Just nu i M3-nätverket
Gå till innehåll

andzze

Medlem
  • Antal inlägg

    65
  • Gick med

  • Senaste besök

Om andzze

  • Medlemstitel
    Användare

Profil

  • Kön
    Man
  • Ort
    Göteborg
  • Intressen
    Segling, jakt, flyg, dykning
  1. Tråkigt med problemet med för mycket spray i kontakten, men ska du verkligen vräka i mer elspray även om det är special special electric. Låter risky. Jag hade provat med en tops och sen gått till kyrkan och bett :-) Låter som glaset bör lyftas för att torka ordentligt
  2. Så sant, men mer att det hela bara rör sig om fickpengar i mitt fall. Det glöms nog mycket och de kanske är trötta på allt de hittar som alla vill få skickat. Men det är absolut ingen enskild händelse, det lät som det var vanligt och de hade den principen mot alla. Och det är nog en del som har sagt att de ska betala och sen inte gör det säkert många och så inför de en 100% spärr mot alla Men...hallå. 2 frimärken. Hur stor är risken egentligen. Och vi,10 personer, hade haft en konferens där Dumsnålt går ändå inte att komma ifrån
  3. Ja det har blivit en stor snackis på jobbet då några på marknadsavdelningen hörde mitt frustrerande samtal. En marknadskille sa just det, om man är genuint serviceinriktad så skulle de självmant erbjudit sig att lägga ut de 12kr privat då de hörde att jag gärna ville betala efteråt, risken var ju ganska minimal, som de sade. Men det är svårt om man har en hopplös chef. Lider med peresonalen där...
  4. Varning för Hotell Stinsen i Hallsberg Chefen där verkar helt otroligt dålig. Jag glömde min telefonladdare på rummet. Åkte vidare på en tjänsteresa efteråt och när jag ringer dem så vägrar de skicka laddaren om jag inte först skickar ett frankerat kuvert. Jag sade att jag verkligen behövde min laddare och jag betalar efteråt, bara de skickar den nu så jag slipper köpa en ny. De vägrade och hänvisade skrämt till ”att så har chefen bestämt” och ”jag har laddaren framför mig och jag skulle verkligen vilja, men jag får inte”. Jag säger igen att jag garanterar att jag betalar, men nej då… När jag kommit hem så skickar jag ett brev med 2 frimärken i returporto. Laddaren vägde endast 25g Ett sämre kundomhändertagande får man leta efter och det för bara 12kronor som jag erbjöd mig att betala efteråt, bara de hjälpte mig i en trång situation. Fy för dumsnålhet och fy för Hotell Stinsen i Hallsberg. Skäms på er!
  5. Hej Visst och jag beskriver vad som hände en gång, sen går man ju inte dit mer, så det är svårt att själv samla statistik. De andra butikerna i länken var ju från Orlando, Milwaukee osv. Vi är nog överens, jag hade en riktig otur, som om jag hade trott på dem hade kostat mig 3800kr (jag skrev fel ovan). Vad jag delvis vill mena med inlägget är att våga tro på din egen åsikt och försöka igen
  6. Hej Kul att se att så många har läst inlägget. Kort sammanfattning: Min IPad3 startade inte LanMasters katastrofala analys av garantiärendet var att det berodde på att den var fuktskadad, men jag kunde köpa en utbytespadda för 2800kr Och de ville ha 400kr i undersökningskostad när jag ville ha tillbaks paddan. Gick över vägen till macforum, som lade den på laddning över natten och gjorde bara en djupare omstart, de ville inte ens ha betalt för besväret Väl tillbaks till LanMaster för att få tillbaks undersökningskostanden, de det inte var något fel på paddan, så vägrade det. Varning för oseriösa LanMaster, gå till macforum istället Några andra som har liknande skrämmande exempel på dåligt skötta reparationsärenden?
  7. Nu funkerar det fint. Fick dock tillbaks DECRYPT viruset, men efter att ha gjort search/delete på namnet och lagt in alla dina föreslagna script i och körde en ny fixlist samt avslutat med ComboFix så fick den rackaren tillslut nog Många tack igen Du är helt grym på detta
  8. Jag hade precis ett sådant problem med min WD ex hdisk. Den startade, datorn gav ljud ifrån sig när jag pluggade in USB, men den syntes inte precis som du skrive. Dock hittade jag den när jag högerklickade på computer-sen Manage sen Disk management på en Windows7 maskin. Där såg man hårddisken men jag kunde ite komma åt den Dock så fungerade den på en annan dator Lösningen i mitt fall var att avinstallera drivrutinen och återdownloada den. Funkade... mysko, men bra blev det Innan så ska man prova alla USB anslutningar och annan sladd som nämnts ovan
  9. Enligt instruktion NB, de 2 loggarna skapades innan omstarten av datorn Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015 Ran by XZMYYV at 2015-01-17 18:46:57 Run:5 Running from C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop Loaded Profiles: XZMYYV & administrator (Available profiles: XZMYYV & administrator & localadmin) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [NeliGmoc] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz" 2015-01-11 14:43 - 2015-01-11 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NeliGmoc HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [lifiwnq] => rundll32 ",lifiwnq ***************** HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Windows\CurrentVersion\Run\\NeliGmoc => value deleted successfully. C:\Documents and Settings\All Users\Application Data\NeliGmoc => Moved successfully. HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Windows\CurrentVersion\Run\\lifiwnq => value deleted successfully. ==== End of Fixlog 18:46:58 ==== RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : XZMYYV [Administrator] Mode : Delete -- Date : 01/17/2015 20:17:37 ¤¤¤ Processes : 31 ¤¤¤ [Proc.Injected] smss.exe(1556) -- C:\WINNT\System32\smss.exe[x] -> [NoKill] [Proc.Injected] FlxNotifier.exe(388) -- C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe[-] -> Killed [TermProc] [Proc.Injected] FlxApUpd.exe(484) -- C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe[-] -> Killed [TermProc] [Proc.Injected] spoolsv.exe(1440) -- C:\WINNT\system32\spoolsv.exe[x] -> [NoKill] [Proc.Injected] stacsv.exe(1472) -- c:\winnt\drivers\notebooks\audio\stacsv.exe[7] -> Killed [TermProc] [Proc.Injected] scardsvr.exe(1624) -- C:\WINNT\System32\SCardSvr.exe[7] -> Killed [TermProc] [Proc.Injected] mDNSResponder.exe(324) -- C:\Program Files\Bonjour\mDNSResponder.exe[-] -> Killed [TermProc] [Proc.Injected] GoogleUpdate.exe(1136) -- C:\Program Files\Google\Update\GoogleUpdate.exe[-] -> Killed [TermProc] [Proc.Injected] KService.exe(1172) -- C:\Program Files\Kontiki\KService.exe[-] -> Killed [TermProc] [Proc.Injected] nvsvc32.exe(1352) -- C:\WINNT\system32\nvsvc32.exe[7] -> Killed [TermProc] [Proc.Injected] QsResourceUpdatingAgent.exe(3952) -- C:\WINNT\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe[-] -> Killed [TermProc] [Proc.Injected] wdfmgr.exe(2232) -- C:\WINNT\system32\wdfmgr.exe[7] -> Killed [TermProc] [Proc.Injected] FlexClient.exe(2288) -- C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe[-] -> Killed [TermProc] [Proc.Injected] Avira.OE.ServiceHost.exe(2652) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe[-] -> Killed [TermProc] [Proc.Injected] FlxApUpd.exe(200) -- C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe[-] -> Killed [TermProc] [Proc.Injected] wscntfy.exe(264) -- C:\WINNT\system32\wscntfy.exe[7] -> Killed [TermProc] [Proc.Injected] alg.exe(1572) -- C:\WINNT\System32\alg.exe[x] -> [NoKill] [Proc.Injected] explorer.exe(592) -- C:\WINNT\Explorer.EXE[7] -> Killed [TermProc] [Proc.Injected] Apoint.exe(1232) -- C:\Program Files\DellTPad\Apoint.exe[7] -> Killed [TermProc] [Proc.Injected] ApMsgFwd.exe(608) -- C:\Program Files\DellTPad\ApMsgFwd.exe[7] -> Killed [TermProc] [Proc.Injected] hidfind.exe(3032) -- C:\Program Files\DellTPad\HidFind.exe[7] -> Killed [TermProc] [Proc.Injected] ApntEx.exe(3852) -- C:\Program Files\DellTPad\Apntex.exe[7] -> Killed [TermProc] [Proc.Injected] sttray.exe(2848) -- C:\Program Files\IDT\WDM\sttray.exe[7] -> Killed [TermProc] [Proc.Injected] AESTFltr.exe(1100) -- C:\WINNT\system32\AESTFltr.exe[7] -> Killed [TermProc] [Proc.Injected] acrotray.exe(3024) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[-] -> Killed [TermProc] [Proc.Injected] sua.exe(2560) -- C:\Program Files\Secunia\PSI\sua.exe[-] -> Killed [TermProc] [Proc.Injected] hpwuschd2.exe(3248) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[-] -> Killed [TermProc] [Proc.Injected] Avira.OE.Systray.exe(3652) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe[-] -> Killed [TermProc] [Proc.Injected] Skype.exe(344) -- C:\Program Files\Skype\Phone\Skype.exe[7] -> Killed [TermProc] [Proc.Injected] GoogleToolbarNotifier.exe(1012) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[7] -> Killed [TermProc] [Proc.Injected] hpqtra08.exe(3948) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[7] -> Killed [TermProc] ¤¤¤ Registry : 12 ¤¤¤ [suspicious.Path] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Windows\CurrentVersion\Run | NeliGmoc : regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz" [7][-] -> Deleted [PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected [PUM.HomePage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://socrates.gm.com -> Not selected [PUM.HomePage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://socrates.gm.com -> Not selected [PUM.HomePage] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main | Start Page : http://socrates.gm.com/ -> Not selected [PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected [PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected [PUM.SearchPage] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected [PUM.SearchPage] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected [PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected [PUM.StartMenu] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Not selected [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\WINNT\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 4 (Driver: Loaded) ¤¤¤ [shwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[549] : Unknown @ 0xadebe09e [shwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[552] : Unknown @ 0xadebe0a3 [iAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtCreateProcessEx : Unknown @ 0x1703ba (push dword 0x10a000f|ret |jmp 0xffffffffff0cd234|call 0x3165) [iAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessagePos : Unknown @ 0x164932 (push dword 0xe0000c|ret |jmp 0xffffffffff3651ec|call 0xfffffffffffff733) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST9160412ASG +++++ --- User --- [MBR] 1f00fa8747ff0e07359ddc681e662ccb [bSP] ee644efff71896e34fc8694eb7d939e5 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_SCN_01072015_220417.log - RKreport_SCN_01112015_145402.log - RKreport_SCN_01172015_185037.log
  10. Enligt order:-) Fortfarande får jag inte möjligeten att köra RK som administratör utan det blir som vanlig användare. 1. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015 Ran by XZMYYV (administrator) on SETHNWNGXA04602 on 11-01-2015 14:49:06 Running from C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop Loaded Profiles: XZMYYV & administrator (Available profiles: XZMYYV & administrator & localadmin) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINNT\system32\smss.exe (Microsoft Corporation) C:\WINNT\system32\csrss.exe (Microsoft Corporation) C:\WINNT\system32\winlogon.exe (Microsoft Corporation) C:\WINNT\system32\services.exe (Microsoft Corporation) C:\WINNT\system32\lsass.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe (HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Microsoft Corporation) C:\WINNT\system32\spoolsv.exe (IDT, Inc.) C:\WINNT\DRIVERS\NOTEBOOKS\Audio\stacsv.exe (Microsoft Corporation) C:\WINNT\system32\scardsvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Kontiki Inc.) C:\Program Files\Kontiki\KService.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (NVIDIA Corporation) C:\WINNT\system32\nvsvc32.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Quest Software) C:\WINNT\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe (Secunia) C:\Program Files\Secunia\PSI\psia.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Microsoft Corporation) C:\WINNT\system32\wdfmgr.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (HP) C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe (Microsoft Corporation) C:\WINNT\system32\wbem\wmiprvse.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\WINNT\system32\alg.exe (Microsoft Corporation) C:\WINNT\system32\wuauclt.exe (Microsoft Corporation) C:\WINNT\explorer.exe (HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe (Microsoft Corporation) C:\WINNT\system32\wscntfy.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Microsoft Corporation) C:\WINNT\system32\rundll32.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Microsoft Corporation) C:\WINNT\system32\rundll32.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Andrea Electronics Corporation) C:\WINNT\system32\AESTFltr.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Incorporated.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrodist.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (WinZip Computing, Inc.) C:\Program Files\WinZip\WZQKPICK.EXE (Microsoft Corporation) C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\WINNT\system32\msiexec.exe (Microsoft Corporation) C:\WINNT\system32\msiexec.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iMJPMIG8.1] => C:\WINNT\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-03] (Microsoft Corporation) HKLM\...\Run: [PHIME2002ASync] => C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation) HKLM\...\Run: [PHIME2002A] => C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [196608 2008-09-02] (Alps Electric Co., Ltd.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] => nwiz.exe /installquiet HKLM\...\Run: [NVHotkey] => rundll32.exe nvHotkey.dll,Start HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [442467 2008-08-25] (IDT, Inc.) HKLM\...\Run: [AESTFltr] => C:\WINNT\system32\AESTFltr.exe [466944 2008-08-25] (Andrea Electronics Corporation) HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.) HKLM\...\Run: [synchronization Manager] => C:\WINNT\system32\mobsync.exe [143360 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Winlogon: [userinit] C:\WINNT\System32\Userinit.exe, HKLM\...\Winlogon: [shell] explorer.exe [x ] () HKLM\...\Winlogon: [uIHost] C:\WINNT\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation) Winlogon\Notify\AtiExtEvent: C:\WINNT\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll (Microsoft Corporation) Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll (Microsoft Corporation) Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll (Microsoft Corporation) Winlogon\Notify\dimsntfy: C:\WINNT\System32\dimsntfy.dll (Microsoft Corporation) Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation) Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation) Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll (Microsoft Corporation) Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll (Microsoft Corporation) Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation) Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation) HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1 HKLM\...\Policies\Explorer: [NoBandCustomize] 0 HKLM\...\Policies\Explorer: [PreXPSP2ShellProtocolBehavior] 0 HKLM\...\Policies\Explorer: [NoPublishingWizard] 1 HKLM\...