Jump to content

Recommended Posts

Hi all,

 

Following these topics:

https://forums.malwarebytes.org/index.php?/topic/169779-cant-install-malwarebytes/

http://www.bleepingcomputer.com/forums/t/579690/cleaning-up-pc-after-picexaviewer-virus-attack/

I'm posting here a new topic by 1PW's advice.

All the info you need is there about my issue.

 

And now for the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by sofia_d (administrator) on SOFIA on 01-07-2015 22:40:35
Running from C:\Documents and Settings\sofia_d\desktop
Loaded Profiles: sofia_d (Available Profiles: sofia_d & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\WINDOWS\system32\LVCOMSX.EXE
(Logitech Inc.) C:\Program Files\Logitech\Video\CameraAssistant.exe
(Logitech Inc.) C:\WINDOWS\system32\ElkCtrl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(LogMeIn, Inc.) C:\secure\x86\LMIGuardianSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [LVCOMSX] => C:\WINDOWS\system32\LVCOMSX.EXE [225280 2005-12-09] (Logitech Inc.)
HKLM\...\Run: [LogitechCameraAssistant] => C:\Program Files\Logitech\Video\CameraAssistant.exe [489472 2005-12-07] (Logitech Inc.)
HKLM\...\Run: [LogitechCameraService(E)] => C:\WINDOWS\system32\ElkCtrl.exe [262144 2004-11-01] (Logitech Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16861184 2008-04-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-20] (Avast Software s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2011-01-26] (ATI Technologies Inc.)
HKU\S-1-5-21-515967899-583907252-682003330-1003\...\Run: [LDM] => C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [32768 2011-01-08] (Logitech)
HKU\S-1-5-21-515967899-583907252-682003330-1003\...\Run: [Google Update] => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-515967899-583907252-682003330-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [53282944 2015-06-16] (Skype Technologies S.A.)
HKU\S-1-5-21-515967899-583907252-682003330-1003\...\MountPoints2: {be372b5f-87be-11e0-8495-002618a3a436} - F:\KODAK_Software_Downloader.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-01-08]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-20] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-515967899-583907252-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
URLSearchHook: HKU\S-1-5-21-515967899-583907252-682003330-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06] (Hewlett-Packard Co.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Handler: bw+0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw+0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw-0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw-0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw00 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw00s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw10 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw10s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw20 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw20s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw30 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw30s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw40 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw40s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw50 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw50s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw60 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw60s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw70 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw70s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw80 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw80s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw90 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bw90s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwa0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwa0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwb0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwb0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwc0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwc0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwd0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwd0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwe0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwe0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwf0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwf0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwg0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwg0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwh0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwh0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwi0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwi0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwj0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwj0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwk0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwk0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwl0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwl0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwm0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwm0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwn0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwn0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwo0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwo0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwp0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwp0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwq0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwq0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwr0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwr0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bws0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bws0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwt0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwt0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwu0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwu0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwv0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwv0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bww0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bww0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwx0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwx0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwy0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwy0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwz0 - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: bwz0s - {549f974d-7733-4e30-8139-fe232e9af0c5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: offline-8876480 - {549F974D-7733-4E30-8139-FE232E9AF0C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2011-01-08] (BackWeb Technologies Inc.                         )
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{5E4D4B81-BB03-4403-BAEE-84B1B068F773}: [DhcpNameServer] 10.0.0.138
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\sofia_d\Application Data\Mozilla\Firefox\Profiles\nzfyl4dt.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: delta-homes
