Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection: 31 "dllhost.exe" Processes & BSODs


  • This topic is locked This topic is locked
10 replies to this topic

#1 hpspec

hpspec

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 25 August 2014 - 04:47 PM

Symptoms:

  • ~31 instances of the "dllhost.exe" process are running
  • BSOD occurs spontaneously, but not everyday (will run Memtest86)
  • Hovers around 100% CPU Usage, most stemming from the "dllhost.exe" instances
  • Memory usage is NOT out-of-control, but several hundred MB are due to "dllhost.exe" instances
  • There are NO pop-ups, NO visible ransomware, NO softwares installed in Appwiz.cpl that I do not recognize, and NO issues accessing any function of Windows (taskmgr, all files visible, can install programs)
  • Windows Error message appears constantly: "powershell.exe - Application Error" - "The application failed to initialize properly (0xc0000142). Click on OK to terminate the application."

Attempted Solutions:

  • Ran "rkill.exe" (nothing found)
  • Ran "tdsskiller.exe" (nothing found)
  • Ran "unhide.exe" (could already see all the files)
  • Installed, updated, ran AVG (no results)
  • Installed, updated, ran SuperAntiSpyware (tracking cookies and one Trojan removed)
  • Installed, updated, ran Malwarebytes (11 tracking cookies and 4 Trojans removed)

------------------------------------------------------

DDS Log

------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.67.2
Run by midas at 17:27:55 on 2014-08-25
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.1519 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\eBLVD\ebhost.exe
C:\Program Files\Workspace\offSyncService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\eBLVD\ebhost.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Workspace\WorkspaceUpdate.exe
C:\Program Files\Workspace\wben.exe
C:\Program Files\Workspace\WorkspaceStatus.exe
C:\Program Files\ROWriter\RowPrintJob\RowPrintJob.exe
C:\Program Files\ROWriter\Tray\ROTray.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\System32\alg.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Starfield Updater] "c:\program files\workspace\WorkspaceUpdate.exe"
uRun: [wben] "c:\program files\workspace\wben.exe"
uRun: [Workspace Status] "c:\program files\workspace\WorkspaceStatus.exe"
uRun: [DellSystemDetect] c:\documents and settings\midas\local settings\apps\2.0\y61e8h30.eat\haxzkpy5.677\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
mRun: [Amwrappersrv] c:\sdi\amwrappersrv.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "c:\documents and settings\all users\application data\malwarebytes\malwarebytes anti-malware\mbamdor.exe" "c:\documents and settings\all users\application data\malwarebytes\Malwarebytes Anti-Malware"
dRun: [KLPkInst_a2ce3145-ab54-4ecb-a042-c5023c3f00f4] "c:\temp\setup.exe" -KLPI$ID a2ce3145-ab54-4ecb-a042-c5023c3f00f4 -tl 4
dRun: [KLPkInst_a7c6f7eb-a5cc-400f-8fa9-39457d09d073] "c:\temp\setup.exe" -KLPI$ID a7c6f7eb-a5cc-400f-8fa9-39457d09d073 -tl 4
StartupFolder: c:\docume~1\midas\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\midas\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rowrit~3.lnk - c:\program files\rowriter\bin\ROWPreload.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rowrit~2.lnk - c:\program files\rowriter\rowprintjob\RowPrintJob.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rowrit~1.lnk - c:\windows\installer\{b8574f7f-88ab-4c9f-9572-e8e2e45dfa1c}\_E339DF74F9223ACABED12C.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: dell.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178895993765
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
TCP: Interfaces\{5A369600-3071-43E3-BC51-C64C804DA6B0} : NameServer = 209.244.0.3,66.80.131.5
Notify: ckpNotify - <no file>
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.143\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R2 eBLVD;eBLVD;c:\program files\eblvd\ebhost.exe [2014-6-26 588768]
R2 File Backup;File Backup Service;c:\program files\workspace\offSyncService.exe [2013-7-22 1187040]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-7-6 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2014-2-7 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-2-17 47640]
R3 otmfilter.sys;TACTION;c:\windows\system32\drivers\otmfilter.sys [2011-3-3 11776]
RUnknown SASKUTIL;SASKUTIL; [x]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2014-08-25 21:26:11 688992 ------r- C:\dds.com
2014-08-25 21:13:33 52440 ----a-w- c:\windows\system32\drivers\jwykcjky.sys
2014-08-25 20:50:44 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-25 20:50:22 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-25 20:50:22 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-25 20:50:22 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-25 20:50:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-08-25 18:55:40 -------- d-----w- c:\documents and settings\midas\local settings\application data\Sun
2014-08-25 18:17:39 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-08-25 18:17:21 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-25 18:03:24 -------- d-----w- c:\program files\SystemRequirementsLab
2014-08-25 17:58:08 -------- d-----w- c:\documents and settings\midas\local settings\application data\LogMeInIgnition
2014-08-25 17:57:58 -------- d-----w- c:\documents and settings\midas\local settings\application data\LogMeIn
2014-08-25 17:52:35 -------- d-----w- c:\documents and settings\midas\local settings\application data\AVG Secure Search
2014-08-22 20:00:43 18477224 ----a-w- C:\4-SUPERAntiSpyware.exe
2014-08-22 19:59:45 4181856 ----a-w- C:\3-tdsskiller.exe
2014-08-22 19:59:32 398752 ----a-w- C:\2-unhide.exe
2014-08-22 19:56:21 1942776 ----a-w- C:\1-rkill.exe
2014-08-21 13:25:49 -------- d--h--w- c:\documents and settings\all users\application data\{5113E83A-5415-49C9-8CE2-6571B1B98C40}
2014-08-20 14:21:05 -------- d-----w- c:\documents and settings\midas\local settings\application data\AVG
2014-08-20 14:21:05 -------- d-----w- c:\documents and settings\midas\application data\AVG
2014-08-20 14:14:48 -------- d-sh--w- c:\documents and settings\all users\application data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-20 14:14:46 -------- d-----w- c:\documents and settings\all users\application data\AVG
2014-08-19 14:21:17 -------- d-----w- c:\windows\system32\cos
2014-08-18 21:53:53 -------- d-----w- c:\windows\system32\winrm
2014-08-18 21:53:45 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2014-08-05 17:20:22 227728 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2014-07-16 21:11:06 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-07-16 21:11:02 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-07-16 21:11:00 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-07-16 21:11:00 31560 ----a-w- c:\windows\system32\LMIport.dll
.
============= FINISH: 17:29:06.39 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 27 August 2014 - 03:07 PM

Hi there,

please run the following scans:


Step 1

Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)



Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 hpspec

hpspec
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 28 August 2014 - 05:27 PM

Thank you for your help.

 

