIVERS\sfloppy.sys [11392 2008-04-13] (Microsoft Corporation)
S3 SMCIRDA; C:\WINNT\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)
R3 smsmdd; C:\WINNT\System32\DRIVERS\smsmdm.sys [12448 2008-10-20] (Microsoft Corporation)
S3 smwdm; C:\WINNT\System32\drivers\smwdm.sys [259840 2004-10-13] (Analog Devices, Inc.) [File not signed]
R0 Sparrow; C:\WINNT\System32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.)
S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation)
R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation)
R3 STHDA; C:\WINNT\System32\drivers\sthda.sys [1381914 2008-08-25] (IDT, Inc.)
S3 StillCam; C:\WINNT\System32\DRIVERS\serscan.sys [6784 2001-08-17] (Microsoft Corporation)
R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation)
S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
R0 Symmpi; C:\WINNT\System32\DRIVERS\symmpi.sys [103552 2007-04-19] (LSI Logic)
R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation)
S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)
R3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation)
R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
S3 tifm21; C:\WINNT\System32\drivers\tifm21.sys [157056 2005-02-11] (Texas Instruments)
S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation)
R3 Update; C:\WINNT\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation)
R3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [32128 2008-04-13] (Microsoft Corporation)
R3 USBCCID; C:\WINNT\System32\DRIVERS\usbccid.sys [28672 2008-09-02] (Microsoft Corporation)
R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [30208 2008-04-13] (Microsoft Corporation)
R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation)
S3 usbprint; C:\WINNT\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation)
S3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [15104 2008-04-13] (Microsoft Corporation)
S3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation)
R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation)
S3 USB_RNDIS; C:\WINNT\System32\DRIVERS\usb8023.sys [12800 2008-04-13] (Microsoft Corporation)
S3 usb_rndisx; C:\WINNT\System32\DRIVERS\usb8023x.sys [12800 2008-04-13] (Microsoft Corporation)
R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation)
R0 ViaIde; C:\WINNT\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation)
R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation)
S3 w29n51; C:\WINNT\System32\DRIVERS\w29n51.sys [3210496 2004-10-19] (Intel® Corporation) [File not signed]
R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation)
R3 Wdf01000; C:\WINNT\System32\DRIVERS\Wdf01000.sys [503144 2008-01-19] (Microsoft Corporation)
R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
R1 WmiAcpi; C:\WINNT\System32\DRIVERS\wmiacpi.sys [8832 2008-04-13] (Microsoft Corporation)
S3 WpdUsb; C:\WINNT\System32\Drivers\wpdusb.sys [18944 2005-01-28] (Microsoft Corporation)
S4 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2001-08-23] (Microsoft Corporation)
R1 {128614e8-07dd-4e11-b9ec-ca2c14f812c5}Gt; C:\WINNT\System32\drivers\{128614e8-07dd-4e11-b9ec-ca2c14f812c5}Gt.sys [55816 2014-11-23] (StdLib)
R1 {150ca330-afd5-4527-99bc-b3ce918cea60}t; C:\WINNT\System32\drivers\{150ca330-afd5-4527-99bc-b3ce918cea60}t.sys [55824 2014-11-27] (StdLib)
R1 {d844ac65-f5bb-442d-922f-0cfb5ccefb0c}Gt; C:\WINNT\System32\drivers\{d844ac65-f5bb-442d-922f-0cfb5ccefb0c}Gt.sys [55824 2014-11-28] (StdLib)
R1 {d844ac65-f5bb-442d-922f-0cfb5ccefb0c}t; C:\WINNT\System32\drivers\{d844ac65-f5bb-442d-922f-0cfb5ccefb0c}t.sys [55824 2014-11-28] (StdLib)
R1 {e7ea42ad-4fa4-4fce-a37a-c42931f721e3}t; C:\WINNT\System32\drivers\{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}t.sys [55824 2014-12-02] (StdLib)
S3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [X]
S1 ccqeqcnv; \??\C:\WINNT\system32\drivers\ccqeqcnv.sys [X]
R3 cpuz134; \??\C:\DOCUME~1\XZMYYV~1.061\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S1 htfrvugj; \??\C:\WINNT\system32\drivers\htfrvugj.sys [X]
S1 jnbkwzti; \??\C:\WINNT\system32\drivers\jnbkwzti.sys [X]
S1 ndpzlnbt; \??\C:\WINNT\system32\drivers\ndpzlnbt.sys [X]
S1 ocerzids; \??\C:\WINNT\system32\drivers\ocerzids.sys [X]
U5 ScsiPort; C:\WINNT\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S1 sumpzmmx; \??\C:\WINNT\system32\drivers\sumpzmmx.sys [X]
S1 sychlmzi; \??\C:\WINNT\system32\drivers\sychlmzi.sys [X]
U.%99M%20 T8267; No ImagePath
S3 vna_ap; system32\DRIVERS\vnaap.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 15:17 - 2014-12-26 15:17 - 00000000 ____D () C:\FRST
2014-12-26 14:45 - 2014-12-26 14:45 - 00000228 _____ () C:\WINNT\Tasks\Reimage Reminder.job
2014-12-26 14:43 - 2014-12-26 14:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Reimage Protector
2014-12-26 14:43 - 2014-12-26 14:43 - 00001749 _____ () C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
2014-12-26 14:43 - 2014-12-26 14:43 - 00000238 _____ () C:\WINNT\Tasks\ReimageUpdater.job
2014-12-26 14:42 - 2014-12-26 14:45 - 00000000 ____D () C:\rei
2014-12-26 14:42 - 2014-12-26 14:43 - 00000000 ____D () C:\Program Files\Reimage
2014-12-26 14:42 - 2014-12-26 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair
2014-12-26 14:40 - 2014-12-26 14:45 - 00000165 _____ () C:\WINNT\Reimage.ini
2014-12-26 12:58 - 2014-12-26 12:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\FinneDealSouftt
2014-12-26 12:58 - 2014-12-26 12:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\8dd4ace515219475
2014-12-15 06:59 - 2014-12-15 06:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\BestDiscountApp
2014-12-13 14:15 - 2014-12-13 14:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\10219983554312508533
2014-12-02 22:28 - 2014-12-02 06:34 - 00055824 _____ (StdLib) C:\WINNT\system32\Drivers\{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}t.sys
2014-11-28 21:34 - 2014-11-28 11:38 - 00055824 _____ (StdLib) C:\WINNT\system32\Drivers\{d844ac65-f5bb-442d-922f-0cfb5ccefb0c}t.sys
2014-11-28 17:34 - 2014-11-27 22:32 - 00055824 _____ (StdLib) C:\WINNT\system32\Drivers\{150ca330-afd5-4527-99bc-b3ce918cea60}t.sys
2014-11-28 17:31 - 2014-11-28 08:48 - 00055824 _____ (StdLib) C:\WINNT\system32\Drivers\{d844ac65-f5bb-442d-922f-0cfb5ccefb0c}Gt.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 15:17 - 2012-03-05 22:53 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp
2014-12-26 15:16 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\Temp
2014-12-26 15:00 - 2010-06-21 16:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
2014-12-26 14:43 - 2014-11-24 19:25 - 00000000 ____D () C:\Program Files\AppEnable
2014-12-26 14:40 - 2008-12-18 23:00 - 00000000 ____D () C:\WINNT
2014-12-26 12:58 - 2011-10-21 12:26 - 00160492 _____ () C:\WINNT\setupapi.log
2014-12-26 12:48 - 2005-06-20 16:39 - 01344897 _____ () C:\WINNT\WindowsUpdate.log
2014-12-26 12:47 - 2014-04-17 07:34 - 00000366 ____H () C:\WINNT\Tasks\MpIdleTask.job
2014-12-26 12:47 - 2014-01-08 19:26 - 00000396 ____H () C:\WINNT\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-12-26 12:47 - 2005-06-20 16:47 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-12-26 12:43 - 2001-08-23 03:00 - 00000710 _____ () C:\WINNT\win.ini
2014-12-26 12:38 - 2011-10-12 09:31 - 00000159 _____ () C:\WINNT\wiadebug.log
2014-12-26 12:38 - 2011-10-12 09:31 - 00000050 _____ () C:\WINNT\wiaservc.log
2014-12-26 12:38 - 2010-06-21 21:54 - 00189541 _____ () C:\WINNT\system32\nvapps.xml
2014-12-26 12:38 - 2010-06-21 15:58 - 00149262 _____ () C:\WINNT\system32\nvModes.001
2014-12-26 12:37 - 2010-06-22 08:53 - 00000000 __SHD () C:\WINNT\CSC
2014-12-26 12:33 - 2010-06-21 15:58 - 00149262 _____ () C:\WINNT\system32\nvModes.dat
2014-12-26 12:31 - 2001-08-23 03:00 - 00002206 _____ () C:\WINNT\system32\wpa.dbl
2014-12-14 12:55 - 2014-08-17 17:30 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Adobe
2014-12-14 12:55 - 2013-09-02 19:48 - 00701616 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerApp.exe
2014-12-14 12:55 - 2013-09-02 19:48 - 00071344 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerCPLApp.cpl
2014-12-14 12:55 - 2013-09-02 19:48 - 00000826 _____ () C:\WINNT\Tasks\Adobe Flash Player Updater.job
2014-12-13 14:16 - 2007-05-11 19:49 - 00000664 _____ () C:\WINNT\system32\d3d9caps.dat
2014-12-06 13:31 - 2011-06-27 09:44 - 00000178 ___SH () C:\Documents and Settings\administrator.corpsaabcom\ntuser.ini
2014-12-06 13:30 - 2012-03-05 22:53 - 00000178 ___SH () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\ntuser.ini

Some content of TEMP:
====================
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-192eea4d.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-4125be07.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-443a229b.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-733b5c0e.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-7465c783.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-7538ce65.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-7e238aba.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-acb3fac1.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-da6c1c0.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-e0ca5232.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-e65350fe.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-e94daa2d.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-fb268956.exe
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\0843.dll
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\0890.dll
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\APNSetup.exe
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\CloudBackup7912.exe
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\hpzscr01.EXE
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\install_flashplayer13x32ax_gtba_chra_dy_aaa_aih[1].exe
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\install_flashplayer13x32ax_gtbd_chrd_dn_aaa_aih[1].exe
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\install_flashplayer15x32_mssa_aaa_aih.exe
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\kbwde.dll
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\nnl.dll
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\optprosetup.exe
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\ReimagePackage.exe
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\rqutw.dll
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\setup_3.2.20.exe
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\vcredist_x86.exe
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\vfj.dll
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\wcrash.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINNT\explorer.exe => File is digitally signed
C:\WINNT\system32\winlogon.exe => File is digitally signed
C:\WINNT\system32\svchost.exe => File is digitally signed
C:\WINNT\system32\services.exe => File is digitally signed
C:\WINNT\system32\User32.dll => File is digitally signed
C:\WINNT\system32\userinit.exe => File is digitally signed
C:\WINNT\system32\rpcss.dll => File is digitally signed
C:\WINNT\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

[Cecilia]

Hej!

 

Spara AdwCleaner av Xplode på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

 

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

Klicka på Report-knappen.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[R0].txt

[Bocken Bruse]

Hej

 

Idag sa tryckte jag pa en banner pa eforumsidan om att scanna datorn och sen var jag fast. Vet inte varfor jag gick pa den igen, men nu tjatar en massa pop/up pa att jag ska kopa deras antivirusprodukt for att rensa. Hadde iof. srap pa den innan

Kan det verkligen vara sant att det ligger banners på EFORUM som ger dig sådana extrema problem?    

 

Nu tillhör jag dom som kör med både NoScript och Adlock Plus så jag ser inte en enda banner eller reklamlänk vilket innebär att jag kan surfa hyfsat tryggt och bekymmerslöst och dessutom snabbt.

