Diverse skrap pa min dator

2 januari, 2015

2. I Anteckningar finns det i fönstret som kommer upp när man väljer "Spara" ett val för att välja kodning, åtminstone i nyare Windows-versioner.

Loggen du klistrar in ser ut att vara början på den gamla ComboFix-loggen. Försök en gång till att göra som jag skrev i inlägg 24. Om det går bra med ComboFix får du göra om punkt 3 och 4 också.

2 januari, 2015

Nu med ANSI kodning

ComboFix 15-01-02.01 - XZMYYV 2015-01-02 22:41:40.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.3572.2721 [GMT 1:00]
Körs från: c:\documents and settings\XZMYYV.CORPSAABCOM.061\Desktop\ComboFix.exe
Kommandoväxlar som använts :: c:\documents and settings\XZMYYV.CORPSAABCOM.061\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\winnt\system32\drivers\afgbehqe.sys"
"c:\winnt\system32\drivers\bcpogkqs.sys"
"c:\winnt\system32\drivers\ctpnwpuy.sys"
"c:\winnt\system32\drivers\ddvkzlyg.sys"
"c:\winnt\system32\drivers\dqoczqgo.sys"
"c:\winnt\system32\drivers\ixkbnurx.sys"
"c:\winnt\system32\drivers\jbigogwu.sys"
"c:\winnt\system32\drivers\jvsgoqbr.sys"
"c:\winnt\system32\drivers\laihqcrw.sys"
"c:\winnt\system32\drivers\lrakynxy.sys"
"c:\winnt\system32\drivers\lygjbeor.sys"
"c:\winnt\system32\drivers\mcrdqljb.sys"
"c:\winnt\system32\drivers\mdbuckyh.sys"
"c:\winnt\system32\drivers\mrjgnlof.sys"
"c:\winnt\system32\drivers\riewlbtc.sys"
"c:\winnt\system32\drivers\sodbdwhh.sys"
"c:\winnt\system32\drivers\uyviqmdm.sys"
"c:\winnt\system32\drivers\vpsoighv.sys"
"c:\winnt\system32\drivers\xhglmkti.sys"
"c:\winnt\TEMP\~DF1238.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\XZMYYV~1.061\LOCALS~1\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((   Filer skapade från 2014-12-02 till 2015-01-02 ))))))))))))))))))))))))))))))
.
.
2015-01-01 19:04 . 2015-01-01 19:04 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2015-01-01 19:04 . 2015-01-01 19:04 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2015-01-01 19:04 . 2015-01-01 19:04 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2015-01-01 19:04 . 2015-01-01 19:04 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2015-01-01 19:04 . 2015-01-01 19:04 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2015-01-01 19:04 . 2015-01-01 19:04 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2015-01-01 19:04 . 2015-01-01 19:04 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2015-01-01 19:04 . 2015-01-01 19:04 -------- d-----w- c:\winnt\system32\config\systemprofile\Application Data\Apple Computer
2015-01-01 18:34 . 2015-01-01 18:52 -------- d-----w- c:\documents and settings\XZMYYV.CORPSAABCOM.061\Application Data\Islopoox
2015-01-01 18:14 . 2015-01-01 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NeliGmoc
2014-12-31 00:23 . 2014-12-31 00:23 -------- d-----w- c:\documents and settings\XZMYYV.CORPSAABCOM.061\Application Data\Apple Computer
2014-12-30 23:24 . 2014-12-30 23:24 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2014-12-30 23:24 . 2014-12-30 23:24 -------- d-----w- c:\program files\Apple Software Update
2014-12-30 23:17 . 2014-12-30 23:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2014-12-30 23:01 . 2014-12-30 23:01 -------- d-----w- c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Secunia PSI
2014-12-30 23:01 . 2014-12-30 23:01 -------- d-----w- c:\program files\Secunia
2014-12-29 16:49 . 2014-12-29 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
2014-12-29 16:49 . 2014-12-29 16:49 -------- d-----w- c:\documents and settings\XZMYYV.CORPSAABCOM.061\Application Data\Avira
2014-12-29 16:48 . 2014-11-24 09:23 37352 ----a-w- c:\winnt\system32\drivers\avkmgr.sys
2014-12-29 16:48 . 2014-11-24 09:23 136216 ----a-w- c:\winnt\system32\drivers\avipbb.sys
2014-12-29 16:48 . 2014-11-24 09:23 98160 ----a-w- c:\winnt\system32\drivers\avgntflt.sys
2014-12-29 16:48 . 2014-12-29 17:10 -------- d-----w- c:\program files\Avira
2014-12-29 16:48 . 2014-12-29 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2014-12-28 09:59 . 2014-12-28 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\gug
2014-12-27 18:47 . 2014-12-27 18:47 -------- d-----w- c:\program files\ESET
2014-12-27 18:38 . 2015-01-02 21:30 -------- d-----w- C:\FRST
2014-12-27 15:41 . 2014-12-28 09:43 -------- d-----w- C:\AdwCleaner
2014-12-27 15:31 . 2014-12-27 15:31 -------- d-----w- c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-28 09:45 . 2011-06-22 07:28 18991 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\CPLOCAL.tmp
2014-12-27 15:03 . 2013-09-02 18:48 701616 ----a-w- c:\winnt\system32\FlashPlayerApp.exe
2014-12-27 15:03 . 2013-09-02 18:48 71344 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2014-11-28 12:02 . 2014-11-28 12:02 16024 ----a-w- c:\winnt\system32\drivers\psi_mf_x86.sys
2014-11-24 13:04 . 2014-01-08 18:20 229000 ------w- c:\winnt\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-04-23 39408]
"NeliGmoc"="c:\documents and settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz" [2015-01-01 327680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\winnt\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-02 196608]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2008-08-25 13537280]
"nwiz"="nwiz.exe" [2008-08-25 1630208]
"NVHotkey"="nvHotkey.dll" [2008-08-25 90112]
"NvMediaCenter"="NvMCTray.dll" [2008-08-25 86016]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-25 442467]
"AESTFltr"="c:\winnt\system32\AESTFltr.exe" [2008-08-25 466944]
"P10015"="WSCRIPT.EXE" [2008-05-08 155648]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"Synchronization Manager"="c:\winnt\system32\mobsync.exe" [2008-04-14 143360]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-11-24 702768]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-04-23 39408]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2014-11-28 591576]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-12-17 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"MaxGPOScriptWait"= 3600 (0xe10)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
"PreXPSP2ShellProtocolBehavior"= 0 (0x0)
"NoPublishingWizard"= 1 (0x1)
"NoWebServices"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2086223142-3201976994-1658009677-5376\Scripts\Logon\0\0]
"Script"=remapdrives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2086223142-3201976994-1658009677-5376\Scripts\Logon\1\0]
"Script"=login.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2086223142-3201976994-1658009677-5376\Scripts\Logon\2\0]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6009:UDP"= 6009:UDP:FlexDeploy
.
R0 msvmscsi;msvmscsi;c:\winnt\system32\drivers\msvmscsi.sys [2007-06-08 16112]
R1 avkmgr;avkmgr;c:\winnt\system32\drivers\avkmgr.sys [2014-12-29 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-12-29 431920]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-11-20 166192]
R2 FlexClient;HP FlexDeploy Client Service;c:\program files\HP\FlexDeploy\Client Software\FlexClient.exe [2011-10-26 1421312]
R2 FlxNotifier;HP FlexDeploy Notifier Service;c:\program files\HP\FlexDeploy\Client Software\FlxNotifier.exe [2011-03-21 212992]
R2 QsRUMAgent;Quest Migration Manager RUM Agent Service;c:\winnt\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [2011-06-22 200704]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [2014-11-28 1363160]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2014-11-28 765144]
R3 AESTAud;AE Audio Service;c:\winnt\system32\drivers\AESTAud.sys [2010-06-22 108160]
R3 cvusbdrv;Broadcom USH CV;c:\winnt\system32\drivers\cvusbdrv.sys [2010-06-22 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\winnt\system32\drivers\e1y5132.sys [2010-06-22 244368]
R3 Eacfilt;Eacfilt Miniport;c:\winnt\system32\drivers\eacfilt.sys [2010-06-22 24521]
R3 PSI;PSI;c:\winnt\system32\drivers\psi_mf_x86.sys [2014-11-28 16024]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\winnt\system32\drivers\seehcri.sys [2011-01-18 27632]
S2 COSIDS_TB;COSIDS_TB;"c:\program files\cosids\bin\tbmux32.exe" --> c:\program files\cosids\bin\tbmux32.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 GTIPCI21;GTIPCI21;c:\winnt\system32\drivers\gtipci21.sys [2004-05-03 80384]
S3 HTCAND32;HTC Device Driver;c:\winnt\system32\Drivers\ANDROIDUSB.sys --> c:\winnt\system32\Drivers\ANDROIDUSB.sys [?]
S3 IFXTPM;IFXTPM;c:\winnt\system32\drivers\ifxtpm.sys [2004-09-02 32640]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\winnt\system32\drivers\ipsecw2k.sys [2010-06-22 155184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Clear_Java_Cache]
2014-12-28 09:44 28608 ----a-w- c:\deploy\Clear_Java_Cache\ClearJava.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\IE_MaxScript_Statements]
2014-12-28 09:44 12678 ----a-w- c:\deploy\MaxScriptStatements\P09125_Install.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PDFXChange]
2014-12-28 09:44 19557 ----a-w- c:\deploy\PDFXChange\DeleteRegKeys.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{57752979-A1C9-4C02-856B-FBB27AC4E02C}]
2008-04-14 03:42 78848 ----a-w- c:\winnt\system32\msiexec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73868DD9-CC9A-4F7F-B708-99F096DEAB6D}]
2008-04-14 03:42 78848 ----a-w- c:\winnt\system32\msiexec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{82B4BCFA-BB6B-4282-9165-9E58EFA284A2}]
2014-12-28 09:44 19500 ----a-w- c:\deploy\P10095_Userchoice\userchoice.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D7437546-1C71-06E2-A2D5-79108D260586}]
2014-12-28 09:44 22910 ----a-w- c:\deploy\office.12\mig_offsettings.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D91D0C90-FDEE-4BA3-98EA-F2003CB800C4}]
2008-04-14 03:42 78848 ----a-w- c:\winnt\system32\msiexec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
2009-03-08 03:32 128512 ----a-w- c:\winnt\system32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FD6F96AB-BD89-48F4-B792-BCC6362363E3}]
2008-04-14 03:42 78848 ----a-w- c:\winnt\system32\msiexec.exe
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2015-01-02 c:\winnt\Tasks\Adobe Flash Player Updater.job
- c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-02 15:03]
.
2015-01-02 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2015-01-02 c:\winnt\Tasks\GoogleUpdateTaskMachineCore1cf9098a814ed6a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-23 20:00]
.
2015-01-02 c:\winnt\Tasks\GoogleUpdateTaskMachineCore1cfef324d5c7c46.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-23 20:00]
.
2015-01-02 c:\winnt\Tasks\GoogleUpdateTaskMachineCore1cfff5ec5c1eea.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-23 20:00]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.com/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: USABHSS0000C01.nam.corp.gm.com
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-02 22:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLL'er som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'winlogon.exe'(1724)
c:\winnt\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5676)
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\OneX.DLL
c:\winnt\system32\eappprxy.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\program files\HP\FlexDeploy\Client Software\FlxApUpd.exe
c:\winnt\drivers\notebooks\audio\stacsv.exe
c:\winnt\System32\SCardSvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\winnt\system32\nvsvc32.exe
c:\winnt\system32\wdfmgr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\HP\FlexDeploy\Client Software\FlxApUpd.exe
c:\winnt\system32\wscntfy.exe
c:\winnt\system32\rundll32.exe
c:\winnt\system32\RunDLL32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\winnt\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Sluttid: 2015-01-02 23:01:11 - datorn startades om.
ComboFix-quarantined-files.txt 2015-01-02 22:01
ComboFix2.txt 2015-01-01 19:11
ComboFix3.txt 2014-12-31 00:58
.
Före genomsökningen: 101 583 962 112 bytes free
Efter genomsökningen: 101 618 810 880 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5CFA31B1A0C79BF6D9C9B71CAC70590A
8F558EB6672622401DA993E1E865C861

