Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely slow shutdown, new behavior that's not from delete pagefile


  • This topic is locked This topic is locked
5 replies to this topic

#1 emc20guru

emc20guru

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 20 March 2015 - 09:23 PM

Windows xp all of a sudden takes forever to shut down, sits at the desktop screen for about 5 min before going to the "shutting down" screen, windows boot time is normal. JRT found and deleted a file named, Wininit.ini. Then restarted, the restart after JRT ran wsa a normal quick shutdown but the slow shutdown returned after that 1 time occurrence. Mbam scan and Adwcleaner found nothing. listed below is my FRST log. Thanks for any help with this.
 
-----------------------------------------------------------------------------------------------------------
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by home (administrator) on HOME on 20-03-2015 22:06:29
Running from C:\Documents and Settings\home\Desktop
Loaded Profiles: home (Available profiles: home)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Creative Technology Ltd.) C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
(Creative Technology Ltd) C:\WINDOWS\CTHELPER.EXE
() C:\Program Files\Core Temp\Core Temp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKLM\...\Run: [Module Loader] => C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM\...\Run: [CTHelper] => C:\WINDOWS\CTHELPER.EXE [17920 2006-08-11] (Creative Technology Ltd)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-20\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKU\S-1-5-21-583907252-299502267-682003330-500\...\Run: [Core Temp] => C:\Program Files\Core Temp\Core Temp.exe [794272 2013-10-08] ()
HKU\S-1-5-21-583907252-299502267-682003330-500\...\Policies\Explorer: [NoDriveTypeAutoRun] 0xFF000000
HKU\S-1-5-21-583907252-299502267-682003330-500\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-583907252-299502267-682003330-500\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-583907252-299502267-682003330-500\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-583907252-299502267-682003330-500\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-583907252-299502267-682003330-500\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-583907252-299502267-682003330-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-583907252-299502267-682003330-500\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-583907252-299502267-682003330-500\...\Policies\Explorer: [HideSCABattery] 1
HKU\S-1-5-21-583907252-299502267-682003330-500\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> logon.scr
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll (Acronis)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-583907252-299502267-682003330-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-583907252-299502267-682003330-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-583907252-299502267-682003330-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1391187388734
Handler: AutorunsDisabled\tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{9337031E-5673-4798-9FB8-F7366EE3ABBE}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\zgqrohc7.default
FF NewTab: about:blank
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.google.com/webhp?complete=0&gws_rd=ssl
FF NetworkProxy: "type", 4
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File
FF Extension: WOT - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\zgqrohc7.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-02-06]
FF Extension: about:addons-memory - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\zgqrohc7.default\Extensions\about-addons-memory@tn123.org.xpi [2014-04-05]
FF Extension: Classic Theme Restorer - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\zgqrohc7.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-04-30]
FF Extension: Copy Urls Expert - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\zgqrohc7.default\Extensions\copy-urls-expert@kashiif-gmail.com.xpi [2014-01-31]
FF Extension: Classic Toolbar Buttons - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\zgqrohc7.default\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2014-04-30]
FF Extension: FlashDisable - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\zgqrohc7.default\Extensions\jid0-bbA9VAawX3LMWDu668aUDrpQVXU@jetpack.xpi [2014-01-31]
FF Extension: 1-Click YouTube Video Downloader - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\zgqrohc7.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-04-06]
FF Extension: Text Link - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\zgqrohc7.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2014-02-01]
FF Extension: NoScript - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\zgqrohc7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-31]
FF Extension: Downloads Window - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\zgqrohc7.default\Extensions\{a7213cf2-fa1e-4373-88ff-255d0abd3020}.xpi [2014-02-17]
FF Extension: Space Next - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\zgqrohc7.default\Extensions\{c71ff04d-f001-1fc1-1fc1-c71ff04df005}.xpi [2014-01-31]
FF Extension: Adblock Plus - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\zgqrohc7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn [2015-03-20]
FF HKU\S-1-5-21-583907252-299502267-682003330-500\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\home\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\home\Application Data\IDM\idmmzcc5 [2015-03-20]
FF HKU\S-1-5-21-583907252-299502267-682003330-500\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\home\Application Data\IDM\idmmzcc5

