Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cleaning up PC after PicexaViewer virus attack


  • This topic is locked This topic is locked
13 replies to this topic

#1 ItielMaN

ItielMaN

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 16 June 2015 - 06:16 PM

Hey all,
 
Using Windows XP SP3.
About a month ago my friend complained about pictures opening with PicexaViewer.
She removed it using a guide she saw over the internet but still every file was opening by PicexaViewer.
I fixed it using Windows Repair (of Tweaking.com) but I'm afraid there are some malwares left behind.
Now I know you do not wish users to run ComboFix but I did it (before I saw the rules here) and it gave me an error "Warning!! Do not run ComboFix in Compatibility Mode. Doing so may damage the machine." and trying to install MBAM gave me an error "Runtime Error (at 71:100): Could not call proc." even after running mbam-clean-2.1.1.1001 and running mbam-chameleon-3.1.16.0 after a reboot.

Note that I've downloaded Combofix twice and still the same error (and I made sure it wasn't actually on compatibility mode).

Things I've tried:

1. Cleaning with AdwCleaner.
2. Looking for malware with SAS, only cookies were found (though it wasn't a full scan).
3. Cleaning with ATFCleaner.
4. chkdsk c: /f /r
5. Trying to install Microsoft Visual C++ 2005 Redistributable Package- installation seems to be failing.

6. Removing "no file" entries in Hijackthis (don't worry I knew what I was doing).

7. Cleaning with JRT, and it failed (I think). Saw many "Unable to set locale" there and no log was produced later.

8. Looking for PicexaViewer and Picexa in regedit and removed them.

9. Cleaning %temp% manually.

10. Running RogueKiller. Almost nothing was found.

11. Running Windows Repair (by Tweaking.com) various fixes (Register system files, Remove policies set by infections, Repair file association and so on. Dind't tick what was unnecessary.

12. Looking at Autoruns 13.4. Nothing special though.

 

I may have done more but don't remember right now.

 