 

Uppmanar alla att installera NoScript och Adlock Plus för ett problemfritt surfande!

[Cecilia]

Uppmanar alla att installera NoScript och Adlock Plus för ett problemfritt surfande!

Tänk på att om ingen ser reklam kommer Eforum att upphöra, reklamintäkterna behövs för att IDG ska kunna betala servrar, internetanslutning och annat som behövs för att det ska gå att driva ett forum.

[magix14]

Uppmanar alla att installera NoScript och Adlock Plus för ett problemfritt surfande!

 

Du menar säkert "rekommenderar", du kan inte "diktera" hur folk ska surfa...

[Cecilia]

Du menar säkert "rekommenderar", du kan inte "diktera" hur folk ska surfa...

Ordet "uppmana" är inte synonymt med "diktera", utan mer bara en stark rekommendation.

http://sv.wiktionary.org/wiki/uppmana

[Bocken Bruse]

Tänk på att om ingen ser reklam kommer Eforum att upphöra, reklamintäkterna behövs för att IDG ska kunna betala servrar, internetanslutning och annat som behövs för att det ska gå att driva ett forum.

Nu tror jag väl knappast att IDG som är världens största datortidningsutgivare som publicerar 300 olika datortidningar i 85 olika länder går omkull eller slutar med sina websajter och forum bara för att vi är "ett antal" som stänger av reklamen.

 

IDG måste självklart ta hänsyn till oss som sitter på ett 2.5Mbit ADSL-anslutning. SAMT - vilket naturligtvis är ytterligt beklagligt, välja banners som inte gör att surfaren klickar på något som h*n har svårt att bli av med. Dvs i klarspråk - någon klickar på fel banner och genast installeras ett program som är svårt som attan att bli av med.   

 

Du menar säkert "rekommenderar", du kan inte "diktera" hur folk ska surfa...

Jo, det kan jag göra om tanken är god och resultatet blir avsevärt bättre.

 

Vi kan ta ett exempel... det är snöstorm ute och det blåser full storm... då kan jag UPPMANA alla bilister som inte nödvändigtvis måste ut att hålla sig hemma.

På samma sätt - om IDG lägger in banners som någon av misstag klickar på så installeras något på datorn som är väldigt väldigt väldigt svårt att bli av med så kan jag UPPMANA folk att installera mjukvara som STÄNGER NER ALLA ANNONSER!

 

Detta fick ett svenskt MC-forum som vänder sig till folk mellan 14 - 70 år bittert erfara i våras när de la in bannerreklam för... SNUS!

[Cecilia]

Nu tror jag väl knappast att IDG som är världens största datortidningsutgivare som publicerar 300 olika datortidningar i 85 olika länder går omkull eller slutar med sina websajter och forum bara för att vi är "ett antal" som stänger av reklamen.

 

IDG måste självklart ta hänsyn till oss som sitter på ett 2.5Mbit ADSL-anslutning. SAMT - vilket naturligtvis är ytterligt beklagligt, välja banners som inte gör att surfaren klickar på något som h*n har svårt att bli av med. Dvs i klarspråk - någon klickar på fel banner och genast installeras ett program som är svårt som attan att bli av med. 

Naturligtvis går vare sig svenska IDG eller moderkoncernen omkull för att det inte visas annonser på Eforum, men vi har vid tidigare önskemål om mindre mängd reklam eller om mindre störande reklam fått beskedet att varje verksamhet måste bära sina egna kostnader, annars finns det ingen anledning att ha kvar en viss tidning, ett visst forum osv.

[andzze]

Hej igen

 

Nu ska vi ta varandra ihand och sjunga "we shall over come" :-)

 

Företaget/programmet i bannern heter Reimage removal och är verkligen enerverande. När man bett programmet skanna så är pop-ups osv påhängsna på att man ska betala för att ta bort. Tom. när jag i kontrollpanelen gör program removal hänger de sig kvar om man inte följer en labyrint av nej. Det är mest jag som är förbannad på mig själv som gick på den. Och faktiskt lite komiskt ändå, att jag gick på den lätte...IGEN.

 

Den här sidan är bara såå värdefull så det är klart de ska få använda sig av reklambanners. Hade räknat ut för något år sedan att Cecilias ca 80 000 inlägg genererade ett värde på sisådär 10 miljoner om det går 3 inlägg på ett löst PC problem. Hon måste vara stenrik :-)

 

Nåväl Svaret på adwCleaner blev:

[log] AdwCleaner v4.106 - Report created 27/12/2014 at 16:41:16

# Updated 21/12/2014 by Xplode

# Database : 2014-12-21.4 [Live]

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : XZMYYV - SETHNWNGXA04602

# Running from : C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\adwcleaner_4.106.exe

# Option : Scan



***** [ Services ] *****



Service Found : APNMCP

Service Found : ca82e1a5

Service Found : ReimageRealTimeProtector

Service Found : Util AppEnable

Service Found : Update AppEnable

Service Found : Skype C2C Service

Service Found : Update AppEnable

Service Found : Util AppEnable

Service Found : {128614e8-07dd-4e11-b9ec-ca2c14f812c5}Gt

Service Found : {150ca330-afd5-4527-99bc-b3ce918cea60}t

Service Found : {d844ac65-f5bb-442d-922f-0cfb5ccefb0c}Gt

Service Found : {d844ac65-f5bb-442d-922f-0cfb5ccefb0c}t

Service Found : {e7ea42ad-4fa4-4fce-a37a-c42931f721e3}t

Service Found : SuperProServer



***** [ Files / Folders ] *****



File Found : C:\WINNT\Reimage.ini

File Found : C:\WINNT\system32\drivers\{128614e8-07dd-4e11-b9ec-ca2c14f812c5}Gt.sys

File Found : C:\WINNT\system32\drivers\{150ca330-afd5-4527-99bc-b3ce918cea60}t.sys

File Found : C:\WINNT\system32\drivers\{d844ac65-f5bb-442d-922f-0cfb5ccefb0c}Gt.sys

File Found : C:\WINNT\system32\drivers\{d844ac65-f5bb-442d-922f-0cfb5ccefb0c}t.sys

File Found : C:\WINNT\system32\drivers\{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}t.sys

File Found : C:\WINNT\system32\spnsrvnt.exe

Folder Found : C:\DOCUME~1\XZMYYV~1.061\LOCALS~1\Temp\apn

Folder Found : C:\DOCUME~1\XZMYYV~1.061\LOCALS~1\Temp\AppEnable

Folder Found : C:\DOCUME~1\XZMYYV~1.061\LOCALS~1\Temp\AppEnable

Folder Found : C:\Documents and Settings\All Users\Application Data\10219983554312508533

Folder Found : C:\Documents and Settings\All Users\Application Data\8dd4ace515219475

Folder Found : C:\Documents and Settings\All Users\Application Data\apn

Folder Found : C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork

Folder Found : C:\Documents and Settings\All Users\Application Data\BestDiscountApp

Folder Found : C:\Documents and Settings\All Users\Application Data\FinneDealSouftt

Folder Found : C:\Documents and Settings\All Users\Application Data\Reimage Protector

Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro v3.2

Folder Found : C:\Program Files\AppEnable

Folder Found : C:\Program Files\AppEnable

Folder Found : C:\Program Files\AskPartnerNetwork

Folder Found : C:\Program Files\Optimizer Pro

Folder Found : C:\Program Files\Reimage



***** [ Scheduled Tasks ] *****



Task Found : ReimageUpdater



***** [ Shortcuts ] *****





***** [ Registry ] *****



Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKCU\Software\AppEnable

Key Found : HKCU\Software\AppEnable

Key Found : HKCU\Software\AppEnable

Key Found : HKCU\Software\AskPartnerNetwork

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B027DED-BC40-4387-9D3C-732D49B113AD}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23d4646c-263a-4e2d-a08c-6c704557973d}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23D4646C-263A-4E2D-A08C-6C704557973D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-006A-76A7-7A786E7484D7}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-4300-76A7-7A786E7484D7}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7e242f4c-13cb-4e3f-bf04-abfd814e9021}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23D4646C-263A-4E2D-A08C-6C704557973D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23d4646c-263a-4e2d-a08c-6c704557973d}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-006A-76A7-7A786E7484D7}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-4300-76A7-7A786E7484D7}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7e242f4c-13cb-4e3f-bf04-abfd814e9021}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D8278076-BC68-4484-9233-6E7F1628B56C}

Key Found : HKCU\Software\Optimizer Pro

Key Found : HKCU\Software\Reimage

Key Found : HKCU\Software\SecuredDownload

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Found : HKLM\SOFTWARE\AppEnable

Key Found : HKLM\SOFTWARE\AppEnable

Key Found : HKLM\SOFTWARE\AppEnable

Key Found : HKLM\SOFTWARE\AskPartnerNetwork

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{23D4646C-263A-4E2D-A08C-6C704557973D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{23d4646c-263a-4e2d-a08c-6c704557973d}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5637-4300-76A7-7A786E7484D7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7e242f4c-13cb-4e3f-bf04-abfd814e9021}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}

Key Found : HKLM\SOFTWARE\Classes\finedeal.finedeal

Key Found : HKLM\SOFTWARE\Classes\finedeal.finedeal.9

Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{c23377c7-beab-42c0-86b7-efc18e9f24d6}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8b0d31e7-0331-43cc-87cd-a472317f1305}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0D566ABB-889B-AF39-7B6A-23D4C5D54542}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}_is1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-00B0-0409-0000-0000000FF1CE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AppEnable

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AppEnable

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AppEnable

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Reimage Repair

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinZip Malware Protector_is1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23D4646C-263A-4E2D-A08C-6C704557973D}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23d4646c-263a-4e2d-a08c-6c704557973d}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e242f4c-13cb-4e3f-bf04-abfd814e9021}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7e242f4c-13cb-4e3f-bf04-abfd814e9021}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D566ABB-889B-AF39-7B6A-23D4C5D54542}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B0-0409-0000-0000000FF1CE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppEnable

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppEnable

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppEnable

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

Key Found : HKLM\SOFTWARE\Reimage

Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update AppEnable

Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util AppEnable

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5637-006A-76A7-7A786E7484D7}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5637-4300-76A7-7A786E7484D7}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]

Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4F524A2D-5637-4300-76A7-7A786E7484D7}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]



***** [ Browsers ] *****



-\\ Internet Explorer v8.0.6001.18702





-\\ Google Chrome v





*************************



AdwCleaner[R1].txt - [11783 octets] - [27/12/2014 16:41:16]



########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [11844 octets] ##########

[/log]

[Cecilia]

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

 

Klicka på Clean-knappen.

Tryck på OK.

Tryck på OK fler gånger om det kommer upp meddelanden.

 

Datorn kommer att startas om, om den inte gör det automatiskt får du göra det själv.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[s0].txt

 

 

2. Starta FRST.

Bocka för Addition.txt.

Skanna med FRST.

Klistra in eller bifoga de nya FRST.txt och Addition.ext.

 

 

3. Skanna datorn online på http://www.eset.com/onlinescan/ och använd helst Internet Explorer till det.

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Välj alternativet Enable detection of potentially unwanted applications.

 

Klicka på Advanced Settings.

Ta bort bocken framför Remove found threats.

Bocka för:

Scan Archives

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Start

 

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

[andzze]

Hej

 

Här är resultatet av checklistan. Fick inte med advanced installningarna i ESET, men den stannade vid 99% ändå så jag stoppade och skrev ut loggen. Får väl köra om den igen efter dina råd till samma stalle och radera innan jag kör om igen med rätt advanced installningar

 

Hur pausar man ett antivirusprogram när man kör ESET?

 

Fran FIRST (inget som du ser):

 

==================== End Of Log ============================

AdwCleanerS0.txt

Addition.txt

[andzze]

_{Nu med ESET loggen med}

ESETlist.txt

[Cecilia]

Det måste ha blivit något fel när du körde FRST för FRST.txt ska absolut inte bli tom. Försök igen.

