Sign in to follow this  
delacroix05

delacroix05, Splitted topic

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-01-2014 02
Ran by johnluis (administrator) on SERVER on 24-01-2014 10:41:50
Running from C:\Documents and Settings\johnluis\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
==================== Processes (Whitelisted) ===================
(Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeSvc2.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files\Mobogenie\DaemonProcess.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
() C:\Documents and Settings\johnluis\My Documents\Installers\Games\Online\GarenaLoLPH\GameData\GarenaMessenger.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeTray.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(TorchMedia Inc.) C:\Documents and Settings\johnluis\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe
() C:\Program Files\outobox\updateoutobox.exe
() C:\Program Files\outobox\bin\utiloutobox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15496000 2012-03-26] (NVIDIA Corporation)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [761024 2013-12-11] ()
HKCU\...\Run: [GarenaPlus] - C:\Documents and Settings\johnluis\My Documents\Installers\Games\Online\GarenaLoLPH\GameData\GarenaMessenger.exe [9890608 2013-12-13] ()
HKCU\...\Run: [updater23] - c:\windows\service.exe.js
HKCU\...\Run: [sandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [543320 2013-07-08] (Sandboxie Holdings, LLC)
HKCU\...\Run: [NextLive] - C:\Documents and Settings\johnluis\Application Data\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe)
HKCU\...\Policies\Explorer\Run: [1] - c:\windows\system32\winx86.dll.js No File
HKCU\...\Policies\system: [DisableTaskmgr] 1
HKCU\...\Policies\Explorer: [NoRun] 1
HKCU\...\Policies\Explorer: [NoFolderOptions] 1
HKCU\...\Policies\Explorer: [NoShellSearchButton] 1
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {0637cae6-353d-11e3-97b9-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1"
MountPoints2: {0637cae9-353d-11e3-97b9-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1"
MountPoints2: {0fe05007-3975-11e3-97c0-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1"
MountPoints2: {16f1d67e-314d-11e3-97b0-0030671850f8} - D:\.\ShowModem.exe
MountPoints2: {16f1d67f-314d-11e3-97b0-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1"
MountPoints2: {16f1d681-314d-11e3-97b0-0030671850f8} - D:\.\ShowModem.exe
MountPoints2: {16f1d682-314d-11e3-97b0-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1"
MountPoints2: {201c36ea-1817-11e3-978e-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1"
MountPoints2: {2d6f6548-5a3a-11e3-97fd-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1"
MountPoints2: {35a562a9-2f42-11e3-97ad-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1"
MountPoints2: {375d94d9-33a3-11e3-97b5-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1"
MountPoints2: {43f93467-4a75-11e3-97df-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1"
MountPoints2: {44dca3bd-1046-11e3-9781-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1"
MountPoints2: {6489d970-3fd0-11e3-97c9-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1"
MountPoints2: {7a3afa6d-1611-11e3-978a-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1"
MountPoints2: {7c800dbb-15c8-11e3-9789-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1"
MountPoints2: {ab918ec9-137c-11e3-9786-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1"
MountPoints2: {ab918eca-137c-11e3-9786-0030671850f8} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe vEnGeAnCe-X.txt.js "%1"
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll => C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll [7168 2013-11-04] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Documents and Settings\johnluis\Start Menu\Programs\Startup\odrxpcjtlv..vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-679&v=n10249-175&t=4