---------------------------------------

ComboFix.txt

---------------------------------------

ComboFix 14-08-28.01 - midas 08/28/2014  16:24:35.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.1816 [GMT -4:00]
Running from: c:\documents and settings\midas\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\midas\g2mdlhlpx.exe
c:\documents and settings\midas\GoToAssistDownloadHelper.exe
c:\documents and settings\midas\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\2cd034d0e78f4200.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\60ce00e1b2de277c.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\73a831061dd5c7d3.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\78ec34237165db38.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\8a16251f5cc4661d.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\9ed891c7071b2396.fb
c:\windows\system32\Cache\c4e10d1be905349b.fb
c:\windows\system32\Cache\d052a099739e435d.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f33b1a2bf15cbecc.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\logs
c:\windows\system32\logs\regsvr3200.log
.
c:\windows\system32\drivers\i8042prt.sys was missing 
Restored copy from - c:\windows\ServicePackFiles\i386\i8042prt.sys
.
.
CLSID={73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} - infected with Poweliks and removed.
.
(((((((((((((((((((((((((   Files Created from 2014-07-28 to 2014-08-28  )))))))))))))))))))))))))))))))
.
.
2014-08-28 20:29 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2014-08-28 20:29 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2014-08-25 22:41 . 2014-08-25 22:45 -------- d-----w- c:\windows\system32\MRT
2014-08-25 22:27 . 2014-08-25 22:27 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2014-08-25 21:26 . 2014-08-25 21:05 688992 ------r- C:\dds.com
2014-08-25 20:50 . 2014-08-25 20:53 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-25 20:50 . 2014-08-25 20:50 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-25 20:50 . 2014-08-25 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-08-25 20:50 . 2014-05-12 11:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-25 20:50 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-25 18:55 . 2014-08-25 18:55 -------- d-----w- c:\documents and settings\midas\Local Settings\Application Data\Sun
2014-08-25 18:18 . 2014-08-25 18:18 -------- d-----w- c:\program files\7-Zip
2014-08-25 18:17 . 2014-08-25 18:17 -------- d-----w- c:\program files\Common Files\Java
2014-08-25 18:17 . 2014-08-25 18:16 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-08-25 18:17 . 2014-08-25 18:16 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-25 18:16 . 2014-08-25 18:16 -------- d-----w- c:\program files\Java
2014-08-25 18:16 . 2014-08-25 18:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2014-08-25 18:03 . 2014-08-25 18:03 -------- d-----w- c:\program files\SystemRequirementsLab
2014-08-25 17:57 . 2014-08-25 17:57 -------- d-----w- c:\documents and settings\midas\Local Settings\Application Data\LogMeIn
2014-08-25 17:52 . 2014-08-25 17:52 -------- d-----w- c:\documents and settings\midas\Local Settings\Application Data\AVG Secure Search
2014-08-22 22:19 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2014-08-22 22:19 . 2013-07-03 01:59 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys
2014-08-22 22:18 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2014-08-22 22:18 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2014-08-22 22:10 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2014-08-22 22:09 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2014-08-22 22:09 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2014-08-22 22:08 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2014-08-22 22:08 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2014-08-22 22:08 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2014-08-22 22:08 . 2013-08-09 00:55 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2014-08-22 20:00 . 2014-07-30 16:02 18477224 ----a-w- C:\4-SUPERAntiSpyware.exe
2014-08-22 19:59 . 2014-07-30 16:01 4181856 ----a-w- C:\3-tdsskiller.exe
2014-08-22 19:59 . 2014-07-30 16:01 398752 ----a-w- C:\2-unhide.exe
2014-08-22 19:56 . 2014-07-30 16:00 1942776 ----a-w- C:\1-rkill.exe
2014-08-21 13:25 . 2014-08-21 22:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\{5113E83A-5415-49C9-8CE2-6571B1B98C40}
2014-08-20 14:23 . 2014-08-20 14:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AVG
2014-08-20 14:23 . 2014-08-20 14:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG
2014-08-20 14:21 . 2014-08-20 14:21 -------- d-----w- c:\documents and settings\midas\Local Settings\Application Data\AVG
2014-08-20 14:21 . 2014-08-20 14:21 -------- d-----w- c:\documents and settings\midas\Application Data\AVG
2014-08-20 14:14 . 2014-08-20 15:25 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-20 14:14 . 2014-08-20 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2014-08-19 15:21 . 2014-08-19 15:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2014-08-19 14:21 . 2014-08-19 14:21 -------- d-----w- c:\windows\system32\cos
2014-08-18 21:53 . 2014-08-18 21:53 -------- d-----w- c:\windows\system32\winrm
2014-08-18 21:53 . 2014-08-18 21:54 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-16 21:11 . 2011-02-17 17:07 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-07-16 21:11 . 2011-02-17 17:07 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-07-16 21:11 . 2011-02-17 17:07 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2014-07-16 21:11 . 2011-02-17 17:07 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-07-16 21:11 . 2011-02-17 17:07 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2014-07-16 21:11 . 2011-02-17 17:07 85832 ----a-w- c:\windows\system32\LMIinit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-11-22 14:42 1065776 ----a-w- c:\program files\Workspace\offsyncext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-11-22 14:42 1065776 ----a-w- c:\program files\Workspace\offsyncext.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Starfield Updater"="c:\program files\Workspace\WorkspaceUpdate.exe" [2013-11-22 35008]
"wben"="c:\program files\Workspace\wben.exe" [2013-09-16 1569488]
"Workspace Status"="c:\program files\Workspace\WorkspaceStatus.exe" [2013-11-22 694760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amwrappersrv"="c:\sdi\amwrappersrv.exe" [2003-12-08 104960]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2014-02-07 63048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
.
c:\documents and settings\midas\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\midas\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-8-15 36414752]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-10-3 221247]
R.O. Writer Preload.lnk - c:\program files\ROWriter\Bin\ROWPreload.exe [2013-1-28 24240]
R.O. Writer Print Utility.lnk - c:\program files\ROWriter\RowPrintJob\RowPrintJob.exe [2013-3-12 314880]
R.O. Writer Tray.lnk - c:\windows\Installer\{B8574F7F-88AB-4C9F-9572-E8E2E45DFA1C}\_E339DF74F9223ACABED12C.exe [2007-5-25 766]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2014-07-16 21:11 85832 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^midas.bgi]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\midas.bgi
backup=c:\windows\pss\midas.bgiCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^midas^Start Menu^Programs^Startup^PolicyUpdater.exe]
path=c:\documents and settings\midas\Start Menu\Programs\Startup\PolicyUpdater.exe
backup=c:\windows\pss\PolicyUpdater.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^midas^Start Menu^Programs^Startup^ROWriter Caller ID.lnk]
path=c:\documents and settings\midas\Start Menu\Programs\Startup\ROWriter Caller ID.lnk
backup=c:\windows\pss\ROWriter Caller ID.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-07-22 01:50 86016 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-07-22 01:48 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-07-22 01:47 81920 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-05-01 17:07 843776 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2014-08-12 06:34 2640408 ----a-w- c:\program files\AVG SafeGuard toolbar\vprot.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Arel IDEAL\\Spotlight\\NSVideo.exe"=
"c:\\Program Files\\ROWriter\\Tray\\ROTray.exe"=
"c:\\Program Files\\ROWriter\\ROWriter.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\midas\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\LogMeIn Rescue Calling Card\\CallingCard.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"21:TCP"= 21:TCP:FTP
"21:UDP"= 21:UDP:FTP
"20:TCP"= 20:TCP:FTP
"20:UDP"= 20:UDP:FTP
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
.
R2 eBlvd;eBlvd;c:\program files\eBLVD\ebhost.exe [6/26/2014 2:21 PM 588768]
R2 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [7/22/2013 9:15 AM 1187040]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [7/6/2011 4:32 PM 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/7/2014 4:29 PM 13624]
R3 otmfilter.sys;TACTION;c:\windows\system32\drivers\otmfilter.sys [3/3/2011 2:56 PM 11776]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-25 18:15 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-28 c:\windows\Tasks\CentralTransmit5am.job
- c:\program files\Central Office\centraloffice.exe [2013-03-12 21:07]
.
2014-08-28 c:\windows\Tasks\CentralTransmit9pm.job
- c:\program files\Central Office\centraloffice.exe [2013-03-12 21:07]
.
2014-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-25 18:15]
.
2014-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-25 18:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: dell.com
TCP: Interfaces\{5A369600-3071-43E3-BC51-C64C804DA6B0}: NameServer = 209.244.0.3,66.80.131.5
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
HKCU-Run-DellSystemDetect - c:\documents and settings\midas\Local Settings\Apps\2.0\Y61E8H30.EAT\HAXZKPY5.677\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
Notify-ckpNotify - (no file)
MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\cli.exe
MSConfigStartUp-AVG_UI - c:\program files\AVG\AVG2014\avgui.exe
MSConfigStartUp-PolicyUpdater - c:\temp\policyupdater.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_01\bin\jusched.exe
AddRemove-{00FDF9F7-5943-4871-B813-6E0C5380265C} - c:\documents and settings\All Users\Application Data\{9F336355-99AC-4611-A063-D966406649B2}\cobits_patch1e.exe
AddRemove-{3814C206-4E6B-46DF-9589-0064F2ABFD45} - c:\documents and settings\All Users\Application Data\{3053D6D2-CBA6-43AF-B802-380AF1716412}\co_bits_20101222.exe
AddRemove-{89871230-2F8F-4F9D-B1D2-A033B0F9C788} - c:\documents and settings\All Users\Application Data\{FF441739-A02E-44B9-BC79-57262BE49719}\CentralOffice_setup.exe
AddRemove-{EF617953-EFCE-4DBD-B976-BC2BAB706B68} - c:\documents and settings\All Users\Application Data\{29645E86-9E15-414F-8950-0D79ABFE1C54}\ROWriter_setup.exe
AddRemove-{FA06383F-4C8D-47D9-AD15-18BCCB3E9EF3} - c:\documents and settings\All Users\Application Data\{25638354-1207-4A73-BE1A-7E8980707104}\cobits_119.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-28 18:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1352)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(2684)
c:\windows\system32\WININET.dll
c:\documents and settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll
c:\program files\Workspace\offsyncext.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\wscntfy.exe
c:\program files\ROWriter\Tray\ROTray.exe
c:\documents and settings\midas\Application Data\Dropbox\bin\Dropbox.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
.
**************************************************************************
.
Completion time: 2014-08-28  18:09:14 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-28 22:09
.
Pre-Run: 17,514,131,456 bytes free
Post-Run: 19,651,760,128 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F05414B70B44991AB7646B29C11FC9FC
8F558EB6672622401DA993E1E865C861
 
 

---------------------------------------

FRST.txt

---------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
Ran by midas (administrator) on SERVER on 28-08-2014 18:17:52
Running from C:\Documents and Settings\midas\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
(ENC) C:\Program Files\eBLVD\ebhost.exe
(Starfield Technologies) C:\Program Files\Workspace\offSyncService.exe
(ENC) C:\Program Files\eBLVD\ebhost.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Starfield Technologies) C:\Program Files\Workspace\workspaceupdate.exe
(Starfield Technologies, LLC) C:\Program Files\Workspace\wben.exe
(Starfield Technologies) C:\Program Files\Workspace\workspacestatus.exe
() C:\Program Files\ROWriter\RowPrintJob\RowPrintJob.exe
() C:\Program Files\ROWriter\Tray\ROTray.exe
(Dropbox, Inc.) C:\Documents and Settings\midas\Application Data\Dropbox\bin\Dropbox.exe
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Amwrappersrv] => c:\sdi\amwrappersrv.exe [104960 2003-12-08] ()
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2014-02-07] (LogMeIn, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKU\S-1-5-21-2765813695-2802655320-1838027424-1003\...\Run: [Starfield Updater] => C:\Program Files\Workspace\WorkspaceUpdate.exe [35008 2013-11-22] (Starfield Technologies)
HKU\S-1-5-21-2765813695-2802655320-1838027424-1003\...\Run: [wben] => C:\Program Files\Workspace\wben.exe [1569488 2013-09-16] (Starfield Technologies, LLC)
HKU\S-1-5-21-2765813695-2802655320-1838027424-1003\...\Run: [Workspace Status] => C:\Program Files\Workspace\WorkspaceStatus.exe [694760 2013-11-22] (Starfield Technologies)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\R.O. Writer Preload.lnk
ShortcutTarget: R.O. Writer Preload.lnk -> C:\Program Files\ROWriter\Bin\ROWPreload.exe (PAS)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\R.O. Writer Print Utility.lnk
ShortcutTarget: R.O. Writer Print Utility.lnk -> C:\Program Files\ROWriter\RowPrintJob\RowPrintJob.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\R.O. Writer Tray.lnk
ShortcutTarget: R.O. Writer Tray.lnk -> C:\WINDOWS\Installer\{B8574F7F-88AB-4C9F-9572-E8E2E45DFA1C}\_E339DF74F9223ACABED12C.exe ()
Startup: C:\Documents and Settings\midas\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\midas\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: off0 -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files\Workspace\offsyncext.dll (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: off1 -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files\Workspace\offsyncext.dll (Starfield Technologies, LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x066A600584E4CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={89BDACDB-3F0B-48CC-AC46-01F278B519FA}&mid=059a153c459e47d3ba75d153e6b6a28f-36bdbb23f6b2eda90dae0e9b2094f33bcdcfdb84&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-06 07:02:27&v=17.3.1.204&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
Tcpip\..\Interfaces\{5A369600-3071-43E3-BC51-C64C804DA6B0}: [NameServer] 209.244.0.3,66.80.131.5
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\midas\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @starfield.com/off -> C:\Documents and Settings\midas\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe -> C:\Documents and Settings\midas\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\midas\Application Data\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\midas\Application Data\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Extension: WBE Paste - C:\Documents and Settings\midas\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-11-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
 