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-17]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-03-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [813032 2012-08-23] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3696632 2015-03-07] (Acronis)
S4 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
S4 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed]
S4 DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [110592 2004-08-28] (Matsubleepa Electric Industrial Co., Ltd.) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
S4 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7017888 2012-08-18] (Acronis)
S4 MachineTokenService; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 AndNetDiag; C:\WINDOWS\System32\DRIVERS\lgandnetdiag.sys [23680 2014-10-09] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\System32\DRIVERS\lgandnetmodem.sys [28416 2014-10-09] (LG Electronics Inc.)
R0 atapi; C:\WINDOWS\System32\drivers\atapi.sys [86912 2002-06-25] (Microsoft Corporation) [File not signed]
S3 AtcL001; C:\WINDOWS\System32\DRIVERS\l151x86.sys [36864 2015-01-12] (Atheros Communications, Inc.)
S3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [96256 2013-07-09] (Advanced Micro Devices)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20150309.001\BHDrvx86.sys [1164504 2015-02-02] (Symantec Corporation)
S4 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1507000.00B\ccSetx86.sys [127064 2014-02-20] (Symantec Corporation)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [340704 2005-11-10] (Creative Technology Ltd)
S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11237 2003-12-25] (Realtek Semiconductor Corporation) [File not signed]
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo32.sys [22120 2012-08-13] ()
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2015-02-15] (Phoenix Technologies) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 es1371; C:\WINDOWS\System32\drivers\es1371mp.sys [40704 2001-08-17] (Creative Technology Ltd.)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2014-12-10] ()
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [766976 2006-08-11] (Creative Technology Ltd)
R3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [154112 2006-08-11] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [180224 2006-08-11] (Creative Technology Ltd)
S4 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [586240 2008-02-11] (Aladdin Knowledge Systems Ltd.)
S3 hcmon; C:\WINDOWS\system32\drivers\hcmon.sys [43840 2014-02-27] (VMware, Inc.)
S3 HWHandSet; C:\WINDOWS\System32\DRIVERS\hw_quusbmdm.sys [195200 2011-10-24] (Huawei Technologies Co., Ltd.)
S1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [126968 2015-03-18] (Tonec Inc.)
R3 IDSxpx86; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20150320.001\IDSxpx86.sys [475792 2015-01-31] (Symantec Corporation)
S3 LGDDCDevice; C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2009-04-24] () [File not signed]
S3 LGII2CDevice; C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2009-04-24] () [File not signed]
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R1 meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [102384 2005-06-02] (Matsubleepa Electric Industrial Co.,Ltd.) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20150320.001\NAVENG.SYS [95704 2014-11-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20150320.001\NAVEX15.SYS [1636696 2014-11-15] (Symantec Corporation)
R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
S3 rspSanity; C:\WINDOWS\System32\DRIVERS\rspSanity32.sys [27192 2010-08-23] (Resplendence Software Projects Sp.)
R3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMI.sys [4125352 2011-12-02] (Realtek Semiconductor Corp.)
S3 RTL8023; C:\WINDOWS\System32\DRIVERS\GA311ND5.SYS [67456 2003-12-25] (Realtek Semiconductor Corporation                           ) [File not signed]
R3 SRTSP; C:\WINDOWS\System32\Drivers\NIS\1507000.00B\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1507000.00B\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1507000.00B\SYMDS.SYS [367704 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1507000.00B\SYMEFA.SYS [936152 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2015-02-05] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1507000.00B\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\NIS\1507000.00B\SYMTDI.SYS [423256 2014-08-25] (Symantec Corporation)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project) [File not signed]
R0 tdrpman; C:\WINDOWS\System32\DRIVERS\tdrpman.sys [806184 2015-03-07] (Acronis)
S0 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [689672 2015-03-07] (Acronis)
S3 USB_RNDIS; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-11] (Microsoft Corporation)
S0 vididr; C:\WINDOWS\System32\DRIVERS\vididr.sys [139336 2015-03-07] (Acronis)
R0 vidsflt; C:\WINDOWS\System32\DRIVERS\vidsflt.sys [99720 2015-03-07] (Acronis)
S4 aksfridge; \??\C:\WINDOWS\system32\drivers\aksfridge.sys [X]
R3 ALSysIO; \??\C:\Documents and Settings\home\Local Settings\Temp\ALSysIO.sys [X]
S3 andnetadb; No ImagePath
U5 Browser; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S3 cpuz; \??\C:\Documents and Settings\home\Desktop\a\cpuz.sys [X]
S3 CTUSFSYN; No ImagePath
S3 ialm; No ImagePath
S3 IntcHdmiAddService; No ImagePath
S4 IntelIde; No ImagePath
U5 LanmanServer; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
U5 Messenger; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
U5 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)
S3 P17xfi; No ImagePath
S3 p17xfilt; No ImagePath
U0 Partizan; No ImagePath
S4 tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 22:06 - 2015-03-20 22:06 - 00020331 _____ () C:\Documents and Settings\home\Desktop\FRST.txt
2015-03-20 22:06 - 2015-03-20 22:06 - 00000000 ____D () C:\FRST
2015-03-20 21:39 - 2015-03-20 21:39 - 07349653 _____ () C:\Documents and Settings\home\Desktop\Internet Download Manager (IDM) 6.23 Build 8 + Crack [KaranPC].7z
2015-03-20 21:38 - 2015-03-20 21:38 - 00000000 ____D () C:\WINDOWS\LastGood
2015-03-20 21:28 - 2015-03-20 21:28 - 11104036 _____ () C:\Documents and Settings\home\Desktop\MozBackup-1.5.1-EN.7z
2015-03-20 21:27 - 2015-03-20 21:27 - 00078431 _____ () C:\Documents and Settings\home\Desktop\Service state.7z
2015-03-20 20:47 - 2015-03-20 20:47 - 01135104 _____ (Farbar) C:\Documents and Settings\home\Desktop\FRST.exe
2015-03-20 20:10 - 2015-03-20 20:10 - 00000038 _____ () C:\Documents and Settings\home\Desktop\New Text Document (14).txt
2015-03-20 20:09 - 2015-03-20 20:09 - 00000890 _____ () C:\Documents and Settings\home\Desktop\JRT.txt
2015-03-20 18:50 - 2015-03-20 21:24 - 00001854 _____ () C:\PureRa.txt
2015-03-20 18:40 - 2015-03-20 18:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-20 16:09 - 2015-03-20 16:37 - 00000000 ____D () C:\Documents and Settings\home\Desktop\win7
2015-03-18 23:55 - 2015-03-18 23:55 - 00000000 ____D () C:\Program Files\Common Files\CANON
2015-03-18 12:16 - 2015-03-18 12:16 - 00000000 ___SD () C:\Documents and Settings\home\My Documents\My Data Sources
2015-03-18 11:42 - 2015-03-20 22:05 - 00065536 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-03-18 11:42 - 2015-03-18 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2015-03-18 11:41 - 2015-03-18 11:41 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-03-18 11:41 - 2015-03-18 11:41 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2015-03-18 11:41 - 2015-03-18 11:41 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-03-18 11:41 - 2015-03-18 11:41 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-18 11:40 - 2015-03-18 11:40 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2015-03-18 11:39 - 2015-03-18 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-03-18 11:39 - 2015-03-18 11:42 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2015-03-18 11:39 - 2015-03-18 11:41 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-18 11:39 - 2015-03-18 11:39 - 00000000 __RHD () C:\MSOCache
2015-03-18 11:39 - 2015-03-18 11:39 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-03-18 11:39 - 2015-03-18 11:39 - 00000000 ____D () C:\Documents and Settings\home\Local Settings\Application Data\Microsoft Help
2015-03-18 11:31 - 2015-03-18 11:31 - 00002855 _____ () C:\Documents and Settings\home\Desktop\office pro plus keys.txt
2015-03-18 06:03 - 2015-03-18 06:03 - 00004846 _____ () C:\Documents and Settings\home\Desktop\New Text Document (13).txt
2015-03-18 01:55 - 2015-03-18 01:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Mp3tag
2015-03-17 21:44 - 2015-03-17 21:44 - 00000132 _____ () C:\Documents and Settings\home\Desktop\lot-buy-125.txt
2015-03-17 10:22 - 2009-02-12 15:11 - 00022312 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\rsdrv.sys
2015-03-17 09:52 - 2015-03-17 09:52 - 00000000 ____D () C:\Program Files\LG Electronics
2015-03-17 09:52 - 2014-10-09 09:54 - 00028416 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgandnetmodem.sys
2015-03-17 09:52 - 2014-10-09 09:54 - 00023680 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgandnetdiag.sys
2015-03-17 09:34 - 2015-03-17 09:34 - 00001024 _____ () C:\Documents and Settings\All Users\Desktop\EaseUS MobiSaver for Android.lnk
2015-03-17 09:34 - 2015-03-17 09:34 - 00000000 ____D () C:\Program Files\EaseUS
2015-03-17 09:34 - 2015-03-17 09:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS MobiSaver for Android
2015-03-17 05:03 - 2015-03-18 07:31 - 00000000 ____D () C:\Documents and Settings\home\Desktop\android recovery
2015-03-17 03:30 - 2015-03-17 03:31 - 00000000 ____D () C:\Documents and Settings\home\Desktop\WinUtilities Pro 11.3 + serial
2015-03-17 03:21 - 2015-03-17 03:21 - 00000030 _____ () C:\Documents and Settings\home\Desktop\New Text Document (12).txt
2015-03-16 23:08 - 2015-03-16 23:57 - 00004547 _____ () C:\Documents and Settings\home\Desktop\New Text Document (11).txt
2015-03-16 15:40 - 2015-03-16 15:40 - 00001646 _____ () C:\Documents and Settings\home\Start Menu\Programs\Update Checker.lnk
2015-03-16 15:40 - 2015-03-16 15:40 - 00001640 _____ () C:\Documents and Settings\home\Desktop\Update Checker.lnk
2015-03-16 15:40 - 2015-03-16 15:40 - 00000000 ____D () C:\Program Files\FileHippo.com
2015-03-14 22:55 - 2015-03-14 22:55 - 18240176 _____ (Adobe Systems Incorporated) C:\Documents and Settings\home\Desktop\install_flash_player_17_plugin.exe
2015-03-14 10:40 - 2015-03-14 10:40 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_lgandnetadb_01005.Wdf
2015-03-14 09:27 - 2015-03-14 09:27 - 12184055 _____ () C:\Documents and Settings\home\Desktop\LGD801BK.7z
2015-03-14 07:41 - 2011-07-18 15:01 - 01419232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01005.dll
2015-03-14 04:37 - 2015-03-14 04:37 - 00058862 _____ () C:\WINDOWS\system32\Drivers\etc\hostsbackup.7z
2015-03-14 04:08 - 2015-03-14 10:43 - 00002411 _____ () C:\WINDOWS\system32\lgAxconfig.ini
2015-03-14 04:08 - 2011-05-06 10:37 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr90.dll
2015-03-14 04:08 - 2011-05-06 10:37 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp90.dll
2015-03-14 04:08 - 2011-05-06 10:37 - 00224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcm90.dll
2015-03-14 04:08 - 2006-04-30 05:33 - 00053248 _____ () C:\WINDOWS\system32\CommonDL.dll
2015-03-13 18:34 - 2015-03-13 18:49 - 12812272 _____ (LG Electronics) C:\Documents and Settings\home\Desktop\LGUnitedMobileDriver_S51MAN313AP22_ML_WHQL_Ver_3.13.2.exe
2015-03-13 17:44 - 2015-03-13 17:44 - 00000000 ____D () C:\Documents and Settings\home\Application Data\Adobe
2015-03-13 11:52 - 2015-03-17 09:52 - 00000000 ____D () C:\Documents and Settings\home\Application Data\TeamViewer
2015-03-13 11:21 - 2015-03-13 11:21 - 00000420 _____ () C:\Documents and Settings\home\Desktop\New Text Document (10).txt
2015-03-13 10:45 - 2015-03-13 10:45 - 07782048 _____ (TeamViewer GmbH) C:\Documents and Settings\home\Desktop\TeamViewer_Setup_en.exe
2015-03-13 09:10 - 2015-03-15 01:59 - 00000000 ____D () C:\Program Files\Wondershare
2015-03-13 09:10 - 2015-03-13 09:10 - 00000000 ____D () C:\Program Files\Common Files\Wondershare
2015-03-13 09:10 - 2015-03-13 09:10 - 00000000 ____D () C:\Documents and Settings\home\Local Settings\Application Data\Wondershare
