Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014 Ran by Owner Supervisor (administrator) on UNIT1 on 27-05-2014 21:04:22 Running from J:\ Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Safe Mode (minimal) The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation) HKLM\...\Run: [EM_EXEC] => C:\Program Files\MouseWare\system\EM_EXEC.EXE [28672 2002-05-01] (Logitech Inc. ) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18671104 2009-07-28] (Realtek Semiconductor Corp.) HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-03-17] (Apple Inc.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-543026260-1871380738-2602940609-1005\...\MountPoints2: {0a046975-df85-11e1-bab3-0024e8086ff2} - F:\TL-Bootstrap.exe Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) FireFox: ======== FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-04-21] ========================== Services (Whitelisted) ================= R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation) R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation) S2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-04-12] (Sun Microsystems, Inc.) R2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1036104 2011-06-15] (Lavasoft) S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation) S2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1864888 2009-09-17] (Symantec Corporation) S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [341320 2009-09-17] (Symantec Corporation) S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.) R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation) S2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] () ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative) S3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-03-28] (Broadcom Corporation) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S3 COH_Mon; C:\WINDOWS\system32\Drivers\COH_Mon.sys [23888 2009-07-14] (Symantec Corporation) S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11264 2007-12-03] (Realtek Semiconductor Corporation) S2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio) S2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio) S2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio) S2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio) S2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio) S2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio) S2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio) S2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio) S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-19] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-05] (Symantec Corporation) S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23904 2010-05-14] (Logitech Inc.) S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [47249 2006-05-18] (FTDI Ltd.) S3 giveio; C:\WINDOWS\system32\giveio.sys [5248 2013-03-28] () R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [79960 2008-08-18] (JMicron Technology Corp.) S2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8960 2007-11-19] (Realtek Semiconductor Corporation) R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-07-03] (Lavasoft AB) R3 LKbdFlt2; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [5840 2002-04-15] (Logitech) S3 LVPr2Mon; C:\WINDOWS\System32\Drivers\LVPr2Mon.sys [25824 2010-05-07] () S3 LVUSBSta; C:\WINDOWS\System32\DRIVERS\LVUSBSta.sys [41752 2008-12-16] (Logitech Inc.) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.) S3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140520.008\NAVENG.SYS [93272 2013-09-16] (Symantec Corporation) S3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140520.008\NAVEX15.SYS [1612376 2013-09-16] (Symantec Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 NPF; C:\WINDOWS\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.) S3 PTDUBus; C:\WINDOWS\System32\DRIVERS\PTDUBus.sys [33024 2008-08-10] (DEVGURU Co,LTD.) S3 PTDUMdm; C:\WINDOWS\System32\DRIVERS\PTDUMdm.sys [41344 2008-08-10] (DEVGURU Co,LTD.) S3 PTDUVsp; C:\WINDOWS\System32\DRIVERS\PTDUVsp.sys [39936 2008-08-10] (DEVGURU Co,LTD.) S3 PTDUWWAN; C:\WINDOWS\System32\DRIVERS\PTDUWWAN.sys [59904 2008-08-10] (DEVGURU Co,LTD.) S3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMI.sys [3734976 2009-06-24] (Realtek Semiconductor Corp.) S3 RTLVLAN; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [16640 2007-11-19] (Realtek Semiconductor Corporation) S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) S1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2009-08-26] (Symantec Corporation) S1 SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [281648 2009-08-25] (Symantec Corporation) S3 SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [320560 2009-08-25] (Symantec Corporation) S1 SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [43696 2009-08-25] (Symantec Corporation) S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-03-19] () S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [124976 2011-02-13] (Symantec Corporation) S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [26416 2009-09-03] (Symantec Corporation) S1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [188080 2009-09-03] (Symantec Corporation) S4 SysPlant; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [92488 2009-09-17] (Symantec Corporation) S3 Teefer2; C:\WINDOWS\System32\DRIVERS\teefer2.sys [50064 2009-05-27] (Symantec Corporation) S1 WPS; C:\WINDOWS\system32\drivers\wpsdrvnt.sys [42312 2009-09-17] (Symantec Corporation) S3 WpsHelper; C:\WINDOWS\system32\drivers\WpsHelper.sys [174056 2012-09-30] (Symantec Corporation) S3 cpuz132; \??