Chrome: 
=======
CHR CustomProfile: C:\Documents and Settings\midas\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\midas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-25]
CHR Extension: (Google Drive) - C:\Documents and Settings\midas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\midas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-25]
CHR Extension: (YouTube) - C:\Documents and Settings\midas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-25]
CHR Extension: (Google Search) - C:\Documents and Settings\midas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-25]
CHR Extension: (Google Wallet) - C:\Documents and Settings\midas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-25]
CHR Extension: (Gmail) - C:\Documents and Settings\midas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-25]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [176193 2005-12-12] (American Power Conversion Corporation) [File not signed]
R2 eBlvd; C:\Program Files\eBLVD\ebhost.exe [588768 2014-06-26] (ENC)
R2 File Backup; C:\Program Files\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-25] (Oracle Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R3 otmfilter.sys; C:\WINDOWS\System32\DRIVERS\otmfilter.sys [11776 2009-07-06] ()
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura)
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
S4 LMIRfsClientNP; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 vpnva; system32\DRIVERS\vpnva.sys [X]
U3 mbr; \??\C:\DOCUME~1\midas\LOCALS~1\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-28 18:17 - 2014-08-28 18:18 - 00014471 _____ () C:\Documents and Settings\midas\Desktop\FRST.txt
2014-08-28 18:17 - 2014-08-28 18:17 - 00000000 ____D () C:\FRST
2014-08-28 18:09 - 2014-08-28 18:09 - 00020553 _____ () C:\ComboFix.txt
2014-08-28 18:09 - 2014-08-28 18:09 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-28 18:09 - 2014-08-28 18:09 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-28 18:09 - 2014-08-28 18:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-28 16:30 - 2014-08-28 18:18 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\temp
2014-08-28 16:29 - 2008-04-13 15:18 - 00052480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\i8042prt.sys
2014-08-28 16:29 - 2008-04-13 15:18 - 00052480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2014-08-28 16:20 - 2014-08-28 16:20 - 00000000 _RSHD () C:\cmdcons
2014-08-28 16:20 - 2014-08-25 13:52 - 00000211 _____ () C:\Boot.bak
2014-08-28 16:20 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-08-28 16:16 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-08-28 16:16 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-08-28 16:16 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-08-28 16:16 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-08-28 16:16 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-08-28 16:16 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-08-28 16:16 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-08-28 16:16 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-08-28 16:16 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-08-28 15:51 - 2014-08-28 15:49 - 01095168 _____ (Farbar) C:\Documents and Settings\midas\Desktop\FRST.exe
2014-08-28 15:49 - 2014-08-28 18:09 - 00000000 ____D () C:\Qoobox
2014-08-28 15:48 - 2014-08-28 18:08 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-28 15:46 - 2014-08-28 15:45 - 05574834 ____R (Swearware) C:\Documents and Settings\midas\Desktop\ComboFix.exe
2014-08-26 22:58 - 2014-08-26 22:58 - 00090112 _____ () C:\WINDOWS\Minidump\Mini082614-02.dmp
2014-08-26 07:27 - 2014-08-26 07:26 - 00090112 _____ () C:\WINDOWS\Minidump\Mini082614-01.dmp
2014-08-25 18:54 - 2014-08-25 21:34 - 2098200512 _____ () C:\avenger.txt
2014-08-25 18:54 - 2014-08-25 18:54 - 00243472 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-08-25 18:53 - 2014-08-25 18:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-08-25 18:48 - 2014-08-25 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-08-25 18:41 - 2014-08-25 18:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-25 18:40 - 2014-08-25 18:40 - 00015844 _____ () C:\WINDOWS\KB2834886.log
2014-08-25 18:40 - 2014-08-25 18:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-08-25 18:40 - 2014-08-25 18:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-08-25 18:39 - 2014-08-25 18:40 - 00017315 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-08-25 18:33 - 2014-08-25 18:33 - 00015761 _____ () C:\WINDOWS\KB2900986.log
2014-08-25 18:33 - 2014-08-25 18:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-08-25 18:32 - 2014-08-25 18:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-08-25 18:32 - 2014-08-25 18:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$
2014-08-25 18:31 - 2014-08-25 18:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-08-25 18:31 - 2014-08-25 18:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-08-25 18:28 - 2014-08-25 18:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-08-25 18:27 - 2014-08-25 18:28 - 00015125 _____ () C:\WINDOWS\KB2862335.log
2014-08-25 18:27 - 2014-08-25 18:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2014-08-25 18:27 - 2014-08-25 18:27 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2014-08-25 18:26 - 2014-08-25 18:26 - 00014451 _____ () C:\WINDOWS\KB2904266.log
2014-08-25 18:26 - 2014-08-25 18:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-08-25 18:26 - 2014-08-25 18:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-08-25 18:25 - 2014-08-25 18:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-08-25 18:24 - 2014-08-25 18:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2014-08-25 18:24 - 2014-08-25 18:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-08-25 18:19 - 2014-08-25 18:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-08-25 18:19 - 2014-08-25 18:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-08-25 18:19 - 2014-08-25 18:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-08-25 18:19 - 2014-08-25 18:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2014-08-25 18:18 - 2014-08-25 18:19 - 00014809 _____ () C:\WINDOWS\KB2807986.log
2014-08-25 18:18 - 2014-08-25 18:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2014-08-25 18:12 - 2014-08-25 18:13 - 00013657 _____ () C:\WINDOWS\KB2868038.log
2014-08-25 18:12 - 2014-08-25 18:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-08-25 18:12 - 2014-08-25 18:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-08-25 18:11 - 2014-08-25 18:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-08-25 18:11 - 2014-08-25 18:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2757638$
2014-08-25 18:10 - 2014-08-25 18:10 - 00011124 _____ () C:\WINDOWS\KB2803821-v2.log
2014-08-25 18:10 - 2014-08-25 18:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-08-25 18:10 - 2014-08-25 18:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2014-08-25 18:10 - 2014-08-25 18:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2014-08-25 18:09 - 2014-08-25 18:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-08-25 18:08 - 2014-08-25 18:08 - 00011540 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-08-25 18:08 - 2014-08-25 18:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2014-08-25 17:59 - 2014-08-25 18:53 - 00007310 _____ () C:\WINDOWS\updspapi.log
2014-08-25 17:58 - 2014-08-25 17:59 - 00013770 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-08-25 17:26 - 2014-08-25 17:05 - 00688992 ____R (Swearware) C:\dds.com
2014-08-25 16:50 - 2014-08-25 16:53 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 16:50 - 2014-08-25 16:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-25 16:50 - 2014-08-25 16:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-25 16:50 - 2014-08-25 16:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-25 16:50 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-25 16:50 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-25 15:24 - 2014-08-25 15:24 - 00000010 _____ () C:\WINDOWS\WININIT.INI
2014-08-25 14:55 - 2014-08-25 14:55 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\Application Data\Sun
2014-08-25 14:48 - 2014-08-25 14:48 - 00090112 _____ () C:\WINDOWS\Minidump\Mini082514-02.dmp
2014-08-25 14:21 - 2014-08-25 14:21 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-25 14:18 - 2014-08-25 14:18 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-25 14:18 - 2014-08-25 14:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2014-08-25 14:17 - 2014-08-25 14:17 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-25 14:17 - 2014-08-25 14:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-08-25 14:17 - 2014-08-25 14:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Sun
2014-08-25 14:17 - 2014-08-25 14:16 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-25 14:17 - 2014-08-25 14:16 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-25 14:17 - 2014-08-25 14:16 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-25 14:17 - 2014-08-25 14:16 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-08-25 14:17 - 2014-08-25 14:16 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-08-25 14:16 - 2014-08-28 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-08-25 14:16 - 2014-08-25 14:16 - 00000000 ____D () C:\Program Files\Java
2014-08-25 14:16 - 2014-08-25 14:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-08-25 14:16 - 2014-08-25 14:16 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\Macromedia