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{DFCDC343-4E19-4FEF-B5A3-11A9DABB1034}: [NameServer]156.154.70.1,156.154.71.1
Chrome:
=======
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask.com
CHR Extension: (Google Docs) - C:\Documents and Settings\johnluis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-28]
CHR Extension: (Google Drive) - C:\Documents and Settings\johnluis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-26]
CHR Extension: (YouTube) - C:\Documents and Settings\johnluis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-26]
CHR Extension: (Google Search) - C:\Documents and Settings\johnluis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\johnluis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Lavasoft NewTab) - C:\Documents and Settings\johnluis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-11-28]
CHR Extension: (Gmail) - C:\Documents and Settings\johnluis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-26]
CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-08-26]
========================== Services (Whitelisted) =================
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [38440 2013-09-20] (Just Develop It)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 iSafeService; C:\Program Files\iSafe\iSafeSvc.exe [491688 2013-12-30] (Elex do Brasil Participações Ltda)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [129112 2013-07-08] (Sandboxie Holdings, LLC)
R2 TorchCrashHandler; C:\Documents and Settings\johnluis\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [1213960 2013-11-27] (TorchMedia Inc.)
R2 Update outobox; C:\Program Files\outobox\updateoutobox.exe [97048 2014-01-16] ()
R2 Util outobox; C:\Program Files\outobox\bin\utiloutobox.exe [97048 2014-01-16] ()
S3 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)
S2 DatamngrCoordinator; C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [x]
==================== Drivers (Whitelisted) ====================
R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-02] (Advanced Micro Devices)
R1 BIOS; C:\WINDOWS\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2014-01-24] (GFI Software)
R1 IDMTDI; C:\Windows\System32\DRIVERS\idmtdi.sys [118344 2013-06-27] (Tonec Inc.)
R3 iSafeKrnl; C:\Program Files\iSafe\iSafeKrnl.sys [192000 2013-12-30] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files\iSafe\iSafeNetFilter.sys [54784 2013-12-30] (Elex do Brasil Participações Ltda)
S3 mobile_connect_cdc_acm; C:\Windows\System32\DRIVERS\mobile_connect_cdc_acm.sys [68352 2011-11-03] (Mobile Connector)
S3 mobile_connect_cdc_ecm; C:\Windows\System32\DRIVERS\mobile_connect_cdc_ecm.sys [33152 2011-11-03] (Mobile Connector)
S3 mobile_connect_ecm_enum; C:\Windows\System32\DRIVERS\mobile_connect_ecm_enum.sys [47744 2011-11-03] (Mobile Connector)
S3 mobile_connect_ecm_enum_filter; C:\Windows\System32\DRIVERS\mobile_connect_ecm_enum_filter.sys [47744 2011-11-03] (Mobile Connector)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R0 nvatabus; C:\Windows\System32\Drivers\nvatabus.sys [100736 2009-07-30] (NVIDIA Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [145952 2008-08-18] (NVIDIA Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [123712 2012-01-17] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [159208 2013-07-08] (Sandboxie Holdings, LLC)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.)
S3 GGSAFERDriver; \??\C:\Documents and Settings\johnluis\My Documents\Installers\Games\Online\GarenaLoLPH\GameData\Room\safedrv.sys [x]
S4 IntelIde; No ImagePath
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [x]