And for the log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by sofia_d (administrator) on SOFIA on 17-06-2015 01:29:56
Running from C:\Documents and Settings\sofia_d\My Documents\Downloads
Loaded Profiles: sofia_d (Available Profiles: sofia_d & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Logitech Inc.) C:\WINDOWS\system32\LVCOMSX.EXE
(Logitech Inc.) C:\Program Files\Logitech\Video\CameraAssistant.exe
(Logitech Inc.) C:\WINDOWS\system32\ElkCtrl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(LogMeIn, Inc.) C:\secure\x86\LMIGuardianSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2202704 2010-06-24] (ESET)
HKLM\...\Run: [LVCOMSX] => C:\WINDOWS\system32\LVCOMSX.EXE [225280 2005-12-09] (Logitech Inc.)
HKLM\...\Run: [LogitechCameraAssistant] => C:\Program Files\Logitech\Video\CameraAssistant.exe [489472 2005-12-07] (Logitech Inc.)
HKLM\...\Run: [LogitechCameraService(E)] => C:\WINDOWS\system32\ElkCtrl.exe [262144 2004-11-01] (Logitech Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16861184 2008-04-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\RunOnce: [1] => C:\Documents and Settings\sofia_d\Local Settings\Temp\Rar$EXa0.007\Chameleon\Windows\mbam-chameleon.exe [878392 2015-03-17] (MalwareBytes) <===== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2011-01-26] (ATI Technologies Inc.)
HKU\S-1-5-21-515967899-583907252-682003330-1003\...\Run: [LDM] => C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [32768 2011-01-08] (Logitech)
HKU\S-1-5-21-515967899-583907252-682003330-1003\...\Run: [Google Update] => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-515967899-583907252-682003330-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [28919936 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-515967899-583907252-682003330-1003\...\MountPoints2: {be372b5f-87be-11e0-8495-002618a3a436} - F:\KODAK_Software_Downloader.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-01-08]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-515967899-583907252-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-515967899-583907252-682003330-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06] (Hewlett-Packard Co.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Handler: bw+0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw+0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw-0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw-0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw00 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw00s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw10 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw10s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw20 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw20s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw30 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw30s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw40 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw40s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw50 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw50s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw60 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw60s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw70 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw70s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw80 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw80s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw90 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw90s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwa0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwa0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwb0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwb0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwc0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwc0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwd0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwd0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwe0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwe0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwf0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwf0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwg0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwg0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwh0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwh0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwi0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwi0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwj0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwj0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwk0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwk0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwl0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwl0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwm0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwm0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwn0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwn0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwo0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwo0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwp0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwp0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwq0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwq0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwr0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwr0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bws0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bws0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwt0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwt0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwu0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwu0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwv0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwv0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bww0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bww0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwx0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwx0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwy0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwy0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwz0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwz0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: offline-8876480 - {549F974D-7733-4E30-8139-FE232E9AF0C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\sofia_d\Application Data\Mozilla\Firefox\Profiles\nzfyl4dt.default
FF SelectedSearchEngine: delta-homes
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-11] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-515967899-583907252-682003330-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-515967899-583907252-682003330-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-515967899-583907252-682003330-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ozonru.xml [2015-04-07]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\priceru.xml [2015-04-07]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-slovari.xml [2015-04-07]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex.xml [2015-04-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-18]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011-01-08]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-20]
CHR Extension: (Google Search) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-20]
CHR Extension: (Default) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn [2011-01-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (No Name) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2015-06-16]
CHR Extension: (Gmail) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-20]
StartMenuInternet: chrome.exe - c:\documents and settings\sofia_d\local settings\application data\google\chrome\application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [33584 2010-06-24] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [810144 2010-06-24] (ESET)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\secure\x86\LMIGuardianSvc.exe [375120 2014-07-19] (LogMeIn, Inc.)
S2 LVPrcSrv; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [81920 2005-12-09] (Logitech Inc.) [File not signed]
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S4 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-05-18] (SolidWorks) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-18] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [140752 2010-06-24] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [114984 2010-04-28] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [134488 2010-04-28] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [32584 2010-04-28] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [55256 2010-06-24] (ESET)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-17] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-17] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP)
R3 Lvckap; C:\WINDOWS\system32\drivers\Lvckap.sys [2174464 2005-12-09] () [File not signed]
S3 lvmvdrv; C:\WINDOWS\system32\drivers\lvmvdrv.sys [2400256 2005-12-09] () [File not signed]
R3 LVPrcMon; C:\WINDOWS\system32\drivers\LVPrcMon.sys [16768 2005-12-09] () [File not signed]
R3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [39424 2005-12-06] (Logitech Inc.)
R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [120024 2015-06-17] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [100456 2010-11-12] (NVIDIA Corporation)
R3 pepifilter; C:\WINDOWS\System32\DRIVERS\lv302af.sys [7136 2005-12-06] (Logitech Inc.)
R3 PID_08A0; C:\WINDOWS\System32\DRIVERS\LV302AV.SYS [916096 2005-12-06] (Logitech Inc.)
S4 IntelIde; No ImagePath
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-17 01:29 - 2015-06-17 01:29 - 00000000 ____D C:\FRST
2015-06-16 23:45 - 2015-06-17 01:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-06-16 23:45 - 2015-06-16 23:45 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 23:45 - 2015-06-16 23:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-06-16 23:44 - 2015-06-17 01:23 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-16 23:38 - 2015-06-16 23:56 - 00008903 _____ C:\WINDOWS\setupapi.log
2015-06-16 23:29 - 2015-06-16 23:29 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\DxCK
2015-06-16 23:14 - 2015-06-16 23:14 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\WinRAR
2015-06-16 23:06 - 2015-06-16 23:06 - 00000692 _____ C:\Documents and Settings\sofia_d\Start Menu\WinRAR.lnk
2015-06-16 23:06 - 2015-06-16 23:06 - 00000000 ____D C:\Program Files\WinRAR
2015-06-16 23:06 - 2015-06-16 23:06 - 00000000 ____D C:\Documents and Settings\sofia_d\Start Menu\Programs\WinRAR
2015-06-16 23:06 - 2015-06-16 23:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-06-16 22:51 - 2015-06-16 23:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-16 22:51 - 2015-06-16 22:51 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-06-16 22:50 - 2015-06-16 22:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-06-16 22:24 - 2015-06-16 22:24 - 00000000 ____D C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2015-06-16 22:17 - 2015-06-16 22:17 - 00000000 ____D C:\RegBackup
2015-06-16 22:14 - 2015-06-16 22:17 - 00000000 ____D C:\Documents and Settings\sofia_d\desktop\Tweaking.com - Windows Repair
2015-06-16 21:56 - 2015-06-16 21:56 - 00000000 ____D C:\WINDOWS\erdnt
2015-06-16 21:49 - 2015-06-16 21:49 - 00000000 ___HD C:\WINDOWS\PIF
2015-06-16 21:45 - 2015-06-16 21:45 - 00001734 _____ C:\Documents and Settings\sofia_d\desktop\HijackThis.lnk
2015-06-16 21:45 - 2015-06-16 21:45 - 00000000 ____D C:\Program Files\Trend Micro
2015-06-16 21:45 - 2015-06-16 21:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
2015-06-16 21:11 - 2015-06-16 21:12 - 00000000 ____D C:\Program Files\TeamViewer
2015-06-16 21:11 - 2015-06-16 21:11 - 00000706 _____ C:\Documents and Settings\All Users\desktop\TeamViewer 10.lnk
2015-06-16 21:11 - 2015-06-16 21:11 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\TeamViewer
2015-06-16 21:11 - 2015-06-16 21:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-05-24 01:05 - 2015-05-24 01:05 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-17 01:30 - 2011-01-07 14:58 - 00000000 ____D C:\Documents and Settings\sofia_d\Local Settings\Temp
2015-06-17 01:28 - 2011-01-08 22:04 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\Skype
2015-06-17 01:16 - 2011-01-08 22:13 - 00001016 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job
2015-06-17 00:55 - 2011-01-07 14:50 - 01984218 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-17 00:55 - 2004-08-04 15:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-17 00:54 - 2014-03-09 22:01 - 00000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-06-17 00:54 - 2011-01-07 16:34 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-17 00:54 - 2011-01-07 16:34 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-06-17 00:54 - 2011-01-07 14:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-17 00:05 - 2011-01-07 14:54 - 00032522 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-16 23:56 - 2011-01-07 14:48 - 00000000 ____D C:\Program Files\MSN
2015-06-16 23:43 - 2013-05-18 19:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-16 23:29 - 2011-01-07 14:59 - 00070912 _____ C:\Documents and Settings\sofia_d\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-06-16 23:05 - 2011-01-08 22:03 - 00000000 ___RD C:\Program Files\Skype
2015-06-16 23:05 - 2011-01-08 22:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-06-16 23:04 - 2011-01-07 14:58 - 00000000 ____D C:\Documents and Settings\sofia_d
2015-06-16 23:00 - 2013-03-25 23:55 - 00001006 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job
2015-06-16 23:00 - 2013-03-25 23:55 - 00000984 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job
2015-06-16 22:51 - 2013-05-18 15:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-16 22:33 - 2011-01-07 16:32 - 00558374 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-16 22:28 - 2011-01-07 16:29 - 00268600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-16 22:26 - 2011-01-07 14:58 - 00000738 _____ C:\Documents and Settings\sofia_d\Start Menu\Programs\Outlook Express.lnk
2015-06-16 22:24 - 2011-01-07 14:54 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-06-16 22:23 - 2011-01-07 14:51 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2015-06-16 22:23 - 2011-01-07 14:51 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2015-06-16 22:05 - 2004-08-04 15:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-06-16 21:47 - 2011-01-07 16:36 - 00000000 ____D C:\WINDOWS\pss
2015-06-16 21:41 - 2011-01-07 14:54 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-06-13 14:28 - 2011-01-07 16:45 - 00002417 _____ C:\Documents and Settings\sofia_d\desktop\Microsoft Office Word 2003.lnk
2015-06-12 09:13 - 2011-01-07 16:48 - 00002457 _____ C:\Documents and Settings\sofia_d\desktop\Microsoft Office Outlook 2003.lnk
2015-06-12 09:06 - 2015-05-14 22:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro.Alert
2015-06-11 20:31 - 2013-07-24 22:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-11 20:25 - 2011-01-10 14:52 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-11 19:43 - 2013-05-18 19:07 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-11 19:43 - 2013-05-18 19:07 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-11 19:16 - 2011-01-08 22:13 - 00000964 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job
2015-06-11 18:16 - 2011-01-08 22:14 - 00002296 _____ C:\Documents and Settings\sofia_d\desktop\Google Chrome.lnk
2015-06-11 18:10 - 2015-05-14 22:31 - 00000000 ____D C:\WINDOWS\CryptoGuard
2015-06-06 22:27 - 2011-01-07 14:58 - 00000278 ___SH C:\Documents and Settings\sofia_d\ntuser.ini
2015-05-28 20:49 - 2014-02-28 18:46 - 00002265 _____ C:\Documents and Settings\All Users\desktop\Skype.lnk
 