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-515967899-583907252-682003330-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-515967899-583907252-682003330-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-515967899-583907252-682003330-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ozonru.xml [2015-04-07]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\priceru.xml [2015-04-07]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-slovari.xml [2015-04-07]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex.xml [2015-04-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-18]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-20]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-20]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-17]
CHR Extension: (Google Search) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-20]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-22]
CHR Extension: (Default) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn [2011-01-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-20]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-20]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-20]
StartMenuInternet: chrome.exe - c:\documents and settings\sofia_d\local settings\application data\google\chrome\application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-20] (Avast Software s.r.o.)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 LMIGuardianSvc; C:\secure\x86\LMIGuardianSvc.exe [375120 2014-07-19] (LogMeIn, Inc.)
R2 LVPrcSrv; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [81920 2005-12-09] (Logitech Inc.) [File not signed]
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S4 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-05-18] (SolidWorks) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-18] ()
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-06-20] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-06-20] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-06-20] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-06-20] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-06-20] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-06-20] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-06-20] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 eapihdrv; C:\Documents and Settings\sofia_d\Local Settings\Temp\ehdrv.sys [135760 2015-06-25] (ESET)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-17] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-17] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP)
R3 Lvckap; C:\WINDOWS\system32\drivers\Lvckap.sys [2174464 2005-12-09] () [File not signed]
S3 lvmvdrv; C:\WINDOWS\system32\drivers\lvmvdrv.sys [2400256 2005-12-09] () [File not signed]
R3 LVPrcMon; C:\WINDOWS\system32\drivers\LVPrcMon.sys [16768 2005-12-09] () [File not signed]
R3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [39424 2005-12-06] (Logitech Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [100456 2010-11-12] (NVIDIA Corporation)
R3 pepifilter; C:\WINDOWS\System32\DRIVERS\lv302af.sys [7136 2005-12-06] (Logitech Inc.)
R3 PID_08A0; C:\WINDOWS\System32\DRIVERS\LV302AV.SYS [916096 2005-12-06] (Logitech Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 22:40 - 2015-07-01 22:41 - 00032648 _____ C:\Documents and Settings\sofia_d\desktop\FRST.txt
2015-07-01 22:37 - 2015-07-01 22:37 - 01636352 _____ (Farbar) C:\Documents and Settings\sofia_d\desktop\FRST.exe
2015-06-28 23:02 - 2015-06-28 23:02 - 00010799 _____ C:\WINDOWS\setupapi.log
2015-06-28 23:02 - 2015-06-28 23:02 - 00000041 _____ C:\WINDOWS\setupact.log
2015-06-28 23:02 - 2015-06-28 23:02 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-27 20:51 - 2015-06-27 20:51 - 00006948 _____ C:\Documents and Settings\sofia_d\desktop\CheckResults.txt
2015-06-27 20:49 - 2015-06-27 20:49 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\sofia_d\desktop\mbam-check-2.1.1.1001.exe
2015-06-25 22:13 - 2015-06-25 22:13 - 00000000 _____ C:\Documents and Settings\sofia_d\defogger_reenable
2015-06-25 22:11 - 2015-06-25 22:11 - 00000000 ____D C:\_OTL
2015-06-25 00:17 - 2015-06-25 00:17 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\sofia_d\desktop\OTL.exe
2015-06-23 21:57 - 2015-06-23 22:55 - 00000000 ____D C:\Documents and Settings\sofia_d\desktop\Tweaking.com - Windows Repair
2015-06-23 21:53 - 2015-06-23 21:54 - 00000000 ____D C:\AdwCleaner
2015-06-23 21:44 - 2015-06-26 19:01 - 00000000 ___SD C:\32788R22FWJFW
2015-06-23 21:44 - 2015-06-26 19:00 - 05631168 ____R (Swearware) C:\Documents and Settings\sofia_d\desktop\ComboFix.exe
2015-06-22 22:40 - 2015-06-22 22:40 - 00000706 _____ C:\Documents and Settings\All Users\desktop\TeamViewer 10.lnk
2015-06-22 22:40 - 2015-06-22 22:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-06-21 00:09 - 2015-06-21 00:09 - 00000000 ____D C:\WINDOWS\jumpshot.com
2015-06-20 23:54 - 2015-06-20 23:54 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\AVAST Software
2015-06-20 23:53 - 2015-07-01 21:59 - 00000366 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-06-20 23:53 - 2015-06-26 18:53 - 00428120 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-20 23:53 - 2015-06-20 23:53 - 00787760 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-06-20 23:53 - 2015-06-20 23:53 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-06-20 23:53 - 2015-06-20 23:53 - 00209048 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-06-20 23:53 - 2015-06-20 23:53 - 00074976 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-06-20 23:53 - 2015-06-20 23:53 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-06-20 23:53 - 2015-06-20 23:53 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-06-20 23:53 - 2015-06-20 23:53 - 00049904 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-06-20 23:53 - 2015-06-20 23:53 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-06-20 23:53 - 2015-06-20 23:53 - 00024144 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-06-20 23:53 - 2015-06-20 23:53 - 00001689 _____ C:\Documents and Settings\All Users\desktop\Avast Free Antivirus.lnk
2015-06-20 23:53 - 2015-06-20 23:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-06-20 23:51 - 2015-06-20 23:51 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-20 23:46 - 2015-06-21 00:49 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-06-20 23:46 - 2015-06-20 23:46 - 00000000 ____D C:\WINDOWS\system32\windowspowershell
2015-06-20 23:46 - 2015-06-20 23:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2015-06-20 23:45 - 2015-06-20 23:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926139-v2$
2015-06-20 23:38 - 2015-06-20 23:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2015-06-20 23:17 - 2015-06-20 23:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-06-20 22:36 - 2015-06-20 22:36 - 00000000 __SHD C:\WINDOWS\CSC
2015-06-20 21:56 - 2015-06-20 21:56 - 00000917 _____ C:\Documents and Settings\sofia_d\desktop\Revo Uninstaller.lnk
2015-06-20 21:56 - 2015-06-20 21:56 - 00000000 ____D C:\Program Files\VS Revo Group
2015-06-17 22:54 - 2015-06-17 22:54 - 00000000 ____D C:\Program Files\K-Lite Codec Pack