 

Har du sett till något om något skadligt program som har krypterat filer?

C:\OPTIONS\I386\COMPDATA\Decrypt All Files iqvgsrf.txt Win32/Filecoder.DA.Gen trojan

C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames2\Decrypt All Files iqvgsrf.txt Win32/Filecoder.DA.Gen trojan

C:\Program Files\Microsoft Office\CLIPART\PUB60COR\Decrypt All Files iqvgsrf.txt Win32/Filecoder.DA.Gen trojan

http://www.virusradar.com/en/Win32_Filecoder.DA/description

[Bocken Bruse]

Naturligtvis går vare sig svenska IDG eller moderkoncernen omkull för att det inte visas annonser på Eforum, men vi har vid tidigare önskemål om mindre mängd reklam eller om mindre störande reklam fått beskedet att varje verksamhet måste bära sina egna kostnader, annars finns det ingen anledning att ha kvar en viss tidning, ett visst forum osv.

Jag vet inte varför jag kommer att tänka på både musikindustrin/musikbranschen och filmindustrin/filmbranschen som ungefär har basunerat ut liknande profetior vad beträffar fildelning och hela internets genomslag på branschen i stort. 

 

Nu är det väl iof sig en avsevärd skillnad mellan dessa två branscher och just den bransch som IDG står för då de två förstnämnda kan anses relativt oskyldiga till datorexplosionen och utvecklingen av internet under de senaste 25 åren MOT IDG som bevisligen har ett stort finger med i spelet vad beträffar just datorexplosionen och användandet av datorer i våra hem.   

 

Att det finns annonser på IDGs webplats och på PC För Allas hemsida har jag aldrig haft någon negativ åsikt om. Vad jag däremot reagerar på är när det ligger reklambanners som förorsakar besökarna sådana problem som bevisligen den här tråden ger sken av. Då är det ju bevisligen något som gått väldigt fel i IDGs val av annonsörer.

[andzze]

Cecilia

 

Nya FRST resultat i bilagan.

Ang. kryptering, fick upp denna på skärmen i förrgår (se wordbilaga). Den har genererat en fil på skrivbordet som heter "how_decrypt"

 

Hur pausar jag lättast antivirus Microsoft Security Essential

 

Det där rackarns programmet Reimage är nu borttaget, men ligger kvar med rubrik under Start-Program. Hur får jag bort?

 

Största anledningen till att det har blivit såhär är allt att jag kör XP med antivirus Microsoft Security Essentials och Windows Defender Offline. Nu har ju Microsoft har upphört med support på sitt bästa operativ någonsin så Defender har slutat att fungera. Vill inte lämna XP. Datorn ligger ganska vidöppen och jag fick en attach efter min första tråd när jag höll på att uppdatera Flash och Java. Bla den här senaste CRB krypteringshotet som slår till inom 90 timmar :-) De har dålig fantasi... Det är så dåligt av Microsoft att inte förlänga supporten på deras bästa reklampelare någonsin, som ger upprättelse för annan skit M. har skapat

 

Tänkte lägga in Avira FREE när denna rensning är klar.

 

mvh

A

FRST.txt

Addition.txt

Doc1.docx

[Cecilia]

 

Innebär just det som det står där. Det finns risk för att dina dokument, bilder mm har krypterats och inte längre är åtkomliga om du inte betalar den kriminella gruppen som ligger bakom infektionen.

 

Det är möjligt att inte alla filer har krypterats än men för att inte riskera att fler filer infekteras måste du omedelbart sluta att använda datorn. För att undersöka om det finns filer som inte är krypterade måste du flytta hårddisken till en annan dator eller starta datorn från en CD-skiva, t ex så som beskrivs på sidan http://www.idg.se/2.1085/1.458715/sa-raddar-du-filer-fran-din-kraschade-pc

 

Återkom med hur du gör.

 

Tillägg:

Du kan läsa om infektionen här:

http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information

[andzze]

Intressant liten krabat

 

Fördelen är den att jag använder den PCn bara för Skype, och program såsom Photoshop mm. Har inte ens något filbibliotek på den. Så alla eventuella foton, och WORD filer kan jag utan problem ta bort. Har slutat använda PCn

 

Jag behöver därför inte rädda några egna filer, bara den inte har gått på systemfiler. Att bränna ner Linuxprogrammet från min "riktiga" Windows7 maskin verkar lätt, om det nu fortfarande behövs?

 

 Kan inte AdwCleaner bara ta bort det den vill och så struntar vi att vissa filer är krypterade?

 

Tjing

A

[Cecilia]

Du får se om Windows fungerar ordentligt när alla skadliga filer är borta.

 

Enligt beskrivningen ska eventuellt filen C:\Documents and Settings\All Users\Application Data\rfppkti.html innehålla en lista över alla krypterade filer, eller så är det filer som heter \Decrypt All Files iqvgsrf.txt och finns i de mappar där det har krypterats filer t ex:

C:\OPTIONS\I386\COMPDATA

C:\Program Files\Common Files\Adobe\Linguistics\LanguageNames2

C:\Program Files\Microsoft Office\CLIPART\PUB60COR

C:\WINNT\system32\config\systemprofile\My Documents

C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Cookies

Det är de mappar som syns i loggarna men det kan finnas fler så sök efter "Decrypt All Files iqvgsrf.txt".

 

Starta programmet Anteckningar.

Kopiera alla rader i rutan:

Task: C:\WINNT\Tasks\ivumkhc.job => C:\DOCUME~1\XZMYYV~1.061\LOCALS~1\Temp\ugomjxa.exe
2014-12-27 14:27 - 2014-12-27 14:27 - 00357888 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\ugomjxa.exe
2014-12-28 10:35 - 2014-12-28 10:35 - 00212992 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\24C.tmp
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\...\Run: [memdfgn] => C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\ugomjxa.exe [357888 2014-12-27] () <===== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (Yet Another Lorem Ipsum Generator) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jffcmkkfbampimhpimhofhhkanhflfce [2014-12-26]
S1 ccqeqcnv; \??\C:\WINNT\system32\drivers\ccqeqcnv.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\XZMYYV~1.061\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S1 htfrvugj; \??\C:\WINNT\system32\drivers\htfrvugj.sys [X]
S1 jnbkwzti; \??\C:\WINNT\system32\drivers\jnbkwzti.sys [X]
S1 ndpzlnbt; \??\C:\WINNT\system32\drivers\ndpzlnbt.sys [X]
S1 ocerzids; \??\C:\WINNT\system32\drivers\ocerzids.sys [X]
S1 sumpzmmx; \??\C:\WINNT\system32\drivers\sumpzmmx.sys [X]
S1 sychlmzi; \??\C:\WINNT\system32\drivers\sychlmzi.sys [X]
U.%99M%20 T8267; No ImagePath
S3 vna_ap; system32\DRIVERS\vnaap.sys [X]
AlternateDataStreams: C:\WINNT\system32\Drivers\afgbehqe.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\bcpogkqs.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\ctpnwpuy.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\ddvkzlyg.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\dqoczqgo.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\ixkbnurx.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\jbigogwu.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\jvsgoqbr.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\laihqcrw.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\lrakynxy.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\lygjbeor.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\mcrdqljb.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\mdbuckyh.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\mrjgnlof.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\riewlbtc.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\sodbdwhh.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\uyviqmdm.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\vpsoighv.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\xhglmkti.sys:changelist
2014-12-27 14:41 - 2014-12-27 14:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Reimage Express
2014-12-27 14:41 - 2014-12-27 14:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Express
2014-12-27 14:27 - 2014-12-27 14:27 - 00000258 ____H () C:\WINNT\Tasks\ivumkhc.job
EmptyTemp:

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Stäng av alla program.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Om datorn inte startas om automatiskt så gör det själv.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

[andzze]

And the answer is:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2014
Ran by XZMYYV at 2014-12-28 21:18:10 Run:1
Running from C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop
Loaded Profiles: XZMYYV & administrator (Available profiles: XZMYYV & administrator & localadmin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: C:\WINNT\Tasks\ivumkhc.job => C:\DOCUME~1\XZMYYV~1.061\LOCALS~1\Temp\ugomjxa.exe
2014-12-27 14:27 - 2014-12-27 14:27 - 00357888 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\ugomjxa.exe
2014-12-28 10:35 - 2014-12-28 10:35 - 00212992 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\24C.tmp
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\...\Run: [memdfgn] => C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\ugomjxa.exe [357888 2014-12-27] () <===== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (Yet Another Lorem Ipsum Generator) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jffcmkkfbampimhpimhofhhkanhflfce [2014-12-26]
S1 ccqeqcnv; \??\C:\WINNT\system32\drivers\ccqeqcnv.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\XZMYYV~1.061\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S1 htfrvugj; \??\C:\WINNT\system32\drivers\htfrvugj.sys [X]
S1 jnbkwzti; \??\C:\WINNT\system32\drivers\jnbkwzti.sys [X]
S1 ndpzlnbt; \??\C:\WINNT\system32\drivers\ndpzlnbt.sys [X]
S1 ocerzids; \??\C:\WINNT\system32\drivers\ocerzids.sys [X]
S1 sumpzmmx; \??\C:\WINNT\system32\drivers\sumpzmmx.sys [X]
S1 sychlmzi; \??\C:\WINNT\system32\drivers\sychlmzi.sys [X]
U.%99M%20 T8267; No ImagePath
S3 vna_ap; system32\DRIVERS\vnaap.sys [X]
AlternateDataStreams: C:\WINNT\system32\Drivers\afgbehqe.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\bcpogkqs.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\ctpnwpuy.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\ddvkzlyg.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\dqoczqgo.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\ixkbnurx.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\jbigogwu.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\jvsgoqbr.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\laihqcrw.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\lrakynxy.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\lygjbeor.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\mcrdqljb.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\mdbuckyh.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\mrjgnlof.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\riewlbtc.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\sodbdwhh.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\uyviqmdm.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\vpsoighv.sys:changelist
AlternateDataStreams: C:\WINNT\system32\Drivers\xhglmkti.sys:changelist
2014-12-27 14:41 - 2014-12-27 14:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Reimage Express
2014-12-27 14:41 - 2014-12-27 14:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Express
2014-12-27 14:27 - 2014-12-27 14:27 - 00000258 ____H () C:\WINNT\Tasks\ivumkhc.job
EmptyTemp:
*****************

C:\WINNT\Tasks\ivumkhc.job not found.
"C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\ugomjxa.exe" => File/Directory not found.
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\24C.tmp => Moved successfully.
C:\WINNT\system32\GroupPolicy\Machine => Moved successfully.
C:\WINNT\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\memdfgn => Value not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2086223142-3201976994-1658009677-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jffcmkkfbampimhpimhofhhkanhflfce => Moved successfully.
ccqeqcnv => Service deleted successfully.
cpuz134 => Service deleted successfully.
htfrvugj => Service deleted successfully.
jnbkwzti => Service deleted successfully.
ndpzlnbt => Service deleted successfully.
ocerzids => Service deleted successfully.
sumpzmmx => Service deleted successfully.
sychlmzi => Service deleted successfully.
U.%99M%20 T8267; No ImagePath => Error: No automatic fix found for this entry.
vna_ap => Service deleted successfully.
C:\WINNT\system32\Drivers\afgbehqe.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\bcpogkqs.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\ctpnwpuy.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\ddvkzlyg.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\dqoczqgo.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\ixkbnurx.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\jbigogwu.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\jvsgoqbr.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\laihqcrw.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\lrakynxy.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\lygjbeor.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\mcrdqljb.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\mdbuckyh.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\mrjgnlof.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\riewlbtc.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\sodbdwhh.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\uyviqmdm.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\vpsoighv.sys => ":changelist" ADS removed successfully.
C:\WINNT\system32\Drivers\xhglmkti.sys => ":changelist" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Reimage Express => Moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Express => Moved successfully.
"C:\WINNT\Tasks\ivumkhc.job" => File/Directory not found.
EmptyTemp: => Removed 3.4 GB temporary data.