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-24 10:41 - 2014-01-24 10:42 - 00013529 _____ C:\Documents and Settings\johnluis\Desktop\FRST.txt
2014-01-24 10:41 - 2014-01-24 10:41 - 00000000 ____D C:\FRST
2014-01-24 10:30 - 2014-01-24 10:30 - 00000880 _____ C:\Documents and Settings\johnluis\Desktop\New Text Document.txt
2014-01-24 10:29 - 2014-01-24 10:29 - 01222144 _____ (Farbar) C:\Documents and Settings\johnluis\Desktop\FRST.exe
2014-01-24 10:09 - 2014-01-24 10:40 - 00004628 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-24 10:06 - 2014-01-24 10:14 - 00002270 _____ C:\WINDOWS\setupapi.log
2014-01-24 10:04 - 2014-01-24 10:12 - 00044424 _____ (GFI Software) C:\WINDOWS\system32\sbbd.exe
2014-01-24 10:04 - 2014-01-24 10:04 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\Ad-Aware Antivirus
2014-01-24 09:21 - 2014-01-24 09:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2014-01-22 14:17 - 2013-08-26 13:52 - 00000713 _____ C:\Documents and Settings\johnluis\Desktop\Run VNC Viewer.lnk
2014-01-20 19:56 - 2014-01-11 08:49 - 00000704 _____ C:\Documents and Settings\johnluis\My Documents\Shortcut to CafeStation.lnk
2014-01-19 21:51 - 2014-01-19 21:51 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2014-01-16 07:39 - 2014-01-24 09:45 - 00000990 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1336601894-682003330-1003UA.job
2014-01-16 07:39 - 2014-01-24 07:45 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1336601894-682003330-1003Core.job
2014-01-11 08:49 - 2014-01-11 08:49 - 00000704 _____ C:\Documents and Settings\johnluis\Desktop\Shortcut to CafeStation.lnk
2014-01-09 16:16 - 2014-01-09 16:16 - 00000000 ____D C:\Documents and Settings\johnluis\My Documents\New Folder
2014-01-05 20:13 - 2014-01-05 20:13 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
2013-12-31 16:22 - 2013-12-31 16:33 - 00000000 ____D C:\Documents and Settings\johnluis\My Documents\12_files
2013-12-31 16:22 - 2013-12-31 16:22 - 01711327 _____ C:\Documents and Settings\johnluis\My Documents\12.htm
2013-12-28 11:18 - 2013-12-28 11:18 - 00000725 _____ C:\Documents and Settings\johnluis\Desktop\Garena Total.lnk
2013-12-28 11:18 - 2013-12-28 11:18 - 00000000 ____D C:\Program Files\Garena Total
2013-12-26 11:32 - 2013-12-27 07:58 - 00000000 ____D C:\Cubizone
2013-12-26 11:28 - 2013-12-31 09:31 - 00000000 ____D C:\Program Files\Internet Download Manager
2013-12-26 10:52 - 2014-01-12 11:45 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\IDM
2013-12-25 19:45 - 2013-12-25 19:45 - 00000000 ____H C:\Documents and Settings\johnluis\My Documents\Default.rdp
2013-12-25 07:39 - 2013-12-25 07:39 - 00064512 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
==================== One Month Modified Files and Folders =======
2014-01-24 10:42 - 2014-01-24 10:41 - 00013529 _____ C:\Documents and Settings\johnluis\Desktop\FRST.txt
2014-01-24 10:41 - 2014-01-24 10:41 - 00000000 ____D C:\FRST
2014-01-24 10:40 - 2014-01-24 10:09 - 00004628 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-24 10:39 - 2013-12-15 10:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TorchCrashHandler
2014-01-24 10:39 - 2013-12-05 13:49 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\newnext.me
2014-01-24 10:39 - 2013-09-10 20:03 - 00000320 _____ C:\WINDOWS\Tasks\FlashDrv.job
2014-01-24 10:39 - 2013-09-05 21:40 - 00000157 _____ C:\WINDOWS\wiadebug.log
2014-01-24 10:39 - 2013-09-05 21:40 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-24 10:39 - 2013-08-26 12:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-24 10:38 - 2013-08-26 13:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-01-24 10:38 - 2013-08-26 12:19 - 00000178 ___SH C:\Documents and Settings\johnluis\ntuser.ini
2014-01-24 10:38 - 2013-08-26 12:17 - 00032574 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-24 10:35 - 2013-12-05 13:49 - 00035439 _____ C:\Documents and Settings\johnluis\daemonprocess.txt