Och FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-01-2015
Ran by XZMYYV (administrator) on SETHNWNGXA04602 on 02-01-2015 23:02:40
Running from C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop
Loaded Profiles: XZMYYV & administrator (Available profiles: XZMYYV & administrator & localadmin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINNT\system32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(IDT, Inc.) C:\WINNT\DRIVERS\NOTEBOOKS\Audio\stacsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Kontiki Inc.) C:\Program Files\Kontiki\KService.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(NVIDIA Corporation) C:\WINNT\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe
(Microsoft Corporation) C:\WINNT\system32\wscntfy.exe
(Microsoft Corporation) C:\WINNT\system32\msiexec.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Andrea Electronics Corporation) C:\WINNT\system32\AESTFltr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(WinZip Computing, Inc.) C:\Program Files\WinZip\WZQKPICK.EXE
(Microsoft Corporation) C:\WINNT\system32\msiexec.exe
(Microsoft Corporation) C:\WINNT\explorer.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iMJPMIG8.1] => C:\WINNT\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [196608 2008-09-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NVHotkey] => rundll32.exe nvHotkey.dll,Start
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [442467 2008-08-25] (IDT, Inc.)
HKLM\...\Run: [AESTFltr] => C:\WINNT\system32\AESTFltr.exe [466944 2008-08-25] (Andrea Electronics Corporation)
HKLM\...\Run: [P10015] => WSCRIPT.EXE //B C:\LOGS\P10015\P10015_wallpaper.vbs
HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [synchronization Manager] => C:\WINNT\system32\mobsync.exe [143360 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Winlogon: [userinit] C:\WINNT\system32\userinit.exe,
HKLM\...\Winlogon: [shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [uIHost] C:\WINNT\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINNT\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINNT\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKLM\...\Policies\Explorer: [PreXPSP2ShellProtocolBehavior] 0
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-19\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-23] (Google Inc.)
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [NeliGmoc] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz"
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Home] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Fullscreen] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Tools] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Print] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Edit] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Cut] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Copy] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Paste] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Encoding] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Run: [CTFMON.EXE] => C:\WINNT\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Home] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Fullscreen] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Tools] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Print] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Edit] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Cut] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Copy] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Paste] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Encoding] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {0908d747-9de1-11dc-a3d3-9b55eee4b565} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {09919e39-0abb-11dc-bd6b-d1b38b4c2a32} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {3dcbaf14-0a11-11dc-9ab8-e92d850bdf2b} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {486f3bf8-09f7-11dc-b2c9-b590483e6432} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {bc33e1f0-0982-11dc-b647-b883c76da250} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {da2857a8-1068-11dc-ab84-f5d2d6fc9f35} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {fbbe4110-15f4-11dc-a66b-b8f89be89c32} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINNT\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-23] (Google Inc.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [435096 2008-11-04] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\Policies\Explorer: [btn_Home] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Fullscreen] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Tools] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Print] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Edit] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Cut] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Copy] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Paste] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Encoding] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
AutoConfigURL: [s-1-5-19] => http://autoproxy.gm.com
AutoConfigURL: [s-1-5-20] => http://autoproxy.gm.com
AutoConfigURL: [s-1-5-21-2086223142-3201976994-1658009677-500] => http://pviapc.rsh.europe.gm.com/gmeproxy.pac
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com/
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2086223142-3201976994-1658009677-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Länkhjälp till Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PDFXChange 4.0 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2086223142-3201976994-1658009677-4238 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mygmgw.gm.com/http://sethnma03.eur.corp.gm.com/iNotes6W.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8462336 2011-01-21] (Microsoft Corporation)
Winsock: Catalog5 01 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINNT\system32\winrnr.dll [16896] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Winsock: Catalog9 01 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 14 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 15 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 16 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 17 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 18 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 19 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 20 C:\WINNT\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Winsock: Catalog9 21 C:\WINNT\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINNT\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINNT\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF StartMenuInternet: FIREFOX.EXE - C:\firefox\FirefoxPortable\App\Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-12]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2014-12-27] (Adobe Systems Incorporated)
S4 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
R3 ALG; C:\WINNT\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation)
S4 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
S2 Ati HotKey Poller; C:\WINNT\system32\Ati2evxx.exe [344064 2005-01-20] (ATI Technologies Inc.)
R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R3 BITS; C:\WINNT\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S4 Browser; C:\WINNT\System32\browser.dll [77824 2008-04-14] (Microsoft Corporation)
S3 CiSvc; C:\WINNT\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
S3 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
S3 COMSysApp; C:\WINNT\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
R2 CryptSvc; C:\WINNT\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)
R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation)
S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\WINNT\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)
R2 Dot3svc; C:\WINNT\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation)
R2 EapHost; C:\WINNT\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
R2 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
S4 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)
S4 Fax; C:\WINNT\system32\fxssvc.exe [267776 2008-04-14] (Microsoft Corporation)
R2 FlexClient; C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe [1421312 2011-10-26] (HP) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-06-21] (Macrovision Europe Ltd.) [File not signed]
R2 FlxNotifier; C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe [212992 2011-03-21] (HP) [File not signed]
R2 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
R2 HidServ; C:\WINNT\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation)
S3 hkmsvc; C:\WINNT\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
S3 ImapiService; C:\WINNT\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-27] (Oracle Corporation)
R2 KService; C:\Program Files\Kontiki\KService.exe [4873768 2010-07-28] (Kontiki Inc.)
R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
S4 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S3 mnmsrvc; C:\WINNT\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
S3 MSDTC; C:\WINNT\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
R3 MSIServer; C:\WINNT\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation)
S3 napagent; C:\WINNT\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINNT\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NetDDE; C:\WINNT\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
R2 Netlogon; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R3 Netman; C:\WINNT\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
R2 NVSvc; C:\WINNT\system32\nvsvc32.exe [159812 2008-08-25] (NVIDIA Corporation)
R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\WINNT\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PolicyAgent; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 QsRUMAgent; C:\WINNT\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [200704 2011-02-04] (Quest Software) [File not signed]
S4 RasAuto; C:\WINNT\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
R3 RasMan; C:\WINNT\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation)
S3 RpcLocator; C:\WINNT\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation)
R2 RpcSs; C:\WINNT\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINNT\system32\rsvp.exe [132608 2001-08-23] (Microsoft Corporation)
R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
R2 Schedule; C:\WINNT\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)
R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 SENS; C:\WINNT\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)
R2 Spooler; C:\WINNT\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
R2 srservice; C:\WINNT\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
S4 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
R2 STacSV; c:\winnt\drivers\notebooks\audio\stacsv.exe [221273 2008-08-25] (IDT, Inc.)
R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)
S3 SwPrv; C:\WINNT\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)
R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)
R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation)
S4 Themes; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)
S3 TlntSvr; C:\WINNT\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
S4 TrkWks; C:\WINNT\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
R2 UMWdf; C:\WINNT\system32\wdfmgr.exe [38912 2005-01-28] (Microsoft Corporation)
S3 upnphost; C:\WINNT\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation)
S3 UPS; C:\WINNT\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)
R2 W32Time; C:\WINNT\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
S4 WebClient; C:\WINNT\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation)
R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [25088 2005-01-28] (Microsoft Corporation)
S3 Wmi; C:\WINNT\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINNT\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
R3 WPFFontCache_v0400; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [753504 2010-03-18] (Microsoft Corporation)
R2 wscsvc; C:\WINNT\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)
R2 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation)
S3 xmlprov; C:\WINNT\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
S2 COSIDS_TB; "C:\Program Files\cosids\bin\tbmux32.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation)
R0 ACPIEC; C:\WINNT\System32\DRIVERS\ACPIEC.sys [11648 2001-08-23] (Microsoft Corporation)
S3 aeaudio; C:\WINNT\System32\drivers\aeaudio.sys [127744 2004-11-08] (Andrea Electronics Corporation) [File not signed]
S3 aec; C:\WINNT\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R3 AESTAud; C:\WINNT\System32\drivers\AESTAud.sys [108160 2008-08-25] (Andrea Electronics Corporation)
R1 AFD; C:\WINNT\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)
R0 AliIde; C:\WINNT\System32\DRIVERS\aliide.sys [5248 2001-08-17] (Acer Laboratories Inc.)
R3 ApfiltrService; C:\WINNT\System32\DRIVERS\Apfiltr.sys [170032 2008-09-02] (Alps Electric Co., Ltd.)
R3 Arp1394; C:\WINNT\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation)
S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation)
R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation)
S3 ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [965632 2005-01-20] (ATI Technologies Inc.)
S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)
R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R2 avgntflt; C:\WINNT\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINNT\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINNT\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 b57w2k; C:\WINNT\System32\DRIVERS\b57xp32.sys [190592 2004-11-16] (Broadcom Corporation)
R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2001-08-23] (Microsoft Corporation)
S3 Bridge; C:\WINNT\System32\DRIVERS\bridge.sys [71552 2008-04-13] (Microsoft Corporation)
S3 BridgeMP; C:\WINNT\System32\DRIVERS\bridge.sys [71552 2008-04-13] (Microsoft Corporation)
S3 BTWUSB; C:\WINNT\System32\Drivers\btwusb.sys [55320 2004-11-04] (Broadcom Corporation.) [File not signed]
S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2001-08-23] (Microsoft Corporation)
S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2001-08-23] (Microsoft Corporation)
R4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation)
R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation)
R3 CmBatt; C:\WINNT\System32\DRIVERS\CmBatt.sys [13952 2008-04-13] (Microsoft Corporation)
R0 Compbatt; C:\WINNT\System32\DRIVERS\compbatt.sys [10240 2008-04-13] (Microsoft Corporation)
R0 Cpqarray; C:\WINNT\System32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation)
R3 cvusbdrv; C:\WINNT\System32\Drivers\cvusbdrv.sys [32808 2008-09-02] (Broadcom Corporation)
R0 dac960nt; C:\WINNT\System32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation)
R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation)
S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software)
R0 dmio; C:\WINNT\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software)
R0 dmload; C:\WINNT\System32\drivers\dmload.sys [5888 2001-08-23] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)
R3 e1yexpress; C:\WINNT\System32\DRIVERS\e1y5132.sys [244368 2008-08-25] (Intel Corporation)
R3 Eacfilt; C:\WINNT\System32\DRIVERS\eacfilt.sys [24521 2005-09-06] (Nortel Networks) [File not signed]
S4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation)
S3 Fdc; C:\WINNT\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation)
R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation)
S3 Flpydisk; C:\WINNT\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation)
R0 FltMgr; C:\WINNT\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation)
U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2001-08-23] (Microsoft Corporation)
R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2001-08-23] (Microsoft Corporation)
R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)
S3 GTIPCI21; C:\WINNT\System32\DRIVERS\gtipci21.sys [80384 2004-05-03] (Texas Instruments)
R3 HDAudBus; C:\WINNT\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
R3 HECI; C:\WINNT\System32\DRIVERS\HECI.sys [40832 2008-06-19] (Intel Corporation)
R3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation)
S3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation)
R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation)
S3 ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [776349 2004-12-21] (Intel Corporation) [File not signed]
R0 iaStor; C:\WINNT\System32\DRIVERS\iaStor.sys [318488 2008-09-02] (Intel Corporation)
S3 IFXTPM; C:\WINNT\System32\DRIVERS\IFXTPM.SYS [32640 2004-09-02] (Infineon Technologies AG)
R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation)
R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation)
R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation)
S3 Ip6Fw; C:\WINNT\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2001-08-23] (Microsoft Corporation)
S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation)
R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation)
R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation)
S3 IPSECEXT; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155184 2005-09-06] (Nortel Networks NA, Inc.) [File not signed]
R3 IPSECSHM; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155184 2005-09-06] (Nortel Networks NA, Inc.) [File not signed]
S3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation)
R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation)
R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation)
R1 kbdhid; C:\WINNT\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation)
R3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2001-08-23] (Microsoft Corporation)
S3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation)
R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation)
R3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation)
S3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation)
R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation)
R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation)
S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)
S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)
R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation)
R0 msvmscsi; C:\WINNT\System32\DRIVERS\msvmscsi.sys [16112 2004-07-14] (Microsoft Corporation)
R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation)
R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)
R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation)
R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation)
R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [40960 2010-11-02] (Microsoft Corporation)
R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation)
R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation)
R3 NETw5x32; C:\WINNT\System32\DRIVERS\NETw5x32.sys [4203392 2009-05-28] (Intel Corporation)
R3 NIC1394; C:\WINNT\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation)
R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation)
R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation)
R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2001-08-23] (Microsoft Corporation)
R3 nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [6591872 2008-08-25] (NVIDIA Corporation)
S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2001-08-23] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2001-08-23] (Microsoft Corporation)
R0 ohci1394; C:\WINNT\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation)
S3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation)
R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation)
S4 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2001-08-23] (Microsoft Corporation)
R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation)
R0 PCIIde; C:\WINNT\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation)
R0 Pcmcia; C:\WINNT\System32\DRIVERS\pcmcia.sys [120192 2008-04-13] (Microsoft Corporation)
R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation)
R3 PSched; C:\WINNT\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation)
R3 PSI; C:\WINNT\System32\DRIVERS\psi_mf_x86.sys [16024 2014-11-28] (Secunia)
R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2001-08-23] (Parallel Technologies, Inc.)
R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2001-08-23] (Microsoft Corporation)
S3 Rasirda; C:\WINNT\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation)
R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation)
R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2001-08-23] (Microsoft Corporation)
R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation)
R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2001-08-23] (Microsoft Corporation)
R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation)
R3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139656 2011-06-24] (Microsoft Corporation)
R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
R2 rimmptsk; C:\WINNT\System32\DRIVERS\rimmptsk.sys [39936 2008-09-02] (REDC)
R3 sdbus; C:\WINNT\System32\DRIVERS\sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 seehcri; C:\WINNT\System32\DRIVERS\seehcri.sys [27632 2011-01-18] (Sony Ericsson Mobile Communications)
R3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation)
R1 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation)
S3 sffdisk; C:\WINNT\System32\DRIVERS\sffdisk.sys [11904 2008-04-13] (Microsoft Corporation)
S3 sffp_sd; C:\WINNT\System32\DRIVERS\sffp_sd.sys [11008 2008-04-13] (Microsoft Corporation)
S3 Sfloppy; C:\WINNT\System32\DRIVERS\sfloppy.sys [11392 2008-04-13] (Microsoft Corporation)
S3 SMCIRDA; C:\WINNT\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)
R3 smsmdd; C:\WINNT\System32\DRIVERS\smsmdm.sys [12448 2008-10-20] (Microsoft Corporation)
S3 smwdm; C:\WINNT\System32\drivers\smwdm.sys [259840 2004-10-13] (Analog Devices, Inc.) [File not signed]
R0 Sparrow; C:\WINNT\System32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.)
S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation)
R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation)
R1 ssmdrv; C:\WINNT\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
R3 STHDA; C:\WINNT\System32\drivers\sthda.sys [1381914 2008-08-25] (IDT, Inc.)
S3 StillCam; C:\WINNT\System32\DRIVERS\serscan.sys [6784 2001-08-17] (Microsoft Corporation)
R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation)
S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
R0 Symmpi; C:\WINNT\System32\DRIVERS\symmpi.sys [103552 2007-04-19] (LSI Logic)
R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation)
S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)
R3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation)
R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
S3 tifm21; C:\WINNT\System32\drivers\tifm21.sys [157056 2005-02-11] (Texas Instruments)
S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation)
R3 Update; C:\WINNT\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation)
R3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [32128 2008-04-13] (Microsoft Corporation)
R3 USBCCID; C:\WINNT\System32\DRIVERS\usbccid.sys [28672 2008-09-02] (Microsoft Corporation)
R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [30208 2008-04-13] (Microsoft Corporation)
R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation)
S3 usbprint; C:\WINNT\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation)
S3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [15104 2008-04-13] (Microsoft Corporation)
S3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation)
R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation)
S3 USB_RNDIS; C:\WINNT\System32\DRIVERS\usb8023.sys [12800 2008-04-13] (Microsoft Corporation)
S3 usb_rndisx; C:\WINNT\System32\DRIVERS\usb8023x.sys [12800 2008-04-13] (Microsoft Corporation)
R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation)
R0 ViaIde; C:\WINNT\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation)
R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation)
S3 w29n51; C:\WINNT\System32\DRIVERS\w29n51.sys [3210496 2004-10-19] (Intel® Corporation) [File not signed]
R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation)
R3 Wdf01000; C:\WINNT\System32\DRIVERS\Wdf01000.sys [503144 2008-01-19] (Microsoft Corporation)
R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
R1 WmiAcpi; C:\WINNT\System32\DRIVERS\wmiacpi.sys [8832 2008-04-13] (Microsoft Corporation)
S3 WpdUsb; C:\WINNT\System32\Drivers\wpdusb.sys [18944 2005-01-28] (Microsoft Corporation)
R1 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2001-08-23] (Microsoft Corporation)
S3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [X]
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
U5 ScsiPort; C:\WINNT\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U.%99M%20 T8267; No ImagePath
U3 mbr; \??\C:\DOCUME~1\XZMYYV~1.061\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 23:02 - 2015-01-02 23:03 - 00050637 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\FRST.txt
2015-01-02 23:01 - 2015-01-02 23:03 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\temp
2015-01-02 23:01 - 2015-01-02 23:01 - 00020503 _____ () C:\ComboFix.txt
2015-01-02 23:01 - 2015-01-02 23:01 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-01-02 23:01 - 2015-01-02 23:01 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-01-02 23:01 - 2015-01-02 23:01 - 00000000 ____D () C:\Documents and Settings\administrator.corpsaabcom\Local Settings\temp
2015-01-02 22:38 - 2015-01-02 22:38 - 00000000 _RSHD () C:\cmdcons
2015-01-02 22:25 - 2015-01-02 22:25 - 00090112 _____ () C:\WINNT\Minidump\Mini010215-01.dmp
2015-01-01 20:04 - 2015-01-01 20:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-01-01 19:34 - 2015-01-01 19:52 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Islopoox
2015-01-01 19:14 - 2015-01-01 19:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NeliGmoc
2014-12-31 10:24 - 2015-01-02 22:25 - 00000000 ____D () C:\WINNT\Minidump
2014-12-31 10:24 - 2014-12-31 10:24 - 00090112 _____ () C:\WINNT\Minidump\Mini123114-01.dmp
2014-12-31 01:23 - 2014-12-31 01:23 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Apple Computer
2014-12-31 01:17 - 2015-01-02 22:49 - 00406118 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-12-31 01:17 - 2014-12-31 01:17 - 00406118 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2086223142-3201976994-1658009677-4238-0.dat
2014-12-31 01:04 - 2015-01-02 22:22 - 00000323 _____ () C:\Boot.bak
2014-12-31 01:04 - 2004-08-03 23:00 - 00260784 __RSH () C:\cmldr
2014-12-31 01:02 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINNT\NIRCMD.exe
2014-12-31 00:55 - 2011-06-26 07:45 - 00256000 _____ () C:\WINNT\PEV.exe
2014-12-31 00:55 - 2010-11-07 18:20 - 00208896 _____ () C:\WINNT\MBR.exe
2014-12-31 00:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINNT\SWREG.exe
2014-12-31 00:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINNT\SWSC.exe
2014-12-31 00:55 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINNT\SWXCACLS.exe
2014-12-31 00:55 - 2000-08-31 01:00 - 00098816 _____ () C:\WINNT\sed.exe
2014-12-31 00:55 - 2000-08-31 01:00 - 00080412 _____ () C:\WINNT\grep.exe
2014-12-31 00:55 - 2000-08-31 01:00 - 00068096 _____ () C:\WINNT\zip.exe
2014-12-31 00:54 - 2015-01-02 23:01 - 00000000 ____D () C:\Qoobox
2014-12-31 00:52 - 2015-01-02 22:19 - 05605575 ____R (Swearware) C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\ComboFix.exe
2014-12-31 00:51 - 2015-01-01 19:55 - 00000000 ____D () C:\WINNT\erdnt
2014-12-31 00:24 - 2015-01-02 22:36 - 00032360 _____ () C:\WINNT\SchedLgU.Txt
2014-12-31 00:24 - 2015-01-02 17:34 - 00000284 _____ () C:\WINNT\Tasks\AppleSoftwareUpdate.job
2014-12-31 00:24 - 2014-12-31 00:24 - 00001826 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
2014-12-31 00:24 - 2014-12-31 00:24 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-12-31 00:24 - 2014-12-31 00:24 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Apple Computer
2014-12-31 00:17 - 2015-01-02 22:58 - 00009763 _____ () C:\WINNT\SecuniaPackage.log
2014-12-31 00:17 - 2014-12-31 00:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
2014-12-31 00:17 - 2014-12-31 00:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Macromedia
2014-12-31 00:17 - 2014-12-31 00:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Adobe
2014-12-31 00:17 - 2014-12-31 00:17 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\Macromedia
2014-12-31 00:01 - 2014-12-31 18:48 - 00000716 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
2014-12-31 00:01 - 2014-12-31 00:01 - 00000000 ____D () C:\Program Files\Secunia
2014-12-31 00:01 - 2014-12-31 00:01 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Secunia PSI
2014-12-29 17:59 - 2014-12-29 18:10 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-12-29 17:49 - 2014-12-29 18:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-12-29 17:49 - 2014-12-29 17:49 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Avira
2014-12-29 17:48 - 2014-12-29 18:10 - 00000000 ____D () C:\Program Files\Avira
2014-12-29 17:48 - 2014-12-29 18:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-12-29 17:48 - 2014-12-29 17:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira
2014-12-29 17:48 - 2014-12-29 17:48 - 00001707 _____ () C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
2014-12-29 17:48 - 2014-11-24 10:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINNT\system32\Drivers\avipbb.sys
2014-12-29 17:48 - 2014-11-24 10:23 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\WINNT\system32\Drivers\avgntflt.sys
2014-12-29 17:48 - 2014-11-24 10:23 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINNT\system32\Drivers\avkmgr.sys
2014-12-29 17:48 - 2014-11-24 10:23 - 00028520 _____ (Avira GmbH) C:\WINNT\system32\Drivers\ssmdrv.sys
2014-12-28 10:59 - 2014-12-28 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\gug
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\xzmyyv\Local Settings\Application Data\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\SYSTEM\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\si_flexmanage_corp\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\Installation\My Documents\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\Installation\Local Settings\Application Data\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\Installation\how_decrypt.html
2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\All Users\how_decrypt.html
2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\All Users\Application Data\how_decrypt.html
2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\how_decrypt.html
2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\Administrator\how_decrypt.html
2014-12-28 10:38 - 2014-12-28 11:03 - 00001169 _____ () C:\WINNT\ars.ffx
2014-12-28 10:35 - 2014-12-29 17:18 - 00000777 _____ () C:\WINNT\intpcii.dtr
2014-12-27 19:47 - 2014-12-27 19:47 - 00000000 ____D () C:\Program Files\ESET
2014-12-27 19:38 - 2015-01-02 23:02 - 00000000 ____D () C:\FRST
2014-12-27 19:37 - 2015-01-02 22:29 - 01115136 _____ (Farbar) C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\FRST.exe
2014-12-27 16:41 - 2014-12-28 10:43 - 00000000 ____D () C:\AdwCleaner
2014-12-27 16:38 - 2014-12-27 16:38 - 02173952 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\adwcleaner_4.106.exe
2014-12-27 16:31 - 2014-12-27 16:31 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Deployment
2014-12-27 14:31 - 2014-12-27 14:38 - 00748775 _____ () C:\Documents and Settings\All Users\Application Data\rfppkti.html