\C:\DOCUME~1\OWNERS~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [X] U5 l8042pr2; C:\Windows\System32\Drivers\l8042pr2.sys [52224 2002-04-15] (Logitech) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-27 21:03 - 2014-05-27 21:03 - 00000000 ____D () C:\rsit 2014-05-24 21:04 - 2014-05-24 21:04 - 00000000 ____D () C:\WINDOWS\LastGood 2014-05-24 20:41 - 2014-05-24 21:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SecTaskMan 2014-05-24 20:41 - 2014-05-24 20:41 - 00000000 ____D () C:\Program Files\Security Task Manager 2014-05-24 20:39 - 2014-05-24 21:35 - 00065536 _____ () C:\WINDOWS\system32\config\iolo App.evt 2014-05-24 20:39 - 2014-05-24 21:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\iolo 2014-05-24 20:39 - 2014-05-24 20:39 - 00074703 _____ () C:\WINDOWS\system32\mfc45.dat 2014-05-24 20:39 - 2014-05-24 20:39 - 00000000 ____D () C:\Documents and Settings\Owner Supervisor\Application Data\iolo 2014-05-24 20:24 - 2014-05-24 20:24 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-05-24 20:24 - 2014-05-24 20:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-05-24 20:24 - 2014-05-24 20:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-05-24 20:24 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-05-24 20:24 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-05-24 20:12 - 2014-05-24 20:13 - 00005528 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\Rkill.txt 2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 ___SD () C:\ComboFix 2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 ____D () C:\WINDOWS\erdnt 2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 ____D () C:\Qoobox 2014-05-24 20:11 - 2011-06-25 23:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2014-05-24 20:11 - 2010-11-07 10:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2014-05-24 20:11 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-05-24 20:11 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-05-24 20:11 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-05-24 20:11 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-05-24 20:11 - 2000-08-30 17:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2014-05-24 20:11 - 2000-08-30 17:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2014-05-24 20:11 - 2000-08-30 17:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2014-05-24 19:54 - 2014-05-24 19:55 - 00000000 ____D () C:\FRST 2014-04-28 21:51 - 2014-04-28 21:51 - 00001917 _____ () C:\Documents and Settings\All Users\Desktop\Google Earth.lnk 2014-04-28 21:51 - 2014-04-28 21:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth ==================== One Month Modified Files and Folders ======= 2014-05-27 21:03 - 2014-05-27 21:03 - 00000000 ____D () C:\rsit 2014-05-27 20:58 - 2008-04-25 09:16 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-05-27 20:56 - 2010-06-29 22:37 - 00000000 _____ () C:\WINDOWS\system32\Drivers\logiflt.iad 2014-05-27 20:56 - 2010-03-11 21:33 - 00141116 _____ () C:\aaw7boot.log 2014-05-24 22:01 - 2009-05-23 17:58 - 00000000 __SHD () C:\Documents and Settings\Owner Supervisor\UserData 2014-05-24 22:01 - 2009-05-23 17:52 - 00000278 ___SH () C:\Documents and Settings\Owner Supervisor\ntuser.ini 2014-05-24 22:01 - 2008-04-25 14:28 - 00000841 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-24 21:35 - 2014-05-24 20:39 - 00065536 _____ () C:\WINDOWS\system32\config\iolo App.evt 2014-05-24 21:35 - 2014-05-24 20:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\iolo 2014-05-24 21:04 - 2014-05-24 21:04 - 00000000 ____D () C:\WINDOWS\LastGood 2014-05-24 21:02 - 2014-05-24 20:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SecTaskMan 2014-05-24 20:41 - 2014-05-24 20:41 - 00000000 ____D () C:\Program Files\Security Task Manager 2014-05-24 20:39 - 2014-05-24 20:39 - 00074703 _____ () C:\WINDOWS\system32\mfc45.dat 2014-05-24 20:39 - 2014-05-24 20:39 - 00000000 ____D () C:\Documents and Settings\Owner Supervisor\Application Data\iolo 2014-05-24 20:24 - 2014-05-24 20:24 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-05-24 20:24 - 2014-05-24 20:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-05-24 20:24 - 2014-05-24 20:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-05-24 20:13 - 2014-05-24 20:12 - 00005528 _____ () C:\Documents and Settings\Owner Supervisor\Desktop\Rkill.txt 2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 ___SD () C:\ComboFix 2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 ____D () C:\WINDOWS\erdnt 2014-05-24 20:11 - 2014-05-24 20:11 - 00000000 ____D () C:\Qoobox 2014-05-24 19:55 - 2014-05-24 19:54 - 00000000 ____D () C:\FRST 2014-05-21 21:29 - 2008-04-25 14:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-05-21 21:24 - 2010-08-12 21:16 - 00000000 ____D () C:\WINDOWS\system32\logishrd 2014-05-21 21:12 - 2010-10-21 22:54 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-21 20:56 - 2010-10-21 22:54 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-21 20:23 - 2008-04-25 02:22 - 00554110 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-05-12 17:54 - 2010-01-13 21:43 - 00000000 ____D () C:\WCBC 2014-04-28 21:51 - 2014-04-28 21:51 - 00001917 _____ () C:\Documents and Settings\All Users\Desktop\Google Earth.lnk 2014-04-28 21:51 - 2014-04-28 21:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth 2014-04-28 21:51 - 2009-07-08 20:46 - 00000000 ____D () C:\Documents and Settings\Owner Supervisor\Local Settings\Application Data\Google ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll [2008-04-25 09:16] - [2009-02-09 05:10] - 0407040 ____A (Microsoft Corporation) 4a56e5f034f62b33dbed454596661fb3 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================