2014-08-25 14:16 - 2014-08-25 14:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-08-25 14:15 - 2014-08-28 18:01 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-25 14:15 - 2014-08-28 15:20 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-25 14:03 - 2014-08-25 14:03 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2014-08-25 13:58 - 2014-08-25 13:58 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\Application Data\LogMeInIgnition
2014-08-25 13:57 - 2014-08-25 13:57 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\Application Data\LogMeIn
2014-08-25 13:52 - 2014-08-25 13:52 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\Application Data\AVG Secure Search
2014-08-25 13:45 - 2014-08-28 18:01 - 00026202 _____ () C:\WINDOWS\setupapi.log
2014-08-25 13:37 - 2014-08-25 13:37 - 00090112 _____ () C:\WINDOWS\Minidump\Mini082514-01.dmp
2014-08-23 08:21 - 2014-08-25 18:53 - 00038983 _____ () C:\WINDOWS\netfxocm.log
2014-08-23 08:21 - 2014-08-25 18:53 - 00015657 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-23 08:21 - 2014-08-25 18:53 - 00012930 _____ () C:\WINDOWS\ocmsn.log
2014-08-23 08:21 - 2014-08-25 18:53 - 00011334 _____ () C:\WINDOWS\msgsocm.log
2014-08-23 08:21 - 2014-08-25 18:53 - 00010885 _____ () C:\WINDOWS\tabletoc.log
2014-08-23 08:20 - 2014-08-25 18:53 - 00266379 _____ () C:\WINDOWS\iis6.log
2014-08-23 08:20 - 2014-08-25 18:53 - 00221229 _____ () C:\WINDOWS\FaxSetup.log
2014-08-23 08:20 - 2014-08-25 18:53 - 00114790 _____ () C:\WINDOWS\ocgen.log
2014-08-23 08:20 - 2014-08-25 18:53 - 00104018 _____ () C:\WINDOWS\tsoc.log
2014-08-23 08:20 - 2014-08-25 18:53 - 00074122 _____ () C:\WINDOWS\comsetup.log
2014-08-23 08:20 - 2014-08-25 18:53 - 00073676 _____ () C:\WINDOWS\msmqinst.log
2014-08-23 08:20 - 2014-08-25 18:53 - 00046110 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-23 08:20 - 2014-08-25 18:53 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-08-23 08:20 - 2014-08-25 18:48 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-08-23 08:20 - 2014-08-23 08:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-08-23 08:20 - 2014-08-23 08:20 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-23 08:20 - 2014-08-23 08:20 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-23 08:05 - 2014-08-23 08:21 - 00006071 _____ () C:\WINDOWS\KB2914368.log
2014-08-23 07:31 - 2014-08-25 18:53 - 00022699 _____ () C:\WINDOWS\KB2868626.log
2014-08-23 07:29 - 2014-08-25 18:48 - 00021569 _____ () C:\WINDOWS\KB2922229.log
2014-08-23 07:27 - 2014-08-25 18:40 - 00021507 _____ () C:\WINDOWS\KB2916036.log
2014-08-23 07:24 - 2014-08-25 18:31 - 00025432 _____ () C:\WINDOWS\KB2898715.log
2014-08-23 07:22 - 2014-08-23 07:22 - 00090112 _____ () C:\WINDOWS\Minidump\Mini082314-01.dmp
2014-08-22 18:21 - 2014-08-25 18:31 - 00018820 _____ () C:\WINDOWS\KB2929961.log
2014-08-22 18:20 - 2014-08-25 18:33 - 00021453 _____ () C:\WINDOWS\KB2847311.log
2014-08-22 18:20 - 2014-08-25 18:32 - 00023177 _____ () C:\WINDOWS\KB2802968.log
2014-08-22 18:20 - 2014-08-25 18:19 - 00017175 _____ () C:\WINDOWS\KB2876331.log
2014-08-22 18:19 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2014-08-22 18:19 - 2013-07-02 21:59 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2014-08-22 18:18 - 2014-08-25 18:27 - 00021270 _____ () C:\WINDOWS\KB2780091.log
2014-08-22 18:18 - 2014-08-25 18:26 - 00019044 _____ () C:\WINDOWS\KB2876217.log
2014-08-22 18:18 - 2014-08-25 18:25 - 00019192 _____ () C:\WINDOWS\KB2930275.log
2014-08-22 18:18 - 2014-08-25 18:25 - 00018150 _____ () C:\WINDOWS\KB2864063.log
2014-08-22 18:18 - 2014-08-25 18:19 - 00018008 _____ () C:\WINDOWS\KB2859537.log
2014-08-22 18:18 - 2013-02-11 20:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2014-08-22 18:18 - 2013-02-11 20:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023.sys
2014-08-22 18:17 - 2014-08-25 18:24 - 00017138 _____ () C:\WINDOWS\KB2862152.log
2014-08-22 18:17 - 2014-08-25 18:19 - 00017526 _____ () C:\WINDOWS\KB2850869.log
2014-08-22 18:10 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2014-08-22 18:09 - 2014-08-25 18:12 - 00018915 _____ () C:\WINDOWS\KB2820917.log
2014-08-22 18:09 - 2014-08-25 18:12 - 00015905 _____ () C:\WINDOWS\KB2893294.log
2014-08-22 18:09 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2014-08-22 18:09 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2014-08-22 18:08 - 2014-08-25 18:11 - 00017732 _____ () C:\WINDOWS\KB2757638.log
2014-08-22 18:08 - 2014-08-25 18:10 - 00017736 _____ () C:\WINDOWS\KB2727528.log
2014-08-22 18:08 - 2014-08-25 18:10 - 00015377 _____ () C:\WINDOWS\KB2892075.log
2014-08-22 18:08 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2014-08-22 18:08 - 2013-08-08 20:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2014-08-22 18:08 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2014-08-22 18:08 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2014-08-22 18:06 - 2014-08-25 18:08 - 00019199 _____ () C:\WINDOWS\KB2813345.log
2014-08-22 16:00 - 2014-07-30 12:02 - 18477224 _____ (SUPERAntiSpyware) C:\4-SUPERAntiSpyware.exe
2014-08-22 15:59 - 2014-07-30 12:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\3-tdsskiller.exe
2014-08-22 15:59 - 2014-07-30 12:01 - 00398752 _____ (Bleeping Computer, LLC) C:\2-unhide.exe
2014-08-22 15:56 - 2014-07-30 12:00 - 01942776 _____ (Bleeping Computer, LLC) C:\1-rkill.exe
2014-08-21 17:54 - 2014-08-28 18:01 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-21 17:54 - 2014-08-21 17:54 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-08-21 09:25 - 2014-08-21 18:17 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{5113E83A-5415-49C9-8CE2-6571B1B98C40}
2014-08-21 07:12 - 2014-08-21 07:12 - 00090112 _____ () C:\WINDOWS\Minidump\Mini082114-01.dmp
2014-08-20 10:23 - 2014-08-20 10:23 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\AVG
2014-08-20 10:23 - 2014-08-20 10:23 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\AVG
2014-08-20 10:21 - 2014-08-21 07:49 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-08-20 10:21 - 2014-08-20 10:21 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\Application Data\AVG
2014-08-20 10:21 - 2014-08-20 10:21 - 00000000 ____D () C:\Documents and Settings\midas\Application Data\AVG
2014-08-20 10:14 - 2014-08-20 11:25 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-20 10:14 - 2014-08-20 10:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG
2014-08-19 12:05 - 2014-08-19 12:05 - 00090112 _____ () C:\WINDOWS\Minidump\Mini081914-01.dmp
2014-08-19 11:44 - 2014-08-28 16:16 - 06422528 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-19 11:44 - 2014-08-19 11:44 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-19 10:21 - 2014-08-19 10:21 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-18 17:54 - 2014-08-19 11:43 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-18 17:54 - 2014-08-19 11:43 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-08-18 17:53 - 2014-08-18 17:54 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-18 17:53 - 2014-08-18 17:53 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-18 17:53 - 2014-08-18 17:53 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-18 17:53 - 2014-08-18 17:53 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-08-15 10:14 - 2014-08-15 10:14 - 00090112 _____ () C:\WINDOWS\Minidump\Mini081514-01.dmp
2014-08-14 16:38 - 2014-08-20 13:39 - 00000275 _____ () C:\Documents and Settings\midas\Desktop\Midas Tire Center.url
2014-08-05 21:31 - 2014-08-28 05:01 - 00000332 _____ () C:\WINDOWS\Tasks\CentralTransmit5am.job
2014-08-05 21:31 - 2014-08-27 21:01 - 00000332 _____ () C:\WINDOWS\Tasks\CentralTransmit9pm.job
2014-08-04 11:06 - 2014-08-04 11:06 - 00034836 _____ () C:\Documents and Settings\midas\Desktop\Area%20123%20Monthly%20Ranking%20Report%202014[1].xlsm
2014-08-04 09:47 - 2014-08-04 09:46 - 00090112 _____ () C:\WINDOWS\Minidump\Mini080414-01.dmp
2014-07-30 11:31 - 2014-07-30 11:31 - 00000123 _____ () C:\Documents and Settings\midas\Desktop\office depot.url
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-28 18:18 - 2014-08-28 18:17 - 00014471 _____ () C:\Documents and Settings\midas\Desktop\FRST.txt
2014-08-28 18:18 - 2014-08-28 16:30 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\temp
2014-08-28 18:17 - 2014-08-28 18:17 - 00000000 ____D () C:\FRST
2014-08-28 18:09 - 2014-08-28 18:09 - 00020553 _____ () C:\ComboFix.txt
2014-08-28 18:09 - 2014-08-28 18:09 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-28 18:09 - 2014-08-28 18:09 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-28 18:09 - 2014-08-28 18:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-28 18:09 - 2014-08-28 15:49 - 00000000 ____D () C:\Qoobox
2014-08-28 18:09 - 2007-05-11 10:42 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-08-28 18:08 - 2014-08-28 15:48 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-28 18:05 - 2013-12-26 23:37 - 00000000 ___RD () C:\Documents and Settings\midas\My Documents\Dropbox
2014-08-28 18:05 - 2013-12-26 23:31 - 00000000 ____D () C:\Documents and Settings\midas\Application Data\Dropbox
2014-08-28 18:05 - 2007-05-11 10:38 - 01091952 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-28 18:05 - 2004-08-04 08:00 - 00000584 _____ () C:\WINDOWS\win.ini
2014-08-28 18:03 - 2004-08-04 08:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-28 18:01 - 2014-08-25 14:15 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-28 18:01 - 2014-08-25 13:45 - 00026202 _____ () C:\WINDOWS\setupapi.log
2014-08-28 18:01 - 2014-08-21 17:54 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-28 18:01 - 2014-04-15 07:09 - 00000735 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
2014-08-28 18:01 - 2014-04-15 07:09 - 00000719 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-08-28 18:01 - 2007-05-14 13:01 - 00000000 __SHD () C:\WINDOWS\CSC