2015-03-13 05:53 - 2015-03-13 05:53 - 00000082 _____ () C:\Documents and Settings\home\Desktop\New Text Document (9).txt
2015-03-13 04:59 - 2015-03-13 05:17 - 00000000 ____D () C:\Program Files\nLite
2015-03-13 04:59 - 2015-03-13 04:59 - 00000642 _____ () C:\Documents and Settings\home\Desktop\nLite.lnk
2015-03-13 04:59 - 2015-03-13 04:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\nLite
2015-03-12 19:10 - 2008-04-14 10:42 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2015-03-12 19:10 - 2001-08-18 03:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2015-03-12 18:53 - 2015-03-12 18:53 - 01711017 _____ () C:\Documents and Settings\home\Desktop\ioroot10.zip
2015-03-12 17:57 - 2015-03-12 17:57 - 00000000 ____D () C:\Documents and Settings\home\My Documents\LG OSP
2015-03-12 17:57 - 2015-03-12 17:57 - 00000000 ____D () C:\Documents and Settings\home\Local Settings\Application Data\LG Electronics
2015-03-12 17:46 - 2015-03-12 17:48 - 00000047 _____ () C:\Documents and Settings\home\Desktop\New Text Document (6).txt
2015-03-12 17:25 - 2015-03-17 09:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0200$
2015-03-12 17:25 - 2015-03-17 09:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2015-03-12 17:25 - 2015-03-12 17:25 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2015-03-11 17:35 - 2015-03-11 17:37 - 00000661 _____ () C:\Documents and Settings\home\Desktop\New Text Document (5).txt
2015-03-11 02:20 - 2015-03-11 02:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Creative Labs
2015-03-10 21:33 - 2015-03-10 21:33 - 120598889 _____ () C:\Documents and Settings\home\Desktop\Audigy_SupportPack_5_1.7z
2015-03-10 21:07 - 2015-03-20 21:18 - 00001080 _____ () C:\WINDOWS\system32\settingsbkup.sfm
2015-03-10 21:07 - 2015-03-20 21:18 - 00001080 _____ () C:\WINDOWS\system32\settings.sfm
2015-03-10 20:44 - 2015-03-20 21:22 - 04958588 _____ () C:\WINDOWS\{00000005-00000000-00000000-00001102-00000004-20071102}.CDF
2015-03-10 20:44 - 2015-03-11 01:16 - 00000000 ____D () C:\Documents and Settings\home\Application Data\Creative
2015-03-10 20:44 - 2015-03-10 20:44 - 00445016 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2015-03-10 20:44 - 2015-03-10 20:44 - 00109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2015-03-10 20:44 - 2015-03-10 20:44 - 00000029 _____ () C:\WINDOWS\sfbm.INI
2015-03-10 20:44 - 2015-03-10 20:44 - 00000000 ___DC () C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2015-03-10 20:44 - 2015-03-10 20:44 - 00000000 ____D () C:\WINDOWS\system32\Defaults
2015-03-10 20:44 - 2015-03-10 20:44 - 00000000 ____D () C:\WINDOWS\system32\Data
2015-03-10 20:44 - 2013-04-25 16:07 - 00006505 ____N () C:\WINDOWS\system32\CTOPT399.cat
2015-03-10 20:44 - 2013-04-03 09:55 - 00079360 ____N (Creative Technology Ltd) C:\WINDOWS\system32\CTOPT399.dll
2015-03-10 20:44 - 2008-12-22 20:13 - 00061440 ____N (Creative Technology Ltd) C:\WINDOWS\system32\CTChkAud.dll
2015-03-10 20:44 - 2008-06-13 11:13 - 00065536 ____N (Creative Technology Ltd) C:\WINDOWS\system32\ctdvda32.dll
2015-03-10 20:44 - 2007-02-06 08:28 - 00000075 _____ () C:\WINDOWS\system32\ctzapxx.ini
2015-03-10 20:44 - 2006-08-11 13:14 - 00086446 _____ () C:\WINDOWS\system32\instwdm.ini
2015-03-10 20:44 - 2006-08-11 12:57 - 00011776 _____ (Creative Technology Limited) C:\WINDOWS\INRES.DLL
2015-03-10 20:44 - 2006-08-11 12:56 - 00003072 _____ () C:\WINDOWS\CTXFIRES.DLL
2015-03-10 20:44 - 2006-08-11 12:55 - 00010240 _____ (Creative Technology Ltd) C:\WINDOWS\CTDCRES.DLL
2015-03-10 20:44 - 2005-01-24 17:47 - 01746360 ____N () C:\WINDOWS\system32\CTAA1.DAT
2015-03-10 20:44 - 2000-05-11 02:00 - 00090112 ____N (Creative Technology Ltd.) C:\WINDOWS\Updreg.EXE
2015-03-10 19:52 - 2009-11-19 01:20 - 00809560 _____ (Creative Labs Inc.) C:\WINDOWS\system32\OALInst.exe
2015-03-10 19:52 - 2008-02-25 09:43 - 00018840 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\CTGAME.SYS
2015-03-10 19:52 - 2008-01-14 03:33 - 00069120 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTOSUSER.DLL
2015-03-10 19:52 - 2006-08-11 12:57 - 00081920 _____ (Creative Technology Limited) C:\WINDOWS\system32\ctcoinst.dll
2015-03-10 19:52 - 2006-08-11 12:57 - 00037888 _____ () C:\WINDOWS\system32\CTBURST.DLL
2015-03-10 19:52 - 2006-08-11 12:56 - 00035840 _____ (Creative Technology Limited) C:\WINDOWS\READREG.EXE
2015-03-10 19:52 - 2006-08-11 12:56 - 00034304 _____ () C:\WINDOWS\PSCONV.EXE
2015-03-10 19:52 - 2006-08-11 12:56 - 00033792 _____ ( ) C:\WINDOWS\system32\a3d.dll
2015-03-10 19:52 - 2006-08-11 12:56 - 00030208 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTPCMCIA.DLL
2015-03-10 19:52 - 2006-08-11 12:56 - 00026624 _____ (Creative Technology Ltd) C:\WINDOWS\system32\AC3API.DLL
2015-03-10 19:52 - 2006-08-11 12:56 - 00026112 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTXFIBTN.DLL
2015-03-10 19:52 - 2006-08-11 12:56 - 00025088 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTXFISPK.DLL
2015-03-10 19:52 - 2006-08-11 12:56 - 00023040 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTSPKHLP.DLL
2015-03-10 19:52 - 2006-08-11 12:56 - 00018944 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTXFIHLP.EXE
2015-03-10 19:52 - 2006-08-11 12:56 - 00017920 _____ (Creative Technology Ltd) C:\WINDOWS\CTHELPER.EXE
2015-03-10 19:52 - 2006-08-11 12:56 - 00011776 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTMMEP.DLL
2015-03-10 19:52 - 2006-08-11 12:56 - 00008192 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\pfmodnt.sys
2015-03-10 19:52 - 2006-08-11 12:56 - 00007168 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTAGENT.DLL
2015-03-10 19:52 - 2006-08-11 12:55 - 00286208 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTDC0001.DLL
2015-03-10 19:52 - 2006-08-11 12:55 - 00190976 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTDC0000.DLL
2015-03-10 19:52 - 2006-08-11 12:55 - 00129536 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTDCIFCE.DLL
2015-03-10 19:52 - 2006-08-11 12:55 - 00075264 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTSCAL.DLL
2015-03-10 19:52 - 2006-08-11 12:55 - 00064000 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTTHXCAL.DLL
2015-03-10 19:52 - 2006-08-11 12:55 - 00009216 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTPRES.DLL
2015-03-10 19:52 - 2006-08-11 12:53 - 00733184 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTXFISPI.EXE
2015-03-10 19:52 - 2006-08-11 12:53 - 00052224 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTXFISPI.DLL
2015-03-10 19:52 - 2006-08-11 12:53 - 00042496 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTXFIREG.EXE
2015-03-10 19:52 - 2006-08-11 12:49 - 00323640 _____ () C:\WINDOWS\system32\ctdlang.dat
2015-03-10 19:52 - 2006-08-11 12:49 - 00044567 _____ () C:\WINDOWS\system32\ctdnlstr.dat
2015-03-10 19:52 - 2006-08-11 12:48 - 01170432 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\CTEXFIFX.dll
2015-03-10 19:52 - 2006-08-11 12:48 - 00548352 _____ (Creative Technology Ltd) C:\WINDOWS\system32\ctsblfx.dll
2015-03-10 19:52 - 2006-08-11 12:48 - 00536576 _____ (Creative Technology Ltd) C:\WINDOWS\system32\ctaudfx.dll
2015-03-10 19:52 - 2006-08-11 12:48 - 00317952 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTEDSPSY.DLL
2015-03-10 19:52 - 2006-08-11 12:48 - 00160768 _____ (Creative Technology Ltd) C:\WINDOWS\system32\cteapsfx.dll
2015-03-10 19:52 - 2006-08-11 12:48 - 00158720 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\CT20XUT.DLL
2015-03-10 19:52 - 2006-08-11 12:48 - 00108032 _____ (Creative Technology Ltd) C:\WINDOWS\system32\ctemupia.dll
2015-03-10 19:52 - 2006-08-11 12:48 - 00087552 _____ (Creative Technology Ltd) C:\WINDOWS\system32\commonfx.dll
2015-03-10 19:52 - 2006-08-11 12:48 - 00061952 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\CTHWIUT.DLL
2015-03-10 19:52 - 2006-08-11 12:45 - 01110016 _____ (Creative Technology Ltd) C:\WINDOWS\system32\Drivers\ha20x2k.sys
2015-03-10 19:52 - 2006-08-11 12:45 - 00766976 _____ (Creative Technology Ltd) C:\WINDOWS\system32\Drivers\ha10kx2k.sys
2015-03-10 19:52 - 2006-08-11 12:45 - 00502272 _____ (Creative Technology Ltd) C:\WINDOWS\system32\Drivers\ctac32k.sys
2015-03-10 19:52 - 2006-08-11 12:45 - 00499584 _____ (Creative Technology Ltd) C:\WINDOWS\system32\Drivers\ctaud2k.sys
2015-03-10 19:52 - 2006-08-11 12:45 - 00269824 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTEDSPFX.DLL
2015-03-10 19:52 - 2006-08-11 12:45 - 00200192 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CT_OAL.DLL
2015-03-10 19:52 - 2006-08-11 12:45 - 00180224 _____ (Creative Technology Ltd) C:\WINDOWS\system32\Drivers\haP17v2k.sys
2015-03-10 19:52 - 2006-08-11 12:45 - 00154112 _____ (Creative Technology Ltd) C:\WINDOWS\system32\Drivers\haP16v2k.sys
2015-03-10 19:52 - 2006-08-11 12:45 - 00143872 _____ (Creative Technology Ltd) C:\WINDOWS\system32\Drivers\ctsfm2k.sys
2015-03-10 19:52 - 2006-08-11 12:45 - 00140643 _____ () C:\WINDOWS\system32\ctbas2w.dat
2015-03-10 19:52 - 2006-08-11 12:45 - 00120832 _____ (Creative Technology Ltd) C:\WINDOWS\system32\SFMS32.DLL
2015-03-10 19:52 - 2006-08-11 12:45 - 00116224 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\ctoss2k.sys
2015-03-10 19:52 - 2006-08-11 12:45 - 00115200 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTEDSPIO.DLL
2015-03-10 19:52 - 2006-08-11 12:45 - 00078336 _____ (Creative Technology Ltd) C:\WINDOWS\system32\Drivers\emupia2k.sys
2015-03-10 19:52 - 2006-08-11 12:45 - 00074752 _____ (Creative Technology Ltd) C:\WINDOWS\system32\CTASIO.DLL
2015-03-10 19:52 - 2006-08-11 12:45 - 00073728 _____ (Creative Technology Ltd) C:\WINDOWS\system32\piaproxy.dll
2015-03-10 19:52 - 2006-08-11 12:45 - 00071680 _____ (Creative Technology Ltd) C:\WINDOWS\system32\ctdproxy.dll
2015-03-10 19:52 - 2006-08-11 12:45 - 00047616 _____ (Creative Technology, Ltd) C:\WINDOWS\system32\CTEDASIO.DLL
2015-03-10 19:52 - 2006-08-11 12:45 - 00033792 _____ () C:\WINDOWS\system32\REGPLIB.EXE
2015-03-10 19:52 - 2006-08-11 12:45 - 00021504 _____ (Creative Technology Ltd) C:\WINDOWS\system32\sfman32.dll
2015-03-10 19:52 - 2006-08-11 12:45 - 00007168 _____ (Creative Technology Ltd) C:\WINDOWS\system32\Drivers\ctprxy2k.sys
2015-03-10 19:52 - 2006-08-11 12:43 - 00313207 _____ () C:\WINDOWS\system32\ctstatic.dat
2015-03-10 19:52 - 2006-08-11 12:43 - 00265042 _____ () C:\WINDOWS\system32\ctsbas2w.dat
2015-03-10 19:52 - 2006-08-11 12:43 - 00231281 _____ () C:\WINDOWS\system32\CTSBASW.DAT
2015-03-10 19:52 - 2006-08-11 12:43 - 00113221 _____ () C:\WINDOWS\system32\CTBASICW.DAT
2015-03-10 19:52 - 2006-08-11 12:43 - 00053932 _____ () C:\WINDOWS\system32\ctdaught.dat
2015-03-10 19:52 - 2006-08-11 12:43 - 00009216 _____ ( ) C:\WINDOWS\system32\KILLAPPS.EXE
2015-03-10 19:52 - 2006-08-11 12:43 - 00004096 _____ () C:\WINDOWS\system32\ENLOCSTR.EXE
2015-03-10 19:52 - 2006-08-11 12:42 - 00047104 _____ (Creative Technology Ltd) C:\WINDOWS\system32\DEVREG.DLL
2015-03-10 19:52 - 2006-08-11 12:42 - 00025600 _____ (Creative Technology Ltd) C:\WINDOWS\MIDIDEF.EXE
2015-03-10 19:52 - 2006-05-23 10:40 - 00000269 _____ () C:\WINDOWS\system32\KILL.INI
2015-03-10 19:52 - 2005-11-10 15:06 - 00340704 _____ (Creative Technology Ltd) C:\WINDOWS\system32\Drivers\ctdvda2k.sys
2015-03-10 19:52 - 2005-09-06 12:02 - 01365888 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\CTMMFILT.SYS
2015-03-10 19:52 - 2005-06-30 06:24 - 00121856 _____ (Creative Technology Limited) C:\WINDOWS\system32\CTSFINST.DLL
2015-03-10 19:52 - 2005-06-16 16:17 - 00071680 _____ () C:\WINDOWS\system32\CTMMACTL.DLL
2015-03-10 19:52 - 2005-06-08 11:08 - 01359744 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\CT0531FL.SYS
2015-03-10 19:52 - 2005-06-07 18:58 - 00765952 _____ (Sensaura Ltd) C:\WINDOWS\system\CRLDS3D.DLL
2015-03-10 19:52 - 2005-01-03 10:18 - 04958588 _____ () C:\WINDOWS\CTDVAUDY.CDF
2015-03-10 19:52 - 2004-06-25 08:47 - 03377466 _____ () C:\WINDOWS\CTDV10K1.CDF
2015-03-10 19:52 - 2002-09-20 07:44 - 00006760 _____ () C:\WINDOWS\system32\CTGAME.VXD
2015-03-10 19:52 - 2002-01-03 13:44 - 00000059 _____ () C:\WINDOWS\system32\DEFAULT8.SFM
2015-03-10 19:52 - 2002-01-03 13:44 - 00000059 _____ () C:\WINDOWS\system32\DEFAULT4.SFM
2015-03-10 19:52 - 2002-01-03 13:44 - 00000059 _____ () C:\WINDOWS\system32\DEFAULT.SFM