\Policies\Explorer: [NoWebServices] 1 HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1 HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1 HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-19\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-20\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-23] (Google Inc.) HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [NeliGmoc] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz" HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [ctfmon.exe] => C:\WINNT\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [lifiwnq] => rundll32 ",lifiwnq HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Home] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Fullscreen] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Tools] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Print] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Edit] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Cut] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Copy] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Paste] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Encoding] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Run: [CTFMON.EXE] => C:\WINNT\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Home] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Fullscreen] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Tools] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Print] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Edit] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Cut] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Copy] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Paste] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Encoding] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: F - F:\LaunchU3.exe -a HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {0908d747-9de1-11dc-a3d3-9b55eee4b565} - F:\LaunchU3.exe -a HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {09919e39-0abb-11dc-bd6b-d1b38b4c2a32} - F:\wd_windows_tools\setup.exe HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {3dcbaf14-0a11-11dc-9ab8-e92d850bdf2b} - F:\wd_windows_tools\setup.exe HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {486f3bf8-09f7-11dc-b2c9-b590483e6432} - F:\wd_windows_tools\setup.exe HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {bc33e1f0-0982-11dc-b647-b883c76da250} - F:\wd_windows_tools\setup.exe HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {da2857a8-1068-11dc-ab84-f5d2d6fc9f35} - F:\wd_windows_tools\setup.exe HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {fbbe4110-15f4-11dc-a66b-b8f89be89c32} - F:\wd_windows_tools\setup.exe HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINNT\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-23] (Google Inc.) HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [435096 2008-11-04] (Microsoft Corporation) HKU\S-1-5-18\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-18\...\Policies\Explorer: [btn_Home] 0 HKU\S-1-5-18\...\Policies\Explorer: [btn_Fullscreen] 0 HKU\S-1-5-18\...\Policies\Explorer: [btn_Tools] 0 HKU\S-1-5-18\...\Policies\Explorer: [btn_Print] 0 HKU\S-1-5-18\...\Policies\Explorer: [btn_Edit] 0 HKU\S-1-5-18\...\Policies\Explorer: [btn_Cut] 0 HKU\S-1-5-18\...\Policies\Explorer: [btn_Copy] 0 HKU\S-1-5-18\...\Policies\Explorer: [btn_Paste] 0 HKU\S-1-5-18\...\Policies\Explorer: [btn_Encoding] 0 Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [.DEFAULT] => http://saabproxy.saab.com/accelerated_pac_base.pac AutoConfigURL: [s-1-5-19] => http://autoproxy.gm.com AutoConfigURL: [s-1-5-20] => http://autoproxy.gm.com AutoConfigURL: [s-1-5-21-2086223142-3201976994-1658009677-500] => http://pviapc.rsh.europe.gm.com/gmeproxy.pac HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com/ HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2086223142-3201976994-1658009677-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Länkhjälp till Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: PDFXChange 4.0 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-2086223142-3201976994-1658009677-4238 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mygmgw.gm.com/http://sethnma03.eur.corp.gm.com/iNotes6W.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation) Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation) Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation) Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation) Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation) ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8462336 2011-01-21] (Microsoft Corporation) Winsock: Catalog5 01 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog5 02 C:\WINNT\system32\winrnr.dll [16896] (Microsoft Corporation) Winsock: Catalog5 03 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Winsock: Catalog9 01 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 02 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 03 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 04 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 05 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 06 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 07 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 08 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 09 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 10 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 11 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 12 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 13 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 14 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 15 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 16 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 17 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 18 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 19 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 20 C:\WINNT\system32\rsvpsp.dll [92672] (Microsoft Corporation) Winsock: Catalog9 21 C:\WINNT\system32\rsvpsp.dll [92672] (Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINNT\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF StartMenuInternet: FIREFOX.EXE - C:\firefox\FirefoxPortable\App\Firefox\firefox.exe Chrome: ======= CHR Profile: C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-23] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-12] CHR Extension: (Skype Click to Call) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-23] CHR Extension: (Google Wallet) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) R3 ALG; C:\WINNT\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation) S4 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation) S2 Ati HotKey Poller; C:\WINNT\system32\Ati2evxx.exe [344064 2005-01-20] (ATI Technologies Inc.) R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S3 BITS; C:\WINNT\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] S4 Browser; C:\WINNT\System32\browser.dll [77824 2008-04-14] (Microsoft Corporation) S3 CiSvc; C:\WINNT\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) S3 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) S4 clr_optimization_v2.0.50727_32; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation) S2 clr_optimization_v4.0.30319_32; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation) S3 COMSysApp; C:\WINNT\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) R2 CryptSvc; C:\WINNT\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) R2 dmserver; C:\WINNT\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) R2 Dot3svc; C:\WINNT\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) R2 EapHost; C:\WINNT\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) R2 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) R3 EventSystem; C:\WINNT\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) S4 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) S4 Fax; C:\WINNT\system32\fxssvc.exe [267776 2008-04-14] (Microsoft Corporation) R2 FlexClient; C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe [1421312 2011-10-26] (HP) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-06-21] (Macrovision Europe Ltd.) [File not signed] R2 FlxNotifier; C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe [212992 2011-03-21] (HP) [File not signed] R2 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) R2 HidServ; C:\WINNT\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation) S3 hkmsvc; C:\WINNT\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed] S4 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) S3 ImapiService; C:\WINNT\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) R2 KService; C:\Program Files\Kontiki\KService.exe [4873768 2010-07-28] (Kontiki Inc.) R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) S4 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed] S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) S3 mnmsrvc; C:\WINNT\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) S3 MSDTC; C:\WINNT\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) R3 MSIServer; C:\WINNT\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) S3 napagent; C:\WINNT\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) R2 Net Driver HPZ12; C:\WINNT\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] S4 NetDDE; C:\WINNT\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) S4 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) R2 Netlogon; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) R3 Netman; C:\WINNT\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) S3 NtLmSsp; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) S3 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) R2 NVSvc; C:\WINNT\system32\nvsvc32.exe [159812 2008-08-25] (NVIDIA Corporation) R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\WINNT\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 PolicyAgent; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) R2 QsRUMAgent; C:\WINNT\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [200704 2011-02-04] (Quest Software) [File not signed] S4 RasAuto; C:\WINNT\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) R3 RasMan; C:\WINNT\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) R2 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) S3 RpcLocator; C:\WINNT\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) R2 RpcSs; C:\WINNT\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) S3 RSVP; C:\WINNT\system32\rsvp.exe [132608 2001-08-23] (Microsoft Corporation) R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) R2 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) R2 Schedule; C:\WINNT\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia) R2 SENS; C:\WINNT\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) R2 Spooler; C:\WINNT\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) R2 srservice; C:\WINNT\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) S4 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) R2 STacSV; c:\winnt\drivers\notebooks\audio\stacsv.exe [221273 2008-08-25] (IDT, Inc.) R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) S3 SwPrv; C:\WINNT\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) S4 Themes; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) S3 TlntSvr; C:\WINNT\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation) S4 TrkWks; C:\WINNT\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) R2 UMWdf; C:\WINNT\system32\wdfmgr.exe [38912 2005-01-28] (Microsoft Corporation) S3 upnphost; C:\WINNT\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) S3 UPS; C:\WINNT\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) R2 W32Time; C:\WINNT\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) S4 WebClient; C:\WINNT\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) S3 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [25088 2005-01-28] (Microsoft Corporation) S3 Wmi; C:\WINNT\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) S3 WmiApSrv; C:\WINNT\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) R3 WPFFontCache_v0400; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [753504 2010-03-18] (Microsoft Corporation) R2 wscsvc; C:\WINNT\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) R2 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) S3 xmlprov; C:\WINNT\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) S2 COSIDS_TB; "C:\Program Files\cosids\bin\tbmux32.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) R0 ACPIEC; C:\WINNT\System32\DRIVERS\ACPIEC.sys [11648 2001-08-23] (Microsoft Corporation) S3 aeaudio; C:\WINNT\System32\drivers\aeaudio.sys [127744 2004-11-08] (Andrea Electronics Corporation) [File not signed] S3 aec; C:\WINNT\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) R3 AESTAud; C:\WINNT\System32\drivers\AESTAud.sys [108160 2008-08-25] (Andrea Electronics Corporation) R1 AFD; C:\WINNT\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) R0 AliIde; C:\WINNT\System32\DRIVERS\aliide.sys [5248 2001-08-17] (Acer Laboratories Inc.) R3 ApfiltrService; C:\WINNT\System32\DRIVERS\Apfiltr.sys [170032 2008-09-02] (Alps Electric Co., Ltd.) R3 Arp1394; C:\WINNT\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation) S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) S3 ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [965632 2005-01-20] (ATI Technologies Inc.) S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) R2 avgntflt; C:\WINNT\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINNT\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINNT\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG) S3 b57w2k; C:\WINNT\System32\DRIVERS\b57xp32.sys [190592 2004-11-16] (Broadcom Corporation) R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2001-08-23] (Microsoft Corporation) S3 Bridge; C:\WINNT\System32\DRIVERS\bridge.sys [71552 2008-04-13] (Microsoft Corporation) S3 BridgeMP; C:\WINNT\System32\DRIVERS\bridge.sys [71552 2008-04-13] (Microsoft Corporation) S3 BTWUSB; C:\WINNT\System32\Drivers\btwusb.sys [55320 2004-11-04] (Broadcom Corporation.) [File not signed] S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2001-08-23] (Microsoft Corporation) S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2001-08-23] (Microsoft Corporation) R4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) R3 CmBatt; C:\WINNT\System32\DRIVERS\CmBatt.sys [13952 2008-04-13] (Microsoft Corporation) R0 Compbatt; C:\WINNT\System32\DRIVERS\compbatt.sys [10240 2008-04-13] (Microsoft Corporation) R0 Cpqarray; C:\WINNT\System32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation) R3 cvusbdrv; C:\WINNT\System32\Drivers\cvusbdrv.sys [32808 2008-09-02] (Broadcom Corporation) R0 dac960nt; C:\WINNT\System32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation) R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) R0 dmio; C:\WINNT\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) R0 dmload; C:\WINNT\System32\drivers\dmload.sys [5888 2001-08-23] (Microsoft Corp., Veritas Software.) S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) R3 e1yexpress; C:\WINNT\System32\DRIVERS\e1y5132.sys [244368 2008-08-25] (Intel Corporation) R3 Eacfilt; C:\WINNT\System32\DRIVERS\eacfilt.sys [24521 2005-09-06] (Nortel Networks) [File not signed] S4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) S3 Fdc; C:\WINNT\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation) R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) S3 Flpydisk; C:\WINNT\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) R0 FltMgr; C:\WINNT\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2001-08-23] (Microsoft Corporation) R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2001-08-23] (Microsoft Corporation) R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) S3 GTIPCI21; C:\WINNT\System32\DRIVERS\gtipci21.sys [80384 2004-05-03] (Texas Instruments) R3 HDAudBus; C:\WINNT\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) R3 HECI; C:\WINNT\System32\DRIVERS\HECI.sys [40832 2008-06-19] (Intel Corporation) R3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) S3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) S3 ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [776349 2004-12-21] (Intel Corporation) [File not signed] R0 iaStor; C:\WINNT\System32\DRIVERS\iaStor.sys [318488 2008-09-02] (Intel Corporation) S3 IFXTPM; C:\WINNT\System32\DRIVERS\IFXTPM.SYS [32640 2004-09-02] (Infineon Technologies AG) R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation) R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) S3 Ip6Fw; C:\WINNT\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2001-08-23] (Microsoft Corporation) S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) S3 IPSECEXT; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155184 2005-09-06] (Nortel Networks NA, Inc.) [File not signed] R3 IPSECSHM; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155184 2005-09-06] (Nortel Networks NA, Inc.) [File not signed] S3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) R1 