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 23:02 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\Temp
2015-01-02 23:01 - 2005-06-20 16:47 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-02 22:55 - 2008-12-18 23:00 - 00000000 ____D () C:\WINNT
2015-01-02 22:55 - 2001-08-23 03:00 - 00000227 _____ () C:\WINNT\system.ini
2015-01-02 22:54 - 2010-06-21 21:54 - 00189541 _____ () C:\WINNT\system32\nvapps.xml
2015-01-02 22:54 - 2010-06-21 15:58 - 00179694 _____ () C:\WINNT\system32\nvModes.001
2015-01-02 22:53 - 2014-11-13 17:22 - 00000978 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore1cfff5ec5c1eea.job
2015-01-02 22:53 - 2014-10-24 03:29 - 00000978 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore1cfef324d5c7c46.job
2015-01-02 22:53 - 2014-06-25 18:12 - 00000978 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore1cf9098a814ed6a.job
2015-01-02 22:51 - 2005-06-20 16:39 - 01518997 _____ () C:\WINNT\WindowsUpdate.log
2015-01-02 22:50 - 2011-10-12 09:31 - 00000157 _____ () C:\WINNT\wiadebug.log
2015-01-02 22:50 - 2011-10-12 09:31 - 00000050 _____ () C:\WINNT\wiaservc.log
2015-01-02 22:50 - 2005-06-20 16:48 - 00000006 ____H () C:\WINNT\Tasks\SA.DAT
2015-01-02 22:49 - 2012-03-05 22:53 - 00000178 ___SH () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\ntuser.ini
2015-01-02 22:49 - 2012-03-05 22:53 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061
2015-01-02 22:41 - 2011-06-27 09:44 - 00000178 ___SH () C:\Documents and Settings\administrator.corpsaabcom\ntuser.ini
2015-01-02 22:41 - 2011-06-27 09:44 - 00000000 ____D () C:\Documents and Settings\administrator.corpsaabcom
2015-01-02 22:38 - 2005-06-20 12:25 - 00000323 __RSH () C:\boot.ini
2015-01-02 22:25 - 2010-06-22 08:53 - 00000000 __SHD () C:\WINNT\CSC
2015-01-02 22:25 - 2001-08-23 03:00 - 00002206 _____ () C:\WINNT\system32\wpa.dbl
2015-01-02 22:05 - 2013-09-02 19:48 - 00000826 _____ () C:\WINNT\Tasks\Adobe Flash Player Updater.job
2015-01-02 22:04 - 2010-06-21 15:58 - 00179694 _____ () C:\WINNT\system32\nvModes.dat
2015-01-01 22:48 - 2008-04-30 19:23 - 00000000 ____D () C:\WINNT\system32\NtmsData
2015-01-01 22:24 - 2007-05-11 19:49 - 00000664 _____ () C:\WINNT\system32\d3d9caps.dat
2015-01-01 21:58 - 2005-06-20 16:36 - 00000000 ____D () C:\WINNT\Registration
2015-01-01 20:04 - 2011-02-08 10:09 - 00000000 ____D () C:\Program Files\QuickTime
2014-12-31 18:48 - 2011-10-21 12:26 - 00164927 _____ () C:\WINNT\setupapi.log
2014-12-31 10:20 - 2014-07-08 16:42 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\Unused Desktop Shortcuts
2014-12-31 01:26 - 2012-06-21 21:45 - 00007973 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2014-12-31 01:10 - 2012-03-05 22:56 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Adobe
2014-12-31 00:17 - 2011-01-19 08:50 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-12-31 00:15 - 2010-06-21 16:42 - 00000000 ____D () C:\WINNT\system32\Adobe
2014-12-30 23:32 - 2012-06-21 21:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2014-12-30 23:29 - 2011-07-25 06:30 - 00000000 ____D () C:\Program Files\HP
2014-12-29 21:13 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\repair
2014-12-29 18:02 - 2007-05-14 16:44 - 00000000 ____D () C:\WINNT\Microsoft.NET
2014-12-29 17:58 - 2005-06-20 12:29 - 00534912 _____ () C:\WINNT\system32\PerfStringBackup.INI
2014-12-29 17:56 - 2007-12-06 22:44 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-12-29 17:47 - 2014-01-08 19:16 - 00001945 _____ () C:\WINNT\epplauncher.mif
2014-12-28 21:26 - 2010-06-21 16:01 - 00000000 ____D () C:\Documents and Settings\Installation\Local Settings\Temp
2014-12-28 21:26 - 2005-06-20 17:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-12-28 21:18 - 2011-07-25 06:30 - 00000000 ____D () C:\Documents and Settings\si_flexmanage_corp\Local Settings\Temp
2014-12-28 21:18 - 2005-06-21 15:15 - 00000000 ___HD () C:\WINNT\system32\GroupPolicy
2014-12-28 21:11 - 2012-06-21 22:13 - 00099800 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-12-28 10:55 - 2010-10-26 09:02 - 00000000 ____D () C:\STM
2014-12-28 10:51 - 2012-04-06 16:55 - 00000000 __SHD () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\PrivacIE
2014-12-28 10:45 - 2014-01-08 19:21 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache
2014-12-28 10:45 - 2012-09-09 20:21 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\HpUpdate
2014-12-28 10:45 - 2012-06-16 10:45 - 00000000 __SHD () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\IECompatCache
2014-12-28 10:45 - 2012-03-05 17:10 - 00000000 ____D () C:\Documents and Settings\xzmyyv\Local Settings\Application Data\Htc
2014-12-28 10:45 - 2012-03-05 17:08 - 00000000 __SHD () C:\Documents and Settings\xzmyyv\IETldCache
2014-12-28 10:45 - 2011-07-25 06:28 - 00000000 ___SD () C:\Documents and Settings\si_flexmanage_corp\UserData
2014-12-28 10:45 - 2011-07-25 06:28 - 00000000 ____D () C:\Documents and Settings\si_flexmanage_corp
2014-12-28 10:45 - 2011-06-22 08:28 - 00018991 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\CPLOCAL.tmp
2014-12-28 10:45 - 2010-06-28 11:28 - 00100312 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-12-28 10:45 - 2010-06-22 09:56 - 00000000 ____D () C:\Documents and Settings\SYSTEM
2014-12-28 10:45 - 2010-06-21 16:56 - 00040807 _____ () C:\Documents and Settings\Installation\My Documents\lotusinstall.log
2014-12-28 10:45 - 2010-06-21 16:01 - 00000000 ___SD () C:\Documents and Settings\Installation\UserData
2014-12-28 10:45 - 2010-06-21 16:01 - 00000000 ____D () C:\Documents and Settings\Installation
2014-12-28 10:45 - 2007-12-06 22:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-12-28 10:45 - 2005-06-20 16:39 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2014-12-28 10:44 - 2014-05-12 18:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A
2014-12-28 10:44 - 2014-05-07 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\jzirf0qmf.cpp
2014-12-28 10:44 - 2012-01-12 12:49 - 00000000 __SHD () C:\Documents and Settings\administrator.corpsaabcom\IETldCache
2014-12-28 10:44 - 2011-06-27 09:44 - 00000000 ___SD () C:\Documents and Settings\administrator.corpsaabcom\UserData
2014-12-28 10:44 - 2010-08-31 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kontiki
2014-12-28 10:44 - 2010-06-21 16:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
2014-12-28 10:44 - 2005-06-21 14:17 - 00000000 ___SD () C:\Documents and Settings\Administrator\UserData
2014-12-28 10:44 - 2005-06-20 17:27 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-12-27 22:48 - 2011-01-26 10:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PDF-XChange 4 Pro
2014-12-27 19:13 - 2005-06-20 12:25 - 00001024 ____H () C:\WINNT\system32\config\userdiff.LOG
2014-12-27 16:28 - 2010-07-01 07:54 - 00000000 ____D () C:\Program Files\Google
2014-12-27 16:09 - 2012-03-05 17:09 - 00000000 ____D () C:\Documents and Settings\xzmyyv\Local Settings\Temp
2014-12-27 16:03 - 2013-09-02 19:48 - 00701616 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerApp.exe
2014-12-27 16:03 - 2013-09-02 19:48 - 00071344 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerCPLApp.cpl
2014-12-27 16:02 - 2014-08-17 17:30 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Adobe
2014-12-27 14:37 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\system32\ias
2014-12-27 14:36 - 2007-05-29 03:17 - 00000000 ____D () C:\WINNT\SHELLNEW
2014-12-27 14:35 - 2011-06-22 13:18 - 00000000 ____D () C:\WINNT\Quest Resource Updating Agent
2014-12-27 14:35 - 2005-06-20 17:46 - 00000000 ____D () C:\Program Files\WinZip
2014-12-27 14:34 - 2011-10-12 07:12 - 00000000 ____D () C:\Program Files\Advanced SystemCare 4
2014-12-27 14:34 - 2010-06-22 09:34 - 00000000 ____D () C:\Program Files\Windows Imaging
2014-12-27 14:34 - 2007-05-14 19:51 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-12-27 14:34 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\mui
2014-12-27 14:33 - 2010-06-21 16:07 - 00000000 __HDC () C:\WINNT\$NtServicePackUninstall$
2014-12-27 14:32 - 2013-10-19 21:18 - 00000000 ___RD () C:\Program Files\Skype
2014-12-27 14:32 - 2010-06-22 08:41 - 00000000 ____D () C:\Program Files\VPN Client
2014-12-27 14:32 - 2007-05-29 03:19 - 00000000 ____D () C:\Program Files\Snapshot Viewer
2014-12-27 14:31 - 2011-06-17 11:11 - 00000000 ____D () C:\Program Files\MaximoSilentPrint
2014-12-27 14:31 - 2010-06-28 11:15 - 00000000 ____D () C:\Program Files\PC Information
2014-12-27 14:31 - 2007-12-18 22:36 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2014-12-27 14:31 - 2005-06-20 16:37 - 00000000 ____D () C:\Program Files\Outlook Express
2014-12-27 14:27 - 2013-10-19 21:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-12-27 14:24 - 2001-08-23 03:00 - 00000710 _____ () C:\WINNT\win.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINNT\explorer.exe => File is digitally signed
C:\WINNT\system32\winlogon.exe => File is digitally signed
C:\WINNT\system32\svchost.exe => File is digitally signed
C:\WINNT\system32\services.exe => File is digitally signed
C:\WINNT\system32\User32.dll => File is digitally signed
C:\WINNT\system32\userinit.exe => File is digitally signed
C:\WINNT\system32\rpcss.dll => File is digitally signed
C:\WINNT\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Addition.txt