2015-06-17 22:54 - 2015-06-17 22:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2015-06-17 22:54 - 2015-05-31 21:00 - 00112128 _____ C:\WINDOWS\system32\ff_vfw.dll
2015-06-17 22:54 - 2015-02-28 18:21 - 03591680 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw.dll
2015-06-17 22:54 - 2015-02-25 19:27 - 00473088 _____ (http://www.mp3dev.org/) C:\WINDOWS\system32\lameACM.acm
2015-06-17 22:54 - 2015-02-25 01:37 - 00655872 _____ C:\WINDOWS\system32\xvidcore.dll
2015-06-17 22:54 - 2015-02-25 01:37 - 00240128 _____ C:\WINDOWS\system32\xvidvfw.dll
2015-06-17 22:54 - 2012-07-21 13:54 - 00122880 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm
2015-06-17 22:54 - 2012-05-22 00:48 - 00000415 _____ C:\WINDOWS\system32\lame_acm.xml
2015-06-17 22:54 - 2011-12-07 20:32 - 00216064 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2015-06-17 22:54 - 2011-06-22 17:14 - 00000714 _____ C:\WINDOWS\system32\ff_vfw.dll.manifest
2015-06-17 22:54 - 2004-05-18 21:16 - 00039936 _____ (Disappearing Inc.) C:\WINDOWS\system32\huffyuv.dll
2015-06-17 01:29 - 2015-07-01 22:40 - 00000000 ____D C:\FRST
2015-06-16 23:29 - 2015-06-16 23:29 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\DxCK
2015-06-16 23:14 - 2015-06-16 23:14 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\WinRAR
2015-06-16 23:06 - 2015-06-16 23:06 - 00000692 _____ C:\Documents and Settings\sofia_d\Start Menu\WinRAR.lnk
2015-06-16 23:06 - 2015-06-16 23:06 - 00000000 ____D C:\Program Files\WinRAR
2015-06-16 23:06 - 2015-06-16 23:06 - 00000000 ____D C:\Documents and Settings\sofia_d\Start Menu\Programs\WinRAR
2015-06-16 23:06 - 2015-06-16 23:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-06-16 22:51 - 2015-06-16 23:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-16 22:51 - 2015-06-16 22:51 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-06-16 22:24 - 2015-06-16 22:24 - 00000000 ____D C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2015-06-16 22:17 - 2015-06-16 22:17 - 00000000 ____D C:\RegBackup
2015-06-16 21:56 - 2015-06-16 21:56 - 00000000 ____D C:\WINDOWS\erdnt
2015-06-16 21:49 - 2015-06-16 21:49 - 00000000 ___HD C:\WINDOWS\PIF
2015-06-16 21:45 - 2015-06-16 21:45 - 00001734 _____ C:\Documents and Settings\sofia_d\desktop\HijackThis.lnk
2015-06-16 21:45 - 2015-06-16 21:45 - 00000000 ____D C:\Program Files\Trend Micro
2015-06-16 21:45 - 2015-06-16 21:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
2015-06-16 21:11 - 2015-06-23 09:20 - 00000000 ____D C:\Program Files\TeamViewer
2015-06-16 21:11 - 2015-06-16 21:11 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\TeamViewer
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 22:41 - 2011-01-07 14:58 - 00000000 ____D C:\Documents and Settings\sofia_d\Local Settings\Temp
2015-07-01 22:40 - 2011-01-08 22:04 - 00000000 ____D C:\Documents and Settings\sofia_d\Application Data\Skype
2015-07-01 22:16 - 2011-01-08 22:13 - 00001016 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job
2015-07-01 21:55 - 2004-08-04 15:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-01 21:54 - 2011-01-07 14:50 - 01207562 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-01 21:53 - 2014-03-09 22:01 - 00000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-07-01 21:53 - 2011-01-07 16:34 - 00000157 _____ C:\WINDOWS\wiadebug.log
2015-07-01 21:53 - 2011-01-07 16:34 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-07-01 21:53 - 2011-01-07 14:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-01 21:51 - 2011-01-07 14:54 - 00032540 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-01 21:43 - 2013-05-18 19:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-01 21:41 - 2011-05-25 19:23 - 00000238 _____ C:\Documents and Settings\sofia_d\intlname.ols
2015-07-01 20:02 - 2011-01-07 16:48 - 00002457 _____ C:\Documents and Settings\sofia_d\desktop\Microsoft Office Outlook 2003.lnk
2015-07-01 20:00 - 2013-03-25 23:55 - 00001006 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job
2015-06-30 23:00 - 2013-03-25 23:55 - 00000984 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job
2015-06-30 21:57 - 2014-02-28 18:46 - 00002265 _____ C:\Documents and Settings\All Users\desktop\Skype.lnk
2015-06-30 19:16 - 2011-01-08 22:13 - 00000964 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job
2015-06-26 18:31 - 2011-01-07 14:58 - 00000000 ____D C:\Documents and Settings\sofia_d
2015-06-26 18:30 - 2015-05-14 22:55 - 00000682 _____ C:\Documents and Settings\All Users\desktop\CCleaner.lnk
2015-06-26 18:30 - 2015-05-14 22:55 - 00000000 ____D C:\Program Files\CCleaner
2015-06-26 18:30 - 2013-05-23 18:40 - 00000000 ____D C:\Documents and Settings\sofia_d\My Documents\Загрузки
2015-06-25 21:35 - 2011-01-07 16:32 - 00558374 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-25 21:22 - 2011-01-07 16:45 - 00002417 _____ C:\Documents and Settings\sofia_d\desktop\Microsoft Office Word 2003.lnk
2015-06-24 00:43 - 2013-05-18 19:07 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-24 00:43 - 2013-05-18 19:07 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-23 00:31 - 2011-01-10 22:09 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-06-22 22:53 - 2011-01-08 22:14 - 00002296 _____ C:\Documents and Settings\sofia_d\desktop\Google Chrome.lnk
2015-06-22 22:50 - 2011-01-08 22:13 - 00000000 ____D C:\Documents and Settings\sofia_d\Local Settings\Application Data\Temp
2015-06-22 22:39 - 2011-01-07 14:50 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-06-22 22:35 - 2011-01-08 22:03 - 00000000 ___RD C:\Program Files\Skype
2015-06-22 22:35 - 2011-01-08 22:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-06-22 22:27 - 2011-01-07 16:28 - 00000211 ___SH C:\boot.ini
2015-06-22 22:27 - 2011-01-07 14:58 - 00000278 ___SH C:\Documents and Settings\sofia_d\ntuser.ini
2015-06-22 22:27 - 2004-08-04 15:00 - 00000638 _____ C:\WINDOWS\win.ini
2015-06-22 22:27 - 2004-08-04 15:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-06-20 23:45 - 2011-01-07 14:59 - 00070912 _____ C:\Documents and Settings\sofia_d\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-06-20 23:40 - 2011-01-07 16:29 - 00268600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-17 23:28 - 2011-05-18 14:24 - 00002727 _____ C:\Documents and Settings\All Users\desktop\SolidWorks Explorer 2009.lnk
2015-06-17 23:14 - 2013-02-06 21:12 - 00000000 ____D C:\Program Files\DScaler5
2015-06-16 23:56 - 2011-01-07 14:48 - 00000000 ____D C:\Program Files\MSN
2015-06-16 22:51 - 2013-05-18 15:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-16 22:24 - 2011-01-07 14:54 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-06-16 22:23 - 2011-01-07 14:51 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2015-06-16 22:23 - 2011-01-07 14:51 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2015-06-16 21:47 - 2011-01-07 16:36 - 00000000 ____D C:\WINDOWS\pss
2015-06-16 21:41 - 2011-01-07 14:54 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-06-11 20:31 - 2013-07-24 22:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-11 20:25 - 2011-01-10 14:52 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-11 18:10 - 2015-05-14 22:31 - 00000000 ____D C:\WINDOWS\CryptoGuard
 