kbdhid; C:\WINNT\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) R3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2001-08-23] (Microsoft Corporation) S3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) R3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) S3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation) S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) R0 msvmscsi; C:\WINNT\System32\DRIVERS\msvmscsi.sys [16112 2004-07-14] (Microsoft Corporation) R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [40960 2010-11-02] (Microsoft Corporation) R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) R3 NETw5x32; C:\WINNT\System32\DRIVERS\NETw5x32.sys [4203392 2009-05-28] (Intel Corporation) R3 NIC1394; C:\WINNT\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation) R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2001-08-23] (Microsoft Corporation) R3 nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [6591872 2008-08-25] (NVIDIA Corporation) S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2001-08-23] (Microsoft Corporation) S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2001-08-23] (Microsoft Corporation) R0 ohci1394; C:\WINNT\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation) S3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) S4 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2001-08-23] (Microsoft Corporation) R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) R0 PCIIde; C:\WINNT\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) R0 Pcmcia; C:\WINNT\System32\DRIVERS\pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) R3 PSched; C:\WINNT\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) S3 PSI; C:\WINNT\System32\DRIVERS\psi_mf_x86.sys [16024 2014-11-28] (Secunia) R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2001-08-23] (Parallel Technologies, Inc.) R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2001-08-23] (Microsoft Corporation) S3 Rasirda; C:\WINNT\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2001-08-23] (Microsoft Corporation) R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2001-08-23] (Microsoft Corporation) R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation) R3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139656 2011-06-24] (Microsoft Corporation) R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) R2 rimmptsk; C:\WINNT\System32\DRIVERS\rimmptsk.sys [39936 2008-09-02] (REDC) R3 sdbus; C:\WINNT\System32\DRIVERS\sdbus.sys [79232 2008-04-13] (Microsoft Corporation) S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) R3 seehcri; C:\WINNT\System32\DRIVERS\seehcri.sys [27632 2011-01-18] (Sony Ericsson Mobile Communications) R3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) R1 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) S3 sffdisk; C:\WINNT\System32\DRIVERS\sffdisk.sys [11904 2008-04-13] (Microsoft Corporation) S3 sffp_sd; C:\WINNT\System32\DRIVERS\sffp_sd.sys [11008 2008-04-13] (Microsoft Corporation) S3 Sfloppy; C:\WINNT\System32\DRIVERS\sfloppy.sys [11392 2008-04-13] (Microsoft Corporation) S3 SMCIRDA; C:\WINNT\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC) R3 smsmdd; C:\WINNT\System32\DRIVERS\smsmdm.sys [12448 2008-10-20] (Microsoft Corporation) S3 smwdm; C:\WINNT\System32\drivers\smwdm.sys [259840 2004-10-13] (Analog Devices, Inc.) [File not signed] R0 Sparrow; C:\WINNT\System32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.) S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) R1 ssmdrv; C:\WINNT\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH) R3 STHDA; C:\WINNT\System32\drivers\sthda.sys [1381914 2008-08-25] (IDT, Inc.) S3 StillCam; C:\WINNT\System32\DRIVERS\serscan.sys [6784 2001-08-17] (Microsoft Corporation) R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) R0 Symmpi; C:\WINNT\System32\DRIVERS\symmpi.sys [103552 2007-04-19] (LSI Logic) R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) R3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) S3 tifm21; C:\WINNT\System32\drivers\tifm21.sys [157056 2005-02-11] (Texas Instruments) U3 TrueSight; C:\WINNT\system32\drivers\TrueSight.sys [35064 2015-01-07] () S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation) R3 Update; C:\WINNT\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) R3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [32128 2008-04-13] (Microsoft Corporation) R3 USBCCID; C:\WINNT\System32\DRIVERS\usbccid.sys [28672 2008-09-02] (Microsoft Corporation) R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [30208 2008-04-13] (Microsoft Corporation) R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation) S3 usbprint; C:\WINNT\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) S3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [15104 2008-04-13] (Microsoft Corporation) S3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) S3 USB_RNDIS; C:\WINNT\System32\DRIVERS\usb8023.sys [12800 2008-04-13] (Microsoft Corporation) S3 usb_rndisx; C:\WINNT\System32\DRIVERS\usb8023x.sys [12800 2008-04-13] (Microsoft Corporation) R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) R0 ViaIde; C:\WINNT\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation) R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) S3 w29n51; C:\WINNT\System32\DRIVERS\w29n51.sys [3210496 2004-10-19] (Intel® Corporation) [File not signed] R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) R3 Wdf01000; C:\WINNT\System32\DRIVERS\Wdf01000.sys [503144 2008-01-19] (Microsoft Corporation) R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) R1 WmiAcpi; C:\WINNT\System32\DRIVERS\wmiacpi.sys [8832 2008-04-13] (Microsoft Corporation) S3 WpdUsb; C:\WINNT\System32\Drivers\wpdusb.sys [18944 2005-01-28] (Microsoft Corporation) R1 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2001-08-23] (Microsoft Corporation) S3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X] U5 ScsiPort; C:\WINNT\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U.%99M%20 T8267; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-11 14:49 - 2015-01-11 14:49 - 00050392 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\FRST.txt 2015-01-11 14:43 - 2015-01-11 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NeliGmoc 2015-01-11 14:42 - 2015-01-11 14:42 - 15340120 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\RogueKiller.exe 2015-01-11 14:04 - 2015-01-11 14:04 - 00000636 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\backup.txt 2015-01-07 21:55 - 2015-01-07 22:01 - 00035064 _____ () C:\WINNT\system32\Drivers\TrueSight.sys 2015-01-03 22:08 - 2015-01-03 22:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller 2015-01-02 23:01 - 2015-01-11 14:49 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\temp 2015-01-02 23:01 - 2015-01-02 23:01 - 00020503 _____ () C:\ComboFix.txt 2015-01-02 23:01 - 2015-01-02 23:01 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp 2015-01-02 23:01 - 2015-01-02 23:01 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp 2015-01-02 23:01 - 2015-01-02 23:01 - 00000000 ____D () C:\Documents and Settings\administrator.corpsaabcom\Local Settings\temp 2015-01-02 22:38 - 2015-01-02 22:38 - 00000000 _RSHD () C:\cmdcons 2015-01-02 22:25 - 2015-01-02 22:25 - 00090112 _____ () C:\WINNT\Minidump\Mini010215-01.dmp 2015-01-01 20:04 - 2015-01-01 20:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2014-12-31 10:24 - 2015-01-02 22:25 - 00000000 ____D () C:\WINNT\Minidump 2014-12-31 10:24 - 2014-12-31 10:24 - 00090112 _____ () C:\WINNT\Minidump\Mini123114-01.dmp 2014-12-31 01:23 - 2014-12-31 01:23 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Apple Computer 2014-12-31 01:17 - 2015-01-07 21:35 - 00406118 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2014-12-31 01:17 - 2015-01-07 21:35 - 00406118 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2086223142-3201976994-1658009677-4238-0.dat 2014-12-31 01:04 - 2015-01-02 22:22 - 00000323 _____ () C:\Boot.bak 2014-12-31 01:04 - 2004-08-03 23:00 - 00260784 __RSH () C:\cmldr 2014-12-31 01:02 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINNT\NIRCMD.exe 2014-12-31 00:55 - 2011-06-26 07:45 - 00256000 _____ () C:\WINNT\PEV.exe 2014-12-31 00:55 - 2010-11-07 18:20 - 00208896 _____ () C:\WINNT\MBR.exe 2014-12-31 00:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINNT\SWREG.exe 2014-12-31 00:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINNT\SWSC.exe 2014-12-31 00:55 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINNT\SWXCACLS.exe 2014-12-31 00:55 - 2000-08-31 01:00 - 00098816 _____ () C:\WINNT\sed.exe 2014-12-31 00:55 - 2000-08-31 01:00 - 00080412 _____ () C:\WINNT\grep.exe 2014-12-31 00:55 - 2000-08-31 01:00 - 00068096 _____ () C:\WINNT\zip.exe 2014-12-31 00:54 - 2015-01-02 23:01 - 00000000 ____D () C:\Qoobox 2014-12-31 00:52 - 2015-01-02 22:19 - 05605575 ____R (Swearware) C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\ComboFix.exe 2014-12-31 00:51 - 2015-01-01 19:55 - 00000000 ____D () C:\WINNT\erdnt 2014-12-31 00:24 - 2015-01-09 03:05 - 00032368 _____ () C:\WINNT\SchedLgU.Txt 2014-12-31 00:24 - 2015-01-02 17:34 - 00000284 _____ () C:\WINNT\Tasks\AppleSoftwareUpdate.job 2014-12-31 00:24 - 2014-12-31 00:24 - 00001826 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk 2014-12-31 00:24 - 2014-12-31 00:24 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-12-31 00:24 - 2014-12-31 00:24 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Apple Computer 2014-12-31 00:17 - 2015-01-11 14:08 - 00013030 _____ () C:\WINNT\SecuniaPackage.log 2014-12-31 00:17 - 2014-12-31 00:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe 2014-12-31 00:17 - 2014-12-31 00:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Macromedia 2014-12-31 00:17 - 2014-12-31 00:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Adobe 2014-12-31 00:17 - 2014-12-31 00:17 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\Macromedia 2014-12-31 00:01 - 2014-12-31 18:48 - 00000716 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk 2014-12-31 00:01 - 2014-12-31 00:01 - 00000000 ____D () C:\Program Files\Secunia 2014-12-31 00:01 - 2014-12-31 00:01 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Secunia PSI 2014-12-29 17:59 - 2014-12-29 18:10 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk 2014-12-29 17:49 - 2014-12-29 18:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache 2014-12-29 17:49 - 2014-12-29 17:49 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Avira 2014-12-29 17:48 - 2014-12-29 18:10 - 00000000 ____D () C:\Program Files\Avira 2014-12-29 17:48 - 2014-12-29 18:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira 2014-12-29 17:48 - 2014-12-29 17:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira 2014-12-29 17:48 - 2014-12-29 17:48 - 00001707 _____ () C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk 2014-12-29 17:48 - 2014-11-24 10:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINNT\system32\Drivers\avipbb.sys 2014-12-29 17:48 - 2014-11-24 10:23 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\WINNT\system32\Drivers\avgntflt.sys 2014-12-29 17:48 - 2014-11-24 10:23 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINNT\system32\Drivers\avkmgr.sys 2014-12-29 17:48 - 2014-11-24 10:23 - 00028520 _____ (Avira GmbH) C:\WINNT\system32\Drivers\ssmdrv.sys 2014-12-28 10:59 - 2014-12-28 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\gug 2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\xzmyyv\Local Settings\Application Data\how_decrypt.html 2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\how_decrypt.html 2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\SYSTEM\how_decrypt.html 2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\si_flexmanage_corp\how_decrypt.html 2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\how_decrypt.html 2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\Installation\My Documents\how_decrypt.html 2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\Installation\Local Settings\Application Data\how_decrypt.html 2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\Installation\how_decrypt.html 2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\All Users\Application Data\how_decrypt.html 2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\how_decrypt.html 2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\Administrator\how_decrypt.html 2014-12-28 10:38 - 2015-01-03 21:55 - 00000491 _____ () C:\WINNT\ars.ffx 2014-12-28 10:35 - 2015-01-03 21:49 - 00000868 _____ () C:\WINNT\intpcii.dtr 2014-12-27 19:47 - 2014-12-27 19:47 - 00000000 ____D () C:\Program Files\ESET 2014-12-27 19:38 - 2015-01-11 14:49 - 00000000 ____D () C:\FRST 2014-12-27 19:37 - 2015-01-07 21:48 - 01115648 _____ (Farbar) C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\FRST.exe 2014-12-27 16:41 - 2014-12-28 10:43 - 00000000 ____D () C:\AdwCleaner 2014-12-27 16:38 - 2014-12-27 16:38 - 02173952 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\adwcleaner_4.106.exe 2014-12-27 16:31 - 2014-12-27 16:31 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Deployment 2014-12-27 14:31 - 2014-12-27 14:38 - 00748775 _____ () C:\Documents and Settings\All Users\Application Data\rfppkti.html ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-11 14:48 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\Temp 2015-01-11 14:47 - 2014-11-13 17:22 - 00000978 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore1cfff5ec5c1eea.job 2015-01-11 14:47 - 2014-10-24 03:29 - 00000978 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore1cfef324d5c7c46.job 2015-01-11 14:47 - 2014-06-25 18:12 - 00000978 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore1cf9098a814ed6a.job 2015-01-11 14:47 - 2010-06-21 21:54 - 00189541 _____ () C:\WINNT\system32\nvapps.xml 2015-01-11 14:47 - 2010-06-21 15:58 - 00179694 _____ () C:\WINNT\system32\nvModes.001 2015-01-11 14:46 - 2005-06-20 16:39 - 01571859 _____ () C:\WINNT\WindowsUpdate.log 2015-01-11 14:45 - 2011-10-12 09:31 - 00000159 _____ () C:\WINNT\wiadebug.log 2015-01-11 14:45 - 2011-10-12 09:31 - 00000050 _____ () C:\WINNT\wiaservc.log 2015-01-11 14:45 - 2010-06-22 08:53 - 00000000 __SHD () C:\WINNT\CSC 2015-01-11 14:45 - 2005-06-20 16:48 - 00000006 ____H () C:\WINNT\Tasks\SA.DAT 2015-01-11 14:05 - 2013-09-02 19:48 - 00000826 _____ () C:\WINNT\Tasks\Adobe Flash Player Updater.job 2015-01-11 13:39 - 2013-10-19 21:18 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Skype 2015-01-11 13:38 - 2001-08-23 03:00 - 00002206 _____ () C:\WINNT\system32\wpa.dbl 2015-01-07 21:55 - 2011-06-27 09:44 - 00000178 ___SH () C:\Documents and Settings\administrator.corpsaabcom\ntuser.ini 2015-01-07 21:55 - 2011-06-27 09:44 - 00000000 ____D () C:\Documents and Settings\administrator.corpsaabcom 2015-01-07 21:54 - 2005-06-20 16:36 - 00000000 ____D () C:\WINNT\Registration 2015-01-07 21:45 - 2008-04-30 19:23 - 00000000 ____D () C:\WINNT\system32\NtmsData 2015-01-07 21:35 - 2012-03-05 22:53 - 00000178 ___SH () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\ntuser.ini 2015-01-07 21:35 - 2012-03-05 22:53 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061 2015-01-04 09:27 - 2010-06-21 15:58 - 00179694 _____ () C:\WINNT\system32\nvModes.dat 2015-01-03 21:55 - 2008-12-18 23:00 - 00000000 ____D () C:\WINNT 2015-01-03 01:30 - 2005-06-20 16:47 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2015-01-02 23:54 - 2007-05-11 19:49 - 00000664 _____ () C:\WINNT\system32\d3d9caps.dat 2015-01-02 22:55 - 2001-08-23 03:00 - 00000227 _____ () C:\WINNT\system.ini 2015-01-02 22:38 - 2005-06-20 12:25 - 00000323 __RSH () C:\boot.ini 2015-01-01 20:04 - 2011-02-08 10:09 - 00000000 ____D () C:\Program Files\QuickTime 2014-12-31 18:48 - 2011-10-21 12:26 - 00164927 _____ () C:\WINNT\setupapi.log 2014-12-31 10:20 - 2014-07-08 16:42 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\Unused Desktop Shortcuts 2014-12-31 01:26 - 2012-06-21 21:45 - 00007973 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log 2014-12-31 01:10 - 2012-03-05 22:56 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Adobe 2014-12-31 00:17 - 2011-01-19 08:50 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-12-31 00:15 - 2010-06-21 16:42 - 00000000 ____D () C:\WINNT\system32\Adobe 2014-12-30 23:32 - 2012-06-21 21:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP 2014-12-30 23:29 - 2011-07-25 06:30 - 00000000 ____D () C:\Program Files\HP 2014-12-29 21:13 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\repair 2014-12-29 18:02 - 2007-05-14 16:44 - 00000000 ____D () C:\WINNT\Microsoft.NET 2014-12-29 17:58 - 2005-06-20 12:29 - 00534912 _____ () C:\WINNT\system32\PerfStringBackup.INI 2014-12-29 17:56 - 2007-12-06 22:44 - 00000000 ____D () C:\Program Files\Microsoft.NET 2014-12-29 17:47 - 2014-01-08 19:16 - 00001945 _____ () C:\WINNT\epplauncher.mif 2014-12-28 21:26 - 2010-06-21 16:01 - 00000000 ____D () C:\Documents and Settings\Installation\Local Settings\Temp 2014-12-28 21:26 - 2005-06-20 17:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp 2014-12-28 21:18 - 2011-07-25 06:30 - 00000000 ____D () C:\Documents and Settings\si_flexmanage_corp\Local Settings\Temp 2014-12-28 21:18 - 2005-06-21 15:15 - 00000000 ___HD () C:\WINNT\system32\GroupPolicy 2014-12-28 21:11 - 2012-06-21 22:13 - 00099800 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-12-28 10:55 - 2010-10-26 09:02 - 00000000 ____D () C:\STM 2014-12-28 10:51 - 2012-04-06 16:55 - 00000000 __SHD () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\PrivacIE 2014-12-28 10:45 - 2014-01-08 19:21 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache 2014-12-28 10:45 - 2012-09-09 20:21 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\HpUpdate 2014-12-28 10:45 - 2012-06-16 10:45 - 00000000 __SHD () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\IECompatCache 2014-12-28 10:45 - 2012-03-05 17:10 - 00000000 ____D () C:\Documents and Settings\xzmyyv\Local Settings\Application Data\Htc 2014-12-28 10:45 - 2012-03-05 17:08 - 00000000 __SHD () C:\Documents and Settings\xzmyyv\IETldCache 2014-12-28 10:45 - 2011-07-25 06:28 - 00000000 ___SD () C:\Documents and Settings\si_flexmanage_corp\UserData 2014-12-28 10:45 - 2011-07-25 06:28 - 00000000 ____D () C:\Documents and Settings\si_flexmanage_corp 2014-12-28 10:45 - 2011-06-22 08:28 - 00018991 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\CPLOCAL.tmp 2014-12-28 10:45 - 2010-06-28 11:28 - 00100312 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-12-28 10:45 - 2010-06-22 09:56 - 00000000 ____D () C:\Documents and Settings\SYSTEM 2014-12-28 10:45 - 2010-06-21 16:56 - 00040807 _____ () C:\Documents and Settings\Installation\My Documents\lotusinstall.log 2014-12-28 10:45 - 2010-06-21 16:01 - 00000000 ___SD () C:\Documents and Settings\Installation\UserData 2014-12-28 10:45 - 2010-06-21 16:01 - 00000000 ____D () C:\Documents and Settings\Installation 2014-12-28 10:45 - 2007-12-06 22:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-12-28 10:45 - 2005-06-20 16:39 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM 2014-12-28 10:44 - 2014-05-12 18:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A 2014-12-28 10:44 - 2014-05-07 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\jzirf0qmf.cpp 2014-12-28 10:44 - 2012-01-12 12:49 - 00000000 __SHD () C:\Documents and Settings\administrator.corpsaabcom\IETldCache 2014-12-28 10:44 - 2011-06-27 09:44 - 00000000 ___SD () C:\Documents and Settings\administrator.corpsaabcom\UserData 2014-12-28 10:44 - 2010-08-31 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kontiki 2014-12-28 10:44 - 2010-06-21 16:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee 2014-12-28 10:44 - 2005-06-21 14:17 - 00000000 ___SD () C:\Documents and Settings\Administrator\UserData 2014-12-28 10:44 - 2005-06-20 17:27 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-12-27 22:48 - 2011-01-26 10:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PDF-XChange 4 Pro 2014-12-27 19:13 - 2005-06-20 12:25 - 00001024 ____H () C:\WINNT\system32\config\userdiff.LOG 2014-12-27 16:28 - 2010-07-01 07:54 - 00000000 ____D () C:\Program Files\Google 2014-12-27 16:09 - 2012-03-05 17:09 - 00000000 ____D () C:\Documents and Settings\xzmyyv\Local Settings\Temp 2014-12-27 16:03 - 2013-09-02 19:48 - 00701616 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerApp.exe 2014-12-27 16:03 - 2013-09-02 19:48 - 00071344 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerCPLApp.cpl 2014-12-27 16:02 - 2014-08-17 17:30 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Adobe 2014-12-27 14:37 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\system32\ias 2014-12-27 14:36 - 2007-05-29 03:17 - 00000000 ____D () C:\WINNT\SHELLNEW 2014-12-27 14:35 - 2011-06-22 13:18 - 00000000 ____D () C:\WINNT\Quest Resource Updating Agent 2014-12-27 14:35 - 2005-06-20 17:46 - 00000000 ____D () C:\Program Files\WinZip 2014-12-27 14:34 - 2011-10-12 07:12 - 00000000 ____D () C:\Program Files\Advanced SystemCare 4 2014-12-27 14:34 - 2010-06-22 09:34 - 00000000 ____D () C:\Program Files\Windows Imaging 2014-12-27 14:34 - 2007-05-14 19:51 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-12-27 14:34 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\mui 2014-12-27 14:33 - 2010-06-21 16:07 - 00000000 __HDC () C:\WINNT\$NtServicePackUninstall$ 2014-12-27 14:32 - 2013-10-19 21:18 - 00000000 ___RD () C:\Program Files\Skype 2014-12-27 14:32 - 2010-06-22 08:41 - 00000000 ____D () C:\Program Files\VPN Client 2014-12-27 14:32 - 2007-05-29 03:19 - 00000000 ____D () C:\Program Files\Snapshot Viewer 2014-12-27 14:31 - 2011-06-17 11:11 - 00000000 ____D () C:\Program Files\MaximoSilentPrint 2014-12-27 14:31 - 2010-06-28 11:15 - 00000000 ____D () C:\Program Files\PC Information 2014-12-27 14:31 - 2007-12-18 22:36 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2 2014-12-27 14:31 - 2005-06-20 16:37 - 00000000 ____D () C:\Program Files\Outlook Express 2014-12-27 14:27 - 2013-10-19 21:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype 2014-12-27 14:24 - 2001-08-23 03:00 - 00000710 _____ () C:\WINNT\win.ini Some content of TEMP: ==================== C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\temp\avgnt.exe C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\temp\dllnt_dump.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINNT\explorer.exe => File is digitally signed C:\WINNT\system32\winlogon.exe => File is digitally signed C:\WINNT\system32\svchost.exe => File is digitally signed C:\WINNT\system32\services.exe => File is digitally signed C:\WINNT\system32\User32.dll => File is digitally signed C:\WINNT\system32\userinit.exe => File is digitally signed C:\WINNT\system32\rpcss.dll => File is digitally signed C:\WINNT\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ 2. RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : XZMYYV [Administrator] Mode : Scan -- Date : 01/11/2015 14:54:03 ¤¤¤ Processes : 40 ¤¤¤ [Proc.Injected] FlxNotifier.exe(388) -- C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe[-] -> Killed [TermProc] [Proc.Injected] FlxApUpd.exe(484) -- C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe[-] -> Killed [TermProc] [Proc.Injected] spoolsv.exe(1324) -- C:\WINNT\system32\spoolsv.exe[x] -> [NoKill] [Proc.Injected] stacsv.exe(1360) -- c:\winnt\drivers\notebooks\audio\stacsv.exe[7] -> Killed [TermProc] [Proc.Injected] scardsvr.exe(1512) -- C:\WINNT\System32\SCardSvr.exe[7] -> Killed [TermProc] [Proc.Injected] mDNSResponder.exe(740) -- C:\Program Files\Bonjour\mDNSResponder.exe[-] -> Killed [TermProc] [Proc.Injected] GoogleUpdate.exe(1224) -- C:\Program Files\Google\Update\GoogleUpdate.exe[-] -> Killed [TermProc] [Proc.Injected] KService.exe(1388) -- C:\Program Files\Kontiki\KService.exe[-] -> Killed [TermProc] [Proc.Injected] nvsvc32.exe(212) -- C:\WINNT\system32\nvsvc32.exe[7] -> Killed [TermProc] [Proc.Injected] QsResourceUpdatingAgent.exe(636) -- C:\WINNT\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe[-] -> Killed [TermProc] [Proc.Injected] psia.exe(684) -- C:\Program Files\Secunia\PSI\PSIA.exe[-] -> Killed [TermProc] [Proc.Injected] sua.exe(2108) -- C:\Program Files\Secunia\PSI\sua.exe[-] -> Killed [TermProc] [Proc.Injected] wdfmgr.exe(3052) -- C:\WINNT\system32\wdfmgr.exe[7] -> Killed [TermProc] [Proc.Injected] Avira.OE.ServiceHost.exe(3112) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe[-] -> Killed [TermProc] [Proc.Injected] FlexClient.exe(3176) -- C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe[-] -> Killed [TermProc] [Proc.Injected] wmiprvse.exe(4036) -- C:\WINNT\system32\wbem\wmiprvse.exe[7] -> Killed [TermProc] [Proc.Injected] alg.exe(2332) -- C:\WINNT\System32\alg.exe[x] -> [NoKill] [Proc.Injected] wuauclt.exe(2868) -- C:\WINNT\system32\wuauclt.exe[7] -> Killed [TermProc] [Proc.Injected] explorer.exe(2212) -- C:\WINNT\Explorer.EXE[7] -> Killed [TermProc] [Proc.Injected] FlxApUpd.exe(2244) -- C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe[-] -> Killed [TermProc] [Proc.Injected] wscntfy.exe(2532) -- C:\WINNT\system32\wscntfy.exe[7] -> Killed [TermProc] [Proc.Injected] Apoint.exe(1304) -- C:\Program Files\DellTPad\Apoint.exe[7] -> Killed [TermProc] [Proc.Injected] ApMsgFwd.exe(3620) -- C:\Program Files\DellTPad\ApMsgFwd.exe[7] -> Killed [TermProc] [Proc.Injected] hidfind.exe(1620) -- C:\Program Files\DellTPad\HidFind.exe[7] -> Killed [TermProc] [Proc.Injected] rundll32.exe(2956) -- C:\WINNT\system32\rundll32.exe[7] -> Killed [TermProc] [Proc.Injected] ApntEx.exe(2972) -- C:\Program Files\DellTPad\Apntex.exe[7] -> Killed [TermProc] [Proc.Injected] rundll32.exe(664) -- C:\WINNT\system32\RunDLL32.exe[7] -> Killed [TermProc] [Proc.Injected] sttray.exe(2356) -- C:\Program Files\IDT\WDM\sttray.exe[7] -> Killed [TermProc] [Proc.Injected] AESTFltr.exe(2660) -- C:\WINNT\system32\AESTFltr.exe[7] -> Killed [TermProc] [Proc.Injected] acrotray.exe(2832) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[-] -> Killed [TermProc] [Proc.Injected] acrodist.exe(3216) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe[-] -> Killed [TermProc] [Proc.Injected] hpwuschd2.exe(3296) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[-] -> Killed [TermProc] [Proc.Injected] AdobeARM.exe(3780) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[7] -> Killed [TermProc] [Proc.Injected] Avira.OE.Systray.exe(3800) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe[-] -> Killed [TermProc] [Proc.Injected] Skype.exe(2708) -- C:\Program Files\Skype\Phone\Skype.exe[7] -> Killed [TermProc] [Proc.Injected] GoogleToolbarNotifier.exe(2736) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[7] -> Killed [TermProc] [Proc.Injected] hpqtra08.exe(2788) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[7] -> Killed [TermProc] [Proc.Injected] psi_tray.exe(2816) -- C:\Program Files\Secunia\PSI\psi_tray.exe[-] -> Killed [TermProc] [Proc.Injected] WZQKPICK.EXE(2836) -- C:\Program Files\WinZip\WZQKPICK.EXE[-] -> Killed [TermProc] [Proc.Injected] WPFFontCache_v0400.exe(2992) -- C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[7] -> Killed [TermProc] ¤¤¤ Registry : 9 ¤¤¤ [suspicious.Path] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Windows\CurrentVersion\Run | NeliGmoc : regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz" -> Found [PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://socrates.gm.com -> Found [PUM.HomePage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://socrates.gm.com -> Found [PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\WINNT\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤ [shwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[549] : Unknown @ 0xad327426 [shwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[552] : Unknown @ 0xad32742b ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST9160412ASG +++++ --- User --- [MBR] 1f00fa8747ff0e07359ddc681e662ccb [bSP] ee644efff71896e34fc8694eb7d939e5 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_SCN_01072015_220417.log Addition.txt
  11. FRST log; Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015 Ran by XZMYYV at 2015-01-07 21:54:31 Run:3 Running from C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop Loaded Profiles: XZMYYV & administrator (Available profiles: XZMYYV & administrator & localadmin) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\...\Run: [P10015] => WSCRIPT.EXE //B C:\LOGS\P10015\P10015_wallpaper.vbs HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path 2015-01-01 19:34 - 2015-01-01 19:52 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Islopoox 2015-01-01 19:14 - 2015-01-01 19:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NeliGmoc ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\P10015 => value deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully. "C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Islopoox" => File/Directory not found. C:\Documents and Settings\All Users\Application Data\NeliGmoc => Moved successfully. ==== End of Fixlog 21:54:31 ==== RoughKiller funkade nu, dock fick jag aldrig något val att köra som administratör utan efter högerklickning och "run as" så startade den som vanligt RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : XZMYYV [Administrator] Mode : Scan -- Date : 01/07/2015 22:04:17 ¤¤¤ Processes : 4 ¤¤¤ [Proc.Injected] smss.exe(1556) -- C:\WINNT\System32\smss.exe[x] -> [NoKill] [Proc.Injected] spoolsv.exe(1376) -- C:\WINNT\system32\spoolsv.exe[x] -> [NoKill] [Proc.Injected] alg.exe(3604) -- C:\WINNT\System32\alg.exe[x] -> [NoKill] [Proc.Injected] explorer.exe(3120) -- C:\WINNT\explorer.exe[7] -> Killed [TermProc] ¤¤¤ Registry : 12 ¤¤¤ [suspicious.Path] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Windows\CurrentVersion\Run | NeliGmoc : regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz" -> Found [PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://socrates.gm.com -> Found [PUM.HomePage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://socrates.gm.com -> Found [PUM.HomePage] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main | Start Page : http://socrates.gm.com/ -> Found [PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.StartMenu] HKEY_USERS\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Found [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\WINNT\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 4 (Driver: Loaded) ¤¤¤ [shwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[549] : Unknown @ 0xb375326e [shwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[552] : Unknown @ 0xb3753273 [iAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - NtCreateProcessEx : Unknown @ 0x1703ba (push dword 0x10a000f|ret |jmp 0xffffffffff0cd234|call 0x3165) [iAT:Inl(Hook.IEAT)] (iexplore.exe) USER32.dll - GetMessagePos : Unknown @ 0x164932 (push dword 0xe0000c|ret |jmp 0xffffffffff3651ec|call 0xfffffffffffff733) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST9160412ASG +++++ --- User --- [MBR] 1f00fa8747ff0e07359ddc681e662ccb [bSP] ee644efff71896e34fc8694eb7d939e5 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB User = LL1 ... OK User = LL2 ... OK
  12. Kvar i datorn: Första filen hittade jag och tog bort manuelt Andra länken finnsr inte mappen C:\Documents and Settings\All Users\Application Data 1. Programmet scannar bara ca 1s sen stannar det, med båda namnen 2 Nopp, den känner jag inte till