3 januari, 2015

Det är något kvar i datorn som återskapar ett par dålig mappar när man tar bort dem.

2015-01-01 19:34 - 2015-01-01 19:52 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Islopoox

2015-01-01 19:14 - 2015-01-01 19:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NeliGmoc

1. Spara RougueKiller på Skrivbordet: http://www.adlice.com/softs/roguekiller/RogueKiller.exe

Stäng av alla program.

Ta bort alla externa enheter, t ex USB-minnen och externa hårddiskar, utom tangentbord och mus. Låt dem vara bortkopplade medan rensningen pågår.

Kör RogueKiller (i Vista och Windows 7 högerklicka på programmet och välj "Kör som administratör). Om det inte går att köra så pröva flera gång, men om det fortfarande inte går så pröva med att döpa om programmet till winlogon.exe.

Vänta tills "Prescan" har avslutats.

Klicka på "Scan"-knappen uppe till höger.

Vänta tills skanningen är klar.

En rapport "RKreport.txt" ska då ha skapats på Skrivbordet. Klistra in innehållet i den i ditt svar.

2. Känner du till detta?

HKLM\...\Run: [P10015] => WSCRIPT.EXE //B C:\LOGS\P10015\P10015_wallpaper.vbs

4 januari, 2015

Kvar i datorn:

Första filen hittade jag och tog bort manuelt

Andra länken finnsr inte mappen C:\Documents and Settings\All Users\Application Data

1.

Programmet scannar bara ca 1s sen stannar det, med båda namnen

2

Nopp, den känner jag inte till

4 januari, 2015

1. Starta programmet Anteckningar.

Kopiera alla rader i rutan:

HKLM\...\Run: [P10015] => WSCRIPT.EXE //B C:\LOGS\P10015\P10015_wallpaper.vbs
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
2015-01-01 19:34 - 2015-01-01 19:52 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Islopoox
2015-01-01 19:14 - 2015-01-01 19:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NeliGmoc

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

Stäng av alla program.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Om datorn inte startas om automatiskt så gör det själv.

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

2. Pröva med RogueKiller igen.

Om det fortfarande inte fungerar så tryck F8 upprepade gånger under uppstarten av datorn och välj felsäkert läge i menyn som kommer upp.

Pröva med RogueKiller igen.

Om det fortfarande inte fungerar starta datorn i normalt läge och kör TDSSKiller i stället:

Spara TDSSKiller på Skrivbordet: http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.

Kör programmet TDSSKiller.exe.

Klicka på "Start Scan".

Om några malicious hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Om några suspicious hittas så välj Skip och klicka på Continue. Välj INTE Quarantine eller Delete. Eventuellt behöver datorn startas om.

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

7 januari, 2015

FRST log;

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015

Ran by XZMYYV at 2015-01-07 21:54:31 Run:3

Running from C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop

Loaded Profiles: XZMYYV & administrator (Available profiles: XZMYYV & administrator & localadmin)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

HKLM\...\Run: [P10015] => WSCRIPT.EXE //B C:\LOGS\P10015\P10015_wallpaper.vbs

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

2015-01-01 19:34 - 2015-01-01 19:52 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Islopoox

2015-01-01 19:14 - 2015-01-01 19:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NeliGmoc

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\P10015 => value deleted successfully.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.

"C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Islopoox" => File/Directory not found.

C:\Documents and Settings\All Users\Application Data\NeliGmoc => Moved successfully.

==== End of Fixlog 21:54:31 ====

RoughKiller funkade nu, dock fick jag aldrig något val att köra som administratör utan efter högerklickning och "run as" så startade den som vanligt

RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : XZMYYV [Administrator]

Mode : Scan -- Date : 01/07/2015 22:04:17

¤¤¤ Processes : 4 ¤¤¤

[Proc.Injected] smss.exe(1556) -- C:\WINNT\System32\smss.exe[x] -> [NoKill]

[Proc.Injected] spoolsv.exe(1376) -- C:\WINNT\system32\spoolsv.exe[x] -> [NoKill]

[Proc.Injected] alg.exe(3604) -- C:\WINNT\System32\alg.exe[x] -> [NoKill]

[Proc.Injected] explorer.exe(3120) -- C:\WINNT\explorer.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 12 ¤¤¤

[suspicious.Path] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Windows\CurrentVersion\Run | NeliGmoc : regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz" -> Found

[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found

[PUM.HomePage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://socrates.gm.com -> Found

[PUM.HomePage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://socrates.gm.com -> Found

[PUM.HomePage] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main | Start Page : http://socrates.gm.com/ -> Found

[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found

[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found

[PUM.SearchPage] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found

[PUM.SearchPage] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found

[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found

[PUM.StartMenu] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Found

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤

[C:\WINNT\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 4 (Driver: Loaded) ¤¤¤

[shwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[549] : Unknown @ 0xb375326e

[shwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[552] : Unknown @ 0xb3753273

[iAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtCreateProcessEx : Unknown @ 0x1703ba (push dword 0x10a000f|ret |jmp 0xffffffffff0cd234|call 0x3165)

[iAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessagePos : Unknown @ 0x164932 (push dword 0xe0000c|ret |jmp 0xffffffffff3651ec|call 0xfffffffffffff733)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ST9160412ASG +++++

--- User ---

[MBR] 1f00fa8747ff0e07359ddc681e662ccb

[bSP] ee644efff71896e34fc8694eb7d939e5 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB

User = LL1 ... OK

User = LL2 ... OK

8 januari, 2015

Det ser ut som en besvärlig infektion (rootkit) och det kan vara snabbare att installera om Windows.