==================== Files in the root of some directories =======
 
2012-01-03 21:02 - 2012-01-03 21:02 - 0000130 _____ () C:\Documents and Settings\sofia_d\Local Settings\Application Data\fusioncache.dat
 
Some files in TEMP:
====================
C:\Documents and Settings\sofia_d\Local Settings\Temp\IadHide5.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by sofia_d at 2015-07-01 22:41:43
Running from C:\Documents and Settings\sofia_d\desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-515967899-583907252-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-515967899-583907252-682003330-1005 - Limited - Enabled)
Guest (S-1-5-21-515967899-583907252-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-515967899-583907252-682003330-1000 - Limited - Disabled)
LogMeInRemoteUser (S-1-5-21-515967899-583907252-682003330-1004 - Administrator - Enabled)
sofia_d (S-1-5-21-515967899-583907252-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\sofia_d
SUPPORT_388945a0 (S-1-5-21-515967899-583907252-682003330-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
##CAMERADRIVERNAME## (HKLM\...\QcDrv) (Version:  - )
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
4500_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.3.0.1 - )
Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.0.9 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM\...\CameraWindowMC) (Version: 6.3.0.8 - )
Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.4.0.14 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 2.5.0.8 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.0.8 - )
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.1.0.8 - )
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.19.43 - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 5.8.0.74 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocMgr (Version: 100.0.201.000 - Hewlett-Packard) Hidden
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DWGeditor (Version: 17.00.6014 - SolidWorks) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (Version: 100.0.187.000 - Hewlett-Packard) Hidden
Google Chrome (HKU\S-1-5-21-515967899-583907252-682003330-1003\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Officejet J4500 Series (HKLM\...\{CD0773D5-C18E-495c-B39B-21A96415EDD5}) (Version: 1.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
J4500 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
K-Lite Mega Codec Pack 11.2.0 (HKLM\...\KLiteCodecPack_is1) (Version: 11.2.0 - )
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.01.02 - Logitech, Inc.)
Logitech QuickCam Software (HKLM\...\{C191BE7C-8542-4A61-973A-714EF76C5995}) (Version: 9.50.0000 - Logitech, Inc.)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{9011040D-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
mobile PhoneTools (HKLM\...\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}) (Version: 3.28 7/08/2005 - BVRP Software)
Motorola Mobile Drivers Installation 5.2.0 (HKLM\...\{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}) (Version: 5.2.0 - Motorola Inc.)
Mozilla Firefox 38.0.5 (x86 ru) (HKLM\...\Mozilla Firefox 38.0.5 (x86 ru)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NVIDIA Graphics Driver 266.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.58 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA nView 135.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.50 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
PhotoView 360 (Version: 17.00.6014 - SolidWorks Corporation) Hidden
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden
SolidWorks 2009 SP0 (HKLM\...\SolidWorks Installation Manager 20090-40000-1100-200) (Version: 17.0.0.6014 - SolidWorks Corporation)
SolidWorks 2009 SP0 (Version: 17.1.0003 - SolidWorks) Hidden
SolidWorks eDrawings 2009 (Version: 9.0.706 - Dassault Systטmes SolidWorks Corp.) Hidden
SolidWorks Explorer 2009 sp0 (Version: 17.00.6014 - SolidWorks Corporation) Hidden
SolidWorks Motion 2009 SP0 (Version: 17.00.6015 - SolidWorks Corporation) Hidden
SolidWorks Simulation 2009 SP0 (Version: 17.00.6015 - SolidWorks Corporation) Hidden
SolidWorks viewer (Version: 17.00.6014 - SolidWorks) Hidden
Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WinDjView 1.0.3 (HKLM\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
חבילת תאימות עבור מהדורת 2007 של מערכת Office (HKLM\...\{90120000-0020-040D-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\43.0.2357.130\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-583907252-682003330-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
 