2014-01-24 10:35 - 2013-08-26 12:18 - 00000000 ____D C:\Documents and Settings\johnluis
2014-01-24 10:30 - 2014-01-24 10:30 - 00000880 _____ C:\Documents and Settings\johnluis\Desktop\New Text Document.txt
2014-01-24 10:29 - 2014-01-24 10:29 - 01222144 _____ (Farbar) C:\Documents and Settings\johnluis\Desktop\FRST.exe
2014-01-24 10:28 - 2013-08-26 14:49 - 00000498 _____ C:\Documents and Settings\johnluis\Desktop\Credit-Stop.txt
2014-01-24 10:14 - 2014-01-24 10:06 - 00002270 _____ C:\WINDOWS\setupapi.log
2014-01-24 10:14 - 2013-09-03 09:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\GarenaMessenger
2014-01-24 10:12 - 2014-01-24 10:04 - 00044424 _____ (GFI Software) C:\WINDOWS\system32\sbbd.exe
2014-01-24 10:12 - 2013-10-11 16:03 - 00000000 ____D C:\Program Files\CafeSuite
2014-01-24 10:12 - 2013-08-26 13:07 - 00013560 _____ (GFI Software) C:\WINDOWS\system32\Drivers\gfibto.sys
2014-01-24 10:04 - 2014-01-24 10:04 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\Ad-Aware Antivirus
2014-01-24 09:59 - 2013-12-24 22:13 - 00000000 ____D C:\Documents and Settings\johnluis\Desktop\Shortcuts
2014-01-24 09:50 - 2013-12-09 18:24 - 01871872 ___SH C:\Documents and Settings\johnluis\My Documents\Thumbs.db
2014-01-24 09:45 - 2014-01-16 07:39 - 00000990 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1336601894-682003330-1003UA.job
2014-01-24 09:21 - 2014-01-24 09:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2014-01-24 09:21 - 2013-08-26 19:59 - 00000000 ____D C:\WINDOWS\system32\mui
2014-01-24 09:21 - 2013-08-26 17:11 - 00000000 ____D C:\Documents and Settings\johnluis\Desktop\Print
2014-01-24 07:45 - 2014-01-16 07:39 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1336601894-682003330-1003Core.job
2014-01-24 07:37 - 2013-09-03 09:52 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\GarenaPlus
2014-01-22 09:02 - 2013-08-26 15:01 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\vlc
2014-01-21 21:23 - 2013-08-26 15:17 - 00002443 _____ C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk
2014-01-21 16:48 - 2013-10-11 16:02 - 00000000 ____D C:\Documents and Settings\johnluis\Desktop\timer
2014-01-21 15:36 - 2013-12-15 10:26 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\iSafe
2014-01-21 11:40 - 2013-12-21 19:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2014-01-20 08:16 - 2013-12-15 10:26 - 00000000 ____D C:\Program Files\iSafe
2014-01-19 22:51 - 2013-12-21 23:42 - 00246242 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-01-19 21:51 - 2014-01-19 21:51 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2014-01-19 08:35 - 2008-04-14 19:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-17 17:41 - 2013-08-26 18:24 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\DMCache
2014-01-17 06:58 - 2013-08-26 12:53 - 00000000 ____D C:\Documents and Settings\johnluis\My Documents\cafesuite sounds
2014-01-16 07:47 - 2013-08-26 12:41 - 00002309 _____ C:\Documents and Settings\johnluis\Desktop\Google Chrome.lnk
2014-01-16 07:39 - 2013-08-26 12:41 - 00000000 ____D C:\Documents and Settings\johnluis\Local Settings\Application Data\Google
2014-01-12 22:43 - 2013-12-21 23:42 - 00406054 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-1336601894-682003330-1003-0.dat
2014-01-12 11:45 - 2013-12-26 10:52 - 00000000 ____D C:\Documents and Settings\johnluis\Application Data\IDM
2014-01-11 08:49 - 2014-01-20 19:56 - 00000704 _____ C:\Documents and Settings\johnluis\My Documents\Shortcut to CafeStation.lnk
2014-01-11 08:49 - 2014-01-11 08:49 - 00000704 _____ C:\Documents and Settings\johnluis\Desktop\Shortcut to CafeStation.lnk
2014-01-10 16:27 - 2013-12-05 13:47 - 00000000 ____D C:\Program Files\Mobogenie