The system needed a reboot.

==== End of Fixlog 21:27:00 ====

[Cecilia]

Skanna med FRST igen och klistra in den nya FRST.txt.

 

Hur fungerar Windows?

[andzze]

Windows fungerar och Avira som du rekommenderade i en annan tråd fungerar fint ihop med XP

 

Dock när jag öppnar applikationer såsom tex Windows söker den efter Smart web som jag nog har råkat få bort när detta började och jag försökte att rensa själv (se bifogad Word fil). Kan man få tillbaks den från Microsoft på nätet? Men det går även utan smart web, man får bara cancelera frågan=ett moment extra

 

Annars gjorde sista Fixlist i FRST nog susen

 

Svar från FRST loggen:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2014
Ran by XZMYYV (administrator) on SETHNWNGXA04602 on 29-12-2014 22:12:48
Running from C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop
Loaded Profiles: XZMYYV & administrator (Available profiles: XZMYYV & administrator & localadmin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINNT\system32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(IDT, Inc.) C:\WINNT\DRIVERS\NOTEBOOKS\Audio\stacsv.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Kontiki Inc.) C:\Program Files\Kontiki\KService.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(NVIDIA Corporation) C:\WINNT\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Andrea Electronics Corporation) C:\WINNT\system32\AESTFltr.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\WINNT\system32\msiexec.exe
(Microsoft Corporation) C:\WINNT\explorer.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Co.) C:\PROGRA~1\HP\DIGITA~1\bin\hpqbam08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Microsoft Corporation) C:\WINNT\system32\dllhost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iMJPMIG8.1] => C:\WINNT\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [196608 2008-09-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NVHotkey] => rundll32.exe nvHotkey.dll,Start
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [442467 2008-08-25] (IDT, Inc.)
HKLM\...\Run: [AESTFltr] => C:\WINNT\system32\AESTFltr.exe [466944 2008-08-25] (Andrea Electronics Corporation)
HKLM\...\Run: [P10015] => WSCRIPT.EXE //B C:\LOGS\P10015\P10015_wallpaper.vbs
HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [synchronization Manager] => C:\WINNT\system32\mobsync.exe [143360 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [userinit] C:\WINNT\System32\Userinit.exe,
HKLM\...\Winlogon: [shell] explorer.exe [x ] ()
HKLM\...\Winlogon: [uIHost] C:\WINNT\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINNT\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINNT\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKLM\...\Policies\Explorer: [PreXPSP2ShellProtocolBehavior] 0
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-19\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [ctfmon.exe] => C:\WINNT\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-23] (Google Inc.)
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [zbnekda] => rundll32 ",zbnekda
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [NeliGmoc] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz"
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [4166398326] => C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Adobe\AdobeWin.exe [167936 2010-12-09] (Kaeria WARK)
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Home] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Fullscreen] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Tools] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Print] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Edit] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Cut] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Copy] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Paste] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Encoding] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Run: [CTFMON.EXE] => C:\WINNT\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Home] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Fullscreen] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Tools] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Print] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Edit] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Cut] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Copy] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Paste] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Encoding] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {0908d747-9de1-11dc-a3d3-9b55eee4b565} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {09919e39-0abb-11dc-bd6b-d1b38b4c2a32} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {3dcbaf14-0a11-11dc-9ab8-e92d850bdf2b} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {486f3bf8-09f7-11dc-b2c9-b590483e6432} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {bc33e1f0-0982-11dc-b647-b883c76da250} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {da2857a8-1068-11dc-ab84-f5d2d6fc9f35} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {fbbe4110-15f4-11dc-a66b-b8f89be89c32} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINNT\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-23] (Google Inc.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [435096 2008-11-04] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\Policies\Explorer: [btn_Home] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Fullscreen] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Tools] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Print] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Edit] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Cut] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Copy] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Paste] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Encoding] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [.DEFAULT] => http://saabproxy.saab.com/accelerated_pac_base.pac
AutoConfigURL: [s-1-5-19] => http://autoproxy.gm.com
AutoConfigURL: [s-1-5-20] => http://autoproxy.gm.com
AutoConfigURL: [s-1-5-21-2086223142-3201976994-1658009677-4238] => file://C:\Program Files\AppEnable\bin\Pac8807.js
AutoConfigURL: [s-1-5-21-2086223142-3201976994-1658009677-500] => http://pviapc.rsh.europe.gm.com/gmeproxy.pac
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com/
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2086223142-3201976994-1658009677-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Länkhjälp till Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PDFXChange 4.0 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2086223142-3201976994-1658009677-4238 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mygmgw.gm.com/http://sethnma03.eur.corp.gm.com/iNotes6W.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8462336 2011-01-21] (Microsoft Corporation)
Winsock: Catalog5 01 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINNT\system32\winrnr.dll [16896] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Winsock: Catalog9 01 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 14 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 15 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 16 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 17 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 18 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 19 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 20 C:\WINNT\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Winsock: Catalog9 21 C:\WINNT\system32\rsvpsp.dll [92672] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Mozilla\Firefox\Profiles\2S6D62Es.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINNT\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Mozilla\Firefox\Profiles\2S6D62Es.default\Extensions\abs@avira.com [2014-12-29]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-21]
FF HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - C:\firefox\FirefoxPortable\App\Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-12]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2014-12-27] (Adobe Systems Incorporated)
S4 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
R3 ALG; C:\WINNT\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation)
S4 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
S2 Ati HotKey Poller; C:\WINNT\system32\Ati2evxx.exe [344064 2005-01-20] (ATI Technologies Inc.)
R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R3 BITS; C:\WINNT\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S4 Browser; C:\WINNT\System32\browser.dll [77824 2008-04-14] (Microsoft Corporation)
S3 CiSvc; C:\WINNT\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
S4 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
R3 COMSysApp; C:\WINNT\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
R2 CryptSvc; C:\WINNT\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)
R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation)
S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\WINNT\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)
R2 Dot3svc; C:\WINNT\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation)
R2 EapHost; C:\WINNT\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
R2 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
S4 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)
S4 Fax; C:\WINNT\system32\fxssvc.exe [267776 2008-04-14] (Microsoft Corporation)
R2 FlexClient; C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe [1421312 2011-10-26] (HP) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-06-21] (Macrovision Europe Ltd.) [File not signed]
R2 FlxNotifier; C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe [212992 2011-03-21] (HP) [File not signed]
S3 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
R2 HidServ; C:\WINNT\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation)
S3 hkmsvc; C:\WINNT\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
S3 ImapiService; C:\WINNT\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-27] (Oracle Corporation)
R2 KService; C:\Program Files\Kontiki\KService.exe [4873768 2010-07-28] (Kontiki Inc.)
R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
S4 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S3 mnmsrvc; C:\WINNT\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
R3 MSDTC; C:\WINNT\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
S3 MSIServer; C:\WINNT\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation)
S3 napagent; C:\WINNT\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINNT\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NetDDE; C:\WINNT\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
R2 Netlogon; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R3 Netman; C:\WINNT\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
R2 NVSvc; C:\WINNT\system32\nvsvc32.exe [159812 2008-08-25] (NVIDIA Corporation)
R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\WINNT\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 PolicyAgent; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 QsRUMAgent; C:\WINNT\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [200704 2011-02-04] (Quest Software) [File not signed]
S4 RasAuto; C:\WINNT\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
R3 RasMan; C:\WINNT\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation)
S3 RpcLocator; C:\WINNT\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation)
R2 RpcSs; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINNT\system32\rsvp.exe [132608 2001-08-23] (Microsoft Corporation)
R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
S2 Schedule; C:\WINNT\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)
R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)
R2 SENS; C:\WINNT\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)
R2 Spooler; C:\WINNT\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
R2 srservice; C:\WINNT\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
S4 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
R2 STacSV; c:\winnt\drivers\notebooks\audio\stacsv.exe [221273 2008-08-25] (IDT, Inc.)
R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)
S3 SwPrv; C:\WINNT\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)
R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)
R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation)
S4 Themes; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)
S4 TlntSvr; C:\WINNT\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
S4 TrkWks; C:\WINNT\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
R2 UMWdf; C:\WINNT\system32\wdfmgr.exe [38912 2005-01-28] (Microsoft Corporation)
S3 upnphost; C:\WINNT\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation)
S3 UPS; C:\WINNT\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)
R2 W32Time; C:\WINNT\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
S4 WebClient; C:\WINNT\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation)
R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)
S4 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [25088 2005-01-28] (Microsoft Corporation)
S3 Wmi; C:\WINNT\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINNT\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
R3 WPFFontCache_v0400; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [753504 2010-03-18] (Microsoft Corporation)
S4 wscsvc; C:\WINNT\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)
R3 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation)
S3 xmlprov; C:\WINNT\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
S2 COSIDS_TB; "C:\Program Files\cosids\bin\tbmux32.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation)
R0 ACPIEC; C:\WINNT\System32\DRIVERS\ACPIEC.sys [11648 2001-08-23] (Microsoft Corporation)
S3 aeaudio; C:\WINNT\System32\drivers\aeaudio.sys [127744 2004-11-08] (Andrea Electronics Corporation) [File not signed]
S3 aec; C:\WINNT\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R3 AESTAud; C:\WINNT\System32\drivers\AESTAud.sys [108160 2008-08-25] (Andrea Electronics Corporation)
R1 AFD; C:\WINNT\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)
R0 AliIde; C:\WINNT\System32\DRIVERS\aliide.sys [5248 2001-08-17] (Acer Laboratories Inc.)
R3 ApfiltrService; C:\WINNT\System32\DRIVERS\Apfiltr.sys [170032 2008-09-02] (Alps Electric Co., Ltd.)
R3 Arp1394; C:\WINNT\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation)
S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation)
R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation)
S3 ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [965632 2005-01-20] (ATI Technologies Inc.)
S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)
R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R2 avgntflt; C:\WINNT\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINNT\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINNT\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 b57w2k; C:\WINNT\System32\DRIVERS\b57xp32.sys [190592 2004-11-16] (Broadcom Corporation)
R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2001-08-23] (Microsoft Corporation)
S3 Bridge; C:\WINNT\System32\DRIVERS\bridge.sys [71552 2008-04-13] (Microsoft Corporation)
S3 BridgeMP; C:\WINNT\System32\DRIVERS\bridge.sys [71552 2008-04-13] (Microsoft Corporation)
S3 BTWUSB; C:\WINNT\System32\Drivers\btwusb.sys [55320 2004-11-04] (Broadcom Corporation.) [File not signed]
S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2001-08-23] (Microsoft Corporation)
S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2001-08-23] (Microsoft Corporation)
R4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation)
R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation)
R3 CmBatt; C:\WINNT\System32\DRIVERS\CmBatt.sys [13952 2008-04-13] (Microsoft Corporation)
R0 Compbatt; C:\WINNT\System32\DRIVERS\compbatt.sys [10240 2008-04-13] (Microsoft Corporation)
R0 Cpqarray; C:\WINNT\System32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation)
R3 cvusbdrv; C:\WINNT\System32\Drivers\cvusbdrv.sys [32808 2008-09-02] (Broadcom Corporation)
R0 dac960nt; C:\WINNT\System32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation)
R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation)
S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software)
R0 dmio; C:\WINNT\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software)
R0 dmload; C:\WINNT\System32\drivers\dmload.sys [5888 2001-08-23] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)
R3 e1yexpress; C:\WINNT\System32\DRIVERS\e1y5132.sys [244368 2008-08-25] (Intel Corporation)
R3 Eacfilt; C:\WINNT\System32\DRIVERS\eacfilt.sys [24521 2005-09-06] (Nortel Networks) [File not signed]
S4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation)
S3 Fdc; C:\WINNT\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation)
R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation)
S3 Flpydisk; C:\WINNT\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation)
R0 FltMgr; C:\WINNT\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation)
U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2001-08-23] (Microsoft Corporation)
R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2001-08-23] (Microsoft Corporation)
R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)
S3 GTIPCI21; C:\WINNT\System32\DRIVERS\gtipci21.sys [80384 2004-05-03] (Texas Instruments)
R3 HDAudBus; C:\WINNT\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
R3 HECI; C:\WINNT\System32\DRIVERS\HECI.sys [40832 2008-06-19] (Intel Corporation)
R3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation)
S3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation)
R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation)
S3 ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [776349 2004-12-21] (Intel Corporation) [File not signed]
R0 iaStor; C:\WINNT\System32\DRIVERS\iaStor.sys [318488 2008-09-02] (Intel Corporation)
S3 IFXTPM; C:\WINNT\System32\DRIVERS\IFXTPM.SYS [32640 2004-09-02] (Infineon Technologies AG)
R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation)
R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation)
R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation)
S3 Ip6Fw; C:\WINNT\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2001-08-23] (Microsoft Corporation)
S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation)
R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation)
R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation)
S3 IPSECEXT; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155184 2005-09-06] (Nortel Networks NA, Inc.) [File not signed]
R3 IPSECSHM; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155184 2005-09-06] (Nortel Networks NA, Inc.) [File not signed]
S3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation)
R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation)
R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation)
R1 kbdhid; C:\WINNT\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation)
R3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2001-08-23] (Microsoft Corporation)
S3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation)
R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation)
R3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation)
S3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation)
R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation)
R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation)
S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)
S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)
R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation)
R0 msvmscsi; C:\WINNT\System32\DRIVERS\msvmscsi.sys [16112 2004-07-14] (Microsoft Corporation)
R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation)
R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)
R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation)
R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation)
R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [40960 2010-11-02] (Microsoft Corporation)
R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation)
R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation)
R3 NETw5x32; C:\WINNT\System32\DRIVERS\NETw5x32.sys [4203392 2009-05-28] (Intel Corporation)
R3 NIC1394; C:\WINNT\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation)
R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation)
R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation)
R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2001-08-23] (Microsoft Corporation)
R3 nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [6591872 2008-08-25] (NVIDIA Corporation)
S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2001-08-23] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2001-08-23] (Microsoft Corporation)
R0 ohci1394; C:\WINNT\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation)
S3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation)
R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation)
S4 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2001-08-23] (Microsoft Corporation)
R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation)
R0 PCIIde; C:\WINNT\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation)
R0 Pcmcia; C:\WINNT\System32\DRIVERS\pcmcia.sys [120192 2008-04-13] (Microsoft Corporation)
R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation)
R3 PSched; C:\WINNT\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation)
R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2001-08-23] (Parallel Technologies, Inc.)
R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2001-08-23] (Microsoft Corporation)
S3 Rasirda; C:\WINNT\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation)
R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation)
R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2001-08-23] (Microsoft Corporation)
R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation)
R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2001-08-23] (Microsoft Corporation)
R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation)
R3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139656 2011-06-24] (Microsoft Corporation)
R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
R2 rimmptsk; C:\WINNT\System32\DRIVERS\rimmptsk.sys [39936 2008-09-02] (REDC)
R3 sdbus; C:\WINNT\System32\DRIVERS\sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 seehcri; C:\WINNT\System32\DRIVERS\seehcri.sys [27632 2011-01-18] (Sony Ericsson Mobile Communications)
R3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation)
R1 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation)
S3 sffdisk; C:\WINNT\System32\DRIVERS\sffdisk.sys [11904 2008-04-13] (Microsoft Corporation)
S3 sffp_sd; C:\WINNT\System32\DRIVERS\sffp_sd.sys [11008 2008-04-13] (Microsoft Corporation)
S3 Sfloppy; C:\WINNT\System32\DRIVERS\sfloppy.sys [11392 2008-04-13] (Microsoft Corporation)
S3 SMCIRDA; C:\WINNT\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)
R3 smsmdd; C:\WINNT\System32\DRIVERS\smsmdm.sys [12448 2008-10-20] (Microsoft Corporation)
S3 smwdm; C:\WINNT\System32\drivers\smwdm.sys [259840 2004-10-13] (Analog Devices, Inc.) [File not signed]
R0 Sparrow; C:\WINNT\System32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.)
S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation)
R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation)
S1 ssmdrv; C:\WINNT\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
R3 STHDA; C:\WINNT\System32\drivers\sthda.sys [1381914 2008-08-25] (IDT, Inc.)
S3 StillCam; C:\WINNT\System32\DRIVERS\serscan.sys [6784 2001-08-17] (Microsoft Corporation)
R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation)
S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
R0 Symmpi; C:\WINNT\System32\DRIVERS\symmpi.sys [103552 2007-04-19] (LSI Logic)
R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation)
S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)
R3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation)
R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
S3 tifm21; C:\WINNT\System32\drivers\tifm21.sys [157056 2005-02-11] (Texas Instruments)
S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation)
R3 Update; C:\WINNT\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation)
R3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [32128 2008-04-13] (Microsoft Corporation)
R3 USBCCID; C:\WINNT\System32\DRIVERS\usbccid.sys [28672 2008-09-02] (Microsoft Corporation)
R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [30208 2008-04-13] (Microsoft Corporation)
R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation)
S3 usbprint; C:\WINNT\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation)
S3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [15104 2008-04-13] (Microsoft Corporation)
S3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation)
R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation)
S3 USB_RNDIS; C:\WINNT\System32\DRIVERS\usb8023.sys [12800 2008-04-13] (Microsoft Corporation)
S3 usb_rndisx; C:\WINNT\System32\DRIVERS\usb8023x.sys [12800 2008-04-13] (Microsoft Corporation)
R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation)
R0 ViaIde; C:\WINNT\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation)
R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation)
S3 w29n51; C:\WINNT\System32\DRIVERS\w29n51.sys [3210496 2004-10-19] (Intel® Corporation) [File not signed]
R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation)
R3 Wdf01000; C:\WINNT\System32\DRIVERS\Wdf01000.sys [503144 2008-01-19] (Microsoft Corporation)
R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
R1 WmiAcpi; C:\WINNT\System32\DRIVERS\wmiacpi.sys [8832 2008-04-13] (Microsoft Corporation)
S3 WpdUsb; C:\WINNT\System32\Drivers\wpdusb.sys [18944 2005-01-28] (Microsoft Corporation)
S4 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2001-08-23] (Microsoft Corporation)
S3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
U5 ScsiPort; C:\WINNT\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U.%99M%20 T8267; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 21:45 - 2014-12-29 22:12 - 00051234 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\FRST.txt
2014-12-29 17:59 - 2014-12-29 18:10 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-12-29 17:59 - 2014-12-29 17:59 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Mozilla
2014-12-29 17:49 - 2014-12-29 18:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-12-29 17:49 - 2014-12-29 17:49 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Avira
2014-12-29 17:48 - 2014-12-29 18:10 - 00000000 ____D () C:\Program Files\Avira
2014-12-29 17:48 - 2014-12-29 18:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-12-29 17:48 - 2014-12-29 17:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira
2014-12-29 17:48 - 2014-12-29 17:48 - 00001707 _____ () C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
2014-12-29 17:48 - 2014-11-24 10:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINNT\system32\Drivers\avipbb.sys
2014-12-29 17:48 - 2014-11-24 10:23 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\WINNT\system32\Drivers\avgntflt.sys
2014-12-29 17:48 - 2014-11-24 10:23 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINNT\system32\Drivers\avkmgr.sys
2014-12-29 17:48 - 2014-11-24 10:23 - 00028520 _____ (Avira GmbH) C:\WINNT\system32\Drivers\ssmdrv.sys
2014-12-29 17:18 - 2014-12-29 17:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NeliGmoc
2014-12-28 10:59 - 2014-12-28 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\gug
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\xzmyyv\Local Settings\Application Data\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\SYSTEM\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\si_flexmanage_corp\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\Installation\My Documents\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\Installation\Local Settings\Application Data\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\Installation\how_decrypt.html
2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\All Users\how_decrypt.html
2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\All Users\Application Data\how_decrypt.html
2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\how_decrypt.html
2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\Administrator\how_decrypt.html
2014-12-28 10:38 - 2014-12-28 11:03 - 00001169 _____ () C:\WINNT\ars.ffx
2014-12-28 10:35 - 2014-12-29 17:18 - 00000777 _____ () C:\WINNT\intpcii.dtr
2014-12-27 19:47 - 2014-12-27 19:47 - 00000000 ____D () C:\Program Files\ESET
2014-12-27 19:38 - 2014-12-29 22:12 - 00000000 ____D () C:\FRST
2014-12-27 19:37 - 2014-12-27 19:37 - 01114624 _____ (Farbar) C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\FRST.exe
2014-12-27 16:41 - 2014-12-28 10:43 - 00000000 ____D () C:\AdwCleaner
2014-12-27 16:38 - 2014-12-27 16:38 - 02173952 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\adwcleaner_4.106.exe
2014-12-27 16:31 - 2014-12-27 16:31 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Deployment
2014-12-27 14:31 - 2014-12-27 14:38 - 00748775 _____ () C:\Documents and Settings\All Users\Application Data\rfppkti.html