Jag behöver loggar som är från samma tillfälle och utan att andra program stör.

Starta om datorn.

Starta inga program.

Om du har program som startas automatiskt så stäng av dem.

Stäng av så mycket som möjligt av det som visas nere vid klockan.

Inaktivera antivirusprogram och liknande.

Starta FRST.

Bocka för Addition.txt.

Skanna datorn.

Skanna med RogueKiller.

Klistra in eller bifoga de tre loggarna.

11 januari, 2015

Enligt order:-)

Fortfarande får jag inte möjligeten att köra RK som administratör utan det blir som vanlig användare.

1.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by XZMYYV (administrator) on SETHNWNGXA04602 on 11-01-2015 14:49:06
Running from C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop
Loaded Profiles: XZMYYV & administrator (Available profiles: XZMYYV & administrator & localadmin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINNT\system32\smss.exe
(Microsoft Corporation) C:\WINNT\system32\csrss.exe
(Microsoft Corporation) C:\WINNT\system32\winlogon.exe
(Microsoft Corporation) C:\WINNT\system32\services.exe
(Microsoft Corporation) C:\WINNT\system32\lsass.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\spoolsv.exe
(IDT, Inc.) C:\WINNT\DRIVERS\NOTEBOOKS\Audio\stacsv.exe
(Microsoft Corporation) C:\WINNT\system32\scardsvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Kontiki Inc.) C:\Program Files\Kontiki\KService.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(NVIDIA Corporation) C:\WINNT\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Quest Software) C:\WINNT\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\WINNT\system32\svchost.exe
(Microsoft Corporation) C:\WINNT\system32\wdfmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe
(Microsoft Corporation) C:\WINNT\system32\wbem\wmiprvse.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINNT\system32\alg.exe
(Microsoft Corporation) C:\WINNT\system32\wuauclt.exe
(Microsoft Corporation) C:\WINNT\explorer.exe
(HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe
(Microsoft Corporation) C:\WINNT\system32\wscntfy.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\WINNT\system32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Andrea Electronics Corporation) C:\WINNT\system32\AESTFltr.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Adobe Systems Incorporated.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrodist.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(WinZip Computing, Inc.) C:\Program Files\WinZip\WZQKPICK.EXE
(Microsoft Corporation) C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\WINNT\system32\msiexec.exe
(Microsoft Corporation) C:\WINNT\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iMJPMIG8.1] => C:\WINNT\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [196608 2008-09-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NVHotkey] => rundll32.exe nvHotkey.dll,Start
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [442467 2008-08-25] (IDT, Inc.)
HKLM\...\Run: [AESTFltr] => C:\WINNT\system32\AESTFltr.exe [466944 2008-08-25] (Andrea Electronics Corporation)
HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.)
HKLM\...\Run: [synchronization Manager] => C:\WINNT\system32\mobsync.exe [143360 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Winlogon: [userinit] C:\WINNT\System32\Userinit.exe,
HKLM\...\Winlogon: [shell] explorer.exe [x ] ()
HKLM\...\Winlogon: [uIHost] C:\WINNT\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINNT\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINNT\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKLM\...\Policies\Explorer: [PreXPSP2ShellProtocolBehavior] 0
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-19\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-23] (Google Inc.)
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [NeliGmoc] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz"
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [ctfmon.exe] => C:\WINNT\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [lifiwnq] => rundll32 ",lifiwnq
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Home] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Fullscreen] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Tools] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Print] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Edit] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Cut] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Copy] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Paste] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Encoding] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Run: [CTFMON.EXE] => C:\WINNT\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Home] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Fullscreen] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Tools] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Print] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Edit] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Cut] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Copy] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Paste] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Encoding] 0
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {0908d747-9de1-11dc-a3d3-9b55eee4b565} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {09919e39-0abb-11dc-bd6b-d1b38b4c2a32} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {3dcbaf14-0a11-11dc-9ab8-e92d850bdf2b} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {486f3bf8-09f7-11dc-b2c9-b590483e6432} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {bc33e1f0-0982-11dc-b647-b883c76da250} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {da2857a8-1068-11dc-ab84-f5d2d6fc9f35} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {fbbe4110-15f4-11dc-a66b-b8f89be89c32} - F:\wd_windows_tools\setup.exe
HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINNT\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-23] (Google Inc.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [435096 2008-11-04] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\Policies\Explorer: [btn_Home] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Fullscreen] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Tools] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Print] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Edit] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Cut] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Copy] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Paste] 0
HKU\S-1-5-18\...\Policies\Explorer: [btn_Encoding] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [.DEFAULT] => http://saabproxy.saab.com/accelerated_pac_base.pac
AutoConfigURL: [s-1-5-19] => http://autoproxy.gm.com
AutoConfigURL: [s-1-5-20] => http://autoproxy.gm.com
AutoConfigURL: [s-1-5-21-2086223142-3201976994-1658009677-500] => http://pviapc.rsh.europe.gm.com/gmeproxy.pac
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com/
HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2086223142-3201976994-1658009677-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Länkhjälp till Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PDFXChange 4.0 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2086223142-3201976994-1658009677-4238 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mygmgw.gm.com/http://sethnma03.eur.corp.gm.com/iNotes6W.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8462336 2011-01-21] (Microsoft Corporation)
Winsock: Catalog5 01 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINNT\system32\winrnr.dll [16896] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Winsock: Catalog9 01 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 14 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 15 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 16 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 17 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 18 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 19 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation)
Winsock: Catalog9 20 C:\WINNT\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Winsock: Catalog9 21 C:\WINNT\system32\rsvpsp.dll [92672] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINNT\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF StartMenuInternet: FIREFOX.EXE - C:\firefox\FirefoxPortable\App\Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-12]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)
R3 ALG; C:\WINNT\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation)
S4 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
S2 Ati HotKey Poller; C:\WINNT\system32\Ati2evxx.exe [344064 2005-01-20] (ATI Technologies Inc.)
R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 BITS; C:\WINNT\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S4 Browser; C:\WINNT\System32\browser.dll [77824 2008-04-14] (Microsoft Corporation)
S3 CiSvc; C:\WINNT\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)
S3 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
S3 COMSysApp; C:\WINNT\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
R2 CryptSvc; C:\WINNT\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)
R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation)
S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software)
R2 dmserver; C:\WINNT\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)
R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)
R2 Dot3svc; C:\WINNT\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation)
R2 EapHost; C:\WINNT\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)
R2 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)
R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINNT\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
S4 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)
S4 Fax; C:\WINNT\system32\fxssvc.exe [267776 2008-04-14] (Microsoft Corporation)
R2 FlexClient; C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe [1421312 2011-10-26] (HP) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-06-21] (Macrovision Europe Ltd.) [File not signed]
R2 FlxNotifier; C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe [212992 2011-03-21] (HP) [File not signed]
R2 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)
R2 HidServ; C:\WINNT\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation)
S3 hkmsvc; C:\WINNT\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)
S3 ImapiService; C:\WINNT\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)
R2 KService; C:\Program Files\Kontiki\KService.exe [4873768 2010-07-28] (Kontiki Inc.)
R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)
S4 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)
S3 mnmsrvc; C:\WINNT\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)
S3 MSDTC; C:\WINNT\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)
R3 MSIServer; C:\WINNT\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation)
S3 napagent; C:\WINNT\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINNT\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NetDDE; C:\WINNT\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)
R2 Netlogon; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R3 Netman; C:\WINNT\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)
R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)
R2 NVSvc; C:\WINNT\system32\nvsvc32.exe [159812 2008-08-25] (NVIDIA Corporation)
R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\WINNT\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PolicyAgent; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 QsRUMAgent; C:\WINNT\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [200704 2011-02-04] (Quest Software) [File not signed]
S4 RasAuto; C:\WINNT\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)
R3 RasMan; C:\WINNT\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)
S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)
S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)
R2 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation)
S3 RpcLocator; C:\WINNT\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation)
R2 RpcSs; C:\WINNT\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINNT\system32\rsvp.exe [132608 2001-08-23] (Microsoft Corporation)
R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
R2 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
R2 Schedule; C:\WINNT\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)
R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 SENS; C:\WINNT\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)
R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)
R2 Spooler; C:\WINNT\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
R2 srservice; C:\WINNT\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)
S4 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)
R2 STacSV; c:\winnt\drivers\notebooks\audio\stacsv.exe [221273 2008-08-25] (IDT, Inc.)
R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)
S3 SwPrv; C:\WINNT\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)
S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)
R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)
R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation)
S4 Themes; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation)
S3 TlntSvr; C:\WINNT\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)
S4 TrkWks; C:\WINNT\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)
R2 UMWdf; C:\WINNT\system32\wdfmgr.exe [38912 2005-01-28] (Microsoft Corporation)
S3 upnphost; C:\WINNT\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation)
S3 UPS; C:\WINNT\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)
S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)
R2 W32Time; C:\WINNT\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)
S4 WebClient; C:\WINNT\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation)
R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [25088 2005-01-28] (Microsoft Corporation)
S3 Wmi; C:\WINNT\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation)
S3 WmiApSrv; C:\WINNT\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)
R3 WPFFontCache_v0400; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [753504 2010-03-18] (Microsoft Corporation)
R2 wscsvc; C:\WINNT\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)
R2 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)
R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation)
S3 xmlprov; C:\WINNT\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation)
S2 COSIDS_TB; "C:\Program Files\cosids\bin\tbmux32.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation)
R0 ACPIEC; C:\WINNT\System32\DRIVERS\ACPIEC.sys [11648 2001-08-23] (Microsoft Corporation)
S3 aeaudio; C:\WINNT\System32\drivers\aeaudio.sys [127744 2004-11-08] (Andrea Electronics Corporation) [File not signed]
S3 aec; C:\WINNT\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R3 AESTAud; C:\WINNT\System32\drivers\AESTAud.sys [108160 2008-08-25] (Andrea Electronics Corporation)
R1 AFD; C:\WINNT\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)
R0 AliIde; C:\WINNT\System32\DRIVERS\aliide.sys [5248 2001-08-17] (Acer Laboratories Inc.)
R3 ApfiltrService; C:\WINNT\System32\DRIVERS\Apfiltr.sys [170032 2008-09-02] (Alps Electric Co., Ltd.)
R3 Arp1394; C:\WINNT\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation)
S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation)
R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation)
S3 ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [965632 2005-01-20] (ATI Technologies Inc.)
S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)
R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R2 avgntflt; C:\WINNT\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINNT\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINNT\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 b57w2k; C:\WINNT\System32\DRIVERS\b57xp32.sys [190592 2004-11-16] (Broadcom Corporation)
R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2001-08-23] (Microsoft Corporation)
S3 Bridge; C:\WINNT\System32\DRIVERS\bridge.sys [71552 2008-04-13] (Microsoft Corporation)
S3 BridgeMP; C:\WINNT\System32\DRIVERS\bridge.sys [71552 2008-04-13] (Microsoft Corporation)
S3 BTWUSB; C:\WINNT\System32\Drivers\btwusb.sys [55320 2004-11-04] (Broadcom Corporation.) [File not signed]
S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2001-08-23] (Microsoft Corporation)
S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2001-08-23] (Microsoft Corporation)
R4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation)
R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation)
R3 CmBatt; C:\WINNT\System32\DRIVERS\CmBatt.sys [13952 2008-04-13] (Microsoft Corporation)
R0 Compbatt; C:\WINNT\System32\DRIVERS\compbatt.sys [10240 2008-04-13] (Microsoft Corporation)
R0 Cpqarray; C:\WINNT\System32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation)
R3 cvusbdrv; C:\WINNT\System32\Drivers\cvusbdrv.sys [32808 2008-09-02] (Broadcom Corporation)