2014-08-28 18:01 - 2007-05-11 10:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-28 18:01 - 2007-05-11 10:37 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-08-28 18:01 - 2007-05-11 05:00 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-28 18:01 - 2004-08-04 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-28 16:29 - 2007-05-11 10:44 - 00000000 ____D () C:\Documents and Settings\midas
2014-08-28 16:20 - 2014-08-28 16:20 - 00000000 _RSHD () C:\cmdcons
2014-08-28 16:20 - 2007-05-11 04:56 - 00000327 __RSH () C:\boot.ini
2014-08-28 16:17 - 2007-05-11 10:43 - 00032484 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-28 16:16 - 2014-08-19 11:44 - 06422528 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-28 16:07 - 2014-08-25 14:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-08-28 15:49 - 2014-08-28 15:51 - 01095168 _____ (Farbar) C:\Documents and Settings\midas\Desktop\FRST.exe
2014-08-28 15:45 - 2014-08-28 15:46 - 05574834 ____R (Swearware) C:\Documents and Settings\midas\Desktop\ComboFix.exe
2014-08-28 15:37 - 2009-07-06 13:45 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\Application Data\Deployment
2014-08-28 15:20 - 2014-08-25 14:15 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-28 08:07 - 2013-11-21 13:44 - 00223744 _____ () C:\Documents and Settings\midas\Desktop\SCHEDULE 77202.xls
2014-08-28 08:05 - 2014-07-01 07:45 - 00101888 _____ () C:\Documents and Settings\midas\Desktop\Copy of June Midas tracker.xls
2014-08-28 08:03 - 2014-02-13 11:21 - 00106496 _____ () C:\Documents and Settings\midas\Desktop\2012 comp.xls
2014-08-28 05:01 - 2014-08-05 21:31 - 00000332 _____ () C:\WINDOWS\Tasks\CentralTransmit5am.job
2014-08-28 05:00 - 2007-05-14 17:13 - 00000000 ____D () C:\Program Files\Central Office
2014-08-28 04:32 - 2011-02-17 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-08-27 21:01 - 2014-08-05 21:31 - 00000332 _____ () C:\WINDOWS\Tasks\CentralTransmit9pm.job
2014-08-27 18:13 - 2007-05-15 12:06 - 00000000 ____D () C:\QBooksw
2014-08-27 05:01 - 2007-05-11 10:44 - 00000278 ___SH () C:\Documents and Settings\midas\ntuser.ini
2014-08-26 22:58 - 2014-08-26 22:58 - 00090112 _____ () C:\WINDOWS\Minidump\Mini082614-02.dmp
2014-08-26 07:27 - 2010-01-11 08:27 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-26 07:26 - 2014-08-26 07:27 - 00090112 _____ () C:\WINDOWS\Minidump\Mini082614-01.dmp
2014-08-25 21:34 - 2014-08-25 18:54 - 2098200512 _____ () C:\avenger.txt
2014-08-25 20:22 - 2007-05-11 10:52 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-25 18:55 - 2007-05-11 04:57 - 00164320 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-25 18:54 - 2014-08-25 18:54 - 00243472 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-08-25 18:54 - 2008-02-13 04:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB946026$
2014-08-25 18:53 - 2014-08-25 18:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-08-25 18:53 - 2014-08-25 17:59 - 00007310 _____ () C:\WINDOWS\updspapi.log
2014-08-25 18:53 - 2014-08-23 08:21 - 00038983 _____ () C:\WINDOWS\netfxocm.log
2014-08-25 18:53 - 2014-08-23 08:21 - 00015657 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-25 18:53 - 2014-08-23 08:21 - 00012930 _____ () C:\WINDOWS\ocmsn.log
2014-08-25 18:53 - 2014-08-23 08:21 - 00011334 _____ () C:\WINDOWS\msgsocm.log
2014-08-25 18:53 - 2014-08-23 08:21 - 00010885 _____ () C:\WINDOWS\tabletoc.log
2014-08-25 18:53 - 2014-08-23 08:20 - 00266379 _____ () C:\WINDOWS\iis6.log
2014-08-25 18:53 - 2014-08-23 08:20 - 00221229 _____ () C:\WINDOWS\FaxSetup.log
2014-08-25 18:53 - 2014-08-23 08:20 - 00114790 _____ () C:\WINDOWS\ocgen.log
2014-08-25 18:53 - 2014-08-23 08:20 - 00104018 _____ () C:\WINDOWS\tsoc.log
2014-08-25 18:53 - 2014-08-23 08:20 - 00074122 _____ () C:\WINDOWS\comsetup.log
2014-08-25 18:53 - 2014-08-23 08:20 - 00073676 _____ () C:\WINDOWS\msmqinst.log
2014-08-25 18:53 - 2014-08-23 08:20 - 00046110 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-25 18:53 - 2014-08-23 08:20 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-08-25 18:53 - 2014-08-23 07:31 - 00022699 _____ () C:\WINDOWS\KB2868626.log
2014-08-25 18:53 - 2007-05-11 04:58 - 00493242 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-25 18:48 - 2014-08-25 18:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-08-25 18:48 - 2014-08-23 08:20 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-08-25 18:48 - 2014-08-23 07:29 - 00021569 _____ () C:\WINDOWS\KB2922229.log
2014-08-25 18:45 - 2014-08-25 18:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-25 18:40 - 2014-08-25 18:40 - 00015844 _____ () C:\WINDOWS\KB2834886.log
2014-08-25 18:40 - 2014-08-25 18:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-08-25 18:40 - 2014-08-25 18:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-08-25 18:40 - 2014-08-25 18:39 - 00017315 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-08-25 18:40 - 2014-08-23 07:27 - 00021507 _____ () C:\WINDOWS\KB2916036.log
2014-08-25 18:33 - 2014-08-25 18:33 - 00015761 _____ () C:\WINDOWS\KB2900986.log
2014-08-25 18:33 - 2014-08-25 18:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-08-25 18:33 - 2014-08-22 18:20 - 00021453 _____ () C:\WINDOWS\KB2847311.log
2014-08-25 18:32 - 2014-08-25 18:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-08-25 18:32 - 2014-08-25 18:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$
2014-08-25 18:32 - 2014-08-22 18:20 - 00023177 _____ () C:\WINDOWS\KB2802968.log
2014-08-25 18:31 - 2014-08-25 18:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-08-25 18:31 - 2014-08-25 18:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-08-25 18:31 - 2014-08-23 07:24 - 00025432 _____ () C:\WINDOWS\KB2898715.log
2014-08-25 18:31 - 2014-08-22 18:21 - 00018820 _____ () C:\WINDOWS\KB2929961.log
2014-08-25 18:28 - 2014-08-25 18:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-08-25 18:28 - 2014-08-25 18:27 - 00015125 _____ () C:\WINDOWS\KB2862335.log
2014-08-25 18:27 - 2014-08-25 18:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2014-08-25 18:27 - 2014-08-25 18:27 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2
2014-08-25 18:27 - 2014-08-22 18:18 - 00021270 _____ () C:\WINDOWS\KB2780091.log
2014-08-25 18:26 - 2014-08-25 18:26 - 00014451 _____ () C:\WINDOWS\KB2904266.log
2014-08-25 18:26 - 2014-08-25 18:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-08-25 18:26 - 2014-08-25 18:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-08-25 18:26 - 2014-08-22 18:18 - 00019044 _____ () C:\WINDOWS\KB2876217.log
2014-08-25 18:26 - 2007-05-11 11:58 - 00876790 _____ () C:\WINDOWS\system32\TZLog.log
2014-08-25 18:25 - 2014-08-25 18:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-08-25 18:25 - 2014-08-22 18:18 - 00019192 _____ () C:\WINDOWS\KB2930275.log
2014-08-25 18:25 - 2014-08-22 18:18 - 00018150 _____ () C:\WINDOWS\KB2864063.log
2014-08-25 18:24 - 2014-08-25 18:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2014-08-25 18:24 - 2014-08-25 18:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-08-25 18:24 - 2014-08-22 18:17 - 00017138 _____ () C:\WINDOWS\KB2862152.log
2014-08-25 18:19 - 2014-08-25 18:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-08-25 18:19 - 2014-08-25 18:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-08-25 18:19 - 2014-08-25 18:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-08-25 18:19 - 2014-08-25 18:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2014-08-25 18:19 - 2014-08-25 18:18 - 00014809 _____ () C:\WINDOWS\KB2807986.log
2014-08-25 18:19 - 2014-08-22 18:20 - 00017175 _____ () C:\WINDOWS\KB2876331.log
2014-08-25 18:19 - 2014-08-22 18:18 - 00018008 _____ () C:\WINDOWS\KB2859537.log
2014-08-25 18:19 - 2014-08-22 18:17 - 00017526 _____ () C:\WINDOWS\KB2850869.log
2014-08-25 18:18 - 2014-08-25 18:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2014-08-25 18:18 - 2007-05-11 11:10 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-08-25 18:13 - 2014-08-25 18:12 - 00013657 _____ () C:\WINDOWS\KB2868038.log
2014-08-25 18:12 - 2014-08-25 18:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-08-25 18:12 - 2014-08-25 18:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-08-25 18:12 - 2014-08-22 18:09 - 00018915 _____ () C:\WINDOWS\KB2820917.log
2014-08-25 18:12 - 2014-08-22 18:09 - 00015905 _____ () C:\WINDOWS\KB2893294.log
2014-08-25 18:11 - 2014-08-25 18:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-08-25 18:11 - 2014-08-25 18:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2757638$
2014-08-25 18:11 - 2014-08-22 18:08 - 00017732 _____ () C:\WINDOWS\KB2757638.log
2014-08-25 18:10 - 2014-08-25 18:10 - 00011124 _____ () C:\WINDOWS\KB2803821-v2.log
2014-08-25 18:10 - 2014-08-25 18:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-08-25 18:10 - 2014-08-25 18:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2014-08-25 18:10 - 2014-08-25 18:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2014-08-25 18:10 - 2014-08-22 18:08 - 00017736 _____ () C:\WINDOWS\KB2727528.log
2014-08-25 18:10 - 2014-08-22 18:08 - 00015377 _____ () C:\WINDOWS\KB2892075.log
2014-08-25 18:09 - 2014-08-25 18:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-08-25 18:08 - 2014-08-25 18:08 - 00011540 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-08-25 18:08 - 2014-08-25 18:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2014-08-25 18:08 - 2014-08-22 18:06 - 00019199 _____ () C:\WINDOWS\KB2813345.log
2014-08-25 17:59 - 2014-08-25 17:58 - 00013770 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-08-25 17:59 - 2009-08-09 03:04 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-08-25 17:48 - 2007-05-11 10:36 - 00000000 ____D () C:\Program Files\Online Services