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 22:12 - 2012-03-05 22:53 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp
2014-12-29 22:02 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\Temp
2014-12-29 21:33 - 2008-04-30 19:23 - 00000000 ____D () C:\WINNT\system32\NtmsData
2014-12-29 21:13 - 2011-10-21 12:26 - 00162464 _____ () C:\WINNT\setupapi.log
2014-12-29 21:13 - 2005-06-20 16:36 - 00000000 ____D () C:\WINNT\Registration
2014-12-29 21:13 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\repair
2014-12-29 20:05 - 2007-05-11 19:49 - 00000664 _____ () C:\WINNT\system32\d3d9caps.dat
2014-12-29 18:02 - 2007-05-14 16:44 - 00000000 ____D () C:\WINNT\Microsoft.NET
2014-12-29 17:58 - 2005-06-20 12:29 - 00534912 _____ () C:\WINNT\system32\PerfStringBackup.INI
2014-12-29 17:56 - 2007-12-06 22:44 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-12-29 17:47 - 2014-01-08 19:16 - 00001945 _____ () C:\WINNT\epplauncher.mif
2014-12-29 17:47 - 2005-06-20 16:39 - 01385866 _____ () C:\WINNT\WindowsUpdate.log
2014-12-29 17:20 - 2010-06-21 15:58 - 00179694 _____ () C:\WINNT\system32\nvModes.dat
2014-12-29 17:20 - 2010-06-21 15:58 - 00179694 _____ () C:\WINNT\system32\nvModes.001
2014-12-29 17:19 - 2012-03-05 22:56 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Adobe
2014-12-29 17:18 - 2008-12-18 23:00 - 00000000 ____D () C:\WINNT
2014-12-29 17:15 - 2010-06-21 21:54 - 00189541 _____ () C:\WINNT\system32\nvapps.xml
2014-12-28 22:01 - 2014-01-08 19:26 - 00000396 ____H () C:\WINNT\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-12-28 21:51 - 2011-10-12 09:31 - 00000159 _____ () C:\WINNT\wiadebug.log
2014-12-28 21:51 - 2011-10-12 09:31 - 00000050 _____ () C:\WINNT\wiaservc.log
2014-12-28 21:51 - 2005-06-20 16:47 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-12-28 21:49 - 2012-03-05 22:53 - 00000178 ___SH () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\ntuser.ini
2014-12-28 21:49 - 2011-06-27 09:44 - 00000178 ___SH () C:\Documents and Settings\administrator.corpsaabcom\ntuser.ini
2014-12-28 21:26 - 2010-06-21 16:01 - 00000000 ____D () C:\Documents and Settings\Installation\Local Settings\Temp
2014-12-28 21:26 - 2005-06-20 17:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-12-28 21:18 - 2011-07-25 06:30 - 00000000 ____D () C:\Documents and Settings\si_flexmanage_corp\Local Settings\Temp
2014-12-28 21:18 - 2005-06-21 15:15 - 00000000 ___HD () C:\WINNT\system32\GroupPolicy
2014-12-28 21:11 - 2012-06-21 22:13 - 00099800 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-12-28 19:53 - 2010-06-22 08:53 - 00000000 __SHD () C:\WINNT\CSC
2014-12-28 11:04 - 2012-03-05 22:53 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061
2014-12-28 10:55 - 2010-10-26 09:02 - 00000000 ____D () C:\STM
2014-12-28 10:51 - 2012-04-06 16:55 - 00000000 __SHD () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\PrivacIE
2014-12-28 10:45 - 2014-01-08 19:21 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache
2014-12-28 10:45 - 2012-09-09 20:21 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\HpUpdate
2014-12-28 10:45 - 2012-06-16 10:45 - 00000000 __SHD () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\IECompatCache
2014-12-28 10:45 - 2012-03-05 17:10 - 00000000 ____D () C:\Documents and Settings\xzmyyv\Local Settings\Application Data\Htc
2014-12-28 10:45 - 2012-03-05 17:08 - 00000000 __SHD () C:\Documents and Settings\xzmyyv\IETldCache
2014-12-28 10:45 - 2011-07-25 06:28 - 00000000 ___SD () C:\Documents and Settings\si_flexmanage_corp\UserData
2014-12-28 10:45 - 2011-07-25 06:28 - 00000000 ____D () C:\Documents and Settings\si_flexmanage_corp
2014-12-28 10:45 - 2011-06-22 08:28 - 00018991 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\CPLOCAL.tmp
2014-12-28 10:45 - 2010-06-28 11:28 - 00100312 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-12-28 10:45 - 2010-06-22 09:56 - 00000000 ____D () C:\Documents and Settings\SYSTEM
2014-12-28 10:45 - 2010-06-21 16:56 - 00040807 _____ () C:\Documents and Settings\Installation\My Documents\lotusinstall.log
2014-12-28 10:45 - 2010-06-21 16:01 - 00000000 ___SD () C:\Documents and Settings\Installation\UserData
2014-12-28 10:45 - 2010-06-21 16:01 - 00000000 ____D () C:\Documents and Settings\Installation
2014-12-28 10:45 - 2007-12-06 22:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-12-28 10:45 - 2005-06-20 16:39 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2014-12-28 10:44 - 2014-11-08 15:43 - 00158480 _____ () C:\Documents and Settings\All Users\Application Data\3CF14ECC.CPP.iqvgsrf
2014-12-28 10:44 - 2014-05-12 18:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A
2014-12-28 10:44 - 2014-05-07 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\jzirf0qmf.cpp
2014-12-28 10:44 - 2012-01-12 12:49 - 00000000 __SHD () C:\Documents and Settings\administrator.corpsaabcom\IETldCache
2014-12-28 10:44 - 2011-06-27 09:44 - 00000000 ___SD () C:\Documents and Settings\administrator.corpsaabcom\UserData
2014-12-28 10:44 - 2010-08-31 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kontiki
2014-12-28 10:44 - 2010-06-21 16:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
2014-12-28 10:44 - 2005-06-21 14:17 - 00000000 ___SD () C:\Documents and Settings\Administrator\UserData
2014-12-28 10:44 - 2005-06-20 17:27 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-12-27 22:48 - 2011-01-26 10:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PDF-XChange 4 Pro
2014-12-27 19:13 - 2005-06-20 12:25 - 00001024 ____H () C:\WINNT\system32\config\userdiff.LOG
2014-12-27 16:28 - 2010-07-01 07:54 - 00000000 ____D () C:\Program Files\Google
2014-12-27 16:09 - 2012-03-05 17:09 - 00000000 ____D () C:\Documents and Settings\xzmyyv\Local Settings\Temp
2014-12-27 16:03 - 2013-09-02 19:48 - 00701616 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerApp.exe
2014-12-27 16:03 - 2013-09-02 19:48 - 00071344 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerCPLApp.cpl
2014-12-27 16:03 - 2013-09-02 19:48 - 00000826 _____ () C:\WINNT\Tasks\Adobe Flash Player Updater.job
2014-12-27 16:02 - 2014-08-17 17:30 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Adobe
2014-12-27 14:37 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\system32\ias
2014-12-27 14:36 - 2007-05-29 03:17 - 00000000 ____D () C:\WINNT\SHELLNEW
2014-12-27 14:35 - 2011-06-22 13:18 - 00000000 ____D () C:\WINNT\Quest Resource Updating Agent
2014-12-27 14:35 - 2005-06-20 17:46 - 00000000 ____D () C:\Program Files\WinZip
2014-12-27 14:34 - 2011-10-12 07:12 - 00000000 ____D () C:\Program Files\Advanced SystemCare 4
2014-12-27 14:34 - 2010-06-22 09:34 - 00000000 ____D () C:\Program Files\Windows Imaging
2014-12-27 14:34 - 2007-05-14 19:51 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-12-27 14:34 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\mui
2014-12-27 14:33 - 2010-06-21 16:07 - 00000000 __HDC () C:\WINNT\$NtServicePackUninstall$
2014-12-27 14:32 - 2013-10-19 21:18 - 00000000 ___RD () C:\Program Files\Skype
2014-12-27 14:32 - 2010-06-22 08:41 - 00000000 ____D () C:\Program Files\VPN Client
2014-12-27 14:32 - 2007-05-29 03:19 - 00000000 ____D () C:\Program Files\Snapshot Viewer
2014-12-27 14:31 - 2011-06-17 11:11 - 00000000 ____D () C:\Program Files\MaximoSilentPrint
2014-12-27 14:31 - 2010-06-28 11:15 - 00000000 ____D () C:\Program Files\PC Information
2014-12-27 14:31 - 2007-12-18 22:36 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2014-12-27 14:31 - 2005-06-20 16:37 - 00000000 ____D () C:\Program Files\Outlook Express
2014-12-27 14:27 - 2013-10-19 21:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-12-27 14:24 - 2001-08-23 03:00 - 00000710 _____ () C:\WINNT\win.ini
2014-12-27 14:03 - 2001-08-23 03:00 - 00002206 _____ () C:\WINNT\system32\wpa.dbl

