delacroix05

Members
  • Content Count

    1
  • Joined

  • Last visited

Community Reputation

0 Neutral

About delacroix05

  • Rank
    Newbie
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-01-2014 02 Ran by johnluis (administrator) on SERVER on 24-01-2014 10:41:50 Running from C:\Documents and Settings\johnluis\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 7 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeSvc.exe (Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeSvc2.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe () C:\Program Files\Mobogenie\DaemonProcess.exe (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe () C:\Documents and Settings\johnluis\My Documents\Installers\Games\Online\GarenaLoLPH\GameData\GarenaMessenger.exe (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeTray.exe (Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe () C:\Program Files\Canon\IJPLM\ijplmsvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (TorchMedia Inc.) C:\Documents and Settings\johnluis\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe () C:\Program Files\outobox\updateoutobox.exe () C:\Program Files\outobox\bin\utiloutobox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15496000 2012-03-26] (NVIDIA Corporation) HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [761024 2013-12-11] () HKCU\...\Run: [GarenaPlus] - C:\Documents and Settings\johnluis\My Documents\Installers\Games\Online\GarenaLoLPH\GameData\GarenaMessenger.exe [9890608 2013-12-13] () HKCU\...\Run: [updater23] - c:\windows\service.exe.js HKCU\...\Run: [sandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [543320 2013-07-08] (Sandboxie Holdings, LLC) HKCU\...\Run: [NextLive] - C:\Documents and Settings\johnluis\Application Data\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe) HKCU\...\Policies\Explorer\Run: [1] - c:\windows\system32\winx86.dll.js No File HKCU\...\Policies\system: [DisableTaskmgr] 1 HKCU\...\Policies\Explorer: [NoRun] 1 HKCU\...\Policies\Explorer: [NoFolderOptions] 1 HKCU\...\Policies\Explorer: [NoShellSearchButton] 1 HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 MountPoints2: {0637cae6-353d-11e3-97b9-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1" MountPoints2: {0637cae9-353d-11e3-97b9-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1" MountPoints2: {0fe05007-3975-11e3-97c0-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1" MountPoints2: {16f1d67e-314d-11e3-97b0-0030671850f8} - D:\.\ShowModem.exe MountPoints2: {16f1d67f-314d-11e3-97b0-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1" MountPoints2: {16f1d681-314d-11e3-97b0-0030671850f8} - D:\.\ShowModem.exe MountPoints2: {16f1d682-314d-11e3-97b0-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1" MountPoints2: {201c36ea-1817-11e3-978e-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1" MountPoints2: {2d6f6548-5a3a-11e3-97fd-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1" MountPoints2: {35a562a9-2f42-11e3-97ad-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1" MountPoints2: {375d94d9-33a3-11e3-97b5-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1" MountPoints2: {43f93467-4a75-11e3-97df-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1" MountPoints2: {44dca3bd-1046-11e3-9781-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1" MountPoints2: {6489d970-3fd0-11e3-97c9-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1" MountPoints2: {7a3afa6d-1611-11e3-978a-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1" MountPoints2: {7c800dbb-15c8-11e3-9789-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1" MountPoints2: {ab918ec9-137c-11e3-9786-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1" MountPoints2: {ab918eca-137c-11e3-9786-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1" AppInit_DLLs: c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll => C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll [7168 2013-11-04] () IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe Startup: C:\Documents and Settings\johnluis\Start Menu\Programs\Startup\odrxpcjtlv..vbs () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-679&v=n10249-175&t=4 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: HKCU - (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Tcpip\..