==================== Files in the root of some directories =======
 
2011-01-08 17:31 - 2013-09-27 19:15 - 0011776 _____ () C:\Documents and Settings\sofia_d\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-03 21:02 - 2012-01-03 21:02 - 0000130 _____ () C:\Documents and Settings\sofia_d\Local Settings\Application Data\fusioncache.dat
 
Files to move or delete:
====================
C:\Documents and Settings\sofia_d\Local Settings\Temp\Rar$EXa0.007\Chameleon\Windows\mbam-chameleon.exe
 
 
Some files in TEMP:
====================
C:\Documents and Settings\sofia_d\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\sofia_d\Local Settings\Temp\IadHide5.dll
C:\Documents and Settings\sofia_d\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\sofia_d\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\sofia_d\Local Settings\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of log ============================
 
 
 
Note that I don't have the Windows XP disc to do sfc /scannow.
Addition file is attached.
 
Thanks.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 AM

Posted 18 June 2015 - 09:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-515967899-583907252-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
CHR Extension: (No Name) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2015-06-16]
S4 IntelIde; No ImagePath
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BF14D50A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BF31A799

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 ItielMaN

ItielMaN
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 18 June 2015 - 03:23 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by sofia_d at 2015-06-18 22:54:32 Run:2
Running from C:\Documents and Settings\sofia_d\desktop
Loaded Profiles: sofia_d (Available Profiles: sofia_d & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-515967899-583907252-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
CHR Extension: (No Name) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2015-06-16]
S4 IntelIde; No ImagePath
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BF14D50A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:BF31A799
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-515967899-583907252-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Internet Explorer\Main\\Search Bar => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh folder not found.
IntelIde => Service not found.
lmimirr => Service not found.
"C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh" => File/Folder not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":BF14D50A" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":BF31A799" ADS not found.
EmptyTemp: => 145.6 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 22:54:43 ====
 
 
The system ran OK even before but I was worried about not being able to install MBAM and running CF as I mentioned before.
I always take MBAM as a second advise.

Anything else I can try? I'm out of ideas. Actually I do have an idea and that's to run them from Safe Mode Network but I don't have that luxury since I'm connected to this PC via TeamViewer. And I'm not sure the person standing there in front of the screen would know what to do. That's why I also can't do sfc /scannow.

Is it possible that ESET SS is blocking  MBAM & CF somehow even though I've temporarily disabled it's protection?

 

 

BTW, if you can get in touch with FRST's developer(s), inform them about this mistype:

The computer needs a restart. Please close all open windows. Note that you will not get any notificatation from the tool after restart.