  13. Nu med ANSI kodning ComboFix 15-01-02.01 - XZMYYV 2015-01-02 22:41:40.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.3572.2721 [GMT 1:00] Körs från: c:\documents and settings\XZMYYV.CORPSAABCOM.061\Desktop\ComboFix.exe Kommandoväxlar som använts :: c:\documents and settings\XZMYYV.CORPSAABCOM.061\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . FILE :: "c:\winnt\system32\drivers\afgbehqe.sys" "c:\winnt\system32\drivers\bcpogkqs.sys" "c:\winnt\system32\drivers\ctpnwpuy.sys" "c:\winnt\system32\drivers\ddvkzlyg.sys" "c:\winnt\system32\drivers\dqoczqgo.sys" "c:\winnt\system32\drivers\ixkbnurx.sys" "c:\winnt\system32\drivers\jbigogwu.sys" "c:\winnt\system32\drivers\jvsgoqbr.sys" "c:\winnt\system32\drivers\laihqcrw.sys" "c:\winnt\system32\drivers\lrakynxy.sys" "c:\winnt\system32\drivers\lygjbeor.sys" "c:\winnt\system32\drivers\mcrdqljb.sys" "c:\winnt\system32\drivers\mdbuckyh.sys" "c:\winnt\system32\drivers\mrjgnlof.sys" "c:\winnt\system32\drivers\riewlbtc.sys" "c:\winnt\system32\drivers\sodbdwhh.sys" "c:\winnt\system32\drivers\uyviqmdm.sys" "c:\winnt\system32\drivers\vpsoighv.sys" "c:\winnt\system32\drivers\xhglmkti.sys" "c:\winnt\TEMP\~DF1238.tmp" . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\XZMYYV~1.061\LOCALS~1\Temp\avgnt.exe\Avira.OE.ExtApi.dll c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll . . (((((((((((((((((((((((( Filer skapade från 2014-12-02 till 2015-01-02 )))))))))))))))))))))))))))))) . . 2015-01-01 19:04 . 2015-01-01 19:04 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2015-01-01 19:04 . 2015-01-01 19:04 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2015-01-01 19:04 . 2015-01-01 19:04 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2015-01-01 19:04 . 2015-01-01 19:04 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2015-01-01 19:04 . 2015-01-01 19:04 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2015-01-01 19:04 . 2015-01-01 19:04 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2015-01-01 19:04 . 2015-01-01 19:04 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2015-01-01 19:04 . 2015-01-01 19:04 -------- d-----w- c:\winnt\system32\config\systemprofile\Application Data\Apple Computer 2015-01-01 18:34 . 2015-01-01 18:52 -------- d-----w- c:\documents and settings\XZMYYV.CORPSAABCOM.061\Application Data\Islopoox 2015-01-01 18:14 . 2015-01-01 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NeliGmoc 2014-12-31 00:23 . 2014-12-31 00:23 -------- d-----w- c:\documents and settings\XZMYYV.CORPSAABCOM.061\Application Data\Apple Computer 2014-12-30 23:24 . 2014-12-30 23:24 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer 2014-12-30 23:24 . 2014-12-30 23:24 -------- d-----w- c:\program files\Apple Software Update 2014-12-30 23:17 . 2014-12-30 23:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2014-12-30 23:01 . 2014-12-30 23:01 -------- d-----w- c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Secunia PSI 2014-12-30 23:01 . 2014-12-30 23:01 -------- d-----w- c:\program files\Secunia 2014-12-29 16:49 . 2014-12-29 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache 2014-12-29 16:49 . 2014-12-29 16:49 -------- d-----w- c:\documents and settings\XZMYYV.CORPSAABCOM.061\Application Data\Avira 2014-12-29 16:48 . 2014-11-24 09:23 37352 ----a-w- c:\winnt\system32\drivers\avkmgr.sys 2014-12-29 16:48 . 2014-11-24 09:23 136216 ----a-w- c:\winnt\system32\drivers\avipbb.sys 2014-12-29 16:48 . 2014-11-24 09:23 98160 ----a-w- c:\winnt\system32\drivers\avgntflt.sys 2014-12-29 16:48 . 2014-12-29 17:10 -------- d-----w- c:\program files\Avira 2014-12-29 16:48 . 2014-12-29 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2014-12-28 09:59 . 2014-12-28 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\gug 2014-12-27 18:47 . 2014-12-27 18:47 -------- d-----w- c:\program files\ESET 2014-12-27 18:38 . 2015-01-02 21:30 -------- d-----w- C:\FRST 2014-12-27 15:41 . 2014-12-28 09:43 -------- d-----w- C:\AdwCleaner 2014-12-27 15:31 . 2014-12-27 15:31 -------- d-----w- c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Deployment . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-12-28 09:45 . 2011-06-22 07:28 18991 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\CPLOCAL.tmp 2014-12-27 15:03 . 2013-09-02 18:48 701616 ----a-w- c:\winnt\system32\FlashPlayerApp.exe 2014-12-27 15:03 . 2013-09-02 18:48 71344 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl 2014-11-28 12:02 . 2014-11-28 12:02 16024 ----a-w- c:\winnt\system32\drivers\psi_mf_x86.sys 2014-11-24 13:04 . 2014-01-08 18:20 229000 ------w- c:\winnt\system32\MpSigStub.exe . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21444224] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-04-23 39408] "NeliGmoc"="c:\documents and settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz" [2015-01-01 327680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\winnt\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "PHIME2002ASync"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "PHIME2002A"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-02 196608] "NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2008-08-25 13537280] "nwiz"="nwiz.exe" [2008-08-25 1630208] "NVHotkey"="nvHotkey.dll" [2008-08-25 90112] "NvMediaCenter"="NvMCTray.dll" [2008-08-25 86016] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-25 442467] "AESTFltr"="c:\winnt\system32\AESTFltr.exe" [2008-08-25 466944] "P10015"="WSCRIPT.EXE" [2008-05-08 155648] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "Synchronization Manager"="c:\winnt\system32\mobsync.exe" [2008-04-14 143360] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-11-24 702768] "Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-04-23 39408] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2014-11-28 591576] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-12-17 118784] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "MaxGPOScriptWait"= 3600 (0xe10) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoMSAppLogo5ChannelNotify"= 1 (0x1) "PreXPSP2ShellProtocolBehavior"= 0 (0x0) "NoPublishingWizard"= 1 (0x1) "NoWebServices"= 1 (0x1) "NoOnlinePrintsWizard"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "TaskbarNoNotification"= 0 (0x0) "HideSCAHealth"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2086223142-3201976994-1658009677-5376\Scripts\Logon\0\0] "Script"=remapdrives.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2086223142-3201976994-1658009677-5376\Scripts\Logon\1\0] "Script"=login.cmd . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2086223142-3201976994-1658009677-5376\Scripts\Logon\2\0] "Script"=login.vbs . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6009:UDP"= 6009:UDP:FlexDeploy . R0 msvmscsi;msvmscsi;c:\winnt\system32\drivers\msvmscsi.sys [2007-06-08 16112] R1 avkmgr;avkmgr;c:\winnt\system32\drivers\avkmgr.sys [2014-12-29 37352] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-12-29 431920] R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-11-20 166192] R2 FlexClient;HP FlexDeploy Client Service;c:\program files\HP\FlexDeploy\Client Software\FlexClient.exe [2011-10-26 1421312] R2 FlxNotifier;HP FlexDeploy Notifier Service;c:\program files\HP\FlexDeploy\Client Software\FlxNotifier.exe [2011-03-21 212992] R2 QsRUMAgent;Quest Migration Manager RUM Agent Service;c:\winnt\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [2011-06-22 200704] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [2014-11-28 1363160] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2014-11-28 765144] R3 AESTAud;AE Audio Service;c:\winnt\system32\drivers\AESTAud.sys [2010-06-22 108160] R3 cvusbdrv;Broadcom USH CV;c:\winnt\system32\drivers\cvusbdrv.sys [2010-06-22 32808] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\winnt\system32\drivers\e1y5132.sys [2010-06-22 244368] R3 Eacfilt;Eacfilt Miniport;c:\winnt\system32\drivers\eacfilt.sys [2010-06-22 24521] R3 PSI;PSI;c:\winnt\system32\drivers\psi_mf_x86.sys [2014-11-28 16024] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\winnt\system32\drivers\seehcri.sys [2011-01-18 27632] S2 COSIDS_TB;COSIDS_TB;"c:\program files\cosids\bin\tbmux32.exe" --> c:\program files\cosids\bin\tbmux32.exe [?] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192] S3 GTIPCI21;GTIPCI21;c:\winnt\system32\drivers\gtipci21.sys [2004-05-03 80384] S3 HTCAND32;HTC Device Driver;c:\winnt\system32\Drivers\ANDROIDUSB.sys --> c:\winnt\system32\Drivers\ANDROIDUSB.sys [?] S3 IFXTPM;IFXTPM;c:\winnt\system32\drivers\ifxtpm.sys [2004-09-02 32640] S3 IPSECEXT;Nortel Extranet Access Protocol;c:\winnt\system32\drivers\ipsecw2k.sys [2010-06-22 155184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Clear_Java_Cache] 2014-12-28 09:44 28608 ----a-w- c:\deploy\Clear_Java_Cache\ClearJava.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\IE_MaxScript_Statements] 2014-12-28 09:44 12678 ----a-w- c:\deploy\MaxScriptStatements\P09125_Install.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PDFXChange] 2014-12-28 09:44 19557 ----a-w- c:\deploy\PDFXChange\DeleteRegKeys.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{57752979-A1C9-4C02-856B-FBB27AC4E02C}] 2008-04-14 03:42 78848 ----a-w- c:\winnt\system32\msiexec.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73868DD9-CC9A-4F7F-B708-99F096DEAB6D}] 2008-04-14 03:42 78848 ----a-w- c:\winnt\system32\msiexec.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{82B4BCFA-BB6B-4282-9165-9E58EFA284A2}] 2014-12-28 09:44 19500 ----a-w- c:\deploy\P10095_Userchoice\userchoice.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D7437546-1C71-06E2-A2D5-79108D260586}] 2014-12-28 09:44 22910 ----a-w- c:\deploy\office.12\mig_offsettings.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D91D0C90-FDEE-4BA3-98EA-F2003CB800C4}] 2008-04-14 03:42 78848 ----a-w- c:\winnt\system32\msiexec.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}] 2009-03-08 03:32 128512 ----a-w- c:\winnt\system32\advpack.dll . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FD6F96AB-BD89-48F4-B792-BCC6362363E3}] 2008-04-14 03:42 78848 ----a-w- c:\winnt\system32\msiexec.exe . Innehåll i mappen 'Schemalagda aktiviteter': . 2015-01-02 c:\winnt\Tasks\Adobe Flash Player Updater.job - c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-02 15:03] . 2015-01-02 c:\winnt\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2015-01-02 c:\winnt\Tasks\GoogleUpdateTaskMachineCore1cf9098a814ed6a.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-04-23 20:00] . 2015-01-02 c:\winnt\Tasks\GoogleUpdateTaskMachineCore1cfef324d5c7c46.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-04-23 20:00] . 2015-01-02 c:\winnt\Tasks\GoogleUpdateTaskMachineCore1cfff5ec5c1eea.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-04-23 20:00] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.google.com/ IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} Trusted Zone: USABHSS0000C01.nam.corp.gm.com TCP: DhcpNameServer = 192.168.1.254 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2015-01-02 22:54 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLL'er som "laddats" under processer som körs --------------------- . - - - - - - - > 'winlogon.exe'(1724) c:\winnt\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(5676) c:\winnt\system32\ieframe.dll c:\winnt\system32\webcheck.dll c:\winnt\system32\OneX.DLL c:\winnt\system32\eappprxy.dll . ------------------------ Andra processer som körs ------------------------ . c:\program files\HP\FlexDeploy\Client Software\FlxApUpd.exe c:\winnt\drivers\notebooks\audio\stacsv.exe c:\winnt\System32\SCardSvr.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Kontiki\KService.exe c:\winnt\system32\nvsvc32.exe c:\winnt\system32\wdfmgr.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\HP\FlexDeploy\Client Software\FlxApUpd.exe c:\winnt\system32\wscntfy.exe c:\winnt\system32\rundll32.exe c:\winnt\system32\RunDLL32.exe c:\program files\DellTPad\ApMsgFwd.exe c:\program files\DellTPad\HidFind.exe c:\program files\DellTPad\Apntex.exe c:\winnt\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe c:\program files\Internet Explorer\iexplore.exe . ************************************************************************** . Sluttid: 2015-01-02 23:01:11 - datorn startades om. ComboFix-quarantined-files.txt 2015-01-02 22:01 ComboFix2.txt 2015-01-01 19:11 ComboFix3.txt 2014-12-31 00:58 . Före genomsökningen: 101 583 962 112 bytes free Efter genomsökningen: 101 618 810 880 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINNT [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 5CFA31B1A0C79BF6D9C9B71CAC70590A 8F558EB6672622401DA993E1E865C861 Och FRST Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-01-2015 Ran by XZMYYV (administrator) on SETHNWNGXA04602 on 02-01-2015 23:02:40 Running from C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop Loaded Profiles: XZMYYV & administrator (Available profiles: XZMYYV & administrator & localadmin) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINNT\system32\smss.exe (Microsoft Corporation) C:\WINNT\system32\winlogon.exe (Microsoft Corporation) C:\WINNT\system32\services.exe (Microsoft Corporation) C:\WINNT\system32\lsass.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe (HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Microsoft Corporation) C:\WINNT\system32\spoolsv.exe (IDT, Inc.) C:\WINNT\DRIVERS\NOTEBOOKS\Audio\stacsv.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Kontiki Inc.) C:\Program Files\Kontiki\KService.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (NVIDIA Corporation) C:\WINNT\system32\nvsvc32.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Secunia) C:\Program Files\Secunia\PSI\psia.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (HP) C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe (Microsoft Corporation) C:\WINNT\system32\wscntfy.exe (Microsoft Corporation) C:\WINNT\system32\msiexec.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Microsoft Corporation) C:\WINNT\system32\rundll32.exe (Microsoft Corporation) C:\WINNT\system32\rundll32.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Andrea Electronics Corporation) C:\WINNT\system32\AESTFltr.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (WinZip Computing, Inc.) C:\Program Files\WinZip\WZQKPICK.EXE (Microsoft Corporation) C:\WINNT\system32\msiexec.exe (Microsoft Corporation) C:\WINNT\explorer.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iMJPMIG8.1] => C:\WINNT\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-03] (Microsoft Corporation) HKLM\...\Run: [PHIME2002ASync] => C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation) HKLM\...\Run: [PHIME2002A] => C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-03] (Microsoft Corporation) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [196608 2008-09-02] (Alps Electric Co., Ltd.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] => nwiz.exe /installquiet HKLM\...\Run: [NVHotkey] => rundll32.exe nvHotkey.dll,Start HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [442467 2008-08-25] (IDT, Inc.) HKLM\...\Run: [AESTFltr] => C:\WINNT\system32\AESTFltr.exe [466944 2008-08-25] (Andrea Electronics Corporation) HKLM\...\Run: [P10015] => WSCRIPT.EXE //B C:\LOGS\P10015\P10015_wallpaper.vbs HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.) HKLM\...\Run: [synchronization Manager] => C:\WINNT\system32\mobsync.exe [143360 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Winlogon: [userinit] C:\WINNT\system32\userinit.exe, HKLM\...\Winlogon: [shell] Explorer.exe [x ] () HKLM\...\Winlogon: [uIHost] C:\WINNT\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation) Winlogon\Notify\AtiExtEvent: C:\WINNT\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\crypt32chain: C:\WINNT\system32\crypt32.dll (Microsoft Corporation) Winlogon\Notify\cryptnet: C:\WINNT\system32\cryptnet.dll (Microsoft Corporation) Winlogon\Notify\cscdll: C:\WINNT\system32\cscdll.dll (Microsoft Corporation) Winlogon\Notify\dimsntfy: C:\WINNT\System32\dimsntfy.dll (Microsoft Corporation) Winlogon\Notify\ScCertProp: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation) Winlogon\Notify\Schedule: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation) Winlogon\Notify\sclgntfy: C:\WINNT\system32\sclgntfy.dll (Microsoft Corporation) Winlogon\Notify\SensLogn: C:\WINNT\system32\WlNotify.dll (Microsoft Corporation) Winlogon\Notify\termsrv: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation) Winlogon\Notify\wlballoon: C:\WINNT\system32\wlnotify.dll (Microsoft Corporation) HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 1 HKLM\...\Policies\Explorer: [NoBandCustomize] 0 HKLM\...\Policies\Explorer: [PreXPSP2ShellProtocolBehavior] 0 HKLM\...\Policies\Explorer: [NoPublishingWizard] 1 HKLM\...