2014-08-25 17:48 - 2007-05-11 04:50 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-08-25 17:05 - 2014-08-25 17:26 - 00688992 ____R (Swearware) C:\dds.com
2014-08-25 16:53 - 2014-08-25 16:50 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 16:50 - 2014-08-25 16:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-25 16:50 - 2014-08-25 16:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-25 16:50 - 2014-08-25 16:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-25 16:41 - 2013-11-22 10:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-08-25 15:28 - 2013-11-23 18:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2014-08-25 15:24 - 2014-08-25 15:24 - 00000010 _____ () C:\WINDOWS\WININIT.INI
2014-08-25 14:55 - 2014-08-25 14:55 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\Application Data\Sun
2014-08-25 14:54 - 2007-05-11 11:37 - 00000000 ____D () C:\Documents and Settings\midas\Application Data\Adobe
2014-08-25 14:49 - 2013-11-20 08:41 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\Application Data\Google
2014-08-25 14:48 - 2014-08-25 14:48 - 00090112 _____ () C:\WINDOWS\Minidump\Mini082514-02.dmp
2014-08-25 14:21 - 2014-08-25 14:21 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-25 14:21 - 2007-05-11 10:59 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-25 14:20 - 2007-05-11 10:59 - 00000000 ____D () C:\Program Files\Adobe
2014-08-25 14:18 - 2014-08-25 14:18 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-25 14:18 - 2014-08-25 14:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2014-08-25 14:18 - 2007-06-21 08:10 - 00000000 ____D () C:\WINDOWS\system32\Adobe
2014-08-25 14:17 - 2014-08-25 14:17 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-25 14:17 - 2014-08-25 14:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-08-25 14:17 - 2014-08-25 14:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Sun
2014-08-25 14:16 - 2014-08-25 14:17 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-25 14:16 - 2014-08-25 14:17 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-25 14:16 - 2014-08-25 14:17 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-25 14:16 - 2014-08-25 14:17 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-08-25 14:16 - 2014-08-25 14:17 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-08-25 14:16 - 2014-08-25 14:16 - 00000000 ____D () C:\Program Files\Java
2014-08-25 14:16 - 2014-08-25 14:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-08-25 14:16 - 2014-08-25 14:16 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\Macromedia
2014-08-25 14:16 - 2014-08-25 14:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-08-25 14:16 - 2007-05-11 11:37 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\Application Data\Adobe
2014-08-25 14:15 - 2013-11-20 08:41 - 00000000 ____D () C:\Program Files\Google
2014-08-25 14:03 - 2014-08-25 14:03 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2014-08-25 13:58 - 2014-08-25 13:58 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\Application Data\LogMeInIgnition
2014-08-25 13:58 - 2011-02-17 13:07 - 00000000 ____D () C:\Program Files\LogMeIn
2014-08-25 13:57 - 2014-08-25 13:57 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\Application Data\LogMeIn
2014-08-25 13:57 - 2011-02-17 13:07 - 00001024 _____ () C:\.rnd
2014-08-25 13:52 - 2014-08-28 16:20 - 00000211 _____ () C:\Boot.bak
2014-08-25 13:52 - 2014-08-25 13:52 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\Application Data\AVG Secure Search
2014-08-25 13:50 - 2013-11-23 18:24 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-08-25 13:50 - 2007-05-11 10:59 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-08-25 13:37 - 2014-08-25 13:37 - 00090112 _____ () C:\WINDOWS\Minidump\Mini082514-01.dmp
2014-08-25 13:31 - 2014-01-10 19:18 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-08-25 08:35 - 2007-05-15 14:42 - 00007692 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-08-25 02:24 - 2007-05-15 14:34 - 00001052 __RSH () C:\Documents and Settings\midas\ntuser.pol
2014-08-23 08:21 - 2014-08-23 08:05 - 00006071 _____ () C:\WINDOWS\KB2914368.log
2014-08-23 08:20 - 2014-08-23 08:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-08-23 08:20 - 2014-08-23 08:20 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-23 08:20 - 2014-08-23 08:20 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-23 07:22 - 2014-08-23 07:22 - 00090112 _____ () C:\WINDOWS\Minidump\Mini082314-01.dmp
2014-08-21 18:17 - 2014-08-21 09:25 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{5113E83A-5415-49C9-8CE2-6571B1B98C40}
2014-08-21 17:54 - 2014-08-21 17:54 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-08-21 07:49 - 2014-08-20 10:21 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-08-21 07:12 - 2014-08-21 07:12 - 00090112 _____ () C:\WINDOWS\Minidump\Mini082114-01.dmp
2014-08-20 13:39 - 2014-08-14 16:38 - 00000275 _____ () C:\Documents and Settings\midas\Desktop\Midas Tire Center.url
2014-08-20 11:30 - 2013-11-17 20:06 - 00000000 __HDC () C:\Documents and Settings\All Users\Application Data\{FF441739-A02E-44B9-BC79-57262BE49719}
2014-08-20 11:30 - 2012-12-26 14:29 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\Application Data\Downloaded Installations
2014-08-20 11:30 - 2010-06-22 00:51 - 00000000 __HDC () C:\Documents and Settings\All Users\Application Data\{9F336355-99AC-4611-A063-D966406649B2}
2014-08-20 11:29 - 2013-11-17 19:27 - 00000000 __HDC () C:\Documents and Settings\All Users\Application Data\{29645E86-9E15-414F-8950-0D79ABFE1C54}
2014-08-20 11:29 - 2010-12-21 22:05 - 00000000 __HDC () C:\Documents and Settings\All Users\Application Data\{3053D6D2-CBA6-43AF-B802-380AF1716412}
2014-08-20 11:25 - 2014-08-20 10:14 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-20 11:25 - 2010-05-27 09:06 - 00000000 __HDC () C:\Documents and Settings\All Users\Application Data\{25638354-1207-4A73-BE1A-7E8980707104}
2014-08-20 11:18 - 2013-11-13 09:14 - 00000000 ____D () C:\Documents and Settings\midas\Desktop\DATA SAVE 77202
2014-08-20 11:18 - 2007-05-14 17:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\LaserCat 2000
2014-08-20 10:23 - 2014-08-20 10:23 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\AVG
2014-08-20 10:23 - 2014-08-20 10:23 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\AVG
2014-08-20 10:21 - 2014-08-20 10:21 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\Application Data\AVG
2014-08-20 10:21 - 2014-08-20 10:21 - 00000000 ____D () C:\Documents and Settings\midas\Application Data\AVG
2014-08-20 10:21 - 2014-08-20 10:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG
2014-08-20 09:55 - 2007-05-11 10:44 - 00001599 _____ () C:\Documents and Settings\midas\Start Menu\Programs\Remote Assistance.lnk
2014-08-19 18:23 - 2007-05-25 12:42 - 00524288 _____ () C:\WINDOWS\system32\config\R.O. Wri.evt
2014-08-19 12:05 - 2014-08-19 12:05 - 00090112 _____ () C:\WINDOWS\Minidump\Mini081914-01.dmp
2014-08-19 11:44 - 2014-08-19 11:44 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-19 11:44 - 2010-10-08 14:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-19 11:43 - 2014-08-18 17:54 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-19 11:43 - 2014-08-18 17:54 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-08-19 11:43 - 2007-05-11 04:50 - 00000000 ____D () C:\WINDOWS\security
2014-08-19 10:27 - 2011-03-01 11:27 - 01134576 _____ () C:\Documents and Settings\midas\Application Data\ML.txt
2014-08-19 10:27 - 2011-03-01 11:27 - 00000297 _____ () C:\Documents and Settings\midas\Application Data\schema.ini
2014-08-19 10:21 - 2014-08-19 10:21 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-19 08:12 - 2014-02-22 00:05 - 00000000 ____D () C:\ADL
2014-08-18 17:55 - 2010-10-08 14:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-08-18 17:54 - 2014-08-18 17:53 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-18 17:54 - 2007-05-11 10:35 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-08-18 17:54 - 2007-05-11 04:50 - 00000000 ____D () C:\WINDOWS\Help
2014-08-18 17:53 - 2014-08-18 17:53 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-18 17:53 - 2014-08-18 17:53 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-18 17:53 - 2014-08-18 17:53 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-08-16 08:03 - 2013-12-26 23:31 - 00000000 ____D () C:\Documents and Settings\midas\Start Menu\Programs\Dropbox
2014-08-15 10:14 - 2014-08-15 10:14 - 00090112 _____ () C:\WINDOWS\Minidump\Mini081514-01.dmp
2014-08-12 02:34 - 2013-11-23 18:24 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-08-04 11:06 - 2014-08-04 11:06 - 00034836 _____ () C:\Documents and Settings\midas\Desktop\Area%20123%20Monthly%20Ranking%20Report%202014[1].xlsm
2014-08-04 09:46 - 2014-08-04 09:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini080414-01.dmp
2014-08-01 18:07 - 2011-02-28 12:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Progressive Automotive Systems
2014-07-31 23:42 - 2007-05-11 12:00 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-31 23:09 - 2013-11-18 15:08 - 00000000 ____D () C:\LeedsWest
2014-07-31 17:31 - 2010-08-25 10:36 - 00000000 ____D () C:\Documents and Settings\midas\Local Settings\Application Data\CutePDF Writer
2014-07-30 12:02 - 2014-08-22 16:00 - 18477224 _____ (SUPERAntiSpyware) C:\4-SUPERAntiSpyware.exe
2014-07-30 12:01 - 2014-08-22 15:59 - 04181856 _____ (Kaspersky Lab ZAO) C:\3-tdsskiller.exe
2014-07-30 12:01 - 2014-08-22 15:59 - 00398752 _____ (Bleeping Computer, LLC) C:\2-unhide.exe
2014-07-30 12:00 - 2014-08-22 15:56 - 01942776 _____ (Bleeping Computer, LLC) C:\1-rkill.exe
2014-07-30 11:31 - 2014-07-30 11:31 - 00000123 _____ () C:\Documents and Settings\midas\Desktop\office depot.url
 