==================== Restore Points =========================
 
22-06-2015 22:39:26 System Checkpoint
24-06-2015 00:47:16 System Checkpoint
25-06-2015 01:28:56 System Checkpoint
25-06-2015 09:59:32 Revo Uninstaller's restore point - ESET Online Scanner v3
26-06-2015 10:59:51 System Checkpoint
27-06-2015 11:08:32 System Checkpoint
28-06-2015 22:14:01 System Checkpoint
30-06-2015 19:56:31 System Checkpoint
01-07-2015 20:57:29 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 15:00 - 2004-08-04 15:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003Core.job => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-583907252-682003330-1003UA.job => C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-20 23:53 - 2015-06-20 23:53 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-20 23:53 - 2015-06-20 23:53 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-01 19:28 - 2015-07-01 19:28 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15070102\algo.dll
2013-03-11 14:28 - 2010-11-04 09:51 - 00555624 _____ () C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
2015-06-20 23:53 - 2015-06-20 23:53 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-01-08 21:38 - 2011-01-08 21:38 - 00061496 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\clntutil.dll
2011-01-08 21:38 - 2011-01-08 21:38 - 00147493 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\BWfiles.dll
2011-01-08 21:38 - 2011-01-08 21:38 - 00536617 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\BWDocMapExt.dll
2011-01-08 21:38 - 2011-01-08 21:38 - 00114688 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\bwscriptext.dll
2008-04-14 05:41 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 05:42 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-04-14 05:42 - 2013-01-02 09:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-515967899-583907252-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\sofia_d\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 10.0.0.138
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk => C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^sofia_d^Start Menu^Programs^Startup^SolidWorks Task Scheduler Engine.lnk => C:\WINDOWS\pss\SolidWorks Task Scheduler Engine.lnkStartup
MSCONFIG\startupreg: Facebook Update => "C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: hpqSRMon => 
MSCONFIG\startupreg: LogitechVideo[inspector] => C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
MSCONFIG\startupreg: LogMeIn GUI => "C:\secure\x86\LogMeInSystray.exe"
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: SolidWorks_CheckForUpdates => "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
MSCONFIG\startupreg: Torrent2Exe => 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] => Enabled:Logitech Desktop Messenger
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\sofia_d\Local Settings\Temp\Torrent2Exe\T2E.exe] => Enabled:Torrent2Exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] => Disabled:Logitech Desktop Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Enabled:Skype Extras Manager
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\sofia_d\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\sofia_d\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe] => Enabled:Facebook Video Calling Plugin
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\GloballyOpenPorts: [5353:UDP] => Enabled:Bonjour Port 5353
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/01/2015 09:53:55 PM) (Source: Windows Search Service) (EventID: 3026) (User: )
Description: Advise Status Change failed. The system is probably low on resources. Free up resources and restart the service.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)
 
Error: (07/01/2015 09:53:55 PM) (Source: ESENT) (EventID: 604) (User: )
Description: SearchIndexer (2836) Locale ID 0x0000040d (Hebrew Hebrew) is either invalid or not installed on this machine.
 
Error: (07/01/2015 07:26:42 PM) (Source: Windows Search Service) (EventID: 3026) (User: )
Description: Advise Status Change failed. The system is probably low on resources. Free up resources and restart the service.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)
 
Error: (07/01/2015 07:26:42 PM) (Source: ESENT) (EventID: 604) (User: )
Description: SearchIndexer (3124) Locale ID 0x0000040d (Hebrew Hebrew) is either invalid or not installed on this machine.
 
Error: (06/30/2015 06:55:41 PM) (Source: Windows Search Service) (EventID: 3026) (User: )
Description: Advise Status Change failed. The system is probably low on resources. Free up resources and restart the service.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)
 
Error: (06/30/2015 06:55:41 PM) (Source: ESENT) (EventID: 604) (User: )
Description: SearchIndexer (3144) Locale ID 0x0000040d (Hebrew Hebrew) is either invalid or not installed on this machine.
 