2015-03-10 19:52 - 2001-11-15 13:25 - 03735544 _____ () C:\WINDOWS\CTDV10K2.CDF
2015-03-10 19:52 - 2001-11-13 07:48 - 00001912 _____ () C:\WINDOWS\system32\Audigy.bmp
2015-03-10 19:52 - 2001-07-11 08:51 - 00077824 _____ (Creative Labs) C:\WINDOWS\system32\EAXAC3.DLL
2015-03-10 19:52 - 2000-02-25 10:49 - 01048576 _____ () C:\WINDOWS\system32\CT1MGM.ROM
2015-03-10 19:52 - 1999-09-22 21:18 - 02259067 _____ () C:\WINDOWS\system32\DEFAULT.ECW
2015-03-10 19:52 - 1999-09-22 21:18 - 02167684 _____ () C:\WINDOWS\system32\CT2MGM.SF2
2015-03-10 15:15 - 2015-03-17 00:31 - 00000000 ____D () C:\Documents and Settings\home\Desktop\intel
2015-03-10 04:50 - 2015-03-10 05:40 - 00001893 _____ () C:\Documents and Settings\home\Desktop\3330.txt
2015-03-10 02:57 - 2015-03-10 03:07 - 00000401 _____ () C:\Documents and Settings\home\Desktop\New Text Document.txt
2015-03-10 02:31 - 2015-03-10 02:31 - 00000000 ____D () C:\Documents and Settings\home\Desktop\New F
2015-03-09 22:27 - 2014-07-09 12:52 - 01461992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2015-03-09 22:22 - 2015-03-09 22:23 - 00000000 ____D () C:\Documents and Settings\home\.android
2015-03-09 22:20 - 2015-03-09 22:20 - 00000000 ____D () C:\Program Files\Java
2015-03-09 22:20 - 2015-03-09 22:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java Development Kit
2015-03-09 22:10 - 2015-03-09 22:23 - 00000000 ____D () C:\android-sdk-windows
2015-03-09 22:06 - 2015-03-09 22:08 - 235936216 _____ (LG Electronics) C:\Documents and Settings\home\Desktop\LGPCSuite_Setup.exe
2015-03-09 20:46 - 2015-03-09 20:46 - 11121460 _____ () C:\Documents and Settings\home\Desktop\SPIPGM2.7z
2015-03-09 20:31 - 2015-03-09 20:31 - 00774560 _____ (Akeo Consulting (http://akeo.ie)) C:\Documents and Settings\home\Desktop\rufus-2.0.exe
2015-03-07 17:57 - 2015-03-07 17:57 - 00000000 ____D () C:\Documents and Settings\home\Application Data\Acronis
2015-03-07 17:47 - 2015-03-07 18:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Acronis
2015-03-07 17:47 - 2015-03-07 17:47 - 00806184 _____ (Acronis) C:\WINDOWS\system32\Drivers\tdrpman.sys
2015-03-07 17:47 - 2015-03-07 17:47 - 00689672 _____ (Acronis) C:\WINDOWS\system32\Drivers\tib_mounter.sys
2015-03-07 17:47 - 2015-03-07 17:47 - 00234752 _____ (Acronis) C:\WINDOWS\system32\Drivers\afcdp.sys
2015-03-07 17:47 - 2015-03-07 17:47 - 00192904 _____ (Acronis) C:\WINDOWS\system32\Drivers\snapman.sys
2015-03-07 17:47 - 2015-03-07 17:47 - 00139336 _____ (Acronis) C:\WINDOWS\system32\Drivers\vididr.sys
2015-03-07 17:47 - 2015-03-07 17:47 - 00099720 _____ (Acronis) C:\WINDOWS\system32\Drivers\vidsflt.sys
2015-03-07 17:47 - 2015-03-07 17:47 - 00093928 _____ (Acronis) C:\WINDOWS\system32\Drivers\fltsrv.sys
2015-03-07 17:47 - 2015-03-07 17:47 - 00000880 _____ () C:\Documents and Settings\All Users\Desktop\True Image 2013.lnk
2015-03-07 17:47 - 2015-03-07 17:47 - 00000000 ____D () C:\Program Files\Common Files\Acronis
2015-03-07 17:47 - 2015-03-07 17:47 - 00000000 ____D () C:\Program Files\Acronis
2015-03-07 12:36 - 2015-03-07 12:37 - 00000229 _____ () C:\JavaRa.log
2015-03-07 12:27 - 2015-03-07 12:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SystemRequirementsLab
2015-03-07 11:01 - 2015-03-07 11:02 - 00000000 ____D () C:\Documents and Settings\home\Desktop\Cacheman (Giveaway) 05-07-2015 + Serial
2015-03-06 20:28 - 2015-03-06 20:28 - 00000084 _____ () C:\Documents and Settings\home\Desktop\x5450 name.txt
2015-03-06 19:57 - 2015-03-16 23:55 - 00000000 ____D () C:\Documents and Settings\home\Desktop\p5b-deluxe
2015-03-05 18:42 - 2015-03-07 07:51 - 00005327 _____ () C:\Documents and Settings\home\Desktop\SPI.txt
2015-03-05 11:21 - 2015-03-05 11:21 - 00000671 _____ () C:\Documents and Settings\home\Grapher.ini
2015-03-05 01:04 - 2015-03-05 01:04 - 05157536 _____ (McAfee, Inc.) C:\Documents and Settings\home\Desktop\McAfeeSetup.exe
2015-03-04 22:40 - 2015-03-20 22:05 - 00065536 _____ () C:\WINDOWS\system32\config\Reason.evt
2015-03-04 22:28 - 2015-03-04 22:28 - 00000000 ____D () C:\Documents and Settings\home\Desktop\Registry Trash Keys Finder (Full Version) v3.9.2.0 Portable Ml_Rus
2015-03-04 10:11 - 2015-03-13 09:13 - 00000866 _____ () C:\Documents and Settings\home\Desktop\Android Data Recovery.lnk
2015-03-04 10:11 - 2015-03-13 09:13 - 00000000 ____D () C:\Program Files\Android Data Recovery
2015-03-04 10:11 - 2015-03-04 10:11 - 00000000 ____D () C:\Documents and Settings\home\Start Menu\Programs\Android Data Recovery
2015-03-03 16:55 - 2015-03-03 16:55 - 00000794 _____ () C:\Documents and Settings\home\Desktop\PerformanceTest.lnk
2015-03-02 23:16 - 2015-03-02 23:16 - 00000000 ____D () C:\Program Files\PerformanceTest
2015-03-02 23:16 - 2015-03-02 23:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PerformanceTest
2015-03-02 07:52 - 2015-03-02 09:30 - 00000080 _____ () C:\Documents and Settings\home\Desktop\o.txt
2015-03-02 04:26 - 2015-03-02 04:26 - 00000090 _____ () C:\Documents and Settings\home\Desktop\LG G2 IMEI Number Find.txt
2015-03-02 01:36 - 2015-03-02 01:36 - 01966548 _____ (KC Softwares ) C:\Documents and Settings\home\Desktop\audiograil_lite-March2015.exe
2015-03-01 18:28 - 2015-03-01 19:45 - 00000135 _____ () C:\Documents and Settings\home\My Documents\1.uzt
2015-03-01 11:03 - 2015-03-07 12:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-03-01 11:03 - 2015-03-07 12:23 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-03-01 11:03 - 2015-03-01 11:03 - 00000000 ____D () C:\Documents and Settings\home\Application Data\Oracle
2015-03-01 11:03 - 2015-03-01 11:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Sun
2015-03-01 11:03 - 2015-03-01 11:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Oracle
2015-03-01 11:02 - 2015-03-01 11:02 - 00000000 ____D () C:\Documents and Settings\home\Application Data\Sun
2015-03-01 10:31 - 2015-03-01 10:36 - 00000000 ____D () C:\Documents and Settings\home\Local Settings\Application Data\iWesoft
2015-03-01 10:30 - 2015-03-01 11:10 - 00000000 ____D () C:\Program Files\Appnimi
2015-03-01 08:23 - 2015-03-02 05:38 - 00000000 ____D () C:\Documents and Settings\home\Desktop\xeons
2015-02-28 22:51 - 2015-02-28 22:51 - 31557544 _____ (MiniTool Solution Ltd. ) C:\Documents and Settings\home\Desktop\pwpe9-giveaway-February2015.exe
2015-02-26 20:47 - 2010-01-13 13:19 - 03773952 _____ (Intel Corporation) C:\WINDOWS\system32\SETB2.tmp
2015-02-26 20:47 - 2010-01-13 13:19 - 03773952 _____ (Intel Corporation) C:\WINDOWS\system32\SET1C.tmp
2015-02-26 20:47 - 2010-01-13 13:18 - 02685280 _____ (Intel Corporation) C:\WINDOWS\system32\SETB0.tmp
2015-02-26 20:47 - 2010-01-13 13:18 - 02685280 _____ (Intel Corporation) C:\WINDOWS\system32\SET19.tmp
2015-02-26 20:47 - 2010-01-13 13:18 - 00185856 _____ (Intel Corporation) C:\WINDOWS\system32\SETAE.tmp
2015-02-26 20:47 - 2010-01-13 13:18 - 00185856 _____ (Intel Corporation) C:\WINDOWS\system32\SET16.tmp
2015-02-26 20:47 - 2010-01-13 13:18 - 00057344 _____ (Intel Corporation) C:\WINDOWS\system32\SETAC.tmp
2015-02-26 20:47 - 2010-01-13 13:18 - 00057344 _____ (Intel Corporation) C:\WINDOWS\system32\SET13.tmp
2015-02-26 20:47 - 2010-01-13 12:46 - 00199168 _____ (Intel Corporation) C:\WINDOWS\system32\SETC7.tmp
2015-02-26 20:47 - 2010-01-13 12:46 - 00199168 _____ (Intel Corporation) C:\WINDOWS\system32\SET31.tmp
2015-02-26 20:47 - 2010-01-13 12:46 - 00051712 _____ (Intel Corporation) C:\WINDOWS\system32\SETC3.tmp
2015-02-26 20:47 - 2010-01-13 12:46 - 00051712 _____ (Intel Corporation) C:\WINDOWS\system32\SET2B.tmp
2015-02-26 20:47 - 2010-01-13 12:45 - 05702656 _____ (Intel Corporation) C:\WINDOWS\system32\SETD5.tmp
2015-02-26 20:47 - 2010-01-13 12:45 - 05702656 _____ (Intel Corporation) C:\WINDOWS\system32\SET46.tmp
2015-02-26 20:47 - 2010-01-13 12:45 - 00093696 _____ (Intel Corporation) C:\WINDOWS\system32\SETC1.tmp
2015-02-26 20:47 - 2010-01-13 12:45 - 00093696 _____ (Intel Corporation) C:\WINDOWS\system32\SET28.tmp
2015-02-26 06:00 - 2008-04-14 10:42 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2015-02-26 06:00 - 2008-04-14 10:42 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksproxy.ax
2015-02-26 06:00 - 2008-04-14 10:42 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2015-02-26 06:00 - 2008-04-14 10:42 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wdmaud.drv
2015-02-26 06:00 - 2008-04-14 10:41 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksuser.dll
2015-02-26 06:00 - 2008-04-14 10:41 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksuser.dll
2015-02-26 06:00 - 2008-04-14 05:49 - 00146048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-02-26 06:00 - 2008-04-14 05:49 - 00146048 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\portcls.sys
2015-02-26 06:00 - 2008-04-14 05:46 - 00141056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2015-02-26 06:00 - 2008-04-14 05:46 - 00141056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ks.sys
2015-02-26 06:00 - 2008-04-14 05:15 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
2015-02-26 06:00 - 2008-04-14 05:15 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\drmk.sys
2015-02-26 06:00 - 2008-04-14 05:15 - 00049408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stream.sys
2015-02-26 06:00 - 2008-04-14 05:15 - 00049408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\stream.sys
2015-02-26 06:00 - 2007-12-19 12:40 - 00147456 _____ () C:\WINDOWS\system32\igfxCoIn_v4906.dll
2015-02-26 06:00 - 2007-12-19 12:32 - 01843784 _____ () C:\WINDOWS\system32\igklg400.dll
2015-02-26 06:00 - 2007-12-19 12:32 - 01399880 _____ () C:\WINDOWS\system32\igklg450.dll
2015-02-26 06:00 - 2007-12-19 12:32 - 00104636 _____ () C:\WINDOWS\system32\igmedcompkrn.dll
2015-02-26 06:00 - 2007-12-19 12:07 - 00163840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxzoom.exe
2015-02-26 06:00 - 2006-11-10 12:25 - 00319456 _____ (Microsoft Corporation) C:\WINDOWS\system32\difxapi.dll
2015-02-25 10:45 - 2015-02-26 00:44 - 00000000 ____D () C:\Documents and Settings\home\Desktop\A&P1
2015-02-25 01:38 - 2015-02-25 01:38 - 08132576 _____ (Adobe Systems Incorporated) C:\Documents and Settings\home\Desktop\ADE_4.0_Installer.exe
2015-02-25 01:35 - 2015-02-25 01:35 - 05126536 _____ () C:\Documents and Settings\home\Desktop\pdfdrmsetup.exe
2015-02-25 01:33 - 2015-02-25 01:33 - 00001766 _____ () C:\Documents and Settings\home\Desktop\LosingGround9780786723775.acsm
2015-02-25 01:31 - 2015-03-01 20:16 - 00000000 ____D () C:\Documents and Settings\home\Desktop\The Kinks - Something Else by The Kinks (1967)
2015-02-25 00:56 - 2015-03-20 18:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-02-24 21:46 - 2015-02-24 21:46 - 07317752 _____ () C:\Documents and Settings\home\Desktop\Internet Download Manager (IDM) 6.23 + Crack (Fix) [KaranPC].7z
2015-02-22 06:43 - 2015-02-22 06:43 - 01109501 _____ () C:\Documents and Settings\home\Desktop\RealTemp_370.7z
2015-02-22 05:57 - 2015-02-22 05:57 - 00639998 _____ () C:\Documents and Settings\home\Desktop\CrystalCPUID415.zip
2015-02-22 05:54 - 2015-02-22 05:54 - 00633831 _____ () C:\Documents and Settings\home\Desktop\ThrottleStop_600.zip
2015-02-22 05:48 - 2015-02-22 05:48 - 00409147 _____ () C:\Documents and Settings\home\Desktop\MemSet41.zip
2015-02-22 04:53 - 2015-02-22 04:53 - 00000686 _____ () C:\Documents and Settings\home\Desktop\Trash Reg.lnk
2015-02-22 04:51 - 2015-02-22 04:57 - 00000000 ____D () C:\Program Files\TrashReg
2015-02-22 04:51 - 2015-02-22 04:51 - 00000000 ____D () C:\Documents and Settings\home\Start Menu\Programs\Registry Trash Keys Finder
2015-02-21 22:19 - 2015-02-21 22:19 - 00002061 _____ () C:\Documents and Settings\All Users\Desktop\Intel Processor Diagnostic Tool.lnk
2015-02-21 22:19 - 2015-02-21 22:19 - 00000000 ____D () C:\Program Files\Intel Corporation
2015-02-21 22:19 - 2015-02-21 22:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Intel Corporation
2015-02-21 10:05 - 2015-02-21 10:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Passmark
2015-02-18 17:54 - 2015-02-18 18:00 - 00000034 _____ () C:\Documents and Settings\home\Desktop\New Text Document (8).txt
2015-02-18 07:00 - 2015-02-18 07:00 - 00090919 _____ () C:\Documents and Settings\home\Desktop\HOME.txt
2015-02-18 05:19 - 2015-03-07 00:37 - 00000000 ____D () C:\Documents and Settings\home\Desktop\BIOS MOD