\Interfaces\{DFCDC343-4E19-4FEF-B5A3-11A9DABB1034}: [NameServer]156.154.70.1,156.154.71.1 Chrome: ======= CHR DefaultSearchKeyword: ask.com CHR DefaultSearchProvider: Ask.com CHR DefaultSearchURL: http://dts.search.ask.com/sr?src=crb&gct=ds&appid=679&systemid=406&v=n10249-175&apn_uid=1844572933304646&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} CHR Extension: (Google Docs) - C:\Documents and Settings\johnluis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-28] CHR Extension: (Google Drive) - C:\Documents and Settings\johnluis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-26] CHR Extension: (YouTube) - C:\Documents and Settings\johnluis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-26] CHR Extension: (Google Search) - C:\Documents and Settings\johnluis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-26] CHR Extension: (Google Wallet) - C:\Documents and Settings\johnluis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (Lavasoft NewTab) - C:\Documents and Settings\johnluis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-11-28] CHR Extension: (Gmail) - C:\Documents and Settings\johnluis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-26] CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-08-26] ========================== Services (Whitelisted) ================= R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [38440 2013-09-20] (Just Develop It) R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] () R2 iSafeService; C:\Program Files\iSafe\iSafeSvc.exe [491688 2013-12-30] (Elex do Brasil Participações Ltda) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [129112 2013-07-08] (Sandboxie Holdings, LLC) R2 TorchCrashHandler; C:\Documents and Settings\johnluis\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [1213960 2013-11-27] (TorchMedia Inc.) R2 Update outobox; C:\Program Files\outobox\updateoutobox.exe [97048 2014-01-16] () R2 Util outobox; C:\Program Files\outobox\bin\utiloutobox.exe [97048 2014-01-16] () S3 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.) S2 DatamngrCoordinator; C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [x] ==================== Drivers (Whitelisted) ==================== R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-02] (Advanced Micro Devices) R1 BIOS; C:\WINDOWS\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2014-01-24] (GFI Software) R1 IDMTDI; C:\Windows\System32\DRIVERS\idmtdi.sys [118344 2013-06-27] (Tonec Inc.) R3 iSafeKrnl; C:\Program Files\iSafe\iSafeKrnl.sys [192000 2013-12-30] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\Program Files\iSafe\iSafeNetFilter.sys [54784 2013-12-30] (Elex do Brasil Participações Ltda) S3 mobile_connect_cdc_acm; C:\Windows\System32\DRIVERS\mobile_connect_cdc_acm.sys [68352 2011-11-03] (Mobile Connector) S3 mobile_connect_cdc_ecm; C:\Windows\System32\DRIVERS\mobile_connect_cdc_ecm.sys [33152 2011-11-03] (Mobile Connector) S3 mobile_connect_ecm_enum; C:\Windows\System32\DRIVERS\mobile_connect_ecm_enum.sys [47744 2011-11-03] (Mobile Connector) S3 mobile_connect_ecm_enum_filter; C:\Windows\System32\DRIVERS\mobile_connect_ecm_enum_filter.sys [47744 2011-11-03] (Mobile Connector) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R0 nvatabus; C:\Windows\System32\Drivers\nvatabus.sys [100736 2009-07-30] (NVIDIA Corporation) R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation) R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [145952 2008-08-18] (NVIDIA Corporation) R3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [123712 2012-01-17] (NVIDIA Corporation) R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation) R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation) R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation) R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [159208 2013-07-08] (Sandboxie Holdings, LLC) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.) S3 GGSAFERDriver; \??