Error: (06/29/2015 10:09:43 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.
 
Context:  Application, SystemIndex Catalog
 
Error: (06/28/2015 09:52:27 PM) (Source: Windows Search Service) (EventID: 3026) (User: )
Description: Advise Status Change failed. The system is probably low on resources. Free up resources and restart the service.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)
 
Error: (06/28/2015 09:52:27 PM) (Source: ESENT) (EventID: 604) (User: )
Description: SearchIndexer (2980) Locale ID 0x0000040d (Hebrew Hebrew) is either invalid or not installed on this machine.
 
Error: (06/26/2015 09:12:01 PM) (Source: Windows Search Service) (EventID: 3026) (User: )
Description: Advise Status Change failed. The system is probably low on resources. Free up resources and restart the service.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)
 
 
System errors:
=============
Error: (07/01/2015 09:55:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The שירות HP CUE DeviceDiscovery Service service hung on starting.
 
Error: (07/01/2015 09:53:49 PM) (Source: 0) (EventID: 4311) (User: )
Description: 
 
Error: (07/01/2015 07:27:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The שירות HP CUE DeviceDiscovery Service service hung on starting.
 
Error: (07/01/2015 07:26:33 PM) (Source: 0) (EventID: 4311) (User: )
Description: 
 
Error: (06/30/2015 06:57:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The שירות HP CUE DeviceDiscovery Service service hung on starting.
 
Error: (06/30/2015 06:55:26 PM) (Source: 0) (EventID: 4311) (User: )
Description: 
 
Error: (06/28/2015 09:53:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The שירות HP CUE DeviceDiscovery Service service hung on starting.
 
Error: (06/28/2015 09:52:12 PM) (Source: 0) (EventID: 4311) (User: )
Description: 
 
Error: (06/26/2015 09:13:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The שירות HP CUE DeviceDiscovery Service service hung on starting.
 
Error: (06/26/2015 09:11:39 PM) (Source: 0) (EventID: 4311) (User: )
Description: 
 
 
Microsoft Office:
=========================
Error: (07/01/2015 09:53:55 PM) (Source: Windows Search Service) (EventID: 3026) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)
 
Error: (07/01/2015 09:53:55 PM) (Source: ESENT) (EventID: 604) (User: )
Description: SearchIndexer28360x0000040dHebrewHebrew
 
Error: (07/01/2015 07:26:42 PM) (Source: Windows Search Service) (EventID: 3026) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)
 
Error: (07/01/2015 07:26:42 PM) (Source: ESENT) (EventID: 604) (User: )
Description: SearchIndexer31240x0000040dHebrewHebrew
 
Error: (06/30/2015 06:55:41 PM) (Source: Windows Search Service) (EventID: 3026) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)
 
Error: (06/30/2015 06:55:41 PM) (Source: ESENT) (EventID: 604) (User: )
Description: SearchIndexer31440x0000040dHebrewHebrew
 
Error: (06/29/2015 10:09:43 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: Context:  Application, SystemIndex Catalog
 
Error: (06/28/2015 09:52:27 PM) (Source: Windows Search Service) (EventID: 3026) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)
 
Error: (06/28/2015 09:52:27 PM) (Source: ESENT) (EventID: 604) (User: )
Description: SearchIndexer29800x0000040dHebrewHebrew
 
Error: (06/26/2015 09:12:01 PM) (Source: Windows Search Service) (EventID: 3026) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.   (0x8004117f)
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 53%
Total physical RAM: 2047.04 MB
Available physical RAM: 946.8 MB
Total Virtual: 3939.82 MB
Available Virtual: 2908.99 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.04 GB) (Free:123.45 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:149.04 GB) (Free:133.04 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 2C6B2C6A)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=OF Extended)
 
==================== End of log ============================
Link to post
Share on other sites

Hello and welcome,

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

This issue is an odd one for sure, continue as follows please:

 

Select Windows key and R key together. Into the run box type regedit tap enter, Registry Editor will open.....

Expand the following key :-

HKEY_LOCAL_MACHINE >SOFTWARE > Policies > Microsoft > Windows > safer > codeidentifiers > 0

Do not expand the folder 0 Right click on that folder and choose "Export"

reg-2.png

A new widow will open, make sure to change "saved in" to Desktop.

reg2-1.png

From the desktop right click on the reg file > select > send to > compressed (zipped) folder....

Attach to next reply,

If the folder 0 is not found ignore those instructions amd continue:

Next,

Download Malwarebytes installer from here: http://downloads.malwarebytes.org/file/mbam Save the installer to your Desktop.

Next,

Select Windows key and R key together. Into the run box type msconfig tap enter

The System Configuration Utility dialog box is displayed.

We now need to configure selective startup options:

  • In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
  • Click to clear the Process SYSTEM.INI File check box.
  • Click to clear the Process WIN.INI File check box.
  • Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
  • Click the Services tab.
  • Click to select the Hide All Microsoft Services check box.
  • Click Disable All, and then click OK. this will disable none MS services.
  • When you are prompted, click Restart to restart the computer.