2015-02-18 01:20 - 2015-02-18 01:21 - 00000000 ____D () C:\Documents and Settings\home\Desktop\PowerArchiver 2015 Pro v15.00.38 Final Incl. Serial-DVT [ATOM]
2015-02-18 01:14 - 2015-02-18 01:14 - 00246067 _____ () C:\Documents and Settings\home\Desktop\Slate.psf
2015-02-18 01:14 - 2015-02-18 01:14 - 00067715 _____ () C:\Documents and Settings\home\Desktop\MyPA.psf
2015-02-18 01:12 - 2015-02-18 01:12 - 34115672 _____ () C:\Documents and Settings\home\Desktop\powarc150041int.exe
2015-02-18 01:05 - 2015-02-18 01:05 - 04686016 _____ () C:\Documents and Settings\home\Desktop\BANDIZIP-SETUP.EXE
2015-02-18 00:36 - 2015-02-18 00:49 - 00000305 _____ () C:\Documents and Settings\home\Desktop\New Text Document (7).txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 22:06 - 2014-06-25 03:33 - 00000000 ____D () C:\Documents and Settings\home\Local Settings\temp
2015-03-20 22:05 - 2014-09-19 11:34 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2015-03-20 22:05 - 2014-09-19 11:34 - 00065536 _____ () C:\WINDOWS\system32\config\Bullzip .evt
2015-03-20 22:05 - 2014-09-19 11:34 - 00065536 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2015-03-20 22:05 - 2014-01-30 17:14 - 00000000 ____D () C:\Documents and Settings\home
2015-03-20 21:42 - 2014-09-19 11:33 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-20 21:40 - 2015-02-07 15:17 - 00000000 ____D () C:\Documents and Settings\home\Application Data\DMCache
2015-03-20 21:39 - 2014-01-30 17:49 - 00000000 ____D () C:\Documents and Settings\home\Application Data\TeraCopy
2015-03-20 21:38 - 2015-02-15 15:01 - 00000716 _____ () C:\Documents and Settings\home\Desktop\Internet Download Manager.lnk
2015-03-20 21:38 - 2015-02-15 15:01 - 00000000 ____D () C:\Program Files\Internet Download Manager
2015-03-20 21:38 - 2014-06-14 03:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2015-03-20 21:38 - 2014-02-01 08:15 - 00000000 ____D () C:\Documents and Settings\home\Application Data\uTorrent
2015-03-20 21:25 - 2014-02-14 04:41 - 00000000 ____D () C:\Program Files\BleachBit
2015-03-20 21:18 - 2014-01-30 17:14 - 00000178 ___SH () C:\Documents and Settings\home\ntuser.ini
2015-03-20 21:03 - 2014-07-08 00:28 - 00000000 ____D () C:\Documents and Settings\home\Desktop\New
2015-03-20 21:00 - 2014-01-30 17:14 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-03-20 20:54 - 2014-05-29 01:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2015-03-20 20:50 - 2015-02-15 15:01 - 00000000 ____D () C:\Documents and Settings\home\Application Data\IDM
2015-03-20 20:50 - 2015-02-15 13:09 - 00000135 _____ () C:\WINDOWS\spwdrt.INI
2015-03-20 20:21 - 2014-01-30 18:02 - 00000000 ____D () C:\Program Files\Recuva
2015-03-20 19:51 - 2014-01-30 17:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-03-20 18:51 - 2014-01-30 18:03 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-03-20 18:49 - 2014-01-30 17:50 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-20 17:13 - 2014-02-05 07:50 - 00000000 ____D () C:\Documents and Settings\home\Application Data\XnView
2015-03-20 17:13 - 2014-02-05 07:34 - 00000000 ____D () C:\Documents and Settings\home\Application Data\Mp3tag
2015-03-20 17:13 - 2014-02-02 05:04 - 00000000 ____D () C:\Documents and Settings\home\Application Data\MPC-HC
2015-03-20 16:41 - 2014-02-10 19:56 - 00000000 ____D () C:\Documents and Settings\home\Application Data\foobar2000
2015-03-20 16:33 - 2014-01-31 18:55 - 00000000 ____D () C:\Documents and Settings\home\Local Settings\Application Data\sabnzbd
2015-03-20 14:44 - 2014-09-19 11:33 - 00001374 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-19 03:27 - 2015-02-09 16:53 - 00000000 ____D () C:\Documents and Settings\home\Desktop\SHIPPING
2015-03-18 22:27 - 2015-02-06 08:06 - 00126968 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmtdi.sys
2015-03-18 11:42 - 2014-01-31 12:37 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-18 11:42 - 2014-01-30 12:07 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-18 01:55 - 2014-04-26 14:44 - 00000797 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-18 01:55 - 2014-04-26 14:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-18 01:55 - 2014-04-26 14:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-18 01:55 - 2014-02-05 07:27 - 00000658 _____ () C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
2015-03-18 01:55 - 2014-02-05 07:27 - 00000000 ____D () C:\Program Files\Mp3tag
2015-03-17 23:54 - 2014-04-11 17:22 - 00001516 _____ () C:\Documents and Settings\home\Desktop\XnView.lnk
2015-03-17 23:54 - 2014-04-11 17:22 - 00000000 ____D () C:\Program Files\XnView
2015-03-17 23:54 - 2014-04-11 17:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\XnView
2015-03-17 19:08 - 2014-01-31 13:45 - 00000000 __SHD () C:\Documents and Settings\NetworkService\IETldCache
2015-03-17 19:05 - 2014-09-19 11:33 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-17 19:03 - 2014-09-19 11:33 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-17 18:55 - 2015-02-05 10:17 - 00001993 _____ () C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
2015-03-17 18:55 - 2015-02-05 10:17 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NIS
2015-03-17 18:55 - 2015-02-05 10:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
2015-03-17 18:46 - 2014-05-24 23:43 - 00000030 _____ () C:\Documents and Settings\home\Desktop\fsutil usn deletejournal.txt
2015-03-17 18:44 - 2014-09-19 11:33 - 00009952 _____ () C:\WINDOWS\Tasks\SCHEDLGU.TXT
2015-03-17 18:44 - 2014-09-19 11:33 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-17 09:59 - 2014-02-01 16:56 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-17 09:52 - 2014-01-30 17:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-17 07:29 - 2014-01-31 18:53 - 00000000 ____D () C:\Program Files\SABnzbd
2015-03-17 06:15 - 2014-09-19 11:33 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-09-19 11:33 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-17 06:09 - 2015-02-05 13:58 - 00000000 ____D () C:\Program Files\Microsoft Bootvis
2015-03-17 06:08 - 2014-09-19 11:33 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2015-03-17 04:25 - 2014-01-31 18:42 - 00001550 _____ () C:\Documents and Settings\home\Desktop\MPC-HC.lnk
2015-03-17 04:25 - 2014-01-31 18:42 - 00000000 ____D () C:\Program Files\MPC-HC
2015-03-17 04:25 - 2014-01-31 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MPC-HC
2015-03-17 03:28 - 2014-05-14 15:08 - 00005025 _____ () C:\Documents and Settings\home\Desktop\emals all.txt
2015-03-17 03:14 - 2014-05-27 10:44 - 00000000 ____D () C:\Documents and Settings\home\Desktop\ips
2015-03-17 00:39 - 2014-05-14 08:07 - 00000000 ____D () C:\Documents and Settings\home\Desktop\-new
2015-03-17 00:25 - 2014-01-31 11:12 - 00014402 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2015-03-17 00:17 - 2014-03-11 22:52 - 00000000 ____D () C:\Documents and Settings\home\Desktop\PDF
2015-03-16 21:21 - 2014-05-05 10:53 - 00000696 _____ () C:\Documents and Settings\home\Desktop\WinRAR.lnk
2015-03-16 21:21 - 2014-03-08 19:27 - 00000696 _____ () C:\Documents and Settings\home\Start Menu\WinRAR.lnk
2015-03-16 21:21 - 2014-02-02 04:49 - 00000000 ____D () C:\Documents and Settings\home\Start Menu\Programs\WinRAR
2015-03-16 21:21 - 2014-02-02 04:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-03-16 15:55 - 2014-01-30 20:09 - 00002347 _____ () C:\Documents and Settings\home\Start Menu\Programs\Windows Install Clean Up.lnk
2015-03-16 15:41 - 2015-02-07 18:35 - 00000000 ____D () C:\Program Files\Notepad++
2015-03-16 15:41 - 2015-02-07 18:35 - 00000000 ____D () C:\Documents and Settings\home\Application Data\Notepad++
2015-03-14 22:49 - 2014-04-04 23:35 - 00000000 ____D () C:\Documents and Settings\home\Desktop\p
2015-03-14 01:56 - 2014-01-30 17:55 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-03-13 21:08 - 2015-02-11 22:36 - 00000000 ____D () C:\Program Files\Canon
2015-03-13 21:07 - 2015-02-12 01:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
2015-03-13 04:03 - 2014-05-12 09:39 - 00000000 ____D () C:\Documents and Settings\home\Desktop\archives
2015-03-13 00:02 - 2014-01-30 18:02 - 00000000 ____D () C:\Program Files\Unlocker
2015-03-12 23:50 - 2015-02-11 13:02 - 00002293 _____ () C:\Documents and Settings\home\Desktop\FLAC Frontend.lnk
2015-03-12 22:03 - 2015-02-11 13:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FLAC Frontend
2015-03-12 21:37 - 2014-02-03 00:39 - 00001588 _____ () C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
2015-03-12 21:37 - 2014-02-03 00:39 - 00000000 ____D () C:\Program Files\Defraggler
2015-03-11 22:41 - 2015-02-07 14:02 - 00000000 ____D () C:\Program Files\Core Temp
2015-03-11 18:07 - 2014-01-30 18:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Licenses
2015-03-11 17:47 - 2014-09-19 11:34 - 28049408 _____ () C:\WINDOWS\system32\config\software.bak
2015-03-11 17:47 - 2014-09-19 11:34 - 10223616 _____ () C:\WINDOWS\system32\config\system.bak
2015-03-11 17:47 - 2014-09-19 11:34 - 04878336 _____ () C:\WINDOWS\system32\config\default.bak
2015-03-11 17:47 - 2014-09-19 11:34 - 00049152 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2015-03-11 17:47 - 2014-09-19 11:34 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.bak
2015-03-11 17:47 - 2014-01-30 17:14 - 00249856 _____ () C:\Documents and Settings\NetworkService\NTUSER.bak
2015-03-11 17:44 - 2015-02-16 04:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Creative
2015-03-11 16:55 - 2014-09-19 11:33 - 00558460 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-11 02:07 - 2015-02-16 04:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Creative
2015-03-11 01:16 - 2015-02-16 04:30 - 00000000 ____D () C:\Program Files\Creative
2015-03-10 20:44 - 2014-09-19 11:34 - 00000000 ____D () C:\WINDOWS\system
2015-03-10 16:30 - 2015-02-16 04:31 - 00000644 ___RH () C:\WINDOWS\ctfile.rfc
2015-03-08 04:16 - 2014-09-19 11:34 - 00000000 ____D () C:\WINDOWS\srchasst
2015-03-07 17:47 - 2014-09-19 20:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Acronis
2015-03-06 20:24 - 2014-09-19 11:34 - 00000000 ____D () C:\WINDOWS\pss
2015-03-06 20:24 - 2014-06-02 11:46 - 00000644 _____ () C:\Documents and Settings\home\Desktop\MagicDisc.lnk
2015-03-06 20:24 - 2014-06-02 11:46 - 00000000 ____D () C:\Program Files\MagicDisc
2015-03-04 23:30 - 2014-07-07 19:44 - 00000790 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\foobar2000.lnk
2015-03-04 23:30 - 2014-02-10 19:56 - 00000714 _____ () C:\Documents and Settings\All Users\Desktop\foobar2000.lnk
2015-03-04 23:30 - 2014-02-10 19:56 - 00000000 ____D () C:\Program Files\foobar2000
2015-03-04 22:39 - 2015-02-13 03:59 - 00000951 _____ () C:\Documents and Settings\All Users\Desktop\herdProtect.lnk
2015-03-04 22:27 - 2015-02-05 08:32 - 00374013 _____ (SNC) C:\Documents and Settings\home\Desktop\trashreg_setup.exe
2015-03-01 21:01 - 2015-02-08 10:06 - 00000000 ____D () C:\Documents and Settings\home\Desktop\z
2015-03-01 21:01 - 2014-03-11 22:35 - 00000000 ____D () C:\Documents and Settings\home\Desktop\txt (new cpu)
2015-02-28 19:43 - 2015-02-05 13:58 - 00000750 _____ () C:\Documents and Settings\home\Desktop\BootVis.lnk
2015-02-28 15:02 - 2014-01-30 18:00 - 00000721 _____ () C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
2015-02-26 21:28 - 2014-09-19 11:33 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2015-02-26 06:00 - 2015-02-04 23:16 - 00000000 ____D () C:\WINDOWS\system32\Lang
2015-02-25 00:31 - 2014-02-21 13:55 - 00000000 ____D () C:\EAC
2015-02-24 23:19 - 2014-02-11 14:28 - 00000000 ____D () C:\Documents and Settings\home\Application Data\AccurateRip
2015-02-24 15:53 - 2014-01-30 17:50 - 00000686 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-02-24 14:26 - 2014-09-19 11:33 - 00001374 _____ () C:\WINDOWS\system32\wpa.bak
2015-02-21 01:30 - 2014-01-30 08:06 - 00000000 ____D () C:\znzb
2015-02-20 22:49 - 2014-09-19 11:33 - 00014783 _____ () C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2015-02-20 22:48 - 2014-09-19 11:33 - 05199808 _____ () C:\WINDOWS\system32\SpoonUninstall.exe
2015-02-20 22:48 - 2014-09-19 11:33 - 00016912 _____ () C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2015-02-18 02:30 - 2014-02-02 04:48 - 00000000 ____D () C:\Program Files\WinRAR