\Policies\Explorer: [NoWebServices] 1 HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1 HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1 HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-19\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-20\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-23] (Google Inc.) HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Run: [NeliGmoc] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\NeliGmoc\UubeJlici.kpz" HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Home] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Fullscreen] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Tools] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Print] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Edit] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Cut] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Copy] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Paste] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [btn_Encoding] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Run: [CTFMON.EXE] => C:\WINNT\system32\CTFMON.EXE [15360 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Home] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Fullscreen] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Tools] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Print] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Edit] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Cut] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Copy] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Paste] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\Policies\Explorer: [btn_Encoding] 0 HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: F - F:\LaunchU3.exe -a HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {0908d747-9de1-11dc-a3d3-9b55eee4b565} - F:\LaunchU3.exe -a HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {09919e39-0abb-11dc-bd6b-d1b38b4c2a32} - F:\wd_windows_tools\setup.exe HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {3dcbaf14-0a11-11dc-9ab8-e92d850bdf2b} - F:\wd_windows_tools\setup.exe HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {486f3bf8-09f7-11dc-b2c9-b590483e6432} - F:\wd_windows_tools\setup.exe HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {bc33e1f0-0982-11dc-b647-b883c76da250} - F:\wd_windows_tools\setup.exe HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {da2857a8-1068-11dc-ab84-f5d2d6fc9f35} - F:\wd_windows_tools\setup.exe HKU\S-1-5-21-2086223142-3201976994-1658009677-500\...\MountPoints2: {fbbe4110-15f4-11dc-a66b-b8f89be89c32} - F:\wd_windows_tools\setup.exe HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINNT\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-23] (Google Inc.) HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [435096 2008-11-04] (Microsoft Corporation) HKU\S-1-5-18\...\Policies\Explorer: [ForceClassicControlPanel] 1 HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-18\...\Policies\Explorer: [btn_Home] 0 HKU\S-1-5-18\...\Policies\Explorer: [btn_Fullscreen] 0 HKU\S-1-5-18\...\Policies\Explorer: [btn_Tools] 0 HKU\S-1-5-18\...\Policies\Explorer: [btn_Print] 0 HKU\S-1-5-18\...\Policies\Explorer: [btn_Edit] 0 HKU\S-1-5-18\...\Policies\Explorer: [btn_Cut] 0 HKU\S-1-5-18\...\Policies\Explorer: [btn_Copy] 0 HKU\S-1-5-18\...\Policies\Explorer: [btn_Paste] 0 HKU\S-1-5-18\...\Policies\Explorer: [btn_Encoding] 0 Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION AutoConfigURL: [s-1-5-19] => http://autoproxy.gm.com AutoConfigURL: [s-1-5-20] => http://autoproxy.gm.com AutoConfigURL: [s-1-5-21-2086223142-3201976994-1658009677-500] => http://pviapc.rsh.europe.gm.com/gmeproxy.pac HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm HKU\S-1-5-21-2086223142-3201976994-1658009677-4238\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com/ HKU\S-1-5-21-2086223142-3201976994-1658009677-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2086223142-3201976994-1658009677-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Länkhjälp till Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: PDFXChange 4.0 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-2086223142-3201976994-1658009677-4238 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mygmgw.gm.com/http://sethnma03.eur.corp.gm.com/iNotes6W.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation) Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation) Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation) Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation) Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\SHELL32.dll (Microsoft Corporation) ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\system32\shell32.dll [8462336 2011-01-21] (Microsoft Corporation) Winsock: Catalog5 01 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog5 02 C:\WINNT\system32\winrnr.dll [16896] (Microsoft Corporation) Winsock: Catalog5 03 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Winsock: Catalog9 01 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 02 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 03 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 04 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 05 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 06 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 07 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 08 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 09 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 10 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 11 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 12 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 13 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 14 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 15 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 16 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 17 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 18 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 19 C:\WINNT\system32\mswsock.dll [245248] (Microsoft Corporation) Winsock: Catalog9 20 C:\WINNT\system32\rsvpsp.dll [92672] (Microsoft Corporation) Winsock: Catalog9 21 C:\WINNT\system32\rsvpsp.dll [92672] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINNT\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINNT\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF StartMenuInternet: FIREFOX.EXE - C:\firefox\FirefoxPortable\App\Firefox\firefox.exe Chrome: ======= CHR Profile: C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-23] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-12] CHR Extension: (Skype Click to Call) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-23] CHR Extension: (Google Wallet) - C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AdobeFlashPlayerUpdateSvc; C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2014-12-27] (Adobe Systems Incorporated) S4 Alerter; C:\WINNT\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) R3 ALG; C:\WINNT\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) S3 AppMgmt; C:\WINNT\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation) S4 aspnet_state; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation) S2 Ati HotKey Poller; C:\WINNT\system32\Ati2evxx.exe [344064 2005-01-20] (ATI Technologies Inc.) R2 AudioSrv; C:\WINNT\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R3 BITS; C:\WINNT\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] S4 Browser; C:\WINNT\System32\browser.dll [77824 2008-04-14] (Microsoft Corporation) S3 CiSvc; C:\WINNT\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) S3 ClipSrv; C:\WINNT\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) S4 clr_optimization_v2.0.50727_32; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation) S2 clr_optimization_v4.0.30319_32; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation) S3 COMSysApp; C:\WINNT\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) R2 CryptSvc; C:\WINNT\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) R2 DcomLaunch; C:\WINNT\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) R2 Dhcp; C:\WINNT\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) S3 dmadmin; C:\WINNT\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) R2 dmserver; C:\WINNT\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) R2 Dnscache; C:\WINNT\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) R2 Dot3svc; C:\WINNT\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) R2 EapHost; C:\WINNT\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) R2 ERSvc; C:\WINNT\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) R2 Eventlog; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) R3 EventSystem; C:\WINNT\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) S4 FastUserSwitchingCompatibility; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) S4 Fax; C:\WINNT\system32\fxssvc.exe [267776 2008-04-14] (Microsoft Corporation) R2 FlexClient; C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe [1421312 2011-10-26] (HP) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-06-21] (Macrovision Europe Ltd.) [File not signed] R2 FlxNotifier; C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe [212992 2011-03-21] (HP) [File not signed] R2 helpsvc; C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) R2 HidServ; C:\WINNT\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation) S3 hkmsvc; C:\WINNT\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed] S4 HTTPFilter; C:\WINNT\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) S3 ImapiService; C:\WINNT\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-27] (Oracle Corporation) R2 KService; C:\Program Files\Kontiki\KService.exe [4873768 2010-07-28] (Kontiki Inc.) R2 lanmanserver; C:\WINNT\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) R2 lanmanworkstation; C:\WINNT\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) R2 LmHosts; C:\WINNT\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) S4 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed] S4 Messenger; C:\WINNT\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) S3 mnmsrvc; C:\WINNT\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) S3 MSDTC; C:\WINNT\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) R3 MSIServer; C:\WINNT\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) S3 napagent; C:\WINNT\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) R2 Net Driver HPZ12; C:\WINNT\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] S4 NetDDE; C:\WINNT\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) S4 NetDDEdsdm; C:\WINNT\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) R2 Netlogon; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) R3 Netman; C:\WINNT\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) R3 Nla; C:\WINNT\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) S3 NtLmSsp; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) S3 NtmsSvc; C:\WINNT\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) R2 NVSvc; C:\WINNT\system32\nvsvc32.exe [159812 2008-08-25] (NVIDIA Corporation) R2 PlugPlay; C:\WINNT\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\WINNT\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 PolicyAgent; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) R2 ProtectedStorage; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) R2 QsRUMAgent; C:\WINNT\Quest Resource Updating Agent\QsResourceUpdatingAgent.exe [200704 2011-02-04] (Quest Software) [File not signed] S4 RasAuto; C:\WINNT\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) R3 RasMan; C:\WINNT\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) S3 RDSessMgr; C:\WINNT\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) S4 RemoteAccess; C:\WINNT\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) R2 RemoteRegistry; C:\WINNT\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) S3 RpcLocator; C:\WINNT\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) R2 RpcSs; C:\WINNT\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) S3 RSVP; C:\WINNT\system32\rsvp.exe [132608 2001-08-23] (Microsoft Corporation) R2 SamSs; C:\WINNT\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) R2 SCardSvr; C:\WINNT\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) R2 Schedule; C:\WINNT\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) R2 seclogon; C:\WINNT\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia) R2 SENS; C:\WINNT\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) R2 SharedAccess; C:\WINNT\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) R2 ShellHWDetection; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) R2 Spooler; C:\WINNT\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) R2 srservice; C:\WINNT\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) S4 SSDPSRV; C:\WINNT\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) R2 STacSV; c:\winnt\drivers\notebooks\audio\stacsv.exe [221273 2008-08-25] (IDT, Inc.) R2 stisvc; C:\WINNT\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) S3 SwPrv; C:\WINNT\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) S3 SysmonLog; C:\WINNT\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) R3 TapiSrv; C:\WINNT\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) R3 TermService; C:\WINNT\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) S4 Themes; C:\WINNT\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) S3 TlntSvr; C:\WINNT\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation) S4 TrkWks; C:\WINNT\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) R2 UMWdf; C:\WINNT\system32\wdfmgr.exe [38912 2005-01-28] (Microsoft Corporation) S3 upnphost; C:\WINNT\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) S3 UPS; C:\WINNT\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) S3 VSS; C:\WINNT\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) R2 W32Time; C:\WINNT\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) S4 WebClient; C:\WINNT\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) R2 winmgmt; C:\WINNT\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) S3 WmdmPmSN; C:\WINNT\system32\MsPMSNSv.dll [25088 2005-01-28] (Microsoft Corporation) S3 Wmi; C:\WINNT\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) S3 WmiApSrv; C:\WINNT\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) R3 WPFFontCache_v0400; C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [753504 2010-03-18] (Microsoft Corporation) R2 wscsvc; C:\WINNT\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) R2 wuauserv; C:\WINNT\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) R2 WZCSVC; C:\WINNT\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) S3 xmlprov; C:\WINNT\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) S2 COSIDS_TB; "C:\Program Files\cosids\bin\tbmux32.