When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

The system is now in an "clean boot" mode.....

Next,

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions below



Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




Thank you,

 

Kevin.....

Link to post
Share on other sites

Hi Kevin,

 

The zipped file is attached as requested.

 

Do I have to do the msconfig thingy you said? Already tried booting into safe mode and still MBAM won't run.

If that's a must, can I at least allow TeamViewer service to run? Since I'm connected to this PC via TeamViewer.

 

ET.

 

P.S. Installing the newest version of MBAM gives an error "Runtime Error (at 75:100)" instead of "Runtime Error (at 71:100)".

P.S. 2 No need for all the detailed explanations :)

regfileformbam.zip

Link to post
Share on other sites

Backup the Registry:

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.

    erunt.png
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe



Next,

Select Windows key and R key together. Into the run box type regedit tap enter, Registry Editor will open.....

Expand the following key :-

HKEY_LOCAL_MACHINE >SOFTWARE > Policies > Microsoft > Windows > safer > codeidentifiers > 0

Do not expand the folder 0 Right click on that folder and choose "Delete" accept any alerts....

Reboot the system.

 

See if Malwarebytes will install and run...

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Backup the Registry:

 

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.

    erunt.png

  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Next,

Select Windows key and R key together. Into the run box type regedit tap enter, Registry Editor will open.....

Expand the following key :-

HKEY_LOCAL_MACHINE >SOFTWARE > Policies > Microsoft > Windows > safer > codeidentifiers > 0

Do not expand the folder 0 Right click on that folder and choose "Delete" accept any alerts....

Reboot the system.

 

 

See if Malwarebytes will install and run...

 

Thanks,

 

Kevin...

Nope.

Removed the '0' folder, rebooted- the same.

Link to post
Share on other sites

Ok, thanks. Leave that reg key out for now, can reset with ERUNT later.  Go back to reply #2, follow the instructions for clean boot and try Malwarebytes in that mode... Leave Team viewer active if required...

Link to post
Share on other sites

Ok, thanks. Leave that reg key out for now, can reset with ERUNT later.  Go back to reply #2, follow the instructions for clean boot and try Malwarebytes in that mode... Leave Team viewer active if required...

Done and still the same.

Link to post
Share on other sites

This is a strange one for sure, erunt ran ok I assume or you would have told me. If  ERUNT manual backup was successful, you will see that the default location for storing backups is C:\WINDOWS\ERDNT.

To restore, just navigate to that location then choose the restore that you named (manual backup)  open that folder and double click on it's ERDNT.EXE file. Take all defaults and follow instructions. Reboot when done and the restored registry will be active.

 

Next,

 

To return your computer to a Normal startup mode when complete, follow these steps:
 

Open msconfig...

On the General tab, click Normal Startup - load all device drivers and services, and then click OK.

When you are prompted, click Restart.

 

Next,

 

See if you can install SuperAntiSpyware from here: http://www.superantispyware.com/

Link to post
Share on other sites

<p>

This is a strange one for sure, erunt ran ok I assume or you would have told me. If ERUNT manual backup was successful, you will see that the default location for storing backups is C:\WINDOWS\ERDNT.

To restore, just navigate to that location then choose the restore that you named (manual backup) open that folder and double click on it's ERDNT.EXE file. Take all defaults and follow instructions. Reboot when done and the restored registry will be active.

Next,

To return your computer to a Normal startup mode when complete, follow these steps:

  • Open msconfig...
  • On the General tab, click Normal Startup - load all device drivers and services, and then click OK.
  • When you are prompted, click Restart.

Next,

See if you can install SuperAntiSpyware from here: http://www.superantispyware.com/

Link to post
Share on other sites

<p>

This is a strange one for sure, erunt ran ok I assume or you would have told me. If ERUNT manual backup was successful, you will see that the default location for storing backups is C:\WINDOWS\ERDNT.

To restore, just navigate to that location then choose the restore that you named (manual backup) open that folder and double click on it's ERDNT.EXE file. Take all defaults and follow instructions. Reboot when done and the restored registry will be active.

Next,

To return your computer to a Normal startup mode when complete, follow these steps:

  • Open msconfig...
  • On the General tab, click Normal Startup - load all device drivers and services, and then click OK.
  • When you are prompted, click Restart.

Next,

See if you can install SuperAntiSpyware from here: http://www.superantispyware.com/

I'm getting access denied error when restoring:

---------------------------

Warning!

---------------------------

Error restoring

C:\WINDOWS\erdnt\03-07-2015\SECURITY

to

C:\WINDOWS\system32\config\SECURITY !

Continue with the next file?

[ RegReplaceKey: 5 - Access is denied ]

And I did reset registry+files permissions using tweaking.com repair tool.

Link to post
Share on other sites

The reg file you exported will still be sitting on the Desktop, double click that file and agree the merge... Does that run OK? re-boot to complete....

 

This issue you have has got me stumped, SAS installed and ran ok. Malwarebytes just will not happen......