\C:\Documents and Settings\johnluis\My Documents\Installers\Games\Online\GarenaLoLPH\GameData\Room\safedrv.sys [x] S4 IntelIde; No ImagePath S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [x] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-24 10:41 - 2014-01-24 10:42 - 00013529 _____ C:\Documents and Settings\johnluis\Desktop\FRST.txt 2014-01-24 10:41 - 2014-01-24 10:41 - 00000000 ____D C:\FRST 2014-01-24 10:30 - 2014-01-24 10:30 - 00000880 _____ C:\Documents and Settings\johnluis\Desktop\New Text Document.txt 2014-01-24 10:29 - 2014-01-24 10:29 - 01222144 _____ (Farbar) C:\Documents and Settings\johnluis\Desktop\FRST.exe 2014-01-24 10:09 - 2014-01-24 10:40 - 00004628 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-24 10:06 - 2014-01-24 10:14 - 00002270 _____ C:\WINDOWS\setupapi.log 2014-01-24 10:04 - 2014-01-24 10:12 - 00044424 _____ (GFI Software) C:\WINDOWS\system32\sbbd.exe 2014-01-24 10:04 - 2014-01-24 10:04 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\Ad-Aware Antivirus 2014-01-24 09:21 - 2014-01-24 09:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$ 2014-01-22 14:17 - 2013-08-26 13:52 - 00000713 _____ C:\Documents and Settings\johnluis\Desktop\Run VNC Viewer.lnk 2014-01-20 19:56 - 2014-01-11 08:49 - 00000704 _____ C:\Documents and Settings\johnluis\My Documents\Shortcut to CafeStation.lnk 2014-01-19 21:51 - 2014-01-19 21:51 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google 2014-01-16 07:39 - 2014-01-24 09:45 - 00000990 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1336601894-682003330-1003UA.job 2014-01-16 07:39 - 2014-01-24 07:45 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1336601894-682003330-1003Core.job 2014-01-11 08:49 - 2014-01-11 08:49 - 00000704 _____ C:\Documents and Settings\johnluis\Desktop\Shortcut to CafeStation.lnk 2014-01-09 16:16 - 2014-01-09 16:16 - 00000000 ____D C:\Documents and Settings\johnluis\My Documents\New Folder 2014-01-05 20:13 - 2014-01-05 20:13 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter 2013-12-31 16:22 - 2013-12-31 16:33 - 00000000 ____D C:\Documents and Settings\johnluis\My Documents\12_files 2013-12-31 16:22 - 2013-12-31 16:22 - 01711327 _____ C:\Documents and Settings\johnluis\My Documents\12.htm 2013-12-28 11:18 - 2013-12-28 11:18 - 00000725 _____ C:\Documents and Settings\johnluis\Desktop\Garena Total.lnk 2013-12-28 11:18 - 2013-12-28 11:18 - 00000000 ____D C:\Program Files\Garena Total 2013-12-26 11:32 - 2013-12-27 07:58 - 00000000 ____D C:\Cubizone 2013-12-26 11:28 - 2013-12-31 09:31 - 00000000 ____D C:\Program Files\Internet Download Manager 2013-12-26 10:52 - 2014-01-12 11:45 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\IDM 2013-12-25 19:45 - 2013-12-25 19:45 - 00000000 ____H C:\Documents and Settings\johnluis\My Documents\Default.rdp 2013-12-25 07:39 - 2013-12-25 07:39 - 00064512 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ==================== One Month Modified Files and Folders ======= 2014-01-24 10:42 - 2014-01-24 10:41 - 00013529 _____ C:\Documents and Settings\johnluis\Desktop\FRST.txt 2014-01-24 10:41 - 2014-01-24 10:41 - 00000000 ____D C:\FRST 2014-01-24 10:40 - 2014-01-24 10:09 - 00004628 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-24 10:39 - 2013-12-15 10:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TorchCrashHandler 