==================== Files in the root of some directories =======

2014-07-12 23:42 - 2014-07-12 23:42 - 12062208 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2014-02-02 05:59 - 2014-06-19 02:18 - 0007887 _____ () C:\Documents and Settings\home\Application Data\pcouffin.cat
2014-02-02 05:59 - 2014-06-19 02:18 - 0001144 _____ () C:\Documents and Settings\home\Application Data\pcouffin.inf
2014-06-19 02:18 - 2014-06-19 02:18 - 0000055 _____ () C:\Documents and Settings\home\Application Data\pcouffin.log
2014-02-02 05:59 - 2014-06-19 02:18 - 0047360 _____ (VSO Software) C:\Documents and Settings\home\Application Data\pcouffin.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Edited by emc20guru, 21 March 2015 - 07:02 AM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 23 March 2015 - 08:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-583907252-299502267-682003330-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Homepage: https://www.google.com/webhp?complete=0&gws_rd=ssl
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-03-18]
S4 MachineTokenService; No ImagePath
S4 aksfridge; \??\C:\WINDOWS\system32\drivers\aksfridge.sys [X]
R3 ALSysIO; \??\C:\Documents and Settings\home\Local Settings\Temp\ALSysIO.sys [X]
S3 andnetadb; No ImagePath
S3 cpuz; \??\C:\Documents and Settings\home\Desktop\a\cpuz.sys [X]
S3 CTUSFSYN; No ImagePath
S3 ialm; No ImagePath
S3 IntcHdmiAddService; No ImagePath
S4 IntelIde; No ImagePath
S3 P17xfi; No ImagePath
S3 p17xfilt; No ImagePath
U0 Partizan; No ImagePath
S4 tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

How is the computer running now?

#3 emc20guru

emc20guru
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 24 March 2015 - 10:30 PM

Shutdown time is still slow but it seems that "Audigy 4: DLL Module Loader (DLLML.exe)" may be the culprit which i uploaded to virus total and scan was clear. Here my logs as the system is running a better than before and hope that the system look clean: Also, I saw that "https://www.google.com/webhp?complete=0&gws_rd=ssl" as the Firefox homepage was part of the fixlist and was wondering if it's alright to reset that as my homepage as I did set that myself?