 

Can you download Malwarebytes free one more time from here: https://www.malwarebytes.org/ rename the installer to ixplor.com

 

Double click to run, any improvement??

Link to post
Share on other sites

Merging the reg file works OK and the '0' is back to the same place.
 
Running the installer as ixplor.com (of course without .exe extension) didn't change anything.
My thinking is to check what code is being executed at 75:100 and see where does it get stuck and why.
 

This issue you have has got me stumped

Yeah I know. I'm a PC technician myself so I wouldn't have ask for help if I didn't try everything I thought of..
 
For now I'll leave the clean boot as it is (without restarts) since the keyboard at the other side (remember I'm connected to this PC via TeamViewer) is not working and the BIOS requires a F1 tap at startup.

Link to post
Share on other sites

I did try running the renamed installer on a windows 7 test rig and it worked ok, I realize the system you are working is XP but did believe that should make no difference...

 

I`m going to post to our private forum, see if any of the guys can give a solution. Please post back and let me know if you find a solution, I too will post back if anyone has a solution...

 

Cheers,

 

kevin.....

Link to post
Share on other sites
  • Root Admin

Hell there. I've been asked to take a look and see if I can assist you further with this. Let's go ahead and have you run Combofix (you may have run it recently over on another site but let me have you run it again now please) -

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Believe me, I'd like nothing more than to run ComboFix.

But I can't do that either.

Getting this error after it's extractor finishes:

---------------------------
Warning - Compatibility Mode
---------------------------
Warning!!
Do not run ComboFix in Compatibility Mode.
Doing so may damage the machine.

 

And right now I'm still on clean boot mode.

This error occured also without any installed security product.

Right clicking on the Combofix file > Properties > Compatibility tab > nothing is checked there.

Link to post
Share on other sites
  • Root Admin

When you say clean boot mode do you mean Safe Mode?

 

Please disable MSCONFIG and reset back to NORMAL and reboot. Then recheck that MSCONFIG is on NORMAL and you're logged onto Windows in Normal Mode and then try Combofix again. If still an issue then do the following.

 

 

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.



If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 
Link to post
Share on other sites

When I'm saying clean boot mode I'm referring to kevin's scond post about the msconfig.

Rebooted back to normal mode and still CF won't run for the same reason.

BTW MBAM also won't run.

 

I've ran TDSSKiller before but without a full scan, now I did with and no threats were found.

Since the log is too long, I'm attaching it here.

TDSS Logs.rar

Link to post
Share on other sites
  • Root Admin

Well something certainly seems to be going on here that is a bit odd that it's somehow blocking programs from running.

Let me have you try the following.

Note: Only attempt this if you are running an English installation of Windows XP as this tool has NOT been tested on Windows Vista or Windows 7 or on non-English installations of Windows:

Reset Default Permissions:

  • Please download ResetDefaultPerms by AdvancedSetup from here and save it to your desktop
  • Close any open programs and save anything you were working on
  • Double click on restoredefaultperms.exe to run it
  • Once it completes it will restart your computer
Then attempt to run MBAM CLEAN again and reinstall MBAM

Please uninstall your current version of MBAM and reinstall the latest version. MBAM Clean Removal Process 2x

Let me know how that goes

Link to post
Share on other sites

Does it make sense that restoredefaultperms.exe ran for less than a second?
Tried extracting it and running fixacls.bat and the same. Also the same after disabling AVAST.

 

Ran MBAM CLEANER, rebooted, ran MBAM and still the same error. Also the same with CF.

Link to post
Share on other sites
  • Root Admin

Well if all these tools are not running then if it were me I'd back up  the data, format the drive and reinstall Windows. Fixing the damage done at this point is a loosing battle in my opinion. Yes we may be able to fix it and run but it will never be as clean, safe, and secure as a format and reinstall.

 

Please take a look at the following post which can help shed some light on the issue.

The complexity of finding, preventing, and cleanup from malware
 

Please let me know what you'd like to do at this point as we could spend days or weeks trying to fix what can be fixed by reinstall in a few hours.

Link to post
Share on other sites

Well if all these tools are not running then if it were me I'd back up  the data, format the drive and reinstall Windows. Fixing the damage done at this point is a loosing battle in my opinion. Yes we may be able to fix it and run but it will never be as clean, safe, and secure as a format and reinstall.

 

Please take a look at the following post which can help shed some light on the issue.

The complexity of finding, preventing, and cleanup from malware

 

Please let me know what you'd like to do at this point as we could spend days or weeks trying to fix what can be fixed by reinstall in a few hours.

Well I don't mind spending days or weeks trying to fix the issue. The question is if YOU mind :)

Reinstalling is not an option for my friend.

I can leave the situation as it is but I'd prefer if we'd continue working on this.

Link to post
Share on other sites
  • Root Admin

Let me have you try the following as well. Download Junction from Microsoft

 

https://technet.microsoft.com/en-us/sysinternals/bb896768.aspx

 

Then unzip file into it's own folder C:\TEST

Then open a command prompt and type the following, pressing the Enter key after each line.

CD C:\TESTJUNCTION -s c:\

Then let me know what files or folders it finds with a junction.

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.