Some content of TEMP:
====================
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\UpdateFlashPlayer_c2ed7108.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINNT\explorer.exe => File is digitally signed
C:\WINNT\system32\winlogon.exe => File is digitally signed
C:\WINNT\system32\svchost.exe => File is digitally signed
C:\WINNT\system32\services.exe => File is digitally signed
C:\WINNT\system32\User32.dll => File is digitally signed
C:\WINNT\system32\userinit.exe => File is digitally signed
C:\WINNT\system32\rpcss.dll => File is digitally signed
C:\WINNT\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Doc1.docx

Addition.txt

[Cecilia]

1. Jag antar att du menar:

"(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe"

när du skriver "smart web".

Det verkar finnas en hel del kvar av det i datorn, men om vissa delar har försvunnit så det är möjligen på HP:s webbplats som du kan hämta det eftersom det är ett HP-program.

 

2. Du har flera gamla program med kända säkerhetshål som kan utnyttjas av en webbsida för att infektera datorn. Låt Secunias Software Inspector kolla upp datorn och fixa de problem som den rapporterar. Den engelska sidan http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/ beskriver hur man installerar och använder programmet.

 

Verkar finnas lite mer som ska undersökas resp. tas bort.

 

3. På sidan http://www.virustotal.com klickar du på Choose File -knappen och klistrar in ett av följande filnamn i fältet "Filnamn", klicka på Öppna och sedan på Scan it!. Om det kommer upp en fråga om filen ska analyseras om så välj det alternativet. Vänta tills resultatet är klart. Klistra in länken (webbadressen) till resultatet här. Upprepa med nästa filnamn.

C:\Program Files\AppEnable\bin\Pac8807.js

C:\WINNT\ars.ffx

C:\WINNT\intpcii.dtr

 

 

4. Starta programmet Anteckningar.

Kopiera alla rader i rutan:

HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [zbnekda] => rundll32 ",zbnekda
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [NeliGmoc] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz"
C:\Documents and Settings\All Users\Application Data\NeliGmoc

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Stäng av alla program.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Om datorn inte startas om automatiskt så gör det själv.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

 

5. Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

Mer detaljerad vägledning finns på http://www.bleepingcomputer.com/combofix/se/hur-combofix-ska-anvandas

 

Om det kommer upp något meddelande, t ex att ett rootkit har hittats, från ComboFix skriv ner det och skriv det sedan i ditt svar.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

[andzze]

Svar

1. Done
2. Klart. Visste inte att Photoshop var risk det med.

3. File1 Not found

   File2 https://www.virustotal.com/sv/file/11e09843ff1c51ef5f507b175c8924233bcddf28a35ad372e3cc40785f20962d/analysis/

   File3 https://www.virustotal.com/sv/file/255728cdcfe6aa2fdb0a5648c3861995999bb64a324b639ec3801aafc8a82420/analysis/

4. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2014
   Ran by XZMYYV at 2014-12-31 00:17:50 Run:2
   Running from C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop
   Loaded Profiles: XZMYYV & administrator (Available profiles: XZMYYV & administrator & localadmin)
   Boot Mode: Normal

   ==============================================

   Content of fixlist:
   *****************
   HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [zbnekda] => rundll32 ",zbnekda
   HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [NeliGmoc] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz"
   C:\Documents and Settings\All Users\Application Data\NeliGmoc
   *****************

   HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Windows\CurrentVersion\Run\\zbnekda => value deleted successfully.
   HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Windows\CurrentVersion\Run\\NeliGmoc => value deleted successfully.
   C:\Documents and Settings\All Users\Application Data\NeliGmoc => Moved successfully.

   ==== End of Fixlog 00:17:50 ====

    

5.  