2014-01-24 10:39 - 2013-12-05 13:49 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\newnext.me 2014-01-24 10:39 - 2013-09-10 20:03 - 00000320 _____ C:\WINDOWS\Tasks\FlashDrv.job 2014-01-24 10:39 - 2013-09-05 21:40 - 00000157 _____ C:\WINDOWS\wiadebug.log 2014-01-24 10:39 - 2013-09-05 21:40 - 00000049 _____ C:\WINDOWS\wiaservc.log 2014-01-24 10:39 - 2013-08-26 12:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-24 10:38 - 2013-08-26 13:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft 2014-01-24 10:38 - 2013-08-26 12:19 - 00000178 ___SH C:\Documents and Settings\johnluis\ntuser.ini 2014-01-24 10:38 - 2013-08-26 12:17 - 00032574 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-24 10:35 - 2013-12-05 13:49 - 00035439 _____ C:\Documents and Settings\johnluis\daemonprocess.txt 2014-01-24 10:35 - 2013-08-26 12:18 - 00000000 ____D C:\Documents and Settings\johnluis 2014-01-24 10:30 - 2014-01-24 10:30 - 00000880 _____ C:\Documents and Settings\johnluis\Desktop\New Text Document.txt 2014-01-24 10:29 - 2014-01-24 10:29 - 01222144 _____ (Farbar) C:\Documents and Settings\johnluis\Desktop\FRST.exe 2014-01-24 10:28 - 2013-08-26 14:49 - 00000498 _____ C:\Documents and Settings\johnluis\Desktop\Credit-Stop.txt 2014-01-24 10:14 - 2014-01-24 10:06 - 00002270 _____ C:\WINDOWS\setupapi.log 2014-01-24 10:14 - 2013-09-03 09:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\GarenaMessenger 2014-01-24 10:12 - 2014-01-24 10:04 - 00044424 _____ (GFI Software) C:\WINDOWS\system32\sbbd.exe 2014-01-24 10:12 - 2013-10-11 16:03 - 00000000 ____D C:\Program Files\CafeSuite 2014-01-24 10:12 - 2013-08-26 13:07 - 00013560 _____ (GFI Software) C:\WINDOWS\system32\Drivers\gfibto.sys 2014-01-24 10:04 - 2014-01-24 10:04 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\Ad-Aware Antivirus 2014-01-24 09:59 - 2013-12-24 22:13 - 00000000 ____D C:\Documents and Settings\johnluis\Desktop\Shortcuts 2014-01-24 09:50 - 2013-12-09 18:24 - 01871872 ___SH C:\Documents and Settings\johnluis\My Documents\Thumbs.db 2014-01-24 09:45 - 2014-01-16 07:39 - 00000990 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1336601894-682003330-1003UA.job 2014-01-24 09:21 - 2014-01-24 09:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$ 2014-01-24 09:21 - 2013-08-26 19:59 - 00000000 ____D C:\WINDOWS\system32\mui 2014-01-24 09:21 - 2013-08-26 17:11 - 00000000 ____D C:\Documents and Settings\johnluis\Desktop\Print 2014-01-24 07:45 - 2014-01-16 07:39 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1336601894-682003330-1003Core.job 2014-01-24 07:37 - 2013-09-03 09:52 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\GarenaPlus 2014-01-22 09:02 - 2013-08-26 15:01 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\vlc 2014-01-21 21:23 - 2013-08-26 15:17 - 00002443 _____ C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk 2014-01-21 16:48 - 2013-10-11 16:02 - 00000000 ____D C:\Documents and Settings\johnluis\Desktop\timer 2014-01-21 15:36 - 2013-12-15 10:26 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\iSafe 2014-01-21 11:40 - 2013-12-21 19:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2014-01-20 08:16 - 2013-12-15 10:26 - 00000000 ____D C:\Program Files\iSafe 2014-01-19 22:51 - 2013-12-21 23:42 - 00246242 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2014-01-19 21:51 - 2014-01-19 21:51 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google 2014-01-19 08:35 - 2008-04-14 19:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2014-01-17 17:41 - 2013-08-26 18:24 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\DMCache 2014-01-17 06:58 - 2013-08-26 12:53 - 00000000 ____D C:\Documents and Settings\johnluis\My Documents\cafesuite sounds 2014-01-16 07:47 - 2013-08-26 12:41 - 00002309 _____ C:\Documents and Settings\johnluis\Desktop\Google Chrome.lnk 2014-01-16 07:39 - 2013-08-26 12:41 - 00000000 ____D