R0 dac960nt; C:\WINNT\System32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation)
R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation)
S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software)
R0 dmio; C:\WINNT\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software)
R0 dmload; C:\WINNT\System32\drivers\dmload.sys [5888 2001-08-23] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)
R3 e1yexpress; C:\WINNT\System32\DRIVERS\e1y5132.sys [244368 2008-08-25] (Intel Corporation)
R3 Eacfilt; C:\WINNT\System32\DRIVERS\eacfilt.sys [24521 2005-09-06] (Nortel Networks) [File not signed]
S4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation)
S3 Fdc; C:\WINNT\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation)
R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation)
S3 Flpydisk; C:\WINNT\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation)
R0 FltMgr; C:\WINNT\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation)
U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2001-08-23] (Microsoft Corporation)
R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2001-08-23] (Microsoft Corporation)
R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)
S3 GTIPCI21; C:\WINNT\System32\DRIVERS\gtipci21.sys [80384 2004-05-03] (Texas Instruments)
R3 HDAudBus; C:\WINNT\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
R3 HECI; C:\WINNT\System32\DRIVERS\HECI.sys [40832 2008-06-19] (Intel Corporation)
R3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation)
S3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation)
R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation)
S3 ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [776349 2004-12-21] (Intel Corporation) [File not signed]
R0 iaStor; C:\WINNT\System32\DRIVERS\iaStor.sys [318488 2008-09-02] (Intel Corporation)
S3 IFXTPM; C:\WINNT\System32\DRIVERS\IFXTPM.SYS [32640 2004-09-02] (Infineon Technologies AG)
R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation)
R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation)
R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation)
S3 Ip6Fw; C:\WINNT\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2001-08-23] (Microsoft Corporation)
S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation)
R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation)
R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation)
S3 IPSECEXT; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155184 2005-09-06] (Nortel Networks NA, Inc.) [File not signed]
R3 IPSECSHM; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155184 2005-09-06] (Nortel Networks NA, Inc.) [File not signed]
S3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation)
R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation)
R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation)
R1 kbdhid; C:\WINNT\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation)
R3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2001-08-23] (Microsoft Corporation)
S3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation)
R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation)
R3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation)
S3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation)
R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation)
R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation)
S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)
S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)
R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation)
R0 msvmscsi; C:\WINNT\System32\DRIVERS\msvmscsi.sys [16112 2004-07-14] (Microsoft Corporation)
R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation)
R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)
R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation)
R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation)
R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [40960 2010-11-02] (Microsoft Corporation)
R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation)
R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation)
R3 NETw5x32; C:\WINNT\System32\DRIVERS\NETw5x32.sys [4203392 2009-05-28] (Intel Corporation)
R3 NIC1394; C:\WINNT\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation)
R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation)
R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation)
R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2001-08-23] (Microsoft Corporation)
R3 nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [6591872 2008-08-25] (NVIDIA Corporation)
S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2001-08-23] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2001-08-23] (Microsoft Corporation)
R0 ohci1394; C:\WINNT\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation)
S3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation)
R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation)
S4 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2001-08-23] (Microsoft Corporation)
R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation)
R0 PCIIde; C:\WINNT\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation)
R0 Pcmcia; C:\WINNT\System32\DRIVERS\pcmcia.sys [120192 2008-04-13] (Microsoft Corporation)
R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation)
R3 PSched; C:\WINNT\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation)
S3 PSI; C:\WINNT\System32\DRIVERS\psi_mf_x86.sys [16024 2014-11-28] (Secunia)
R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2001-08-23] (Parallel Technologies, Inc.)
R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2001-08-23] (Microsoft Corporation)
S3 Rasirda; C:\WINNT\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation)
R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation)
R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2001-08-23] (Microsoft Corporation)
R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation)
R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2001-08-23] (Microsoft Corporation)
R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation)
R3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139656 2011-06-24] (Microsoft Corporation)
R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
R2 rimmptsk; C:\WINNT\System32\DRIVERS\rimmptsk.sys [39936 2008-09-02] (REDC)
R3 sdbus; C:\WINNT\System32\DRIVERS\sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 seehcri; C:\WINNT\System32\DRIVERS\seehcri.sys [27632 2011-01-18] (Sony Ericsson Mobile Communications)
R3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation)
R1 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation)
S3 sffdisk; C:\WINNT\System32\DRIVERS\sffdisk.sys [11904 2008-04-13] (Microsoft Corporation)
S3 sffp_sd; C:\WINNT\System32\DRIVERS\sffp_sd.sys [11008 2008-04-13] (Microsoft Corporation)
S3 Sfloppy; C:\WINNT\System32\DRIVERS\sfloppy.sys [11392 2008-04-13] (Microsoft Corporation)
S3 SMCIRDA; C:\WINNT\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)
R3 smsmdd; C:\WINNT\System32\DRIVERS\smsmdm.sys [12448 2008-10-20] (Microsoft Corporation)
S3 smwdm; C:\WINNT\System32\drivers\smwdm.sys [259840 2004-10-13] (Analog Devices, Inc.) [File not signed]
R0 Sparrow; C:\WINNT\System32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.)
S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation)
R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation)
R1 ssmdrv; C:\WINNT\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH)
R3 STHDA; C:\WINNT\System32\drivers\sthda.sys [1381914 2008-08-25] (IDT, Inc.)
S3 StillCam; C:\WINNT\System32\DRIVERS\serscan.sys [6784 2001-08-17] (Microsoft Corporation)
R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation)
S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
R0 Symmpi; C:\WINNT\System32\DRIVERS\symmpi.sys [103552 2007-04-19] (LSI Logic)
R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation)
S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)
R3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation)
R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
S3 tifm21; C:\WINNT\System32\drivers\tifm21.sys [157056 2005-02-11] (Texas Instruments)
U3 TrueSight; C:\WINNT\system32\drivers\TrueSight.sys [35064 2015-01-07] ()
S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation)
R3 Update; C:\WINNT\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation)
R3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [32128 2008-04-13] (Microsoft Corporation)
R3 USBCCID; C:\WINNT\System32\DRIVERS\usbccid.sys [28672 2008-09-02] (Microsoft Corporation)
R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [30208 2008-04-13] (Microsoft Corporation)
R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation)
S3 usbprint; C:\WINNT\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation)
S3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [15104 2008-04-13] (Microsoft Corporation)
S3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation)
R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation)
S3 USB_RNDIS; C:\WINNT\System32\DRIVERS\usb8023.sys [12800 2008-04-13] (Microsoft Corporation)
S3 usb_rndisx; C:\WINNT\System32\DRIVERS\usb8023x.sys [12800 2008-04-13] (Microsoft Corporation)
R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation)
R0 ViaIde; C:\WINNT\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation)
R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation)
S3 w29n51; C:\WINNT\System32\DRIVERS\w29n51.sys [3210496 2004-10-19] (Intel® Corporation) [File not signed]
R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation)
R3 Wdf01000; C:\WINNT\System32\DRIVERS\Wdf01000.sys [503144 2008-01-19] (Microsoft Corporation)
R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
R1 WmiAcpi; C:\WINNT\System32\DRIVERS\wmiacpi.sys [8832 2008-04-13] (Microsoft Corporation)
S3 WpdUsb; C:\WINNT\System32\Drivers\wpdusb.sys [18944 2005-01-28] (Microsoft Corporation)
R1 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2001-08-23] (Microsoft Corporation)
S3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
U5 ScsiPort; C:\WINNT\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U.%99M%20 T8267; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 14:49 - 2015-01-11 14:49 - 00050392 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\FRST.txt
2015-01-11 14:43 - 2015-01-11 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NeliGmoc
2015-01-11 14:42 - 2015-01-11 14:42 - 15340120 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\RogueKiller.exe
2015-01-11 14:04 - 2015-01-11 14:04 - 00000636 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\backup.txt
2015-01-07 21:55 - 2015-01-07 22:01 - 00035064 _____ () C:\WINNT\system32\Drivers\TrueSight.sys
2015-01-03 22:08 - 2015-01-03 22:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-01-02 23:01 - 2015-01-11 14:49 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\temp
2015-01-02 23:01 - 2015-01-02 23:01 - 00020503 _____ () C:\ComboFix.txt
2015-01-02 23:01 - 2015-01-02 23:01 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-01-02 23:01 - 2015-01-02 23:01 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-01-02 23:01 - 2015-01-02 23:01 - 00000000 ____D () C:\Documents and Settings\administrator.corpsaabcom\Local Settings\temp
2015-01-02 22:38 - 2015-01-02 22:38 - 00000000 _RSHD () C:\cmdcons
2015-01-02 22:25 - 2015-01-02 22:25 - 00090112 _____ () C:\WINNT\Minidump\Mini010215-01.dmp
2015-01-01 20:04 - 2015-01-01 20:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-12-31 10:24 - 2015-01-02 22:25 - 00000000 ____D () C:\WINNT\Minidump
2014-12-31 10:24 - 2014-12-31 10:24 - 00090112 _____ () C:\WINNT\Minidump\Mini123114-01.dmp
2014-12-31 01:23 - 2014-12-31 01:23 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Apple Computer
2014-12-31 01:17 - 2015-01-07 21:35 - 00406118 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-12-31 01:17 - 2015-01-07 21:35 - 00406118 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2086223142-3201976994-1658009677-4238-0.dat
2014-12-31 01:04 - 2015-01-02 22:22 - 00000323 _____ () C:\Boot.bak
2014-12-31 01:04 - 2004-08-03 23:00 - 00260784 __RSH () C:\cmldr
2014-12-31 01:02 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINNT\NIRCMD.exe
2014-12-31 00:55 - 2011-06-26 07:45 - 00256000 _____ () C:\WINNT\PEV.exe
2014-12-31 00:55 - 2010-11-07 18:20 - 00208896 _____ () C:\WINNT\MBR.exe
2014-12-31 00:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINNT\SWREG.exe
2014-12-31 00:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINNT\SWSC.exe
2014-12-31 00:55 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINNT\SWXCACLS.exe
2014-12-31 00:55 - 2000-08-31 01:00 - 00098816 _____ () C:\WINNT\sed.exe
2014-12-31 00:55 - 2000-08-31 01:00 - 00080412 _____ () C:\WINNT\grep.exe
2014-12-31 00:55 - 2000-08-31 01:00 - 00068096 _____ () C:\WINNT\zip.exe
2014-12-31 00:54 - 2015-01-02 23:01 - 00000000 ____D () C:\Qoobox
2014-12-31 00:52 - 2015-01-02 22:19 - 05605575 ____R (Swearware) C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\ComboFix.exe
2014-12-31 00:51 - 2015-01-01 19:55 - 00000000 ____D () C:\WINNT\erdnt
2014-12-31 00:24 - 2015-01-09 03:05 - 00032368 _____ () C:\WINNT\SchedLgU.Txt
2014-12-31 00:24 - 2015-01-02 17:34 - 00000284 _____ () C:\WINNT\Tasks\AppleSoftwareUpdate.job
2014-12-31 00:24 - 2014-12-31 00:24 - 00001826 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
2014-12-31 00:24 - 2014-12-31 00:24 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-12-31 00:24 - 2014-12-31 00:24 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Apple Computer
2014-12-31 00:17 - 2015-01-11 14:08 - 00013030 _____ () C:\WINNT\SecuniaPackage.log
2014-12-31 00:17 - 2014-12-31 00:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
2014-12-31 00:17 - 2014-12-31 00:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Macromedia
2014-12-31 00:17 - 2014-12-31 00:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Adobe
2014-12-31 00:17 - 2014-12-31 00:17 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\Macromedia
2014-12-31 00:01 - 2014-12-31 18:48 - 00000716 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
2014-12-31 00:01 - 2014-12-31 00:01 - 00000000 ____D () C:\Program Files\Secunia
2014-12-31 00:01 - 2014-12-31 00:01 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Secunia PSI
2014-12-29 17:59 - 2014-12-29 18:10 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-12-29 17:49 - 2014-12-29 18:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-12-29 17:49 - 2014-12-29 17:49 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Avira
2014-12-29 17:48 - 2014-12-29 18:10 - 00000000 ____D () C:\Program Files\Avira
2014-12-29 17:48 - 2014-12-29 18:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-12-29 17:48 - 2014-12-29 17:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira
2014-12-29 17:48 - 2014-12-29 17:48 - 00001707 _____ () C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
2014-12-29 17:48 - 2014-11-24 10:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINNT\system32\Drivers\avipbb.sys
2014-12-29 17:48 - 2014-11-24 10:23 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\WINNT\system32\Drivers\avgntflt.sys
2014-12-29 17:48 - 2014-11-24 10:23 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINNT\system32\Drivers\avkmgr.sys
2014-12-29 17:48 - 2014-11-24 10:23 - 00028520 _____ (Avira GmbH) C:\WINNT\system32\Drivers\ssmdrv.sys
2014-12-28 10:59 - 2014-12-28 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\gug
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\xzmyyv\Local Settings\Application Data\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\SYSTEM\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\si_flexmanage_corp\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\Installation\My Documents\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\Installation\Local Settings\Application Data\how_decrypt.html
2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\Installation\how_decrypt.html
2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\All Users\Application Data\how_decrypt.html
2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\how_decrypt.html
2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\Administrator\how_decrypt.html
2014-12-28 10:38 - 2015-01-03 21:55 - 00000491 _____ () C:\WINNT\ars.ffx
2014-12-28 10:35 - 2015-01-03 21:49 - 00000868 _____ () C:\WINNT\intpcii.dtr
2014-12-27 19:47 - 2014-12-27 19:47 - 00000000 ____D () C:\Program Files\ESET
2014-12-27 19:38 - 2015-01-11 14:49 - 00000000 ____D () C:\FRST
2014-12-27 19:37 - 2015-01-07 21:48 - 01115648 _____ (Farbar) C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\FRST.exe
2014-12-27 16:41 - 2014-12-28 10:43 - 00000000 ____D () C:\AdwCleaner
2014-12-27 16:38 - 2014-12-27 16:38 - 02173952 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\adwcleaner_4.106.exe
2014-12-27 16:31 - 2014-12-27 16:31 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Deployment
2014-12-27 14:31 - 2014-12-27 14:38 - 00748775 _____ () C:\Documents and Settings\All Users\Application Data\rfppkti.html