2014-01-10 16:16 - 2013-12-05 13:49 - 00000000 ____D C:\Documents and Settings\johnluis\Local Settings\Application Data\cache
2014-01-09 16:16 - 2014-01-09 16:16 - 00000000 ____D C:\Documents and Settings\johnluis\My Documents\New Folder
2014-01-05 20:13 - 2014-01-05 20:13 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
2014-01-05 08:42 - 2013-12-05 13:49 - 00000000 ____D C:\Documents and Settings\johnluis\Local Settings\Application Data\Mobogenie
2014-01-05 08:37 - 2013-12-05 13:49 - 00000000 ____D C:\Documents and Settings\johnluis\Local Settings\Application Data\genienext
2014-01-03 13:25 - 2013-08-27 14:23 - 00038400 ___SH C:\Documents and Settings\johnluis\Desktop\Thumbs.db
2013-12-31 16:33 - 2013-12-31 16:22 - 00000000 ____D C:\Documents and Settings\johnluis\My Documents\12_files
2013-12-31 16:22 - 2013-12-31 16:22 - 01711327 _____ C:\Documents and Settings\johnluis\My Documents\12.htm
2013-12-31 09:31 - 2013-12-26 11:28 - 00000000 ____D C:\Program Files\Internet Download Manager
2013-12-28 11:18 - 2013-12-28 11:18 - 00000725 _____ C:\Documents and Settings\johnluis\Desktop\Garena Total.lnk
2013-12-28 11:18 - 2013-12-28 11:18 - 00000000 ____D C:\Program Files\Garena Total
2013-12-27 07:58 - 2013-12-26 11:32 - 00000000 ____D C:\Cubizone
2013-12-26 13:07 - 2013-12-21 19:53 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\CanonIJMIG
2013-12-26 10:52 - 2013-08-31 21:54 - 00000000 ____D C:\Documents and Settings\johnluis\My Documents\RanOnline
2013-12-25 21:10 - 2013-08-26 20:06 - 00589302 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-25 19:45 - 2013-12-25 19:45 - 00000000 ____H C:\Documents and Settings\johnluis\My Documents\Default.rdp
2013-12-25 09:21 - 2013-12-16 15:16 - 00000000 ____D C:\Documents and Settings\johnluis\Local Settings\Application Data\jZip
2013-12-25 08:13 - 2013-12-24 22:34 - 00000000 ____D C:\Program Files\outobox
2013-12-25 08:13 - 2013-12-15 12:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Datamngr
2013-12-25 07:39 - 2013-12-25 07:39 - 00064512 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-12-25 07:39 - 2013-12-24 22:32 - 00000000 ____D C:\Program Files\MyPC Backup
Some content of TEMP:
====================
C:\Documents and Settings\johnluis\Local Settings\Temp\58f65b43-0a9b-469f-a797-0340603b5d8c.exe
C:\Documents and Settings\johnluis\Local Settings\Temp\80017bd5-917d-4275-b0d9-973f7f658d82.exe
C:\Documents and Settings\johnluis\Local Settings\Temp\8615fe4d-7acf-435f-8265-72cdf4c64cb4.exe
C:\Documents and Settings\johnluis\Local Settings\Temp\8be59cb5-5c73-4157-a8c4-2400e2b6a20d.exe
C:\Documents and Settings\johnluis\Local Settings\Temp\c50743ec-ceb4-4af5-b3db-0c63736f3878.exe
C:\Documents and Settings\johnluis\Local Settings\Temp\PH314_131114to131127v3.exe
C:\Documents and Settings\johnluis\Local Settings\Temp\PH_131127to131217v315v2.exe
C:\Documents and Settings\johnluis\Local Settings\Temp\PH_131217to140110.exe
C:\Documents and Settings\johnluis\Local Settings\Temp\PH_140110to140121v2.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-30 01:25] - [2009-07-30 01:25] - 0401408 ____A (Microsoft Corporation) 9222562d44021b988b9f9f62207fb6f2
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================

 

Share this post


Link to post
Share on other sites

Hi delacroix05,

Please, describe your issue and what you want to do.

 

There seems to some programs and add-ons that should be removed since they are either malicious or inappropriate.

 

Please, save AdwCleaner by Xplode on the desktop: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Report button.
A report will be displayed, copy its content and paste into your answer.
If the report isn't displayed, it exist as C:\AdwCleaner[R1].txt.

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

 

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this