Some content of TEMP:
====================
C:\Documents and Settings\midas\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmponeugu.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

 

 

---------------------------------------

Addition.txt

---------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x86) Version:26-08-2014
Ran by midas at 2014-08-28 18:18:39
Running from C:\Documents and Settings\midas\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
APC PowerChute Personal Edition (HKLM\...\{5A0C892E-FD1C-4203-941E-0956AED20A6A}) (Version: 2.0 - American Power Conversion Corporation)
Arel Spotlight  (HKLM\...\{5D604672-95D7-4338-A264-B6A3B2603E50}) (Version:  - )
AZLineFilterCOMSetup (HKLM\...\{8C52E0C3-7EB8-493A-BDDF-FF7621DF5EF5}) (Version: 1.0.10 - Progressive Automotive Systems)
Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
DataLynx Support (HKLM\...\{C2835850-FCEB-4A1A-A213-57E7A9A8EC62}) (Version: 7.0.454 - LogMeIn, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
eBLVD Host Software 8.0 (HKLM\...\eBLVD) (Version:  - )
Google Chrome (HKLM\...\{E2FA067B-11BC-318B-B325-31127E6243F5}) (Version: 65.240.16527 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKCU\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
LaserCat (HKLM\...\{5DF5621C-5071-4F68-B623-69FD2D36DA3C}) (Version:  - )
LaserCat 2000 (HKLM\...\LaserCat 2000) (Version:  - )
LogMeIn (HKLM\...\{9905E4C1-14D8-4522-88FE-FD00B51A20DC}) (Version: 4.1.4408 - LogMeIn, Inc.)
LogMeIn (HKLM\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 3.0 (HKLM\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MidasTB (HKLM\...\{0B968A0B-9063-49D1-9F78-2571FD03C915}) (Version: 1.00.0000 - Midas International)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
R.O. Writer Central Office 1.19 with BITS (HKLM\...\{98F08ED9-D347-4E5C-95E6-336DD3416C14}) (Version: 1.19.3 - Progressive Automotive Systems, Inc)
R.O. Writer Scheduler (HKLM\...\{5FF6FE4D-7123-43AC-AB19-8185631B8B51}) (Version: 1.1.2 - Progressive Automotive Systems)
R.O. Writer Tray (HKLM\...\{B8574F7F-88AB-4C9F-9572-E8E2E45DFA1C}) (Version: 1.3.35 - Progressive Automotive Systems)
R.O. Writer Updater (HKCU\...\aedeee002fe6eff3) (Version: 2.0.0.12 - R.O. Writer)
ROWriter Fleet Control (HKLM\...\{53080FA9-409F-417A-A412-637D60D6588B}) (Version: 1.0.50 - Parker Consulting)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM\...\{AAD476D7-FC64-40BC-85EA-0C1FD98D8375}) (Version: 13.0.3.612 - SAP)
Snapshot Viewer 9.0 (HKLM\...\Snapshot Viewer 9.0) (Version:  - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.4542 - Analog Devices)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TACTION Touch (HKLM\...\TACTION Touch) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20061107.210142 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Workspace Desktop (HKCU\...\workspacedesktop) (Version:  - Starfield Technologies)
WORLDPAC speedDIAL (HKLM\...\WORLDPAC speedDIAL_is1) (Version:  - WORLDPAC)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{00025601-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\CRYSTL32.OCX (Seagate Software, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{00025604-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\CRYSTL32.OCX (Seagate Software, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{00025605-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\CRYSTL32.OCX (Seagate Software, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{00025606-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\CRYSTL32.OCX (Seagate Software, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{00025607-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\CRYSTL32.OCX (Seagate Software, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{00025608-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\CRYSTL32.OCX (Seagate Software, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{00025609-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\CRYSTL32.OCX (Seagate Software, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{0002560A-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\CRYSTL32.OCX (Seagate Software, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\midas\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{3D5C6BF2-69A3-11D0-B393-00A0C9055D8E}\InprocServer32 -> C:\WINDOWS\system32\msderun.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{5E71F04C-551F-11CF-8152-00AA00A40C25}\InprocServer32 -> C:\WINDOWS\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{5EBB68F5-3BF1-11CF-814C-00AA00A40C25}\InprocServer32 -> C:\WINDOWS\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{66589880-8F68-11D0-AA69-00A0C9274B91}\InprocServer32 -> C:\WINDOWS\system32\CPEAUT32.DLL (Seagate Software, Inc)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{795B06EA-58E8-482C-AF11-A7E4E34DA16F}\InprocServer32 -> C:\Documents and Settings\midas\Local Settings\Application Data\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{7A162288-DE78-473C-A6BA-23FF17F768E9}\InprocServer32 -> C:\Documents and Settings\midas\Local Settings\Application Data\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Documents and Settings\midas\Local Settings\Application Data\Citrix\GoToMeeting\880\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{8CC82228-2200-4D22-9859-B762582F6D31}\InprocServer32 -> C:\Documents and Settings\midas\Local Settings\Application Data\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{9A8831F0-A263-11D1-8DCF-00A0C90FFFC2}\InprocServer32 -> C:\WINDOWS\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{9A8831F1-A263-11D1-8DCF-00A0C90FFFC2}\InprocServer32 -> C:\WINDOWS\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{9A8831F2-A263-11D1-8DCF-00A0C90FFFC2}\InprocServer32 -> C:\WINDOWS\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{E169D2B5-9411-47B9-A473-345A3FB57090}\InprocServer32 -> C:\Documents and Settings\midas\Local Settings\Application Data\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\midas\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{E791964C-208A-11CF-8146-00AA00A40C25}\InprocServer32 -> C:\WINDOWS\system32\msrdo20.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2765813695-2802655320-1838027424-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\midas\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
28-08-2014 22:01:52 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 08:00 - 2014-08-28 18:02 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CentralTransmit5am.job => C:\Program Files\Central Office\centraloffice.exe
Task: C:\WINDOWS\Tasks\CentralTransmit9pm.job => C:\Program Files\Central Office\centraloffice.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-11-25 18:33 - 2007-07-12 23:33 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2007-06-26 09:33 - 2006-01-05 01:55 - 00022663 ____R () C:\WINDOWS\system32\DELG1L3.DLL
2013-03-12 17:07 - 2013-08-30 13:10 - 00314880 _____ () C:\Program Files\ROWriter\RowPrintJob\RowPrintJob.exe
2012-03-27 07:00 - 2012-03-27 07:00 - 00782336 _____ () C:\Program Files\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\SAP BusinessObjects Enterprise XI 4.0\win32_x86\fssl-1-2-1-6.dll
2012-03-27 07:00 - 2012-03-27 07:00 - 01617920 _____ () C:\Program Files\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\SAP BusinessObjects Enterprise XI 4.0\win32_x86\ebus-3-3-2-7.dll
2012-03-27 07:00 - 2012-03-27 07:00 - 00098304 _____ () C:\Program Files\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\SAP BusinessObjects Enterprise XI 4.0\win32_x86\etc-1-0-12-6.dll
2012-03-27 07:01 - 2012-03-27 07:01 - 00083968 _____ () C:\Program Files\SAP BusinessObjects\Crystal Reports for .NET Framework 4.0\Common\SAP BusinessObjects Enterprise XI 4.0\win32_x86\boezlib.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00218112 _____ () C:\Program Files\ROWriter\Tray\ROTray.exe
2013-01-28 18:58 - 2013-01-28 18:58 - 00057344 _____ () C:\Program Files\ROWriter\Tray\UtilityClasses.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00011264 _____ () C:\Program Files\ROWriter\Tray\Log.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00018944 _____ () C:\Program Files\ROWriter\Tray\ProgressBar.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00018944 _____ () C:\Program Files\ROWriter\Tray\Subscription.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00014848 _____ () C:\Program Files\ROWriter\Tray\Registry.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00012288 _____ () C:\Program Files\ROWriter\Tray\ConflictingEvent.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00101376 _____ () C:\Program Files\ROWriter\Tray\Internet.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00033280 _____ () C:\Program Files\ROWriter\Tray\TrayInfo.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00025600 _____ () C:\Program Files\ROWriter\Tray\Environment.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00017920 _____ () C:\Program Files\ROWriter\Tray\FileDirPath.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00175104 _____ () C:\Program Files\ROWriter\Tray\MessageManager.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00020992 _____ () C:\Program Files\ROWriter\Tray\VersionInfo.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00014848 _____ () C:\Program Files\ROWriter\Tray\WorkstationInfo.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00035328 _____ () C:\Program Files\ROWriter\Tray\CallerID.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00015872 _____ () C:\Program Files\ROWriter\Tray\Configuration.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00107520 _____ () C:\Program Files\ROWriter\Tray\M2.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00129536 _____ () C:\Program Files\ROWriter\Tray\DataHighway.dll
2013-01-28 18:58 - 2013-01-28 18:58 - 00011264 _____ () C:\Program Files\ROWriter\Tray\Crypto.dll
2004-08-04 08:00 - 2008-03-25 00:50 - 00355112 _____ () C:\WINDOWS\system32\msjetoledb40.dll
2014-08-28 18:03 - 2014-08-28 18:03 - 00043008 _____ () c:\Documents and Settings\midas\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmponeugu.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Documents and Settings\midas\Application Data\Dropbox\bin\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescueUA_676506 => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^midas.bgi => C:\WINDOWS\pss\midas.bgiCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^midas^Start Menu^Programs^Startup^PolicyUpdater.exe => C:\WINDOWS\pss\PolicyUpdater.exeStartup
MSCONFIG\startupfolder: C:^Documents and Settings^midas^Start Menu^Programs^Startup^ROWriter Caller ID.lnk => C:\WINDOWS\pss\ROWriter Caller ID.lnkStartup
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/28/2014 04:27:44 PM) (Source: crypt32) (EventID: 5) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/5D003860F002ED829DEAA41868F788186D62127F.crt> with error: The server name or address could not be resolved
 