   ComboFix 14-12-30.01 - XZMYYV 2014-12-31   1:41.2.2 - x86
   Microsoft Windows XP Professional  5.1.2600.3.1252.46.1033.18.3572.2695 [GMT 1:00]
   Körs från: c:\documents and settings\XZMYYV.CORPSAABCOM.061\Desktop\ComboFix.exe
   AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
   .
   .
   ((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
   .
   .
   c:\docume~1\XZMYYV~1.061\LOCALS~1\Temp\avgnt.exe\Avira.OE.ExtApi.dll
   c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll
   .
   ---- Föregående körning -------
   .
   c:\docume~1\XZMYYV~1.061\LOCALS~1\Temp\avgnt.exe\Avira.OE.ExtApi.dll
   c:\documents and settings\All Users\Application Data\3CF14ECC.CPP.iqvgsrf
   c:\documents and settings\All Users\ntuser.pol
   c:\documents and settings\XZMYYV.CORPSAABCOM.061\Application Data\Adobe\AdobeWin.exe
   c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\zcnecda.dll
   c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll
   c:\winnt\EventSystem.log
   c:\winnt\security\logs\scecomp.log
   c:\winnt\system32\AdobePDF.dll
   c:\winnt\system32\drivers\etc\hosts.ics
   c:\winnt\system32\MUI\0404\tourstart.exe
   c:\winnt\system32\MUI\0405\tourstart.exe
   c:\winnt\system32\MUI\0406\tourstart.exe
   c:\winnt\system32\MUI\0407\tourstart.exe
   c:\winnt\system32\MUI\0408\tourstart.exe
   c:\winnt\system32\MUI\040C\tourstart.exe
   c:\winnt\system32\MUI\0410\tourstart.exe
   c:\winnt\system32\MUI\0411\tourstart.exe
   c:\winnt\system32\MUI\0412\tourstart.exe
   c:\winnt\system32\MUI\0413\tourstart.exe
   c:\winnt\system32\MUI\0415\tourstart.exe
   c:\winnt\system32\MUI\0416\tourstart.exe
   c:\winnt\system32\MUI\0419\tourstart.exe
   c:\winnt\system32\MUI\041D\tourstart.exe
   c:\winnt\system32\MUI\041f\tourstart.exe
   c:\winnt\system32\MUI\0816\tourstart.exe
   c:\winnt\system32\MUI\0C0A\tourstart.exe
   c:\winnt\system32\P10015.exe
   .
   .
   ((((((((((((((((((((((((   Filer skapade från 2014-11-28 till 2014-12-31  ))))))))))))))))))))))))))))))
   .
   .
   2014-12-31 00:23 . 2014-12-31 00:23 -------- d-----w- c:\documents and settings\XZMYYV.CORPSAABCOM.061\Application Data\Apple Computer
   2014-12-30 23:25 . 2014-12-30 23:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
   2014-12-30 23:25 . 2014-12-30 23:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
   2014-12-30 23:25 . 2014-12-30 23:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
   2014-12-30 23:25 . 2014-12-30 23:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
   2014-12-30 23:25 . 2014-12-30 23:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
   2014-12-30 23:25 . 2014-12-30 23:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
   2014-12-30 23:25 . 2014-12-30 23:25 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
   2014-12-30 23:25 . 2014-12-30 23:25 -------- d-----w- c:\winnt\system32\config\systemprofile\Application Data\Apple Computer
   2014-12-30 23:24 . 2014-12-30 23:24 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
   2014-12-30 23:24 . 2014-12-30 23:24 -------- d-----w- c:\program files\Apple Software Update
   2014-12-30 23:17 . 2014-12-30 23:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
   2014-12-30 23:01 . 2014-12-30 23:01 -------- d-----w- c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Secunia PSI
   2014-12-30 23:01 . 2014-12-30 23:01 -------- d-----w- c:\program files\Secunia
   2014-12-29 16:49 . 2014-12-29 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
   2014-12-29 16:49 . 2014-12-29 16:49 -------- d-----w- c:\documents and settings\XZMYYV.CORPSAABCOM.061\Application Data\Avira
   2014-12-29 16:48 . 2014-11-24 09:23 37352 ----a-w- c:\winnt\system32\drivers\avkmgr.sys
   2014-12-29 16:48 . 2014-11-24 09:23 136216 ----a-w- c:\winnt\system32\drivers\avipbb.sys
   2014-12-29 16:48 . 2014-11-24 09:23 98160 ----a-w- c:\winnt\system32\drivers\avgntflt.sys
   2014-12-29 16:48 . 2014-12-29 17:10 -------- d-----w- c:\program files\Avira
   2014-12-29 16:48 . 2014-12-29 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
   2014-12-28 09:59 . 2014-12-28 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\gug
   2014-12-27 18:47 . 2014-12-27 18:47 -------- d-----w- c:\program files\ESET
   2014-12-27 18:38 . 2014-12-30 23:17 -------- d-----w- C:\FRST
   2014-12-27 15:41 . 2014-12-28 09:43 -------- d-----w- C:\AdwCleaner
   2014-12-27 15:31 . 2014-12-27 15:31 -------- d-----w- c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Deployment
   .
   .
   .
   (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
   .
   2014-12-28 09:45 . 2011-06-22 07:28 18991 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\CPLOCAL.tmp
   2014-12-27 15:03 . 2013-09-02 18:48 701616 ----a-w- c:\winnt\system32\FlashPlayerApp.exe
   2014-12-27 15:03 . 2013-09-02 18:48 71344 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
   2014-11-28 12:02 . 2014-11-28 12:02 16024 ----a-w- c:\winnt\system32\drivers\psi_mf_x86.sys
   2014-11-24 13:04 . 2014-01-08 18:20 229000 ------w- c:\winnt\system32\MpSigStub.exe
   2014-11-08 15:21 . 2014-11-08 15:21 49088 ----a-w- c:\winnt\system32\drivers\mrjgnlof.sys
   2014-11-08 15:14 . 2014-11-08 15:14 49088 ----a-w- c:\winnt\system32\drivers\jbigogwu.sys
   2014-11-08 15:14 . 2014-11-08 15:14 49088 ----a-w- c:\winnt\system32\drivers\ixkbnurx.sys
   2014-11-08 15:14 . 2014-11-08 15:14 49088 ----a-w- c:\winnt\system32\drivers\dqoczqgo.sys
   2014-11-08 15:14 . 2014-11-08 15:14 49088 ----a-w- c:\winnt\system32\drivers\riewlbtc.sys
   2014-11-08 15:14 . 2014-11-08 15:14 49088 ----a-w- c:\winnt\system32\drivers\lrakynxy.sys
   2014-11-08 15:14 . 2014-11-08 15:14 49088 ----a-w- c:\winnt\system32\drivers\ctpnwpuy.sys
   2014-11-08 15:13 . 2014-11-08 15:13 49088 ----a-w- c:\winnt\system32\drivers\ddvkzlyg.sys
   2014-11-08 15:13 . 2014-11-08 15:13 49088 ----a-w- c:\winnt\system32\drivers\uyviqmdm.sys
   2014-11-08 15:13 . 2014-11-08 15:13 49088 ----a-w- c:\winnt\system32\drivers\xhglmkti.sys
   2014-11-08 15:13 . 2014-11-08 15:13 49088 ----a-w- c:\winnt\system32\drivers\mdbuckyh.sys
   2014-11-08 15:13 . 2014-11-08 15:13 49088 ----a-w- c:\winnt\system32\drivers\vpsoighv.sys
   2014-11-08 15:13 . 2014-11-08 15:13 49088 ----a-w- c:\winnt\system32\drivers\lygjbeor.sys
   2014-11-08 15:13 . 2014-11-08 15:13 49088 ----a-w- c:\winnt\system32\drivers\sodbdwhh.sys
   2014-11-08 15:12 . 2014-11-08 15:12 49088 ----a-w- c:\winnt\system32\drivers\afgbehqe.sys
   2014-11-08 15:12 . 2014-11-08 15:12 49088 ----a-w- c:\winnt\system32\drivers\jvsgoqbr.sys
   2014-11-08 15:12 . 2014-11-08 15:12 49088 ----a-w- c:\winnt\system32\drivers\mcrdqljb.sys
   2014-11-08 15:12 . 2014-11-08 15:12 49088 ----a-w- c:\winnt\system32\drivers\bcpogkqs.sys
   2014-11-08 15:12 . 2014-11-08 15:12 49088 ----a-w- c:\winnt\system32\drivers\laihqcrw.sys
   .
   .
   (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
   .
   .
   *Not* tomma poster & legitima standardposter visas inte.
   REGEDIT4
   .
   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21444224]
   "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-04-23 39408]
   .
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "IMJPMIG8.1"="c:\winnt\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
   "PHIME2002ASync"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
   "PHIME2002A"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
   "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-02 196608]
   "NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2008-08-25 13537280]
   "nwiz"="nwiz.exe" [2008-08-25 1630208]
   "NVHotkey"="nvHotkey.dll" [2008-08-25 90112]
   "NvMediaCenter"="NvMCTray.dll" [2008-08-25 86016]
   "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-25 442467]
   "AESTFltr"="c:\winnt\system32\AESTFltr.exe" [2008-08-25 466944]
   "P10015"="WSCRIPT.EXE" [2008-05-08 155648]
   "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
   "Synchronization Manager"="c:\winnt\system32\mobsync.exe" [2008-04-14 143360]
   "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
   "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
   "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-11-24 702768]
   "Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
   "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
   "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
   .
   [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
   "CTFMON.EXE"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
   "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-04-23 39408]
   "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
   .
   c:\documents and settings\All Users\Start Menu\Programs\Startup\
   HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
   Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2014-11-28 591576]
   WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-12-17 118784]
   .
   [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
   "MaxGPOScriptWait"= 3600 (0xe10)
   .
   [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
   "NoMSAppLogo5ChannelNotify"= 1 (0x1)
   "PreXPSP2ShellProtocolBehavior"= 0 (0x0)
   "NoPublishingWizard"= 1 (0x1)
   "NoWebServices"= 1 (0x1)
   "NoOnlinePrintsWizard"= 1 (0x1)
   "NoWelcomeScreen"= 1 (0x1)
   "TaskbarNoNotification"= 0 (0x0)
   "HideSCAHealth"= 0 (0x0)
   .
   [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
   "TaskbarNoNotification"= 0 (0x0)
   .
   [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
   "ForceClassicControlPanel"= 1 (0x1)
   "NoSMConfigurePrograms"= 1 (0x1)
   .
   [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
   "NoAutoUpdate"= 1 (0x1)
   .
   [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2086223142-3201976994-1658009677-5376\Scripts\Logon\0\0]
   "Script"=remapdrives.vbs
   .
   [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2086223142-3201976994-1658009677-5376\Scripts\Logon\1\0]
   "Script"=login.cmd
   .
   [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2086223142-3201976994-1658009677-5376\Scripts\Logon\2\0]
   "Script"=login.vbs
   .
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
   @="Driver"
   .
   [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
   "%windir%\\system32\\sessmgr.exe"=
   "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
   "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
   "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
   "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
   "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
   "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
   "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
   "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
   "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
   "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
   "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
   "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
   "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
   .
   [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
   "6009:UDP"= 6009:UDP:FlexDeploy
   .
   R0 msvmscsi;msvmscsi;c:\winnt\system32\drivers\msvmscsi.sys [2007-06-08 16112]
   R1 avkmgr;avkmgr;c:\winnt\system32\drivers\avkmgr.sys [2014-12-29 37352]
   R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-12-29 431920]
   R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-11-20 166192]
   R2 FlexClient;HP FlexDeploy Client Service;c:\program files\HP\FlexDeploy\Client Software\FlexClient.exe [2011-10-26 1421312]
   R2 FlxNotifier;HP FlexDeploy Notifier Service;c:\program files\HP\FlexDeploy\Client Software\FlxNotifier.exe [2011-03-21 212992]
   R2 QsRUMAgent;Quest Migration Manager RUM Agent Service;c:\winnt\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [2011-06-22 200704]
   R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [2014-11-28 1363160]
   R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2014-11-28 765144]
   R3 AESTAud;AE Audio Service;c:\winnt\system32\drivers\AESTAud.sys [2010-06-22 108160]
   R3 cvusbdrv;Broadcom USH CV;c:\winnt\system32\drivers\cvusbdrv.sys [2010-06-22 32808]
   R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\winnt\system32\drivers\e1y5132.sys [2010-06-22 244368]
   R3 Eacfilt;Eacfilt Miniport;c:\winnt\system32\drivers\eacfilt.sys [2010-06-22 24521]
   R3 PSI;PSI;c:\winnt\system32\drivers\psi_mf_x86.sys [2014-11-28 16024]
   R3 seehcri;Sony Ericsson seehcri Device Driver;c:\winnt\system32\drivers\seehcri.sys [2011-01-18 27632]
   S2 COSIDS_TB;COSIDS_TB;"c:\program files\cosids\bin\tbmux32.exe" --> c:\program files\cosids\bin\tbmux32.exe [?]
   S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
   S3 GTIPCI21;GTIPCI21;c:\winnt\system32\drivers\gtipci21.sys [2004-05-03 80384]
   S3 HTCAND32;HTC Device Driver;c:\winnt\system32\Drivers\ANDROIDUSB.sys --> c:\winnt\system32\Drivers\ANDROIDUSB.sys [?]
   S3 IFXTPM;IFXTPM;c:\winnt\system32\drivers\ifxtpm.sys [2004-09-02 32640]
   S3 IPSECEXT;Nortel Extranet Access Protocol;c:\winnt\system32\drivers\ipsecw2k.sys [2010-06-22 155184]
   .
   [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
   HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
   HPService REG_MULTI_SZ    HPSLPSVC
   hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
   .
   [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Clear_Java_Cache]
   2014-12-28 09:44 28608 ----a-w- c:\deploy\Clear_Java_Cache\ClearJava.vbs
   .
   [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\IE_MaxScript_Statements]
   2014-12-28 09:44 12678 ----a-w- c:\deploy\MaxScriptStatements\P09125_Install.vbs
   .
   [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PDFXChange]
   2014-12-28 09:44 19557 ----a-w- c:\deploy\PDFXChange\DeleteRegKeys.vbs
   .
   [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{57752979-A1C9-4C02-856B-FBB27AC4E02C}]
   2008-04-14 03:42 78848 ----a-w- c:\winnt\system32\msiexec.exe
   .
   [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73868DD9-CC9A-4F7F-B708-99F096DEAB6D}]
   2008-04-14 03:42 78848 ----a-w- c:\winnt\system32\msiexec.exe
   .
   [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{82B4BCFA-BB6B-4282-9165-9E58EFA284A2}]
   2014-12-28 09:44 19500 ----a-w- c:\deploy\P10095_Userchoice\userchoice.vbs
   .
   [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D7437546-1C71-06E2-A2D5-79108D260586}]
   2014-12-28 09:44 22910 ----a-w- c:\deploy\office.12\mig_offsettings.vbs
   .
   [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D91D0C90-FDEE-4BA3-98EA-F2003CB800C4}]
   2008-04-14 03:42 78848 ----a-w- c:\winnt\system32\msiexec.exe
   .
   [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
   2009-03-08 03:32 128512 ----a-w- c:\winnt\system32\advpack.dll
   .
   [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FD6F96AB-BD89-48F4-B792-BCC6362363E3}]
   2008-04-14 03:42 78848 ----a-w- c:\winnt\system32\msiexec.exe
   .
   Innehåll i mappen 'Schemalagda aktiviteter':
   .
   2014-12-30 c:\winnt\Tasks\Adobe Flash Player Updater.job
   - c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-02 15:03]
   .
   2014-12-30 c:\winnt\Tasks\AppleSoftwareUpdate.job
   - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
   .
   2014-12-31 c:\winnt\Tasks\GoogleUpdateTaskMachineCore1cf9098a814ed6a.job
   - c:\program files\Google\Update\GoogleUpdate.exe [2014-04-23 20:00]
   .
   2014-12-31 c:\winnt\Tasks\GoogleUpdateTaskMachineCore1cfef324d5c7c46.job
   - c:\program files\Google\Update\GoogleUpdate.exe [2014-04-23 20:00]
   .
   2014-12-31 c:\winnt\Tasks\GoogleUpdateTaskMachineCore1cfff5ec5c1eea.job
   - c:\program files\Google\Update\GoogleUpdate.exe [2014-04-23 20:00]
   .
   .
   ------- Extra genomsökning -------
   .
   uStart Page = hxxp://www.google.com/
   IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
   IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
   IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
   IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
   IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
   IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
   IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
   IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
   IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
   IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
   Trusted Zone: USABHSS0000C01.nam.corp.gm.com
   .
   - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
   .
   HKCU-Run-zcnecda - c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\zcnecda.dll
   c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk - (no file)
   Notify-zbnekda - (no file)
   .
   .
   .
   **************************************************************************
   .
   catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2014-12-31 01:50
   Windows 5.1.2600 Service Pack 3 NTFS
   .
   scanning hidden processes ... 
   .
   scanning hidden autostart entries ...
   .
   scanning hidden files ... 
   .
   .
   c:\winnt\TEMP\~DF1238.tmp 81920 bytes
   .
   scan completed successfully
   hidden files: 1
   .
   **************************************************************************
   .
   --------------------- LÅSTA REGISTERNYCKLAR ---------------------
   .
   [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
   @Denied: (A 2) (Everyone)
   @="FlashBroker"
   "LocalizedString"="@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
   .
   [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
   "Enabled"=dword:00000001
   .
   [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
   @="c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
   .
   [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
   @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
   .
   [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
   @Denied: (A 2) (Everyone)
   @="IFlashBroker6"
   .
   [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
   @="{00020424-0000-0000-C000-000000000046}"
   .
   [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
   @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
   "Version"="1.0"
   .
   --------------------- DLL'er som "laddats" under processer som körs ---------------------
   .
   - - - - - - - > 'winlogon.exe'(1724)
   c:\winnt\system32\Ati2evxx.dll
   .
   - - - - - - - > 'explorer.exe'(2872)
   c:\winnt\system32\ieframe.dll
   c:\winnt\system32\webcheck.dll
   c:\winnt\system32\OneX.DLL
   c:\winnt\system32\eappprxy.dll
   .
   ------------------------ Andra processer som körs ------------------------
   .
   c:\program files\HP\FlexDeploy\Client Software\FlxApUpd.exe
   c:\winnt\drivers\notebooks\audio\stacsv.exe
   c:\winnt\System32\SCardSvr.exe
   c:\program files\Avira\AntiVir Desktop\avguard.exe
   c:\program files\Bonjour\mDNSResponder.exe
   c:\program files\Java\jre7\bin\jqs.exe
   c:\program files\Kontiki\KService.exe
   c:\winnt\system32\nvsvc32.exe
   c:\winnt\system32\wdfmgr.exe
   c:\program files\HP\FlexDeploy\Client Software\FlxApUpd.exe
   c:\winnt\system32\wscntfy.exe
   c:\program files\Avira\AntiVir Desktop\avshadow.exe
   c:\program files\DellTPad\ApMsgFwd.exe
   c:\winnt\system32\rundll32.exe
   c:\winnt\system32\RunDLL32.exe
   c:\program files\DellTPad\HidFind.exe
   c:\program files\DellTPad\Apntex.exe
   c:\winnt\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
   c:\program files\Internet Explorer\iexplore.exe
   c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
   c:\program files\Internet Explorer\iexplore.exe
   .
   **************************************************************************
   .
   Sluttid: 2014-12-31  01:58:27 - datorn startades om.
   ComboFix-quarantined-files.txt  2014-12-31 00:58
   .
   Före genomsökningen: 100 365 742 080 bytes free
   Efter genomsökningen: 100 324 507 648 bytes free
   .
   WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
   [boot loader]
   timeout=2
   default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
   [operating systems]
   c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
   UnsupportedDebug="do not select this" /debug
   multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
   .
   - - End Of File - - 1046A00CF1E2D5A9FC291904CDED1ED6
   8F558EB6672622401DA993E1E865C861
   