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by home at 2015-03-24 21:40:10 Run:1
Running from C:\Documents and Settings\home\Desktop
Loaded Profiles: home (Available profiles: home)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-583907252-299502267-682003330-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Homepage: https://www.google.com/webhp?complete=0&gws_rd=ssl
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-03-18]
S4 MachineTokenService; No ImagePath
S4 aksfridge; \??\C:\WINDOWS\system32\drivers\aksfridge.sys [X]
R3 ALSysIO; \??\C:\Documents and Settings\home\Local Settings\Temp\ALSysIO.sys [X]
S3 andnetadb; No ImagePath
S3 cpuz; \??\C:\Documents and Settings\home\Desktop\a\cpuz.sys [X]
S3 CTUSFSYN; No ImagePath
S3 ialm; No ImagePath
S3 IntcHdmiAddService; No ImagePath
S4 IntelIde; No ImagePath
S3 P17xfi; No ImagePath
S3 p17xfilt; No ImagePath
U0 Partizan; No ImagePath
S4 tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [X]

End
*****************

Processes closed successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
"HKU\S-1-5-21-583907252-299502267-682003330-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Value not found.
HKU\SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = => Value not found.
Firefox homepage deleted successfully.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => Key deleted successfully.
C:\Program Files\Internet Download Manager\IDMGCExt.crx => Moved successfully.
MachineTokenService => Service deleted successfully.
aksfridge => Service deleted successfully.
ALSysIO => Service stopped successfully.
ALSysIO => Service deleted successfully.
andnetadb => Service deleted successfully.
cpuz => Service deleted successfully.
CTUSFSYN => Service deleted successfully.
ialm => Service deleted successfully.
IntcHdmiAddService => Service deleted successfully.
IntelIde => Service deleted successfully.
P17xfi => Service deleted successfully.
p17xfilt => Service deleted successfully.
Partizan => Service deleted successfully.
tmcomm => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog 21:40:10 ====

 

 

 