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 ACPI; C:\WINNT\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) R0 ACPIEC; C:\WINNT\System32\DRIVERS\ACPIEC.sys [11648 2001-08-23] (Microsoft Corporation) S3 aeaudio; C:\WINNT\System32\drivers\aeaudio.sys [127744 2004-11-08] (Andrea Electronics Corporation) [File not signed] S3 aec; C:\WINNT\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) R3 AESTAud; C:\WINNT\System32\drivers\AESTAud.sys [108160 2008-08-25] (Andrea Electronics Corporation) R1 AFD; C:\WINNT\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) R0 AliIde; C:\WINNT\System32\DRIVERS\aliide.sys [5248 2001-08-17] (Acer Laboratories Inc.) R3 ApfiltrService; C:\WINNT\System32\DRIVERS\Apfiltr.sys [170032 2008-09-02] (Alps Electric Co., Ltd.) R3 Arp1394; C:\WINNT\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation) S3 AsyncMac; C:\WINNT\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) R0 atapi; C:\WINNT\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) S3 ati2mtag; C:\WINNT\System32\DRIVERS\ati2mtag.sys [965632 2005-01-20] (ATI Technologies Inc.) S3 Atmarpc; C:\WINNT\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) R3 audstub; C:\WINNT\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) R2 avgntflt; C:\WINNT\System32\DRIVERS\avgntflt.sys [98160 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINNT\System32\DRIVERS\avipbb.sys [136216 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINNT\System32\DRIVERS\avkmgr.sys [37352 2014-11-24] (Avira Operations GmbH & Co. KG) S3 b57w2k; C:\WINNT\System32\DRIVERS\b57xp32.sys [190592 2004-11-16] (Broadcom Corporation) R1 Beep; C:\WINNT\system32\Drivers\Beep.sys [4224 2001-08-23] (Microsoft Corporation) S3 Bridge; C:\WINNT\System32\DRIVERS\bridge.sys [71552 2008-04-13] (Microsoft Corporation) S3 BridgeMP; C:\WINNT\System32\DRIVERS\bridge.sys [71552 2008-04-13] (Microsoft Corporation) S3 BTWUSB; C:\WINNT\System32\Drivers\btwusb.sys [55320 2004-11-04] (Broadcom Corporation.) [File not signed] S4 cbidf2k; C:\WINNT\system32\Drivers\cbidf2k.sys [13952 2001-08-23] (Microsoft Corporation) S1 Cdaudio; C:\WINNT\system32\Drivers\Cdaudio.sys [18688 2001-08-23] (Microsoft Corporation) R4 Cdfs; C:\WINNT\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) R1 Cdrom; C:\WINNT\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) R3 CmBatt; C:\WINNT\System32\DRIVERS\CmBatt.sys [13952 2008-04-13] (Microsoft Corporation) R0 Compbatt; C:\WINNT\System32\DRIVERS\compbatt.sys [10240 2008-04-13] (Microsoft Corporation) R0 Cpqarray; C:\WINNT\System32\DRIVERS\cpqarray.sys [14976 2001-08-17] (Microsoft Corporation) R3 cvusbdrv; C:\WINNT\System32\Drivers\cvusbdrv.sys [32808 2008-09-02] (Broadcom Corporation) R0 dac960nt; C:\WINNT\System32\DRIVERS\dac960nt.sys [14720 2001-08-17] (Microsoft Corporation) R0 Disk; C:\WINNT\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) S4 dmboot; C:\WINNT\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) R0 dmio; C:\WINNT\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) R0 dmload; C:\WINNT\System32\drivers\dmload.sys [5888 2001-08-23] (Microsoft Corp., Veritas Software.) S3 DMusic; C:\WINNT\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) S3 drmkaud; C:\WINNT\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) R3 e1yexpress; C:\WINNT\System32\DRIVERS\e1y5132.sys [244368 2008-08-25] (Intel Corporation) R3 Eacfilt; C:\WINNT\System32\DRIVERS\eacfilt.sys [24521 2005-09-06] (Nortel Networks) [File not signed] S4 Fastfat; C:\WINNT\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) S3 Fdc; C:\WINNT\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation) R1 Fips; C:\WINNT\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) S3 Flpydisk; C:\WINNT\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) R0 FltMgr; C:\WINNT\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) U1 Fs_Rec; C:\WINNT\system32\Drivers\Fs_Rec.sys [7936 2001-08-23] (Microsoft Corporation) R0 Ftdisk; C:\WINNT\System32\DRIVERS\ftdisk.sys [125056 2001-08-23] (Microsoft Corporation) R3 Gpc; C:\WINNT\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) S3 GTIPCI21; C:\WINNT\System32\DRIVERS\gtipci21.sys [80384 2004-05-03] (Texas Instruments) R3 HDAudBus; C:\WINNT\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) R3 HECI; C:\WINNT\System32\DRIVERS\HECI.sys [40832 2008-06-19] (Intel Corporation) R3 HidUsb; C:\WINNT\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) S3 HTTP; C:\WINNT\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) R1 i8042prt; C:\WINNT\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) S3 ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [776349 2004-12-21] (Intel Corporation) [File not signed] R0 iaStor; C:\WINNT\System32\DRIVERS\iaStor.sys [318488 2008-09-02] (Intel Corporation) S3 IFXTPM; C:\WINNT\System32\DRIVERS\IFXTPM.SYS [32640 2004-09-02] (Infineon Technologies AG) R1 Imapi; C:\WINNT\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) R0 IntelIde; C:\WINNT\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation) R1 intelppm; C:\WINNT\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) S3 Ip6Fw; C:\WINNT\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) S3 IpFilterDriver; C:\WINNT\System32\DRIVERS\ipfltdrv.sys [32896 2001-08-23] (Microsoft Corporation) S3 IpInIp; C:\WINNT\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) R3 IpNat; C:\WINNT\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) R1 IPSec; C:\WINNT\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) S3 IPSECEXT; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155184 2005-09-06] (Nortel Networks NA, Inc.) [File not signed] R3 IPSECSHM; C:\WINNT\System32\DRIVERS\ipsecw2k.sys [155184 2005-09-06] (Nortel Networks NA, Inc.) [File not signed] S3 IRENUM; C:\WINNT\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) R0 isapnp; C:\WINNT\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) R1 Kbdclass; C:\WINNT\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) R1 kbdhid; C:\WINNT\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) R3 kmixer; C:\WINNT\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) R0 KSecDD; C:\WINNT\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) R1 mnmdd; C:\WINNT\system32\Drivers\mnmdd.sys [4224 2001-08-23] (Microsoft Corporation) S3 Modem; C:\WINNT\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) R1 Mouclass; C:\WINNT\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) R3 mouhid; C:\WINNT\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) R0 MountMgr; C:\WINNT\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) S3 MRxDAV; C:\WINNT\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) R1 MRxSmb; C:\WINNT\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) R1 Msfs; C:\WINNT\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation) S3 MSKSSRV; C:\WINNT\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) S3 MSPCLOCK; C:\WINNT\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) S3 MSPQM; C:\WINNT\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) R3 mssmbios; C:\WINNT\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) R0 msvmscsi; C:\WINNT\System32\DRIVERS\msvmscsi.sys [16112 2004-07-14] (Microsoft Corporation) R0 Mup; C:\WINNT\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) R0 NDIS; C:\WINNT\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) R3 NdisTapi; C:\WINNT\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) R3 Ndisuio; C:\WINNT\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) R3 NdisWan; C:\WINNT\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) R3 NDProxy; C:\WINNT\system32\Drivers\NDProxy.sys [40960 2010-11-02] (Microsoft Corporation) R1 NetBIOS; C:\WINNT\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) R1 NetBT; C:\WINNT\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) R3 NETw5x32; C:\WINNT\System32\DRIVERS\NETw5x32.sys [4203392 2009-05-28] (Intel Corporation) R3 NIC1394; C:\WINNT\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation) R1 Npfs; C:\WINNT\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) R4 Ntfs; C:\WINNT\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) R1 Null; C:\WINNT\system32\Drivers\Null.sys [2944 2001-08-23] (Microsoft Corporation) R3 nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [6591872 2008-08-25] (NVIDIA Corporation) S3 NwlnkFlt; C:\WINNT\System32\DRIVERS\nwlnkflt.sys [12416 2001-08-23] (Microsoft Corporation) S3 NwlnkFwd; C:\WINNT\System32\DRIVERS\nwlnkfwd.sys [32512 2001-08-23] (Microsoft Corporation) R0 ohci1394; C:\WINNT\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation) S3 Parport; C:\WINNT\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) R0 PartMgr; C:\WINNT\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) S4 ParVdm; C:\WINNT\system32\Drivers\ParVdm.sys [6784 2001-08-23] (Microsoft Corporation) R0 PCI; C:\WINNT\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) R0 PCIIde; C:\WINNT\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) R0 Pcmcia; C:\WINNT\System32\DRIVERS\pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) R3 PptpMiniport; C:\WINNT\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) R3 PSched; C:\WINNT\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) R3 PSI; C:\WINNT\System32\DRIVERS\psi_mf_x86.sys [16024 2014-11-28] (Secunia) R3 Ptilink; C:\WINNT\System32\DRIVERS\ptilink.sys [17792 2001-08-23] (Parallel Technologies, Inc.) R1 RasAcd; C:\WINNT\System32\DRIVERS\rasacd.sys [8832 2001-08-23] (Microsoft Corporation) S3 Rasirda; C:\WINNT\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) R3 Rasl2tp; C:\WINNT\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) R3 RasPppoe; C:\WINNT\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) R3 Raspti; C:\WINNT\System32\DRIVERS\raspti.sys [16512 2001-08-23] (Microsoft Corporation) R1 Rdbss; C:\WINNT\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) R1 RDPCDD; C:\WINNT\System32\DRIVERS\RDPCDD.sys [4224 2001-08-23] (Microsoft Corporation) R3 rdpdr; C:\WINNT\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation) R3 RDPWD; C:\WINNT\system32\Drivers\RDPWD.sys [139656 2011-06-24] (Microsoft Corporation) R1 redbook; C:\WINNT\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) R2 rimmptsk; C:\WINNT\System32\DRIVERS\rimmptsk.sys [39936 2008-09-02] (REDC) R3 sdbus; C:\WINNT\System32\DRIVERS\sdbus.sys [79232 2008-04-13] (Microsoft Corporation) S3 Secdrv; C:\WINNT\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) R3 seehcri; C:\WINNT\System32\DRIVERS\seehcri.sys [27632 2011-01-18] (Sony Ericsson Mobile Communications) R3 serenum; C:\WINNT\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) R1 Serial; C:\WINNT\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) S3 sffdisk; C:\WINNT\System32\DRIVERS\sffdisk.sys [11904 2008-04-13] (Microsoft Corporation) S3 sffp_sd; C:\WINNT\System32\DRIVERS\sffp_sd.sys [11008 2008-04-13] (Microsoft Corporation) S3 Sfloppy; C:\WINNT\System32\DRIVERS\sfloppy.sys [11392 2008-04-13] (Microsoft Corporation) S3 SMCIRDA; C:\WINNT\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC) R3 smsmdd; C:\WINNT\System32\DRIVERS\smsmdm.sys [12448 2008-10-20] (Microsoft Corporation) S3 smwdm; C:\WINNT\System32\drivers\smwdm.sys [259840 2004-10-13] (Analog Devices, Inc.) [File not signed] R0 Sparrow; C:\WINNT\System32\DRIVERS\sparrow.sys [19072 2001-08-17] (Adaptec, Inc.) S3 splitter; C:\WINNT\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) R0 sr; C:\WINNT\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) R3 Srv; C:\WINNT\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) R1 ssmdrv; C:\WINNT\System32\DRIVERS\ssmdrv.sys [28520 2014-11-24] (Avira GmbH) R3 STHDA; C:\WINNT\System32\drivers\sthda.sys [1381914 2008-08-25] (IDT, Inc.) S3 StillCam; C:\WINNT\System32\DRIVERS\serscan.sys [6784 2001-08-17] (Microsoft Corporation) R3 swenum; C:\WINNT\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) S3 swmidi; C:\WINNT\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) R0 Symmpi; C:\WINNT\System32\DRIVERS\symmpi.sys [103552 2007-04-19] (LSI Logic) R3 sysaudio; C:\WINNT\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) R1 Tcpip; C:\WINNT\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) S3 TDPIPE; C:\WINNT\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) R3 TDTCP; C:\WINNT\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) R1 TermDD; C:\WINNT\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) S3 tifm21; C:\WINNT\System32\drivers\tifm21.sys [157056 2005-02-11] (Texas Instruments) S4 Udfs; C:\WINNT\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation) R3 Update; C:\WINNT\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) R3 usbccgp; C:\WINNT\System32\DRIVERS\usbccgp.sys [32128 2008-04-13] (Microsoft Corporation) R3 USBCCID; C:\WINNT\System32\DRIVERS\usbccid.sys [28672 2008-09-02] (Microsoft Corporation) R3 usbehci; C:\WINNT\System32\DRIVERS\usbehci.sys [30208 2008-04-13] (Microsoft Corporation) R3 usbhub; C:\WINNT\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation) S3 usbprint; C:\WINNT\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) S3 usbscan; C:\WINNT\System32\DRIVERS\usbscan.sys [15104 2008-04-13] (Microsoft Corporation) S3 USBSTOR; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) R3 usbuhci; C:\WINNT\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) S3 USB_RNDIS; C:\WINNT\System32\DRIVERS\usb8023.sys [12800 2008-04-13] (Microsoft Corporation) S3 usb_rndisx; C:\WINNT\System32\DRIVERS\usb8023x.sys [12800 2008-04-13] (Microsoft Corporation) R1 VgaSave; C:\WINNT\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) R0 ViaIde; C:\WINNT\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation) R0 VolSnap; C:\WINNT\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) S3 w29n51; C:\WINNT\System32\DRIVERS\w29n51.sys [3210496 2004-10-19] (Intel® Corporation) [File not signed] R3 Wanarp; C:\WINNT\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) R3 Wdf01000; C:\WINNT\System32\DRIVERS\Wdf01000.sys [503144 2008-01-19] (Microsoft Corporation) R3 wdmaud; C:\WINNT\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) R1 WmiAcpi; C:\WINNT\System32\DRIVERS\wmiacpi.sys [8832 2008-04-13] (Microsoft Corporation) S3 WpdUsb; C:\WINNT\System32\Drivers\wpdusb.sys [18944 2005-01-28] (Microsoft Corporation) R1 WS2IFSL; C:\WINNT\System32\drivers\ws2ifsl.sys [12032 2001-08-23] (Microsoft Corporation) S3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [X] R3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X] U5 ScsiPort; C:\WINNT\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U.%99M%20 T8267; No ImagePath U3 mbr; \??\C:\DOCUME~1\XZMYYV~1.061\LOCALS~1\Temp\mbr.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-02 23:02 - 2015-01-02 23:03 - 00050637 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\FRST.txt 2015-01-02 23:01 - 2015-01-02 23:03 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\temp 2015-01-02 23:01 - 2015-01-02 23:01 - 00020503 _____ () C:\ComboFix.txt 2015-01-02 23:01 - 2015-01-02 23:01 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp 2015-01-02 23:01 - 2015-01-02 23:01 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp 2015-01-02 23:01 - 2015-01-02 23:01 - 00000000 ____D () C:\Documents and Settings\administrator.corpsaabcom\Local Settings\temp 2015-01-02 22:38 - 2015-01-02 22:38 - 00000000 _RSHD () C:\cmdcons 2015-01-02 22:25 - 2015-01-02 22:25 - 00090112 _____ () C:\WINNT\Minidump\Mini010215-01.dmp 2015-01-01 20:04 - 2015-01-01 20:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2015-01-01 19:34 - 2015-01-01 19:52 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Islopoox 2015-01-01 19:14 - 2015-01-01 19:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NeliGmoc 2014-12-31 10:24 - 2015-01-02 22:25 - 00000000 ____D () C:\WINNT\Minidump 2014-12-31 10:24 - 2014-12-31 10:24 - 00090112 _____ () C:\WINNT\Minidump\Mini123114-01.dmp 2014-12-31 01:23 - 2014-12-31 01:23 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Apple Computer 2014-12-31 01:17 - 2015-01-02 22:49 - 00406118 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2014-12-31 01:17 - 2014-12-31 01:17 - 00406118 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2086223142-3201976994-1658009677-4238-0.dat 2014-12-31 01:04 - 2015-01-02 22:22 - 00000323 _____ () C:\Boot.bak 2014-12-31 01:04 - 2004-08-03 23:00 - 00260784 __RSH () C:\cmldr 2014-12-31 01:02 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINNT\NIRCMD.exe 2014-12-31 00:55 - 2011-06-26 07:45 - 00256000 _____ () C:\WINNT\PEV.exe 2014-12-31 00:55 - 2010-11-07 18:20 - 00208896 _____ () C:\WINNT\MBR.exe 2014-12-31 00:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINNT\SWREG.exe 2014-12-31 00:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINNT\SWSC.exe 2014-12-31 00:55 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINNT\SWXCACLS.exe 2014-12-31 00:55 - 2000-08-31 01:00 - 00098816 _____ () C:\WINNT\sed.exe 2014-12-31 00:55 - 2000-08-31 01:00 - 00080412 _____ () C:\WINNT\grep.exe 2014-12-31 00:55 - 2000-08-31 01:00 - 00068096 _____ () C:\WINNT\zip.exe 2014-12-31 00:54 - 2015-01-02 23:01 - 00000000 ____D () C:\Qoobox 2014-12-31 00:52 - 2015-01-02 22:19 - 05605575 ____R (Swearware) C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\ComboFix.exe 2014-12-31 00:51 - 2015-01-01 19:55 - 00000000 ____D () C:\WINNT\erdnt 2014-12-31 00:24 - 2015-01-02 22:36 - 00032360 _____ () C:\WINNT\SchedLgU.Txt 2014-12-31 00:24 - 2015-01-02 17:34 - 00000284 _____ () C:\WINNT\Tasks\AppleSoftwareUpdate.job 2014-12-31 00:24 - 2014-12-31 00:24 - 00001826 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk 2014-12-31 00:24 - 2014-12-31 00:24 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-12-31 00:24 - 2014-12-31 00:24 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Application Data\Apple Computer 2014-12-31 00:17 - 2015-01-02 22:58 - 00009763 _____ () C:\WINNT\SecuniaPackage.log 2014-12-31 00:17 - 2014-12-31 00:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe 2014-12-31 00:17 - 2014-12-31 00:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Macromedia 2014-12-31 00:17 - 2014-12-31 00:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Adobe 2014-12-31 00:17 - 2014-12-31 00:17 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\Macromedia 2014-12-31 00:01 - 2014-12-31 18:48 - 00000716 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk 2014-12-31 00:01 - 2014-12-31 00:01 - 00000000 ____D () C:\Program Files\Secunia 2014-12-31 00:01 - 2014-12-31 00:01 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Secunia PSI 2014-12-29 17:59 - 2014-12-29 18:10 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk 2014-12-29 17:49 - 2014-12-29 18:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache 2014-12-29 17:49 - 2014-12-29 17:49 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Avira 2014-12-29 17:48 - 2014-12-29 18:10 - 00000000 ____D () C:\Program Files\Avira 2014-12-29 17:48 - 2014-12-29 18:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira 2014-12-29 17:48 - 2014-12-29 17:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira 2014-12-29 17:48 - 2014-12-29 17:48 - 00001707 _____ () C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk 2014-12-29 17:48 - 2014-11-24 10:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINNT\system32\Drivers\avipbb.sys 2014-12-29 17:48 - 2014-11-24 10:23 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\WINNT\system32\Drivers\avgntflt.sys 2014-12-29 17:48 - 2014-11-24 10:23 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINNT\system32\Drivers\avkmgr.sys 2014-12-29 17:48 - 2014-11-24 10:23 - 00028520 _____ (Avira GmbH) C:\WINNT\system32\Drivers\ssmdrv.sys 2014-12-28 10:59 - 2014-12-28 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\gug 2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\xzmyyv\Local Settings\Application Data\how_decrypt.html 2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\how_decrypt.html 2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\SYSTEM\how_decrypt.html 2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\si_flexmanage_corp\how_decrypt.html 2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\how_decrypt.html 2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\Installation\My Documents\how_decrypt.html 2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\Installation\Local Settings\Application Data\how_decrypt.html 2014-12-28 10:45 - 2014-12-28 10:45 - 00004651 _____ () C:\Documents and Settings\Installation\how_decrypt.html 2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\All Users\how_decrypt.html 2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\All Users\Application Data\how_decrypt.html 2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\how_decrypt.html 2014-12-28 10:44 - 2014-12-28 10:44 - 00004651 _____ () C:\Documents and Settings\Administrator\how_decrypt.html 2014-12-28 10:38 - 2014-12-28 11:03 - 00001169 _____ () C:\WINNT\ars.ffx 2014-12-28 10:35 - 2014-12-29 17:18 - 00000777 _____ () C:\WINNT\intpcii.dtr 2014-12-27 19:47 - 2014-12-27 19:47 - 00000000 ____D () C:\Program Files\ESET 2014-12-27 19:38 - 2015-01-02 23:02 - 00000000 ____D () C:\FRST 2014-12-27 19:37 - 2015-01-02 22:29 - 01115136 _____ (Farbar) C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\FRST.exe 2014-12-27 16:41 - 2014-12-28 10:43 - 00000000 ____D () C:\AdwCleaner 2014-12-27 16:38 - 2014-12-27 16:38 - 02173952 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\adwcleaner_4.106.exe 2014-12-27 16:31 - 2014-12-27 16:31 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Deployment 2014-12-27 14:31 - 2014-12-27 14:38 - 00748775 _____ () C:\Documents and Settings\All Users\Application Data\rfppkti.html ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-02 23:02 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\Temp 2015-01-02 23:01 - 2005-06-20 16:47 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2015-01-02 22:55 - 2008-12-18 23:00 - 00000000 ____D () C:\WINNT 2015-01-02 22:55 - 2001-08-23 03:00 - 00000227 _____ () C:\WINNT\system.ini 2015-01-02 22:54 - 2010-06-21 21:54 - 00189541 _____ () C:\WINNT\system32\nvapps.xml 2015-01-02 22:54 - 2010-06-21 15:58 - 00179694 _____ () C:\WINNT\system32\nvModes.001 2015-01-02 22:53 - 2014-11-13 17:22 - 00000978 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore1cfff5ec5c1eea.job 2015-01-02 22:53 - 2014-10-24 03:29 - 00000978 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore1cfef324d5c7c46.job 2015-01-02 22:53 - 2014-06-25 18:12 - 00000978 _____ () C:\WINNT\Tasks\GoogleUpdateTaskMachineCore1cf9098a814ed6a.job 2015-01-02 22:51 - 2005-06-20 16:39 - 01518997 _____ () C:\WINNT\WindowsUpdate.log 2015-01-02 22:50 - 2011-10-12 09:31 - 00000157 _____ () C:\WINNT\wiadebug.log 2015-01-02 22:50 - 2011-10-12 09:31 - 00000050 _____ () C:\WINNT\wiaservc.log 2015-01-02 22:50 - 2005-06-20 16:48 - 00000006 ____H () C:\WINNT\Tasks\SA.DAT 2015-01-02 22:49 - 2012-03-05 22:53 - 00000178 ___SH () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\ntuser.ini 2015-01-02 22:49 - 2012-03-05 22:53 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061 2015-01-02 22:41 - 2011-06-27 09:44 - 00000178 ___SH () C:\Documents and Settings\administrator.corpsaabcom\ntuser.ini 2015-01-02 22:41 - 2011-06-27 09:44 - 00000000 ____D () C:\Documents and Settings\administrator.corpsaabcom 2015-01-02 22:38 - 2005-06-20 12:25 - 00000323 __RSH () C:\boot.ini 2015-01-02 22:25 - 2010-06-22 08:53 - 00000000 __SHD () C:\WINNT\CSC 2015-01-02 22:25 - 2001-08-23 03:00 - 00002206 _____ () C:\WINNT\system32\wpa.dbl 2015-01-02 22:05 - 2013-09-02 19:48 - 00000826 _____ () C:\WINNT\Tasks\Adobe Flash Player Updater.job 2015-01-02 22:04 - 2010-06-21 15:58 - 00179694 _____ () C:\WINNT\system32\nvModes.dat 2015-01-01 22:48 - 2008-04-30 19:23 - 00000000 ____D () C:\WINNT\system32\NtmsData 2015-01-01 22:24 - 2007-05-11 19:49 - 00000664 _____ () C:\WINNT\system32\d3d9caps.dat 2015-01-01 21:58 - 2005-06-20 16:36 - 00000000 ____D () C:\WINNT\Registration 2015-01-01 20:04 - 2011-02-08 10:09 - 00000000 ____D () C:\Program Files\QuickTime 2014-12-31 18:48 - 2011-10-21 12:26 - 00164927 _____ () C:\WINNT\setupapi.log 2014-12-31 10:20 - 2014-07-08 16:42 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop\Unused Desktop Shortcuts 2014-12-31 01:26 - 2012-06-21 21:45 - 00007973 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log 2014-12-31 01:10 - 2012-03-05 22:56 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\Adobe 2014-12-31 00:17 - 2011-01-19 08:50 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-12-31 00:15 - 2010-06-21 16:42 - 00000000 ____D () C:\WINNT\system32\Adobe 2014-12-30 23:32 - 2012-06-21 21:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP 2014-12-30 23:29 - 2011-07-25 06:30 - 00000000 ____D () C:\Program Files\HP 2014-12-29 21:13 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\repair 2014-12-29 18:02 - 2007-05-14 16:44 - 00000000 ____D () C:\WINNT\Microsoft.NET 2014-12-29 17:58 - 2005-06-20 12:29 - 00534912 _____ () C:\WINNT\system32\PerfStringBackup.INI 2014-12-29 17:56 - 2007-12-06 22:44 - 00000000 ____D () C:\Program Files\Microsoft.NET 2014-12-29 17:47 - 2014-01-08 19:16 - 00001945 _____ () C:\WINNT\epplauncher.mif 2014-12-28 21:26 - 2010-06-21 16:01 - 00000000 ____D () C:\Documents and Settings\Installation\Local Settings\Temp 2014-12-28 21:26 - 2005-06-20 17:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp 2014-12-28 21:18 - 2011-07-25 06:30 - 00000000 ____D () C:\Documents and Settings\si_flexmanage_corp\Local Settings\Temp 2014-12-28 21:18 - 2005-06-21 15:15 - 00000000 ___HD () C:\WINNT\system32\GroupPolicy 2014-12-28 21:11 - 2012-06-21 22:13 - 00099800 _____ () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-12-28 10:55 - 2010-10-26 09:02 - 00000000 ____D () C:\STM 2014-12-28 10:51 - 2012-04-06 16:55 - 00000000 __SHD () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\PrivacIE 2014-12-28 10:45 - 2014-01-08 19:21 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache 2014-12-28 10:45 - 2012-09-09 20:21 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Application Data\HpUpdate 2014-12-28 10:45 - 2012-06-16 10:45 - 00000000 __SHD () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\IECompatCache 2014-12-28 10:45 - 2012-03-05 17:10 - 00000000 ____D () C:\Documents and Settings\xzmyyv\Local Settings\Application Data\Htc 2014-12-28 10:45 - 2012-03-05 17:08 - 00000000 __SHD () C:\Documents and Settings\xzmyyv\IETldCache 2014-12-28 10:45 - 2011-07-25 06:28 - 00000000 ___SD () C:\Documents and Settings\si_flexmanage_corp\UserData 2014-12-28 10:45 - 2011-07-25 06:28 - 00000000 ____D () C:\Documents and Settings\si_flexmanage_corp 2014-12-28 10:45 - 2011-06-22 08:28 - 00018991 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\CPLOCAL.tmp 2014-12-28 10:45 - 2010-06-28 11:28 - 00100312 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-12-28 10:45 - 2010-06-22 09:56 - 00000000 ____D () C:\Documents and Settings\SYSTEM 2014-12-28 10:45 - 2010-06-21 16:56 - 00040807 _____ () C:\Documents and Settings\Installation\My Documents\lotusinstall.log 2014-12-28 10:45 - 2010-06-21 16:01 - 00000000 ___SD () C:\Documents and Settings\Installation\UserData 2014-12-28 10:45 - 2010-06-21 16:01 - 00000000 ____D () C:\Documents and Settings\Installation 2014-12-28 10:45 - 2007-12-06 22:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-12-28 10:45 - 2005-06-20 16:39 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM 2014-12-28 10:44 - 2014-05-12 18:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A 2014-12-28 10:44 - 2014-05-07 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\jzirf0qmf.cpp 2014-12-28 10:44 - 2012-01-12 12:49 - 00000000 __SHD () C:\Documents and Settings\administrator.corpsaabcom\IETldCache 2014-12-28 10:44 - 2011-06-27 09:44 - 00000000 ___SD () C:\Documents and Settings\administrator.corpsaabcom\UserData 2014-12-28 10:44 - 2010-08-31 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kontiki 2014-12-28 10:44 - 2010-06-21 16:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee 2014-12-28 10:44 - 2005-06-21 14:17 - 00000000 ___SD () C:\Documents and Settings\Administrator\UserData 2014-12-28 10:44 - 2005-06-20 17:27 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-12-27 22:48 - 2011-01-26 10:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PDF-XChange 4 Pro 2014-12-27 19:13 - 2005-06-20 12:25 - 00001024 ____H () C:\WINNT\system32\config\userdiff.LOG 2014-12-27 16:28 - 2010-07-01 07:54 - 00000000 ____D () C:\Program Files\Google 2014-12-27 16:09 - 2012-03-05 17:09 - 00000000 ____D () C:\Documents and Settings\xzmyyv\Local Settings\Temp 2014-12-27 16:03 - 2013-09-02 19:48 - 00701616 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerApp.exe 2014-12-27 16:03 - 2013-09-02 19:48 - 00071344 _____ (Adobe Systems Incorporated) C:\WINNT\system32\FlashPlayerCPLApp.cpl 2014-12-27 16:02 - 2014-08-17 17:30 - 00000000 ____D () C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\Adobe 2014-12-27 14:37 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\system32\ias 2014-12-27 14:36 - 2007-05-29 03:17 - 00000000 ____D () C:\WINNT\SHELLNEW 2014-12-27 14:35 - 2011-06-22 13:18 - 00000000 ____D () C:\WINNT\Quest Resource Updating Agent 2014-12-27 14:35 - 2005-06-20 17:46 - 00000000 ____D () C:\Program Files\WinZip 2014-12-27 14:34 - 2011-10-12 07:12 - 00000000 ____D () C:\Program Files\Advanced SystemCare 4 2014-12-27 14:34 - 2010-06-22 09:34 - 00000000 ____D () C:\Program Files\Windows Imaging 2014-12-27 14:34 - 2007-05-14 19:51 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-12-27 14:34 - 2005-06-20 12:18 - 00000000 ____D () C:\WINNT\mui 2014-12-27 14:33 - 2010-06-21 16:07 - 00000000 __HDC () C:\WINNT\$NtServicePackUninstall$ 2014-12-27 14:32 - 2013-10-19 21:18 - 00000000 ___RD () C:\Program Files\Skype 2014-12-27 14:32 - 2010-06-22 08:41 - 00000000 ____D () C:\Program Files\VPN Client 2014-12-27 14:32 - 2007-05-29 03:19 - 00000000 ____D () C:\Program Files\Snapshot Viewer 2014-12-27 14:31 - 2011-06-17 11:11 - 00000000 ____D () C:\Program Files\MaximoSilentPrint 2014-12-27 14:31 - 2010-06-28 11:15 - 00000000 ____D () C:\Program Files\PC Information 2014-12-27 14:31 - 2007-12-18 22:36 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2 2014-12-27 14:31 - 2005-06-20 16:37 - 00000000 ____D () C:\Program Files\Outlook Express 2014-12-27 14:27 - 2013-10-19 21:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype 2014-12-27 14:24 - 2001-08-23 03:00 - 00000710 _____ () C:\WINNT\win.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINNT\explorer.exe => File is digitally signed C:\WINNT\system32\winlogon.exe => File is digitally signed C:\WINNT\system32\svchost.exe => File is digitally signed C:\WINNT\system32\services.exe => File is digitally signed C:\WINNT\system32\User32.dll => File is digitally signed C:\WINNT\system32\userinit.exe => File is digitally signed C:\WINNT\system32\rpcss.dll => File is digitally signed C:\WINNT\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Addition.txt
  14. 1 Det finns hela tiden efter jag loggat in. Det kom upp i början efter mitt första inlägg, när jag rensade filer själv. Har nog tagit bort en fil som PCn nu frågar efter genom att slida in en CD. De finns ett bättre meddelande som har med detta att göra, se Wordfil 2 Fattade inte vad du menade med kodning ANSI. Fortsatte i övrigt enl. din instruktion. Här är svaret utan den kryptiska ANSI kodningen. Ska jag köra om med ev. ANSI kodning? ComboFix 14-12-30.01 - XZMYYV 2014-12-31 1:41.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.3572.2695 [GMT 1:00] Körs från: c:\documents and settings\XZMYYV.CORPSAABCOM.061\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\XZMYYV~1.061\LOCALS~1\Temp\avgnt.exe\Avira.OE.ExtApi.dll c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll . ---- Föregående körning ------- . c:\docume~1\XZMYYV~1.061\LOCALS~1\Temp\avgnt.exe\Avira.OE.ExtApi.dll c:\documents and settings\All Users\Application Data\3CF14ECC.CPP.iqvgsrf c:\documents and settings\All Users\ntuser.pol c:\documents and settings\XZMYYV.CORPSAABCOM.061\Application Data\Adobe\AdobeWin.exe c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Application Data\zcnecda.dll c:\documents and settings\XZMYYV.CORPSAABCOM.061\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll c:\winnt\EventSystem.log c:\winnt\security\logs\scecomp.log c:\winnt\system32\AdobePDF.dll c:\winnt\system32\drivers\etc\hosts.ics c:\winnt\system32\MUI\0404\tourstart.exe c:\winnt\system32\MUI\0405\tourstart.exe c:\winnt\system32\MUI\0406\tourstart.exe c:\winnt\system32\MUI\0407\tourstart.exe c:\winnt\system32\MUI\0408\tourstart.exe c:\winnt\system32\MUI\040C\tourstart.exe c:\winnt\system32\MUI\0410\tourstart.exe c:\winnt\system32\MUI\0411\tourstart.exe c:\winnt\system32\MUI\0412\tourstart.exe c:\winnt\system32\MUI\0413\tourstart.exe c:\winnt\system32\MUI\0415\tourstart.exe c:\winnt\system32\MUI\0416\tourstart.exe c:\winnt\system32\MUI\0419\tourstart.exe c:\winnt\system32\MUI\041D\tourstart.exe c:\winnt\system32\MUI\041f\tourstart.exe c:\winnt\system32\MUI\0816\tourstart.exe c:\winnt\system32\MUI\0C0A\tourstart.exe c:\winnt\system32\P10015.exe 4 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2014 Ran by XZMYYV (administrator) on SETHNWNGXA04602 on 01-01-2015 20:17:52 Running from C:\Documents and Settings\XZMYYV.CORPSAABCOM.061\Desktop Loaded Profiles: XZMYYV & administrator (Available profiles: XZMYYV & administrator & localadmin) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINNT\system32\smss.exe (Microsoft Corporation) C:\WINNT\system32\winlogon.exe (Microsoft Corporation) C:\WINNT\system32\services.exe (Microsoft Corporation) C:\WINNT\system32\lsass.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxNotifier.exe (HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Microsoft Corporation) C:\WINNT\system32\spoolsv.exe (IDT, Inc.) C:\WINNT\DRIVERS\NOTEBOOKS\Audio\stacsv.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Kontiki Inc.) C:\Program Files\Kontiki\KService.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (NVIDIA Corporation) C:\WINNT\system32\nvsvc32.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (Secunia) C:\Program Files\Secunia\PSI\psia.exe (Microsoft Corporation) C:\WINNT\system32\svchost.exe (HP) C:\Program Files\HP\FlexDeploy\Client Software\FlexClient.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Microsoft Corporation) C:\WINNT\system32\msiexec.exe (HP) C:\Program Files\HP\FlexDeploy\Client Software\FlxApUpd.exe Addition.txt Doc2.docx
×
×
  • Skapa nytt...