Notice the "notificatation".

 

 

Thanks.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 AM

Posted 19 June 2015 - 08:19 AM

Is it possible that ESET SS is blocking MBAM & CF somehow even though I've temporarily disabled it's protection?

Yes I have seen occasions where the software must be removed in order to run ComboFix not sure about MBAM.

#5 ItielMaN

ItielMaN
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 22 June 2015 - 03:48 PM

 

Is it possible that ESET SS is blocking MBAM & CF somehow even though I've temporarily disabled it's protection?

Yes I have seen occasions where the software must be removed in order to run ComboFix not sure about MBAM.

 

 
ESET SS fully uninstalled with Revo Uninstaller + ran ESETUninstaller from safe mode. It removed the leftover services.
Reboot and try again- the same. CF and MBAM won't run.
Installed AVAST and did a full scan- found about 190~ viruses, all of them from system volume information. Removed them, disabled system restore and activated it again to flash it's cache.

 

And.. still the same.

Something that concerned me (although I don't think it's directly conneted to this issue) is that line in Hijackthis:

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\vsocklib.dll' missing

Isn't that a system file?

On the other hand I see under this tree:

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 20/06/2015 23:36

This entry in Autoruns:

000000000012 File not found: C:\WINDOWS\system32\vsocklib.dll.exe

.dll.exe? Hijackthis shows only .dll.. 

 

I'm thinking an OS reinstall is in place.

Any ideas beside that?

 

P.S. I already ran MBAR (didn't let it finish though)



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 AM

Posted 23 June 2015 - 06:51 AM

Remove this registry item and see if MBAM can now run.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

HKLM\...\RunOnce: [1] => C:\Documents and Settings\sofia_d\Local Settings\Temp\Rar$EXa0.007\Chameleon\Windows\mbam-chameleon.exe [878392 2015-03-17] (MalwareBytes) <===== ATTENTION

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===
 

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\vsocklib.dll' missing
Isn't that a system file?
On the other hand I see under this tree:
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries 20/06/2015 23:36
This entry in Autoruns:
000000000012 File not found: C:\WINDOWS\system32\vsocklib.dll.exe
.dll.exe? Hijackthis shows only .dll..

If the LSP provider was broken you would have problems with the internet.
It would also be shown in the FRST log.

Did you repair it with the Tweaking tool?

13 - Repair Winsock & DNS Cache
===

 

I'm thinking an OS reinstall is in place.

Your call since Microsoft does not support it any more.

#7 ItielMaN

ItielMaN
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 23 June 2015 - 04:04 PM

Remove this registry item and see if MBAM can now run.

 

Didn't help. After reboot still the same.
 

Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

No need for the fixlist.txt since I've done it manually with other tools since that first log was produced.

 

If the LSP provider was broken you would have problems with the internet.
It would also be shown in the FRST log.

Did you repair it with the Tweaking tool?

13 - Repair Winsock & DNS Cache

 

To be honest I didn't try it at first. Anyway still didn't help.

BTW you need to update your copy&paste template about this- Repair Winsock & DNS Cache was changed in recent versions to Repair Network.

 

 