ComboFix 15-03-23.01 - home 03/24/2015  21:58:44.2.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3327.2775 [GMT -4:00]
Running from: c:\documents and settings\home\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\home\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\rss7.tmp
c:\documents and settings\All Users\Application Data\rss8.tmp
c:\documents and settings\All Users\Application Data\rss9.tmp
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\ntuser.pol
c:\windows\system32\SET13.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET19.tmp
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SETAC.tmp
c:\windows\system32\SETAE.tmp
c:\windows\system32\SETB0.tmp
c:\windows\system32\SETB2.tmp
c:\windows\system32\SETC1.tmp
c:\windows\system32\SETC3.tmp
c:\windows\system32\SETC7.tmp
c:\windows\system32\SETD5.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-25 to 2015-03-25  )))))))))))))))))))))))))))))))
.
.
2015-03-25 01:33 . 2015-03-25 01:40    --------    d-----w-    C:\FRST
2015-03-22 22:25 . 2015-03-22 22:35    --------    d-----r-    c:\documents and settings\home\MediaFire
2015-03-22 22:25 . 2015-03-22 22:30    --------    d--h--w-    c:\documents and settings\home\.mediafire
2015-03-22 21:45 . 2015-03-22 21:45    --------    d-----w-    c:\program files\MediaFire Desktop
2015-03-22 21:45 . 2015-03-22 21:46    --------    d-----w-    c:\documents and settings\home\Application Data\MediaFire Desktop
2015-03-22 21:45 . 2015-03-17 21:06    19160    ----a-w-    c:\windows\system32\drivers\mfmonitor_x86.sys
2015-03-22 11:34 . 2015-03-22 11:34    --------    d-----w-    C:\android-sdk-windows
2015-03-21 12:51 . 2015-03-21 12:51    --------    d-----w-    c:\documents and settings\home\Local Settings\Application Data\PDF Writer
2015-03-21 11:06 . 2015-03-21 11:06    778928    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-03-21 11:06 . 2015-03-21 11:06    142512    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-19 03:55 . 2015-03-19 03:55    --------    d-----w-    c:\program files\Common Files\CANON
2015-03-18 15:41 . 2015-03-18 15:41    --------    d-----w-    c:\program files\Microsoft Synchronization Services
2015-03-18 15:41 . 2015-03-18 15:41    --------    d-----w-    c:\program files\Microsoft.NET
2015-03-18 15:41 . 2015-03-18 15:41    --------    d-----w-    c:\program files\Microsoft SQL Server Compact Edition
2015-03-18 15:41 . 2015-03-18 15:41    --------    d-----w-    c:\documents and settings\All Users\Microsoft
2015-03-18 15:40 . 2015-03-18 15:40    --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2015-03-18 15:39 . 2015-03-18 15:42    --------    d-----w-    c:\windows\SHELLNEW
2015-03-18 15:39 . 2015-03-18 15:39    --------    d-----w-    c:\program files\Microsoft Analysis Services
2015-03-18 15:39 . 2015-03-18 15:39    --------    d-----w-    c:\documents and settings\home\Local Settings\Application Data\Microsoft Help
2015-03-18 15:39 . 2015-03-22 19:47    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2015-03-18 15:39 . 2015-03-18 15:39    --------    d-----r-    C:\MSOCache
2015-03-17 22:44 . 2015-03-17 22:53    --------    d-----w-    c:\windows\system32\drivers\NIS\1507000.00B
2015-03-17 14:22 . 2009-02-12 19:11    22312    ----a-w-    c:\windows\system32\drivers\rsdrv.sys
2015-03-16 19:40 . 2015-03-16 19:40    --------    d-----w-    c:\program files\FileHippo.com
2015-03-14 11:41 . 2011-07-18 19:01    1419232    ----a-w-    c:\windows\system32\wdfcoinstaller01005.dll
2015-03-14 08:08 . 2011-05-06 14:37    655872    ----a-w-    c:\windows\system32\msvcr90.dll
2015-03-14 08:08 . 2011-05-06 14:37    568832    ----a-w-    c:\windows\system32\msvcp90.dll
2015-03-14 08:08 . 2011-05-06 14:37    224768    ----a-w-    c:\windows\system32\msvcm90.dll
2015-03-14 08:08 . 2006-04-30 09:33    53248    ----a-w-    c:\windows\system32\CommonDL.dll
2015-03-13 15:52 . 2015-03-17 13:52    --------    d-----w-    c:\documents and settings\home\Application Data\TeamViewer
2015-03-13 13:10 . 2015-03-13 13:10    --------    d-----w-    c:\program files\Common Files\Wondershare
2015-03-13 13:10 . 2015-03-15 05:59    --------    d-----w-    c:\program files\Wondershare
2015-03-13 08:59 . 2015-03-13 09:17    --------    d-----w-    c:\program files\nLite
2015-03-12 23:10 . 2008-04-14 14:42    159232    ----a-w-    c:\windows\system32\ptpusd.dll
2015-03-12 23:10 . 2001-08-18 07:36    5632    ----a-w-    c:\windows\system32\ptpusb.dll
2015-03-11 06:20 . 2015-03-11 06:20    --------    d-----w-    c:\documents and settings\All Users\Application Data\Creative Labs
2015-03-11 00:44 . 2015-03-11 00:44    --------    d-----w-    c:\windows\system32\Defaults
2015-03-11 00:44 . 2000-05-11 06:00    90112    ------w-    c:\windows\Updreg.EXE
2015-03-11 00:44 . 2015-03-11 00:44    445016    ----a-w-    c:\windows\system32\wrap_oal.dll
2015-03-11 00:44 . 2015-03-11 00:44    109144    ----a-w-    c:\windows\system32\OpenAL32.dll
2015-03-11 00:44 . 2015-03-11 05:16    --------    d-----w-    c:\documents and settings\home\Application Data\Creative
2015-03-11 00:44 . 2015-03-11 00:44    --------    d-----w-    c:\windows\system32\Data
2015-03-11 00:44 . 2013-04-03 13:55    79360    ------w-    c:\windows\system32\CTOPT399.dll
2015-03-11 00:44 . 2008-12-23 00:13    61440    ------w-    c:\windows\system32\CTChkAud.dll
2015-03-11 00:44 . 2006-08-11 16:57    11776    ----a-w-    c:\windows\INRES.DLL
2015-03-11 00:44 . 2006-08-11 16:56    3072    ----a-w-    c:\windows\CTXFIRES.DLL
2015-03-11 00:44 . 2006-08-11 16:55    10240    ----a-w-    c:\windows\CTDCRES.DLL
2015-03-10 02:27 . 2014-07-09 16:52    1461992    ----a-w-    c:\windows\system32\WdfCoInstaller01009.dll
2015-03-10 02:22 . 2015-03-10 02:23    --------    d-----w-    c:\documents and settings\home\.android
2015-03-10 02:20 . 2015-03-21 09:08    --------    d-----w-    c:\program files\Java
2015-03-07 21:47 . 2015-03-07 21:47    234752    ----a-w-    c:\windows\system32\drivers\afcdp.sys
2015-03-07 21:47 . 2015-03-07 21:47    806184    ----a-w-    c:\windows\system32\drivers\tdrpman.sys
2015-03-07 21:47 . 2015-03-07 21:47    689672    ----a-w-    c:\windows\system32\drivers\tib_mounter.sys
2015-03-07 21:47 . 2015-03-07 21:47    99720    ----a-w-    c:\windows\system32\drivers\vidsflt.sys
2015-03-07 21:47 . 2015-03-07 21:47    139336    ----a-w-    c:\windows\system32\drivers\vididr.sys
2015-03-07 21:47 . 2015-03-07 21:47    192904    ----a-w-    c:\windows\system32\drivers\snapman.sys
2015-03-07 21:47 . 2015-03-07 21:47    93928    ----a-w-    c:\windows\system32\drivers\fltsrv.sys
2015-03-07 21:47 . 2015-03-07 21:47    --------    d-----w-    c:\program files\Acronis
2015-03-07 21:47 . 2015-03-07 21:47    --------    d-----w-    c:\program files\Common Files\Acronis
2015-03-07 16:27 . 2015-03-07 16:30    --------    d-----w-    c:\documents and settings\All Users\Application Data\SystemRequirementsLab
2015-03-03 03:16 . 2015-03-03 03:16    --------    d-----w-    c:\program files\PerformanceTest
2015-03-01 15:03 . 2015-03-01 15:03    --------    d-----w-    c:\documents and settings\home\Application Data\Oracle
2015-03-01 15:03 . 2015-03-07 16:23    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2015-03-01 15:03 . 2015-03-01 15:03    --------    d-----w-    c:\documents and settings\All Users\Application Data\Oracle
2015-03-01 14:30 . 2015-03-01 15:10    --------    d-----w-    c:\program files\Appnimi
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-25 00:48 . 2014-09-19 15:33    119512    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-22 21:45 . 2015-03-22 21:45    1409    ----a-w-    c:\windows\Fonts\OpenSans-Regular.fot
2015-03-22 21:45 . 2015-03-22 21:45    1409    ----a-w-    c:\windows\Fonts\OpenSans-Light.fot
2015-03-22 21:45 . 2015-03-22 21:45    1409    ----a-w-    c:\windows\Fonts\OpenSans-Bold.fot
2015-03-19 02:27 . 2015-02-06 12:06    126968    ----a-w-    c:\windows\system32\drivers\idmtdi.sys
2015-03-17 10:15 . 2014-09-19 15:33    120024    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-03-17 10:15 . 2014-09-19 15:33    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-02-21 02:48 . 2014-09-19 15:33    5199808    ----a-w-    c:\windows\system32\SpoonUninstall.exe
2015-02-05 14:17 . 2015-02-05 14:17    142936    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2015-02-04 17:38 . 2015-02-05 00:54    68224    ----a-w-    c:\windows\system32\drivers\system32\DRIVERS\pci.sys
2015-02-04 17:38 . 2014-09-19 15:33    35840    ----a-w-    c:\windows\system32\drivers\processr.sys
2015-02-04 17:38 . 2014-09-19 15:33    187776    ----a-w-    c:\windows\system32\drivers\acpi.sys
2015-02-04 17:38 . 2015-02-05 00:54    144128    ----a-w-    c:\windows\system32\drivers\system32\DRIVERS\usbport.sys
2015-02-04 17:38 . 2014-09-19 15:33    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2015-02-04 17:38 . 2014-09-19 15:33    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2015-02-04 17:38 . 2014-09-19 15:33    7168    ------w-    c:\windows\system32\hccoin.dll
2015-02-04 17:38 . 2015-02-05 00:54    74240    ----a-w-    c:\windows\system32\drivers\system32\usbui.dll
2015-02-04 17:38 . 2015-02-05 00:54    59520    ----a-w-    c:\windows\system32\drivers\system32\DRIVERS\usbhub.sys
2015-02-04 17:38 . 2015-02-05 00:54    20608    ----a-w-    c:\windows\system32\drivers\system32\DRIVERS\usbuhci.sys
2015-02-04 17:38 . 2015-02-05 00:54    37248    ----a-w-    c:\windows\system32\drivers\system32\DRIVERS\isapnp.sys
2015-02-04 17:38 . 2015-02-05 00:54    317976    ----a-w-    c:\windows\system32\drivers\system32\DRIVERS\iaStor.sys
2015-01-12 22:32 . 2014-09-20 00:07    36864    ----a-w-    c:\windows\system32\drivers\l151x86.sys
2014-07-13 03:42 . 2014-07-13 03:42    12062208    ----a-w-    c:\program files\Common Files\lpuninstall.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2002-06-25 . 48BC2767CEEC6E8B0E15B0289F18232E . 86912 . . [5.1.2600.28] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2014-01-30 . 447762563F497CAAB5A0DAA49E10E3C8 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconError]
@="{5EE8C634-CDC0-453D-9731-DF0B19F4E807}"
[HKEY_CLASSES_ROOT\CLSID\{5EE8C634-CDC0-453D-9731-DF0B19F4E807}]
2015-03-17 21:06    80896    ----a-w-    c:\program files\MediaFire Desktop\MediaFireIcon3_f7ca1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconReadOnly]
@="{7995D0FC-769B-4197-AEC0-991921CB99E1}"
[HKEY_CLASSES_ROOT\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1}]
2015-03-17 21:06    80384    ----a-w-    c:\program files\MediaFire Desktop\MediaFireIcon5_f7ca1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSynched]
@="{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}"
[HKEY_CLASSES_ROOT\CLSID\{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}]
2015-03-17 21:06    76288    ----a-w-    c:\program files\MediaFire Desktop\MediaFireIcon_f7ca1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSyncing]
@="{C4D81971-6B13-4173-AB21-F83AD20CCC04}"
[HKEY_CLASSES_ROOT\CLSID\{C4D81971-6B13-4173-AB21-F83AD20CCC04}]
2015-03-17 21:06    77824    ----a-w-    c:\program files\MediaFire Desktop\MediaFireIcon2_f7ca1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-08-23 06:12    2609792    ----a-w-    c:\program files\Acronis\TrueImageHome\tishell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-08-23 06:12    2609792    ----a-w-    c:\program files\Acronis\TrueImageHome\tishell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-08-23 06:12    2609792    ----a-w-    c:\program files\Acronis\TrueImageHome\tishell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconLock]
@="{759F3E92-F4E8-4953-8315-238B8B17E0F3}"
[HKEY_CLASSES_ROOT\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3}]
2015-03-17 21:06    76288    ----a-w-    c:\program files\MediaFire Desktop\MediaFireIcon4_f7ca1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\program files\Core Temp\Core Temp.exe" [2013-10-08 794272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Exploit"="c:\program files\Malwarebytes Anti-Exploit\mbae.exe" [2014-12-10 2561848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoPublishingWizard"= 1 (0x1)
"NoWebServices"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"HideSCABattery"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders    msapsspc.dll, schannel.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2012-08-23 06:09    403328    ----a-w-    c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTibMounterMonitor]
2012-07-24 20:13    941440    ----a-w-    c:\program files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-11-03 23:13    64104    ----a-w-    c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2010-11-03 23:13    2815592    ----a-w-    c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 18:54    91520    ----a-w-    c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-11 16:56    17920    ----a-w-    c:\windows\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2012-03-26 22:35    449168    ----a-w-    c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Exploit]
2014-12-10 06:33    2561848    ----a-w-    c:\program files\Malwarebytes Anti-Exploit\mbae.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2013-10-04 17:29    20145368    ----a-w-    c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2010-11-03 23:15    84584    ----a-w-    c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-03-09 05:21    98304    ----a-w-    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2012-08-23 06:08    6010264    ----a-w-    c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
.
R?2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [5/29/2014 1:13 AM 555320]
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [3/7/2015 5:47 PM 93928]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1507000.00B\symds.sys [3/17/2015 6:44 PM 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1507000.00B\symefa.sys [3/17/2015 6:44 PM 936152]
R0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\drivers\vidsflt.sys [3/7/2015 5:47 PM 99720]
R1 BHDrvx86;BHDrvx86;c:\program files\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20150321.001\BHDrvx86.sys [3/24/2015 1:30 PM 1164504]
R1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NIS\1507000.00B\ccsetx86.sys [3/17/2015 6:44 PM 127064]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [3/17/2015 10:22 AM 22312]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1507000.00B\ironx86.sys [3/17/2015 6:44 PM 209624]
R2 mfmonitor;mfmonitor;c:\windows\system32\drivers\mfmonitor_x86.sys [3/22/2015 5:45 PM 19160]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\21.7.0.11\nis.exe [3/17/2015 6:44 PM 276336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/21/2015 7:31 AM 111408]
R3 IDSxpx86;IDSxpx86;c:\program files\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20150323.001\IDSXpx86.sys [3/24/2015 1:31 PM 475792]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\drivers\tib_mounter.sys [3/7/2015 5:47 PM 689672]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [3/7/2015 5:47 PM 139336]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [3/7/2015 5:47 PM 234752]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [9/19/2014 8:07 PM 36864]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [9/19/2014 11:33 AM 96256]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [9/19/2014 11:33 AM 11237]
S3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo32.sys [3/2/2015 11:16 PM 22120]
S3 DrvAgent32;DrvAgent32;\??\c:\windows\system32\Drivers\DrvAgent32.sys --> c:\windows\system32\Drivers\DrvAgent32.sys [?]
S3 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2/6/2015 8:06 AM 126968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/19/2014 11:33 AM 23256]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/19/2014 11:33 AM 15544]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [9/19/2014 11:33 AM 15688]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [9/19/2014 11:33 AM 10320]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]
S4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [3/7/2015 5:47 PM 3696632]
S4 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/4/2015 8:58 PM 1691480]
S4 AndNetDiag;LGE AndroidNet USB Serial Port; [x]
S4 ANDNetModem;LGE AndroidNet USB Modem; [x]
S4 HWHandSet;HWUSBSERSP; [x]
S4 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [6/3/2014 12:26 AM 14336]
S4 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [6/3/2014 12:26 AM 18432]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [4/26/2014 2:44 PM 1080120]
S4 MF NTFS Monitor;MediaFire NTFS Monitor;c:\documents and settings\home\Application Data\MediaFire Desktop\MFUsnMonitorService.exe [3/22/2015 5:45 PM 456504]
S4 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [9/19/2014 11:33 AM 27192]
S4 syncagentsrv;Acronis Sync Agent Service;c:\program files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [8/18/2012 10:18 PM 7017888]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Office14\EXCEL.EXE/3000
TCP: Interfaces\{9337031E-5673-4798-9FB8-F7366EE3ABBE}: NameServer = 8.8.4.4,8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
Notify-AutorunsDisabled - Ati2evxx.dll    igfxdev.dll    sclgntfy.dll
MSConfigStartUp-CanonQuickMenu - c:\program files\Canon\Quick Menu\CNQMMAIN.EXE
MSConfigStartUp-P17Helper - SPIRun.dll
AddRemove-WinImage - c:\documents and settings\home\Desktop\p\WinImage 9.0 + Serial\winimage.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-24 22:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\21.7.0.11\NIS.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\21.7.0.11\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO]
"ImagePath"="\??\c:\documents and settings\home\Local Settings\Temp\ALSysIO.sys"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ESProtectionDriver]
"ImagePath"="\??\c:\program files\Malwarebytes Anti-Exploit\mbae.sys"
"ImagePath"="\SystemRoot\System32\Drivers\NIS\1507000.00B\SYMTDI.SYS"
"TrustedImagePaths"="c:\program files\Norton Internet Security\Engine\21.7.0.11"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-299502267-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,86,aa,5a,ab,5b,1b,44,a6,a2,61,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,52,53,2a,8c,c2,8e,46,88,5f,bd,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,52,53,2a,8c,c2,8e,46,88,5f,bd,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):48,2f,e3,0c,d2,e4,51,95,13,98,8d,1d,43,04,1c,e8,95,00,b1,2a,3a,
   b1,fc,9d,f1,25,28,c4,aa,cb,ca,4e,3b,89,a3,53,8f,17,65,fb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):00,61,64,e3,b1,2d,7f,9a,b1,94,e5,b5,4a,a8,b1,37,8f,7b,ab,c8,36,
   bd,4f,e1,17,0e,d8,10,27,c3,c7,cb,53,df,ae,e6,91,50,a3,17,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{91bd63ff-7cab-408d-ae92-850d4d467895}]
@Denied: (Full) (Everyone)
"Model"=dword:00000086
"Therad"=dword:0000000f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,0b,81,bc,f1,a7,e5,35,7d,50,1e,df,88,12,3f,df,8c,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ebe91e79-4a73-4ea1-9f82-486c0ed56b80}]
@Denied: (Full) (Everyone)
"Model"=dword:00000040
"Therad"=dword:00000023
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,8b,80,b6,ef,93,d0,e3,69,85,c7,84,0b,15,1d,5c,1a,00,e5,65,2f,69,a8,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2504)
c:\windows\system32\WININET.dll
c:\program files\MediaFire Desktop\MediaFireIcon3_f7ca1.dll
c:\program files\MediaFire Desktop\MediaFireIcon5_f7ca1.dll
c:\program files\MediaFire Desktop\MediaFireIcon_f7ca1.dll
c:\program files\MediaFire Desktop\MediaFireIcon2_f7ca1.dll
c:\program files\MediaFire Desktop\MediaFireIcon4_f7ca1.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2015-03-24  22:03:44 - machine was rebooted
ComboFix-quarantined-files.txt  2015-03-25 02:03
.
Pre-Run: 141,968,384,000 bytes free
Post-Run: 141,891,166,208 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
[spybotsd]
timeout.old=30
.
- - End Of File - - 66B19963A5B21AA73168B54680A45141
8F558EB6672622401DA993E1E865C861
 

 


Edited by emc20guru, 24 March 2015 - 10:32 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 25 March 2015 - 08:07 AM

Yes you can restore your Home page as previously set.

I suggest you change it to https://www.google.ca/

What you have now is some redirect from HP.
Your call.

===

Navigate to this page see see if you have the latest driver.
http://support.creative.com/downloads/?h=7

Compare you version to the ones on the page.

===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 31 March 2015 - 08:45 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 06 April 2015 - 07:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users