Error: (08/27/2014 02:20:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application GoogleUpdate.exe, version 1.3.21.103, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x00012fd3.
Processing media-specific event for [GoogleUpdate.exe!ws!]
 
Error: (08/27/2014 09:20:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application GoogleUpdate.exe, version 1.3.21.103, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x00012fd3.
Processing media-specific event for [GoogleUpdate.exe!ws!]
 
Error: (08/25/2014 03:27:23 PM) (Source: MsiInstaller) (EventID: 11905) (User: SERVER)
Description: Product: ATI Catalyst Control Center -- Error 1905.Module C:\Program Files\ATI Technologies\ATI.ACE\atiamaxx.dll failed to unregister.  HRESULT -2147220472.  Contact your support personnel.
 
Error: (08/25/2014 01:44:06 PM) (Source: MsiInstaller) (EventID: 11704) (User: SERVER)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1704. SA_Error1704: StandardAction(0xC00706A8): An installation for LogMeIn is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
 
Error: (08/25/2014 01:28:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/25/2014 01:15:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 9.0.0.4503, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/25/2014 01:15:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application wmplayer.exe, version 9.0.0.4503, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/25/2014 01:14:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application rowriter.exe, version 1.29.0.13, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/25/2014 06:55:51 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.
 
 
System errors:
=============
Error: (08/28/2014 06:01:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPSEC Services service terminated with the following error: 
%%2
 
Error: (08/28/2014 04:19:11 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.
 
Error: (08/28/2014 04:18:39 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.
 
Error: (08/28/2014 04:18:07 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.
 
Error: (08/28/2014 04:17:35 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.
 
Error: (08/28/2014 04:16:51 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.
 
Error: (08/28/2014 04:16:19 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.
 
Error: (08/28/2014 04:15:47 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.
 
Error: (08/28/2014 04:15:15 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.
 
Error: (08/28/2014 04:14:43 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.
 
 
Microsoft Office Sessions:
=========================
Error: (08/28/2014 04:27:44 PM) (Source: crypt32) (EventID: 5) (User: )
 
Error: (08/27/2014 02:20:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.103kernel32.dll5.1.2600.653200012fd3
 
Error: (08/27/2014 09:20:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.103kernel32.dll5.1.2600.653200012fd3
 
Error: (08/25/2014 03:27:23 PM) (Source: MsiInstaller) (EventID: 11905) (User: SERVER)
Description: Product: ATI Catalyst Control Center -- Error 1905.Module C:\Program Files\ATI Technologies\ATI.ACE\atiamaxx.dll failed to unregister.  HRESULT -2147220472.  Contact your support personnel.(NULL)(NULL)(NULL)
 
Error: (08/25/2014 01:44:06 PM) (Source: MsiInstaller) (EventID: 11704) (User: SERVER)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1704. SA_Error1704: StandardAction(0xC00706A8): An installation for LogMeIn is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)
 
Error: (08/25/2014 01:28:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (08/25/2014 01:15:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wmplayer.exe9.0.0.4503hungapp0.0.0.000000000
 
Error: (08/25/2014 01:15:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wmplayer.exe9.0.0.4503hungapp0.0.0.000000000
 
Error: (08/25/2014 01:14:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rowriter.exe1.29.0.13hungapp0.0.0.000000000
 
Error: (08/25/2014 06:55:51 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: 
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® D CPU 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 3061.54 MB
Available physical RAM: 2408.34 MB
Total Pagefile: 5967.66 MB
Available Pagefile: 5489.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.39 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.01 GB) (Free:18.29 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 41AB2316)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 28 August 2014 - 05:43 PM

Very good. The dllhost.exe processes should be gone now, correct?
How is your computer running? What problems or symptoms are still there?


Please visit VirusTotal and scan a file as follows:
  • Click on Choose File.
  • Copy and paste the following into the file name textbox:
    c:\sdi\amwrappersrv.exe
    and click Open.
  • Now hit the Scan it! button on the website to scan the selected file.
  • If you get the message

    File already analysed - This file was last analyse by VirusTotal on ....

    then click on Reanalyse!
  • Wait until the scan has finished.
  • Copy the URL from your browsers address bar and paste it in your next reply.


#5 hpspec

hpspec
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 29 August 2014 - 09:29 AM

aharonov,

 

dllhost.exe processes are gone, yes! Computer is running much better; I detect no symptoms. Thank you. Any idea what was causing it or if I was pretty badly infected?

 

-----------------------------------------------

Scan of "c:\sdi\amwrappersrv.exe"

-----------------------------------------------

 

https://www.virustotal.com/en/file/dc30b17b421dc4ad68b431f1eeb2eed2434d5b346b16c9a8e9d2abb54f4d04b2/analysis/1409322238/



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 29 August 2014 - 02:35 PM

That's good. Now let's do a final check up to see if anything else shows up:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#7 hpspec

hpspec
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 29 August 2014 - 03:42 PM

New symptoms have appeared. My dual-core CPU is constantly using 50%+ resources, however, no item(s) show in Task Manager as using anything close to that (nor do any items collectively add up to use that much, not even close). I even have "Show processes from all users" checked. IE and Chrome hang even when trying to just load the initial webpage. Chrome makes it a little further, than hangs. These symptoms occur with and without Avast real-time protection enabled. No other anti-virus/anti-malware programs are installed.

 

I had to download the ESET Online Scanner from another PC and place it on the troubled machine. However, even though the machine has full access to the internet, ESET complained about not being able to reach it. Now the entire computer is frozen and unresponsive.

 

After restarting my PC, I ran ESET again this time with it seeming to progress much further. It is in the midst of a scan right now.



#8 hpspec

hpspec
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 PM

Posted 29 August 2014 - 04:12 PM

At the end of Step 2 out of 4 for the ESET Online Scanner, the program states "Unexpected error 2002." I clicked "Back" and clicked "Start" again to see if the error repeated, and it did. I tried it a third time with the same results.

 

I researched this issue, and ran F-Secure Online Scanner. It did not find any harmful applications. 

 

I then ran ESET Online Scanner a third time and it complained again about, "Can not get update. Is proxy configured?" I then double-checked Internet Options -> Connections to see if a proxy was enabled, but it was not. I did check the box in that window to "Automatically detect settings." After doing so, I ran ESET Online Scanner a fourth time and it has now progressed past Step 2 and onto Step 3. I'll update you shortly.



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 06 September 2014 - 06:18 AM

Did ESET finish this time?

#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 19 September 2014 - 02:44 PM

I haven't heard from you for some time.
Do you still need help?

#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 29 September 2014 - 09:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users