The updated FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2015 01
Ran by sofia_d (administrator) on SOFIA on 23-06-2015 23:15:38
Running from C:\Documents and Settings\sofia_d\desktop
Loaded Profiles: sofia_d (Available Profiles: sofia_d & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(LogMeIn, Inc.) C:\secure\x86\LMIGuardianSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Logitech Inc.) C:\WINDOWS\system32\LVCOMSX.EXE
(Logitech Inc.) C:\Program Files\Logitech\Video\CameraAssistant.exe
(Logitech Inc.) C:\WINDOWS\system32\ElkCtrl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Tweaking.com) C:\Documents and Settings\sofia_d\desktop\Tweaking.com - Windows Repair\WR_Tray_Icon.exe
(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [LVCOMSX] => C:\WINDOWS\system32\LVCOMSX.EXE [225280 2005-12-09] (Logitech Inc.)
HKLM\...\Run: [LogitechCameraAssistant] => C:\Program Files\Logitech\Video\CameraAssistant.exe [489472 2005-12-07] (Logitech Inc.)
HKLM\...\Run: [LogitechCameraService(E)] => C:\WINDOWS\system32\ElkCtrl.exe [262144 2004-11-01] (Logitech Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16861184 2008-04-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-20] (Avast Software s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2011-01-26] (ATI Technologies Inc.)
HKU\S-1-5-21-515967899-583907252-682003330-1003\...\Run: [LDM] => C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [32768 2011-01-08] (Logitech)
HKU\S-1-5-21-515967899-583907252-682003330-1003\...\Run: [Google Update] => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-515967899-583907252-682003330-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53282944 2015-06-16] (Skype Technologies S.A.)
HKU\S-1-5-21-515967899-583907252-682003330-1003\...\MountPoints2: {be372b5f-87be-11e0-8495-002618a3a436} - F:\KODAK_Software_Downloader.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-01-08]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-20] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
URLSearchHook: HKU\S-1-5-21-515967899-583907252-682003330-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06] (Hewlett-Packard Co.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Handler: bw+0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw+0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw-0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw-0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw00 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw00s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw10 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw10s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw20 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw20s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw30 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw30s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw40 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw40s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw50 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw50s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw60 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw60s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw70 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw70s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw80 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw80s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw90 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw90s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwa0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwa0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwb0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwb0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwc0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwc0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwd0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwd0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwe0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwe0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwf0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwf0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwg0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwg0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwh0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwh0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwi0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwi0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwj0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwj0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwk0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwk0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwl0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwl0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwm0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwm0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwn0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwn0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwo0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwo0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwp0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwp0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwq0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwq0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwr0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwr0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bws0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bws0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwt0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwt0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwu0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwu0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwv0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwv0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bww0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bww0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwx0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwx0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwy0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwy0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwz0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwz0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: offline-8876480 - {549F974D-7733-4E30-8139-FE232E9AF0C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\sofia_d\Application Data\Mozilla\Firefox\Profiles\nzfyl4dt.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: delta-homes
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-21] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-515967899-583907252-682003330-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-515967899-583907252-682003330-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-515967899-583907252-682003330-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ozonru.xml [2015-04-07]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\priceru.xml [2015-04-07]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-slovari.xml [2015-04-07]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex.xml [2015-04-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-18]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-20]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-20]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-17]