   
    
6. Har ocksa problem med, se Wordfil

Och du

Gott Nytt Ar

Du ar ju helt grym ju, vilken verkstygslada du besitter...

Doc2.docx

[Cecilia]

Gott Nytt År!

 

Tack själv för fina ord, ett och annat har som tur fastnat under åren

 

1. När kommer felmeddelandet "The feature you are trying to use is on a CD-ROM or other revmovable disk that is not available. Insert the 'Status' disk and click OK"?

 

 

2. Starta Anteckningar.

Kopiera alla rader i rutan:

Killall::
ClearJavaCache::
File::
c:\winnt\system32\drivers\mrjgnlof.sys
c:\winnt\system32\drivers\jbigogwu.sys
c:\winnt\system32\drivers\ixkbnurx.sys
c:\winnt\system32\drivers\dqoczqgo.sys
c:\winnt\system32\drivers\riewlbtc.sys
c:\winnt\system32\drivers\lrakynxy.sys
c:\winnt\system32\drivers\ctpnwpuy.sys
c:\winnt\system32\drivers\ddvkzlyg.sys
c:\winnt\system32\drivers\uyviqmdm.sys
c:\winnt\system32\drivers\xhglmkti.sys
c:\winnt\system32\drivers\mdbuckyh.sys
c:\winnt\system32\drivers\vpsoighv.sys
c:\winnt\system32\drivers\lygjbeor.sys
c:\winnt\system32\drivers\sodbdwhh.sys
c:\winnt\system32\drivers\afgbehqe.sys
c:\winnt\system32\drivers\jvsgoqbr.sys
c:\winnt\system32\drivers\mcrdqljb.sys
c:\winnt\system32\drivers\bcpogkqs.sys
c:\winnt\system32\drivers\laihqcrw.sys
c:\winnt\TEMP\~DF1238.tmp

och klistra in i Anteckningar. Kontrollera att inga filnamn/sökvägar delas upp på två rader.

Spara filen på Skrivbordet med kodningen ANSI och med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Om du får felmeddelanden som handlar om "registernyckel" starta om datorn igen.

 

 

3. Om datorn inte startades under körningen av ComboFix så gör det.

 

4. Skanna med FRST och klistra in den nya FRST.txt.

[andzze]

1 Det finns hela tiden efter jag loggat in. Det kom upp i början efter mitt första inlägg, när jag rensade filer själv. Har nog tagit bort en fil som PCn nu frågar efter genom att slida in en CD. De finns ett bättre meddelande som har med detta att göra, se Wordfil

 

2 Fattade inte vad du menade med kodning ANSI. Fortsatte i övrigt enl. din instruktion. Här är svaret utan den kryptiska ANSI kodningen. Ska jag köra om med ev. ANSI kodning?

 

ComboFix 14-12-30.01 - XZMYYV 2014-12-31   1:41.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.46.1033.18.3572.2695 [GMT 1:00]
Körs från: c:\documents and settings\XZMYYV.CORPSAABCOM.061\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\XZMYYV~1.061\LOCALS~1\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
---- Föregående körning -------
.
c:\docume~1\XZMYYV~1.061\LOCALS~1\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\documents and settings\All Users\Application Data\3CF14ECC.CPP.iqvgsrf
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\XZMYYV.CORPSAABCOM.061\Application Data\Adobe\AdobeWin.exe
c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\zcnecda.dll
c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\winnt\EventSystem.log
c:\winnt\security\logs\scecomp.log
c:\winnt\system32\AdobePDF.dll
c:\winnt\system32\drivers\etc\hosts.ics
c:\winnt\system32\MUI\0404\tourstart.exe
c:\winnt\system32\MUI\0405\tourstart.exe
c:\winnt\system32\MUI\0406\tourstart.exe
c:\winnt\system32\MUI\0407\tourstart.exe
c:\winnt\system32\MUI\0408\tourstart.exe
c:\winnt\system32\MUI\040C\tourstart.exe
c:\winnt\system32\MUI\0410\tourstart.exe
c:\winnt\system32\MUI\0411\tourstart.exe
c:\winnt\system32\MUI\0412\tourstart.exe
c:\winnt\system32\MUI\0413\tourstart.exe
c:\winnt\system32\MUI\0415\tourstart.exe
c:\winnt\system32\MUI\0416\tourstart.exe
c:\winnt\system32\MUI\0419\tourstart.exe
c:\winnt\system32\MUI\041D\tourstart.exe
c:\winnt\system32\MUI\041f\tourstart.exe
c:\winnt\system32\MUI\0816\tourstart.exe
c:\winnt\system32\MUI\0C0A\tourstart.exe
c:\winnt\system32\P10015.exe
 

 

4

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2014
Ran by XZMYYV (administrator) on SETHNWNGXA04602 on 01-01-2015 20:17:52
Running from C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop
Loaded Profiles: XZMYYV & administrator (Available profiles: XZMYYV & administrator & localadmin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINNT\system32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(IDT, Inc.) C:\WINNT\DRIVERS\NOTEBOOKS\Audio\stacsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Kontiki Inc.) C:\Program Files\Kontiki\KService.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(NVIDIA Corporation) C:\WINNT\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\WINNT\system32\msiexec.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe

Addition.txt

Doc2.docx