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 14:48 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\Temp
2015-01-11 14:47 - 2014-11-13 17:22 - 00000978 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore1cfff5ec5c1eea.job
2015-01-11 14:47 - 2014-10-24 03:29 - 00000978 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore1cfef324d5c7c46.job
2015-01-11 14:47 - 2014-06-25 18:12 - 00000978 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore1cf9098a814ed6a.job
2015-01-11 14:47 - 2010-06-21 21:54 - 00189541 _____ () C:\WINNT\system32\nvapps.xml
2015-01-11 14:47 - 2010-06-21 15:58 - 00179694 _____ () C:\WINNT\system32\nvModes.001
2015-01-11 14:46 - 2005-06-20 16:39 - 01571859 _____ () C:\WINNT\WindowsUpdate.log
2015-01-11 14:45 - 2011-10-12 09:31 - 00000159 _____ () C:\WINNT\wiadebug.log
2015-01-11 14:45 - 2011-10-12 09:31 - 00000050 _____ () C:\WINNT\wiaservc.log
2015-01-11 14:45 - 2010-06-22 08:53 - 00000000 __SHD () C:\WINNT\CSC
2015-01-11 14:45 - 2005-06-20 16:48 - 00000006 ____H () C:\WINNT\Tasks\SA.DAT
2015-01-11 14:05 - 2013-09-02 19:48 - 00000826 _____ () C:\WINNT\Tasks\Adobe Flash Player Updater.job
2015-01-11 13:39 - 2013-10-19 21:18 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Skype
2015-01-11 13:38 - 2001-08-23 03:00 - 00002206 _____ () C:\WINNT\system32\wpa.dbl
2015-01-07 21:55 - 2011-06-27 09:44 - 00000178 ___SH () C:\Documents and Settings\administrator.corpsaabcom\ntuser.ini
2015-01-07 21:55 - 2011-06-27 09:44 - 00000000 ____D () C:\Documents and Settings\administrator.corpsaabcom
2015-01-07 21:54 - 2005-06-20 16:36 - 00000000 ____D () C:\WINNT\Registration
2015-01-07 21:45 - 2008-04-30 19:23 - 00000000 ____D () C:\WINNT\system32\NtmsData
2015-01-07 21:35 - 2012-03-05 22:53 - 00000178 ___SH () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\ntuser.ini
2015-01-07 21:35 - 2012-03-05 22:53 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061
2015-01-04 09:27 - 2010-06-21 15:58 - 00179694 _____ () C:\WINNT\system32\nvModes.dat
2015-01-03 21:55 - 2008-12-18 23:00 - 00000000 ____D () C:\WINNT
2015-01-03 01:30 - 2005-06-20 16:47 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-02 23:54 - 2007-05-11 19:49 - 00000664 _____ () C:\WINNT\system32\d3d9caps.dat
2015-01-02 22:55 - 2001-08-23 03:00 - 00000227 _____ () C:\WINNT\system.ini
2015-01-02 22:38 - 2005-06-20 12:25 - 00000323 __RSH () C:\boot.ini
2015-01-01 20:04 - 2011-02-08 10:09 - 00000000 ____D () C:\Program Files\QuickTime
2014-12-31 18:48 - 2011-10-21 12:26 - 00164927 _____ () C:\WINNT\setupapi.log
2014-12-31 10:20 - 2014-07-08 16:42 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\Unused Desktop Shortcuts
2014-12-31 01:26 - 2012-06-21 21:45 - 00007973 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2014-12-31 01:10 - 2012-03-05 22:56 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Adobe
2014-12-31 00:17 - 2011-01-19 08:50 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-12-31 00:15 - 2010-06-21 16:42 - 00000000 ____D () C:\WINNT\system32\Adobe
2014-12-30 23:32 - 2012-06-21 21:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2014-12-30 23:29 - 2011-07-25 06:30 - 00000000 ____D () C:\Program Files\HP
2014-12-29 21:13 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\repair
2014-12-29 18:02 - 2007-05-14 16:44 - 00000000 ____D () C:\WINNT\Microsoft.NET
2014-12-29 17:58 - 2005-06-20 12:29 - 00534912 _____ () C:\WINNT\system32\PerfStringBackup.INI
2014-12-29 17:56 - 2007-12-06 22:44 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-12-29 17:47 - 2014-01-08 19:16 - 00001945 _____ () C:\WINNT\epplauncher.mif
2014-12-28 21:26 - 2010-06-21 16:01 - 00000000 ____D () C:\Documents and Settings\Installation\Local Settings\Temp
2014-12-28 21:26 - 2005-06-20 17:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-12-28 21:18 - 2011-07-25 06:30 - 00000000 ____D () C:\Documents and Settings\si_flexmanage_corp\Local Settings\Temp
2014-12-28 21:18 - 2005-06-21 15:15 - 00000000 ___HD () C:\WINNT\system32\GroupPolicy
2014-12-28 21:11 - 2012-06-21 22:13 - 00099800 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-12-28 10:55 - 2010-10-26 09:02 - 00000000 ____D () C:\STM
2014-12-28 10:51 - 2012-04-06 16:55 - 00000000 __SHD () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\PrivacIE
2014-12-28 10:45 - 2014-01-08 19:21 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache
2014-12-28 10:45 - 2012-09-09 20:21 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\HpUpdate
2014-12-28 10:45 - 2012-06-16 10:45 - 00000000 __SHD () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\IECompatCache
2014-12-28 10:45 - 2012-03-05 17:10 - 00000000 ____D () C:\Documents and Settings\xzmyyv\Local Settings\Application Data\Htc
2014-12-28 10:45 - 2012-03-05 17:08 - 00000000 __SHD () C:\Documents and Settings\xzmyyv\IETldCache
2014-12-28 10:45 - 2011-07-25 06:28 - 00000000 ___SD () C:\Documents and Settings\si_flexmanage_corp\UserData
2014-12-28 10:45 - 2011-07-25 06:28 - 00000000 ____D () C:\Documents and Settings\si_flexmanage_corp
2014-12-28 10:45 - 2011-06-22 08:28 - 00018991 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\CPLOCAL.tmp
2014-12-28 10:45 - 2010-06-28 11:28 - 00100312 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-12-28 10:45 - 2010-06-22 09:56 - 00000000 ____D () C:\Documents and Settings\SYSTEM
2014-12-28 10:45 - 2010-06-21 16:56 - 00040807 _____ () C:\Documents and Settings\Installation\My Documents\lotusinstall.log
2014-12-28 10:45 - 2010-06-21 16:01 - 00000000 ___SD () C:\Documents and Settings\Installation\UserData
2014-12-28 10:45 - 2010-06-21 16:01 - 00000000 ____D () C:\Documents and Settings\Installation
2014-12-28 10:45 - 2007-12-06 22:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-12-28 10:45 - 2005-06-20 16:39 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2014-12-28 10:44 - 2014-05-12 18:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A
2014-12-28 10:44 - 2014-05-07 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\jzirf0qmf.cpp
2014-12-28 10:44 - 2012-01-12 12:49 - 00000000 __SHD () C:\Documents and Settings\administrator.corpsaabcom\IETldCache
2014-12-28 10:44 - 2011-06-27 09:44 - 00000000 ___SD () C:\Documents and Settings\administrator.corpsaabcom\UserData
2014-12-28 10:44 - 2010-08-31 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kontiki
2014-12-28 10:44 - 2010-06-21 16:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
2014-12-28 10:44 - 2005-06-21 14:17 - 00000000 ___SD () C:\Documents and Settings\Administrator\UserData
2014-12-28 10:44 - 2005-06-20 17:27 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-12-27 22:48 - 2011-01-26 10:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PDF-XChange 4 Pro
2014-12-27 19:13 - 2005-06-20 12:25 - 00001024 ____H () C:\WINNT\system32\config\userdiff.LOG
2014-12-27 16:28 - 2010-07-01 07:54 - 00000000 ____D () C:\Program Files\Google
2014-12-27 16:09 - 2012-03-05 17:09 - 00000000 ____D () C:\Documents and Settings\xzmyyv\Local Settings\Temp
2014-12-27 16:03 - 2013-09-02 19:48 - 00701616 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerApp.exe
2014-12-27 16:03 - 2013-09-02 19:48 - 00071344 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerCPLApp.cpl
2014-12-27 16:02 - 2014-08-17 17:30 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Adobe
2014-12-27 14:37 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\system32\ias
2014-12-27 14:36 - 2007-05-29 03:17 - 00000000 ____D () C:\WINNT\SHELLNEW
2014-12-27 14:35 - 2011-06-22 13:18 - 00000000 ____D () C:\WINNT\Quest Resource Updating Agent
2014-12-27 14:35 - 2005-06-20 17:46 - 00000000 ____D () C:\Program Files\WinZip
2014-12-27 14:34 - 2011-10-12 07:12 - 00000000 ____D () C:\Program Files\Advanced SystemCare 4
2014-12-27 14:34 - 2010-06-22 09:34 - 00000000 ____D () C:\Program Files\Windows Imaging
2014-12-27 14:34 - 2007-05-14 19:51 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-12-27 14:34 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\mui
2014-12-27 14:33 - 2010-06-21 16:07 - 00000000 __HDC () C:\WINNT\$NtServicePackUninstall$
2014-12-27 14:32 - 2013-10-19 21:18 - 00000000 ___RD () C:\Program Files\Skype
2014-12-27 14:32 - 2010-06-22 08:41 - 00000000 ____D () C:\Program Files\VPN Client
2014-12-27 14:32 - 2007-05-29 03:19 - 00000000 ____D () C:\Program Files\Snapshot Viewer
2014-12-27 14:31 - 2011-06-17 11:11 - 00000000 ____D () C:\Program Files\MaximoSilentPrint
2014-12-27 14:31 - 2010-06-28 11:15 - 00000000 ____D () C:\Program Files\PC Information
2014-12-27 14:31 - 2007-12-18 22:36 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2014-12-27 14:31 - 2005-06-20 16:37 - 00000000 ____D () C:\Program Files\Outlook Express
2014-12-27 14:27 - 2013-10-19 21:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-12-27 14:24 - 2001-08-23 03:00 - 00000710 _____ () C:\WINNT\win.ini

Some content of TEMP:
====================
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\temp\avgnt.exe
C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINNT\explorer.exe => File is digitally signed
C:\WINNT\system32\winlogon.exe => File is digitally signed
C:\WINNT\system32\svchost.exe => File is digitally signed
C:\WINNT\system32\services.exe => File is digitally signed
C:\WINNT\system32\User32.dll => File is digitally signed
C:\WINNT\system32\userinit.exe => File is digitally signed
C:\WINNT\system32\rpcss.dll => File is digitally signed
C:\WINNT\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

2.

RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : XZMYYV [Administrator]
Mode : Scan -- Date : 01/11/2015 14:54:03

¤¤¤ Processes : 40 ¤¤¤
[Proc.Injected] FlxNotifier.exe(388) -- C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe[-] -> Killed [TermProc]
[Proc.Injected] FlxApUpd.exe(484) -- C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe[-] -> Killed [TermProc]
[Proc.Injected] spoolsv.exe(1324) -- C:\WINNT\system32\spoolsv.exe[x] -> [NoKill]
[Proc.Injected] stacsv.exe(1360) -- c:\winnt\drivers\notebooks\audio\stacsv.exe[7] -> Killed [TermProc]
[Proc.Injected] scardsvr.exe(1512) -- C:\WINNT\System32\SCardSvr.exe[7] -> Killed [TermProc]
[Proc.Injected] mDNSResponder.exe(740) -- C:\Program Files\Bonjour\mDNSResponder.exe[-] -> Killed [TermProc]
[Proc.Injected] GoogleUpdate.exe(1224) -- C:\Program Files\Google\Update\GoogleUpdate.exe[-] -> Killed [TermProc]
[Proc.Injected] KService.exe(1388) -- C:\Program Files\Kontiki\KService.exe[-] -> Killed [TermProc]
[Proc.Injected] nvsvc32.exe(212) -- C:\WINNT\system32\nvsvc32.exe[7] -> Killed [TermProc]
[Proc.Injected] QsResourceUpdatingAgent.exe(636) -- C:\WINNT\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe[-] -> Killed [TermProc]
[Proc.Injected] psia.exe(684) -- C:\Program Files\Secunia\PSI\PSIA.exe[-] -> Killed [TermProc]
[Proc.Injected] sua.exe(2108) -- C:\Program Files\Secunia\PSI\sua.exe[-] -> Killed [TermProc]
[Proc.Injected] wdfmgr.exe(3052) -- C:\WINNT\system32\wdfmgr.exe[7] -> Killed [TermProc]
[Proc.Injected] Avira.OE.ServiceHost.exe(3112) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe[-] -> Killed [TermProc]
[Proc.Injected] FlexClient.exe(3176) -- C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe[-] -> Killed [TermProc]
[Proc.Injected] wmiprvse.exe(4036) -- C:\WINNT\system32\wbem\wmiprvse.exe[7] -> Killed [TermProc]
[Proc.Injected] alg.exe(2332) -- C:\WINNT\System32\alg.exe[x] -> [NoKill]
[Proc.Injected] wuauclt.exe(2868) -- C:\WINNT\system32\wuauclt.exe[7] -> Killed [TermProc]
[Proc.Injected] explorer.exe(2212) -- C:\WINNT\Explorer.EXE[7] -> Killed [TermProc]
[Proc.Injected] FlxApUpd.exe(2244) -- C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe[-] -> Killed [TermProc]
[Proc.Injected] wscntfy.exe(2532) -- C:\WINNT\system32\wscntfy.exe[7] -> Killed [TermProc]
[Proc.Injected] Apoint.exe(1304) -- C:\Program Files\DellTPad\Apoint.exe[7] -> Killed [TermProc]
[Proc.Injected] ApMsgFwd.exe(3620) -- C:\Program Files\DellTPad\ApMsgFwd.exe[7] -> Killed [TermProc]
[Proc.Injected] hidfind.exe(1620) -- C:\Program Files\DellTPad\HidFind.exe[7] -> Killed [TermProc]
[Proc.Injected] rundll32.exe(2956) -- C:\WINNT\system32\rundll32.exe[7] -> Killed [TermProc]
[Proc.Injected] ApntEx.exe(2972) -- C:\Program Files\DellTPad\Apntex.exe[7] -> Killed [TermProc]
[Proc.Injected] rundll32.exe(664) -- C:\WINNT\system32\RunDLL32.exe[7] -> Killed [TermProc]
[Proc.Injected] sttray.exe(2356) -- C:\Program Files\IDT\WDM\sttray.exe[7] -> Killed [TermProc]
[Proc.Injected] AESTFltr.exe(2660) -- C:\WINNT\system32\AESTFltr.exe[7] -> Killed [TermProc]
[Proc.Injected] acrotray.exe(2832) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[-] -> Killed [TermProc]
[Proc.Injected] acrodist.exe(3216) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe[-] -> Killed [TermProc]
[Proc.Injected] hpwuschd2.exe(3296) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[-] -> Killed [TermProc]
[Proc.Injected] AdobeARM.exe(3780) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[7] -> Killed [TermProc]
[Proc.Injected] Avira.OE.Systray.exe(3800) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe[-] -> Killed [TermProc]
[Proc.Injected] Skype.exe(2708) -- C:\Program Files\Skype\Phone\Skype.exe[7] -> Killed [TermProc]
[Proc.Injected] GoogleToolbarNotifier.exe(2736) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[7] -> Killed [TermProc]
[Proc.Injected] hpqtra08.exe(2788) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[7] -> Killed [TermProc]
[Proc.Injected] psi_tray.exe(2816) -- C:\Program Files\Secunia\PSI\psi_tray.exe[-] -> Killed [TermProc]
[Proc.Injected] WZQKPICK.EXE(2836) -- C:\Program Files\WinZip\WZQKPICK.EXE[-] -> Killed [TermProc]
[Proc.Injected] WPFFontCache_v0400.exe(2992) -- C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 9 ¤¤¤
[suspicious.Path] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Windows\CurrentVersion\Run | NeliGmoc : regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz" -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://socrates.gm.com -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://socrates.gm.com -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINNT\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[shwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[549] : Unknown @ 0xad327426
[shwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[552] : Unknown @ 0xad32742b

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9160412ASG +++++
--- User ---
[MBR] 1f00fa8747ff0e07359ddc681e662ccb
[bSP] ee644efff71896e34fc8694eb7d939e5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_01072015_220417.log

Addition.txt

13 januari, 2015

1. Stäng av alla program inklusive antivirusprogram och liknande.

Starta programmet Anteckningar.

Kopiera alla rader i rutan:

HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [NeliGmoc] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz"
2015-01-11 14:43 - 2015-01-11 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NeliGmoc
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [lifiwnq] => rundll32 ",lifiwnq

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

Stäng av alla program.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Starta inte om datorn och starta inga program.

2. Starta RogueKiller.

Vänta tills "Prescan" har avslutats.

Välj fliken Registry och se till att följande är valt men inget annat:

[Suspicious.Path] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Windows\CurrentVersion\Run | NeliGmoc : regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz"  -> Found

Se till att inget är valt på de andra flikarna.

Klicka på "Delete"-knappen.

Starta om datorn.

En till "RKreport.txt" ska då ha skapats på Skrivbordet.

Klistra in dess innehåll i ditt svar.

FRST skapade loggen Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

17 januari, 2015

Enligt instruktion

NB, de 2 loggarna skapades innan omstarten av datorn

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015
Ran by XZMYYV at 2015-01-17 18:46:57 Run:5
Running from C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop
Loaded Profiles: XZMYYV & administrator (Available profiles: XZMYYV & administrator & localadmin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [NeliGmoc] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz"
2015-01-11 14:43 - 2015-01-11 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NeliGmoc
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [lifiwnq] => rundll32 ",lifiwnq
*****************

HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Windows\CurrentVersion\Run\\NeliGmoc => value deleted successfully.
C:\Documents and Settings\All Users\Application Data\NeliGmoc => Moved successfully.
HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Windows\CurrentVersion\Run\\lifiwnq => value deleted successfully.

==== End of Fixlog 18:46:58 ====

RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : XZMYYV [Administrator]
Mode : Delete -- Date : 01/17/2015 20:17:37

¤¤¤ Processes : 31 ¤¤¤
[Proc.Injected] smss.exe(1556) -- C:\WINNT\System32\smss.exe[x] -> [NoKill]
[Proc.Injected] FlxNotifier.exe(388) -- C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe[-] -> Killed [TermProc]
[Proc.Injected] FlxApUpd.exe(484) -- C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe[-] -> Killed [TermProc]
[Proc.Injected] spoolsv.exe(1440) -- C:\WINNT\system32\spoolsv.exe[x] -> [NoKill]
[Proc.Injected] stacsv.exe(1472) -- c:\winnt\drivers\notebooks\audio\stacsv.exe[7] -> Killed [TermProc]
[Proc.Injected] scardsvr.exe(1624) -- C:\WINNT\System32\SCardSvr.exe[7] -> Killed [TermProc]
[Proc.Injected] mDNSResponder.exe(324) -- C:\Program Files\Bonjour\mDNSResponder.exe[-] -> Killed [TermProc]
[Proc.Injected] GoogleUpdate.exe(1136) -- C:\Program Files\Google\Update\GoogleUpdate.exe[-] -> Killed [TermProc]
[Proc.Injected] KService.exe(1172) -- C:\Program Files\Kontiki\KService.exe[-] -> Killed [TermProc]
[Proc.Injected] nvsvc32.exe(1352) -- C:\WINNT\system32\nvsvc32.exe[7] -> Killed [TermProc]
[Proc.Injected] QsResourceUpdatingAgent.exe(3952) -- C:\WINNT\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe[-] -> Killed [TermProc]
[Proc.Injected] wdfmgr.exe(2232) -- C:\WINNT\system32\wdfmgr.exe[7] -> Killed [TermProc]
[Proc.Injected] FlexClient.exe(2288) -- C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe[-] -> Killed [TermProc]
[Proc.Injected] Avira.OE.ServiceHost.exe(2652) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe[-] -> Killed [TermProc]
[Proc.Injected] FlxApUpd.exe(200) -- C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe[-] -> Killed [TermProc]
[Proc.Injected] wscntfy.exe(264) -- C:\WINNT\system32\wscntfy.exe[7] -> Killed [TermProc]
[Proc.Injected] alg.exe(1572) -- C:\WINNT\System32\alg.exe[x] -> [NoKill]
[Proc.Injected] explorer.exe(592) -- C:\WINNT\Explorer.EXE[7] -> Killed [TermProc]
[Proc.Injected] Apoint.exe(1232) -- C:\Program Files\DellTPad\Apoint.exe[7] -> Killed [TermProc]
[Proc.Injected] ApMsgFwd.exe(608) -- C:\Program Files\DellTPad\ApMsgFwd.exe[7] -> Killed [TermProc]
[Proc.Injected] hidfind.exe(3032) -- C:\Program Files\DellTPad\HidFind.exe[7] -> Killed [TermProc]
[Proc.Injected] ApntEx.exe(3852) -- C:\Program Files\DellTPad\Apntex.exe[7] -> Killed [TermProc]
[Proc.Injected] sttray.exe(2848) -- C:\Program Files\IDT\WDM\sttray.exe[7] -> Killed [TermProc]
[Proc.Injected] AESTFltr.exe(1100) -- C:\WINNT\system32\AESTFltr.exe[7] -> Killed [TermProc]
[Proc.Injected] acrotray.exe(3024) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[-] -> Killed [TermProc]
[Proc.Injected] sua.exe(2560) -- C:\Program Files\Secunia\PSI\sua.exe[-] -> Killed [TermProc]
[Proc.Injected] hpwuschd2.exe(3248) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[-] -> Killed [TermProc]
[Proc.Injected] Avira.OE.Systray.exe(3652) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe[-] -> Killed [TermProc]
[Proc.Injected] Skype.exe(344) -- C:\Program Files\Skype\Phone\Skype.exe[7] -> Killed [TermProc]
[Proc.Injected] GoogleToolbarNotifier.exe(1012) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[7] -> Killed [TermProc]
[Proc.Injected] hpqtra08.exe(3948) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 12 ¤¤¤
[suspicious.Path] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Windows\CurrentVersion\Run | NeliGmoc : regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz" [7][-] -> Deleted
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://socrates.gm.com -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://socrates.gm.com -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main | Start Page : http://socrates.gm.com/ -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINNT\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 4 (Driver: Loaded) ¤¤¤
[shwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[549] : Unknown @ 0xadebe09e
[shwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[552] : Unknown @ 0xadebe0a3
[iAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtCreateProcessEx : Unknown @ 0x1703ba (push dword 0x10a000f|ret |jmp 0xffffffffff0cd234|call 0x3165)
[iAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessagePos : Unknown @ 0x164932 (push dword 0xe0000c|ret |jmp 0xffffffffff3651ec|call 0xfffffffffffff733)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9160412ASG +++++
--- User ---
[MBR] 1f00fa8747ff0e07359ddc681e662ccb
[bSP] ee644efff71896e34fc8694eb7d939e5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_01072015_220417.log - RKreport_SCN_01112015_145402.log - RKreport_SCN_01172015_185037.log

18 januari, 2015

Hjälpte det?

Om inte nya loggar från FRST-Scan och ComboFix (läs anvisningarna).

15 februari, 2015

Nu funkerar det fint. Fick dock tillbaks DECRYPT viruset, men efter att ha gjort search/delete på namnet och lagt in alla dina föreslagna script i och körde en ny fixlist samt avslutat med ComboFix så fick den rackaren tillslut nog

Många tack igen

Du är helt grym på detta

15 februari, 2015

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Uninstall-knappen.

2. Tryck Windows-tangenten + R

Kopiera och klistra in denna rad:

ComboFix /Uninstall

Observera att det är ett mellanrum före /

Klicka på OK.

3. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och FRST kommer att avinstalleras efter en omstart av datorn. Ta bort eventuella loggar.

4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/

Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

Diverse skrap pa min dator

Rekommendera Poster

Cecilia

Länk till kommentar

Dela på andra webbplatser

andzze

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

andzze

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

andzze

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

andzze

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

andzze

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

andzze

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Arkiverat

Vem är online 0 Medlemmar, 0 anonym, 43 gäster (Visa hela listan)

Populära medlemmar

Publika meddelanden

Senaste som Tittar

Senaste inlägg

Forum

Aktivitet

pcforalla.se