CHR Extension: (Google Search) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-20]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-22]
CHR Extension: (Default) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn [2011-01-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-20]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-20]
StartMenuInternet: chrome.exe - c:\documents and settings\sofia_d\local settings\application data\google\chrome\application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-20] (Avast Software s.r.o.)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\secure\x86\LMIGuardianSvc.exe [375120 2014-07-19] (LogMeIn, Inc.)
S2 LVPrcSrv; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [81920 2005-12-09] (Logitech Inc.) [File not signed]
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S4 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-05-18] (SolidWorks) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-18] ()
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-06-20] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-06-20] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-06-20] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-06-20] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-06-20] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-06-20] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-06-20] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-06-20] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-17] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-17] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP)
R3 Lvckap; C:\WINDOWS\system32\drivers\Lvckap.sys [2174464 2005-12-09] () [File not signed]
S3 lvmvdrv; C:\WINDOWS\system32\drivers\lvmvdrv.sys [2400256 2005-12-09] () [File not signed]
R3 LVPrcMon; C:\WINDOWS\system32\drivers\LVPrcMon.sys [16768 2005-12-09] () [File not signed]
R3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [39424 2005-12-06] (Logitech Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [100456 2010-11-12] (NVIDIA Corporation)
R3 pepifilter; C:\WINDOWS\System32\DRIVERS\lv302af.sys [7136 2005-12-06] (Logitech Inc.)
R3 PID_08A0; C:\WINDOWS\System32\DRIVERS\LV302AV.SYS [916096 2005-12-06] (Logitech Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-23 23:15 - 2015-06-23 23:16 - 00032799 _____ C:\Documents and Settings\sofia_d\desktop\FRST.txt
2015-06-23 23:15 - 2015-06-23 23:10 - 01148928 _____ (Farbar) C:\Documents and Settings\sofia_d\desktop\FRST.exe
2015-06-23 21:57 - 2015-06-23 22:55 - 00000000 ____D C:\Documents and Settings\sofia_d\desktop\Tweaking.com - Windows Repair
2015-06-23 21:53 - 2015-06-23 21:54 - 00000000 ____D C:\AdwCleaner
2015-06-23 21:44 - 2015-06-23 21:44 - 05629494 ____R (Swearware) C:\Documents and Settings\sofia_d\desktop\ComboFix.exe
2015-06-23 21:44 - 2015-06-23 21:44 - 00000000 ___SD C:\32788R22FWJFW
2015-06-22 22:40 - 2015-06-22 22:40 - 00000706 _____ C:\Documents and Settings\All Users\desktop\TeamViewer 10.lnk
2015-06-22 22:40 - 2015-06-22 22:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-06-21 00:09 - 2015-06-21 00:09 - 00000000 ____D C:\WINDOWS\jumpshot.com
2015-06-20 23:54 - 2015-06-20 23:54 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\AVAST Software
2015-06-20 23:53 - 2015-06-23 21:32 - 00000366 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-06-20 23:53 - 2015-06-20 23:53 - 00787760 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-06-20 23:53 - 2015-06-20 23:53 - 00427992 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-06-20 23:53 - 2015-06-20 23:53 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-06-20 23:53 - 2015-06-20 23:53 - 00209048 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-06-20 23:53 - 2015-06-20 23:53 - 00074976 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-06-20 23:53 - 2015-06-20 23:53 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-06-20 23:53 - 2015-06-20 23:53 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-06-20 23:53 - 2015-06-20 23:53 - 00049904 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-06-20 23:53 - 2015-06-20 23:53 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-06-20 23:53 - 2015-06-20 23:53 - 00024144 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-06-20 23:53 - 2015-06-20 23:53 - 00001689 _____ C:\Documents and Settings\All Users\desktop\Avast Free Antivirus.lnk
2015-06-20 23:53 - 2015-06-20 23:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-06-20 23:51 - 2015-06-20 23:51 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-20 23:46 - 2015-06-22 21:57 - 00001084 _____ C:\WINDOWS\spupdsvc.log
2015-06-20 23:46 - 2015-06-21 00:49 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-06-20 23:46 - 2015-06-20 23:46 - 00000000 ____D C:\WINDOWS\system32\windowspowershell
2015-06-20 23:46 - 2015-06-20 23:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2015-06-20 23:45 - 2015-06-20 23:46 - 00030666 _____ C:\WINDOWS\KB926139-v2.log
2015-06-20 23:45 - 2015-06-20 23:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926139-v2$
2015-06-20 23:38 - 2015-06-20 23:46 - 00013419 _____ C:\WINDOWS\iis6.log
2015-06-20 23:38 - 2015-06-20 23:46 - 00012318 _____ C:\WINDOWS\FaxSetup.log
2015-06-20 23:38 - 2015-06-20 23:46 - 00005912 _____ C:\WINDOWS\ocgen.log
2015-06-20 23:38 - 2015-06-20 23:46 - 00005642 _____ C:\WINDOWS\tsoc.log
2015-06-20 23:38 - 2015-06-20 23:46 - 00004186 _____ C:\WINDOWS\comsetup.log
2015-06-20 23:38 - 2015-06-20 23:46 - 00003812 _____ C:\WINDOWS\msmqinst.log
2015-06-20 23:38 - 2015-06-20 23:46 - 00002532 _____ C:\WINDOWS\ntdtcsetup.log
2015-06-20 23:38 - 2015-06-20 23:46 - 00002166 _____ C:\WINDOWS\netfxocm.log
2015-06-20 23:38 - 2015-06-20 23:46 - 00001374 _____ C:\WINDOWS\imsins.log
2015-06-20 23:38 - 2015-06-20 23:46 - 00000850 _____ C:\WINDOWS\MedCtrOC.log
2015-06-20 23:38 - 2015-06-20 23:46 - 00000684 _____ C:\WINDOWS\ocmsn.log
2015-06-20 23:38 - 2015-06-20 23:46 - 00000622 _____ C:\WINDOWS\tabletoc.log
2015-06-20 23:38 - 2015-06-20 23:46 - 00000618 _____ C:\WINDOWS\msgsocm.log
2015-06-20 23:38 - 2015-06-20 23:39 - 00008469 _____ C:\WINDOWS\KB942288-v3.log
2015-06-20 23:38 - 2015-06-20 23:39 - 00001374 _____ C:\WINDOWS\imsins.BAK
2015-06-20 23:38 - 2015-06-20 23:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2015-06-20 23:38 - 2015-06-20 23:38 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-20 23:38 - 2015-06-20 23:38 - 00000000 _____ C:\WINDOWS\setupact.log
2015-06-20 23:17 - 2015-06-20 23:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-06-20 22:36 - 2015-06-20 22:36 - 00000000 __SHD C:\WINDOWS\CSC
2015-06-20 22:31 - 2015-06-20 22:32 - 00002962 _____ C:\WINDOWS\setupapi.log
2015-06-20 21:56 - 2015-06-20 21:56 - 00000917 _____ C:\Documents and Settings\sofia_d\desktop\Revo Uninstaller.lnk
2015-06-20 21:56 - 2015-06-20 21:56 - 00000000 ____D C:\Program Files\VS Revo Group