C:\Documents and Settings\johnluis\Local Settings\Application Data\Google 2014-01-12 22:43 - 2013-12-21 23:42 - 00406054 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-1336601894-682003330-1003-0.dat 2014-01-12 11:45 - 2013-12-26 10:52 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\IDM 2014-01-11 08:49 - 2014-01-20 19:56 - 00000704 _____ C:\Documents and Settings\johnluis\My Documents\Shortcut to CafeStation.lnk 2014-01-11 08:49 - 2014-01-11 08:49 - 00000704 _____ C:\Documents and Settings\johnluis\Desktop\Shortcut to CafeStation.lnk 2014-01-10 16:27 - 2013-12-05 13:47 - 00000000 ____D C:\Program Files\Mobogenie 2014-01-10 16:16 - 2013-12-05 13:49 - 00000000 ____D C:\Documents and Settings\johnluis\Local Settings\Application Data\cache 2014-01-09 16:16 - 2014-01-09 16:16 - 00000000 ____D C:\Documents and Settings\johnluis\My Documents\New Folder 2014-01-05 20:13 - 2014-01-05 20:13 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter 2014-01-05 08:42 - 2013-12-05 13:49 - 00000000 ____D C:\Documents and Settings\johnluis\Local Settings\Application Data\Mobogenie 2014-01-05 08:37 - 2013-12-05 13:49 - 00000000 ____D C:\Documents and Settings\johnluis\Local Settings\Application Data\genienext 2014-01-03 13:25 - 2013-08-27 14:23 - 00038400 ___SH C:\Documents and Settings\johnluis\Desktop\Thumbs.db 2013-12-31 16:33 - 2013-12-31 16:22 - 00000000 ____D C:\Documents and Settings\johnluis\My Documents\12_files 2013-12-31 16:22 - 2013-12-31 16:22 - 01711327 _____ C:\Documents and Settings\johnluis\My Documents\12.htm 2013-12-31 09:31 - 2013-12-26 11:28 - 00000000 ____D C:\Program Files\Internet Download Manager 2013-12-28 11:18 - 2013-12-28 11:18 - 00000725 _____ C:\Documents and Settings\johnluis\Desktop\Garena Total.lnk 2013-12-28 11:18 - 2013-12-28 11:18 - 00000000 ____D C:\Program Files\Garena Total 2013-12-27 07:58 - 2013-12-26 11:32 - 00000000 ____D C:\Cubizone 2013-12-26 13:07 - 2013-12-21 19:53 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJMIG 2013-12-26 10:52 - 2013-08-31 21:54 - 00000000 ____D C:\Documents and Settings\johnluis\My Documents\RanOnline 2013-12-25 21:10 - 2013-08-26 20:06 - 00589302 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-12-25 19:45 - 2013-12-25 19:45 - 00000000 ____H C:\Documents and Settings\johnluis\My Documents\Default.rdp 2013-12-25 09:21 - 2013-12-16 15:16 - 00000000 ____D C:\Documents and Settings\johnluis\Local Settings\Application Data\jZip 2013-12-25 08:13 - 2013-12-24 22:34 - 00000000 ____D C:\Program Files\outobox 2013-12-25 08:13 - 2013-12-15 12:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Datamngr 2013-12-25 07:39 - 2013-12-25 07:39 - 00064512 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-12-25 07:39 - 2013-12-24 22:32 - 00000000 ____D C:\Program Files\MyPC Backup Some content of TEMP: ==================== C:\Documents and Settings\johnluis\Local Settings\Temp\58f65b43-0a9b-469f-a797-0340603b5d8c.exe C:\Documents and Settings\johnluis\Local Settings\Temp\80017bd5-917d-4275-b0d9-973f7f658d82.exe C:\Documents and Settings\johnluis\Local Settings\Temp\8615fe4d-7acf-435f-8265-72cdf4c64cb4.exe C:\Documents and Settings\johnluis\Local Settings\Temp\8be59cb5-5c73-4157-a8c4-2400e2b6a20d.exe C:\Documents and Settings\johnluis\Local Settings\Temp\c50743ec-ceb4-4af5-b3db-0c63736f3878.exe C:\Documents and Settings\johnluis\Local Settings\Temp\PH314_131114to131127v3.exe C:\Documents and Settings\johnluis\Local Settings\Temp\PH_131127to131217v315v2.exe C:\Documents and Settings\johnluis\Local Settings\Temp\PH_131217to140110.exe C:\Documents and Settings\johnluis\Local Settings\Temp\PH_140110to140121v2.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2009-07-30 01:25] - [2009-07-30 01:25] - 0401408 ____A (Microsoft Corporation) 9222562d44021b988b9f9f62207fb6f2 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================