2015-06-17 22:54 - 2015-06-17 22:54 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-06-17 22:54 - 2015-06-17 22:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2015-06-17 22:54 - 2015-05-31 21:00 - 00112128 _____ C:\WINDOWS\system32\ff_vfw.dll
2015-06-17 22:54 - 2015-02-28 18:21 - 03591680 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw.dll
2015-06-17 22:54 - 2015-02-25 19:27 - 00473088 _____ (http://www.mp3dev.org/) C:\WINDOWS\system32\lameACM.acm
2015-06-17 22:54 - 2015-02-25 01:37 - 00655872 _____ C:\WINDOWS\system32\xvidcore.dll
2015-06-17 22:54 - 2015-02-25 01:37 - 00240128 _____ C:\WINDOWS\system32\xvidvfw.dll
2015-06-17 22:54 - 2012-07-21 13:54 - 00122880 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm
2015-06-17 22:54 - 2012-05-22 00:48 - 00000415 _____ C:\WINDOWS\system32\lame_acm.xml
2015-06-17 22:54 - 2011-12-07 20:32 - 00216064 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2015-06-17 22:54 - 2011-06-22 17:14 - 00000714 _____ C:\WINDOWS\system32\ff_vfw.dll.manifest
2015-06-17 22:54 - 2004-05-18 21:16 - 00039936 _____ (Disappearing Inc.) C:\WINDOWS\system32\huffyuv.dll
2015-06-17 01:29 - 2015-06-23 23:15 - 00000000 ____D C:\FRST
2015-06-16 23:45 - 2015-06-16 23:45 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-16 23:44 - 2015-06-17 01:23 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-16 23:29 - 2015-06-16 23:29 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\DxCK
2015-06-16 23:14 - 2015-06-16 23:14 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\WinRAR
2015-06-16 23:06 - 2015-06-16 23:06 - 00000692 _____ C:\Documents and Settings\sofia_d\Start Menu\WinRAR.lnk
2015-06-16 23:06 - 2015-06-16 23:06 - 00000000 ____D C:\Program Files\WinRAR
2015-06-16 23:06 - 2015-06-16 23:06 - 00000000 ____D C:\Documents and Settings\sofia_d\Start Menu\Programs\WinRAR
2015-06-16 23:06 - 2015-06-16 23:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-06-16 22:51 - 2015-06-16 23:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-16 22:51 - 2015-06-16 22:51 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-06-16 22:24 - 2015-06-16 22:24 - 00000000 ____D C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2015-06-16 22:17 - 2015-06-16 22:17 - 00000000 ____D C:\RegBackup
2015-06-16 21:56 - 2015-06-16 21:56 - 00000000 ____D C:\WINDOWS\erdnt
2015-06-16 21:49 - 2015-06-16 21:49 - 00000000 ___HD C:\WINDOWS\PIF
2015-06-16 21:45 - 2015-06-16 21:45 - 00001734 _____ C:\Documents and Settings\sofia_d\desktop\HijackThis.lnk
2015-06-16 21:45 - 2015-06-16 21:45 - 00000000 ____D C:\Program Files\Trend Micro
2015-06-16 21:45 - 2015-06-16 21:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
2015-06-16 21:11 - 2015-06-23 09:20 - 00000000 ____D C:\Program Files\TeamViewer
2015-06-16 21:11 - 2015-06-16 21:11 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\TeamViewer
2015-05-24 01:05 - 2015-05-24 01:05 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-23 23:16 - 2011-01-08 22:13 - 00001016 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job
2015-06-23 23:15 - 2011-01-07 14:58 - 00000000 ____D C:\Documents and Settings\sofia_d\Local Settings\Temp
2015-06-23 23:07 - 2011-01-07 16:32 - 00558374 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-23 23:05 - 2011-01-08 22:04 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\Skype
2015-06-23 23:00 - 2013-03-25 23:55 - 00001006 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job
2015-06-23 23:00 - 2013-03-25 23:55 - 00000984 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job
2015-06-23 22:43 - 2013-05-18 19:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-23 21:32 - 2004-08-04 15:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-23 21:31 - 2011-01-07 14:50 - 01075660 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-23 21:30 - 2014-03-09 22:01 - 00000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-06-23 21:30 - 2011-01-07 16:34 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-23 21:30 - 2011-01-07 16:34 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-06-23 21:30 - 2011-01-07 14:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-23 21:29 - 2011-01-07 14:54 - 00032376 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-23 19:16 - 2011-01-08 22:13 - 00000964 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job
2015-06-23 00:31 - 2011-01-10 22:09 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-06-22 22:53 - 2011-01-08 22:14 - 00002296 _____ C:\Documents and Settings\sofia_d\desktop\Google Chrome.lnk
2015-06-22 22:50 - 2011-01-08 22:13 - 00000000 ____D C:\Documents and Settings\sofia_d\Local Settings\Application Data\Temp
2015-06-22 22:39 - 2011-01-07 14:50 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-06-22 22:35 - 2011-01-08 22:03 - 00000000 ___RD C:\Program Files\Skype
2015-06-22 22:35 - 2011-01-08 22:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-06-22 22:27 - 2011-01-07 16:28 - 00000211 ___SH C:\boot.ini
2015-06-22 22:27 - 2011-01-07 14:58 - 00000278 ___SH C:\Documents and Settings\sofia_d\ntuser.ini
2015-06-22 22:27 - 2004-08-04 15:00 - 00000638 _____ C:\WINDOWS\win.ini
2015-06-22 22:27 - 2004-08-04 15:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-06-21 00:05 - 2013-05-18 19:07 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-21 00:05 - 2013-05-18 19:07 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-20 23:45 - 2011-01-07 14:59 - 00070912 _____ C:\Documents and Settings\sofia_d\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-06-20 23:40 - 2011-01-07 16:29 - 00268600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-20 22:18 - 2011-01-07 14:58 - 00000000 ____D C:\Documents and Settings\sofia_d
2015-06-17 23:28 - 2011-05-18 14:24 - 00002727 _____ C:\Documents and Settings\All Users\desktop\SolidWorks Explorer 2009.lnk
2015-06-17 23:14 - 2013-02-06 21:12 - 00000000 ____D C:\Program Files\DScaler5
2015-06-17 22:40 - 2015-05-14 22:55 - 00000682 _____ C:\Documents and Settings\All Users\desktop\CCleaner.lnk
2015-06-17 22:40 - 2015-05-14 22:55 - 00000000 ____D C:\Program Files\CCleaner
2015-06-16 23:56 - 2011-01-07 14:48 - 00000000 ____D C:\Program Files\MSN
2015-06-16 22:51 - 2013-05-18 15:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-16 22:24 - 2011-01-07 14:54 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-06-16 22:23 - 2011-01-07 14:51 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2015-06-16 22:23 - 2011-01-07 14:51 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2015-06-16 21:47 - 2011-01-07 16:36 - 00000000 ____D C:\WINDOWS\pss
2015-06-16 21:41 - 2011-01-07 14:54 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-06-13 14:28 - 2011-01-07 16:45 - 00002417 _____ C:\Documents and Settings\sofia_d\desktop\Microsoft Office Word 2003.lnk
2015-06-12 09:13 - 2011-01-07 16:48 - 00002457 _____ C:\Documents and Settings\sofia_d\desktop\Microsoft Office Outlook 2003.lnk
2015-06-11 20:31 - 2013-07-24 22:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-11 20:25 - 2011-01-10 14:52 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-11 18:10 - 2015-05-14 22:31 - 00000000 ____D C:\WINDOWS\CryptoGuard
2015-05-28 20:49 - 2014-02-28 18:46 - 00002265 _____ C:\Documents and Settings\All Users\desktop\Skype.lnk
 
==================== Files in the root of some directories =======
 
2012-01-03 21:02 - 2012-01-03 21:02 - 0000130 _____ () C:\Documents and Settings\sofia_d\Local Settings\Application Data\fusioncache.dat
 
Some files in TEMP:
====================
C:\Documents and Settings\sofia_d\Local Settings\Temp\IadHide5.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of log ============================


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 AM

Posted 24 June 2015 - 07:51 AM

Lets run this last tool.

ttLR1ki.jpg
  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.


#9 ItielMaN

ItielMaN
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 24 June 2015 - 04:38 PM

Gotta admit, kinda interesting log.
I'm thinking there are things to fix here but not sure so I'll leave it to you. OTL is not my expertise :)
 

Since the logs are too long they're attached here.

 

Edit: isn't there a parameter to force run combofix? Like "combofix.exe -ignoreerrors" or something?

Attached Files


Edited by ItielMaN, 25 June 2015 - 01:35 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 AM

Posted 25 June 2015 - 07:54 AM

Run OTL.
Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL.
Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

To do that:

Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:
 

:OTL
PRC - C:\Documents and Settings\sofia_d\desktop\Tweaking.com - Windows Repair\WR_Tray_Icon.exe (Tweaking.com)
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
FF - user.js - File not found
CHR - Extension: No name found = C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.


Click Run Fix.
Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
If requested to reboot, please do so. The log file will open after restart.
Enable back your security softwares as soon as you completed the OTL fix steps.
===

Nothing here suggests that something is blocking MBAM or Combofix.

Avast may be blocking these programs.
If you feel that it's necessary to run these tools then you will have to remove it.

Then try to run the tools .

Make sure you reinstall the application.

===

A CD emulator can also interfere with these program.

If you have a CD emulator disable it.

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

HOW TO: Enable the CD Emulators... < restore only when we are finished.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

p.s.
You connect to this PC via TeamViewer that may also impede the running of these programs.

#11 ItielMaN

ItielMaN
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 25 June 2015 - 02:47 PM

The log:

 

========== OTL ==========
No active process named WR_Tray_Icon.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 06252015_221100
 
I've deliberately ommited these lines from the fix:
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
CHR - Extension: No name found = C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\

 

 

Since:

1. All these services are wrongly (is that a word?) preinstalled with Windows XP. I've seen it in every Autoruns log I got my hand on with Windows XP. I once removed them and after a reboot, Windows started booting like this:

29.Personalised-Settings.gif

And it kinda scared me :S

Take also a look at this link.

 

2. Although the extension has no name- it belongs to Avast Online Security addon, so it's safe.

 

I don't know why it ignored the "FF - user.js - File not found" line though. I've tried fixing again and still ignores.

 

 

===

 

Yeah, that's what I thought when ESET SS was installed, so as I've said before, I've fully uninstalled it and tried running the tools again after a restart without any security product runningand still the same errors. So Avast it not to blame, although it was a bit suspicious.

 

===

 

No CD-Emulators installed whatsoever.

Ran DeFogger and still the same.

 

===

 

You connect to this PC via TeamViewer that may also impede the running of these programs

 

Why is that?

Technically and logically TV can't interfere with other running programs.

Anyway, I'll ask my friend to run it without me connected to this PC and report back.

But for the time being, any other advises?

 

I've tried also running ESET Online Scanner and it stopped around 95%~ while downloading the signatures (said "are you connected with proxy settings?" while I wasn't). And I've tried it several times.

 

 

Thanks.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 AM

Posted 26 June 2015 - 07:18 AM

You can leave the empty services. They are not causing any problems.

2. Although the extension has no name- it belongs to Avast Online Security addon, so it's safe.

It's just not necessary. You can can it not harm will come.

I don't know why it ignored the "FF - user.js - File not found" line though. I've tried fixing again and still ignores

The file is created by FF when some options are set.
Nothing to worry about.

===

The only proxy that may be present is that you are using

Af or MBAM I can only suggest you contact the Malwarebytes.org forum and see what they have to suggest.

#13 ItielMaN

ItielMaN
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 26 June 2015 - 07:30 AM

You can leave the empty services. They are not causing any problems.
 

2. Although the extension has no name- it belongs to Avast Online Security addon, so it's safe.

It's just not necessary. You can can it not harm will come.

I don't know why it ignored the "FF - user.js - File not found" line though. I've tried fixing again and still ignores

The file is created by FF when some options are set.
Nothing to worry about.

===

The only proxy that may be present is that you are using

Af or MBAM I can only suggest you contact the Malwarebytes.org forum and see what they have to suggest.

 

Don't know if I'll open a new topic there.

 

Anyhow.. thanks :)

You can lock here, if I'll need I'll PM you to reopen this thread.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 AM

Posted 26 June 2015 - 08:32 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users